__group__ ticket summary owner component _version priority severity milestone type _status workflow _created modified _description _reporter Comments Commit Candidates 57774 Add some initial PHPUnit tests for `WP_Filesystem_Direct` hellofromTonya Build/Test Tools 2.5 normal normal 6.5 task (blessed) reopened commit 2023-02-21T00:22:57Z 2024-03-18T09:26:06Z "This is a tests-only ticket. `WP_Filesystem_Direct` is, by far, the most used filesystem abstraction class. While some PHPUnit tests exist for a `WP_Filesystem_MockFS` class, this ticket aims to add PHPUnit tests for the `WP_Filesystem_Direct` class itself. The other filesystem abstraction classes, `WP_Filesystem_FTPext`, `WP_Filesystem_ftpsockets` and `WP_Filesystem_SSH2`, do not have PHPUnit test runner configurations. While in future, we may reuse many of the same tests across filesystem abstraction classes, this ticket specifically targets `WP_Filesystem_Direct`." costdev 29 Needs Dev / Bug Wrangler Feedback 52610 Consider removing many of the default test group exclusions Build/Test Tools normal normal Awaiting Review task (blessed) new dev-feedback 2021-02-22T19:57:39Z 2021-04-29T15:46:12Z "When the tests are run with `composer test`, the following groups are excluded: * `ajax` * `ms-files` * `ms-required` * `external-http` When the tests are run with Multisite enabled with `composer test -- -c tests/phpunit/multisite.xml`, the following groups are excluded: * `ajax` * `ms-files` * `ms-excluded` * `external-http` * `oembed-headers` The `ms-required` and `ms-excluded` group exclusions are needed so that the Multisite-specific tests and single-site-specific tests don't run when they don't need to. It's less clear why the other groups in these lists are excluded by default. The `ajax` and `ms-files` groups are not slow, so excluding them for performance reasons doesn't make sense. I think the `ajax` exclusion should be removed from both the single site and Multisite configuration. The `ms-files` exclusion should be removed too because the tests in the `ms-files` group don't get registered on a non-Multisite test run so the exclusion is redundant. The `external-http` tests are excluded because they are somewhat slow, taking around 10-15 seconds on GitHub Actions and around 40 seconds on my local, highly dependent on network connection speed. Let's keep these excluded by default. The `oembed-headers` group is excluded by default because it requires Xdebug, however this is already covered by the `@requires function xdebug_get_headers` tag on the only test in this group, along with being in the `debug` group which runs separately on GitHub Actions. The `oembed-headers` group exclusion can be removed as it's redundant. Here's my proposed new config for `phpunit.xml.dist`: {{{ ms-required external-http }}} and for `multisite.xml`: {{{ ms-excluded external-http }}}" johnbillion 5 Needs Dev / Bug Wrangler Feedback 59900 Measure performance with a persistent object cache in performance tests swissspidy Build/Test Tools normal normal 6.6 task (blessed) assigned dev-feedback 2023-11-13T21:55:31Z 2024-03-02T12:28:31Z "Similar to #59815: Whether or not a persistent object cache is used makes a major difference on server-side performance of a WordPress site. While there are several factors impacting server-side performance and we cannot benchmark for every single one of them, object caching is a quite significant one and therefore should probably be covered, similar to internationalization. It is common for certain performance optimizations to only apply for sites with a persistent object cache, so we should be able to monitor the impact of such changes over time." flixos90 11 Needs Dev / Bug Wrangler Feedback 53010 Tests: introduce namespacing for the test classes hellofromTonya Build/Test Tools normal normal Future Release task (blessed) assigned dev-feedback 2021-04-09T15:51:13Z 2024-03-15T08:10:07Z "Introducing namespaces in the production code for WordPress Core is a hot topic, so I very purposely do NOT want to touch that in this ticket. However, for the test suite, which doesn't get shipped with the WordPress production code, it's a whole other matter. == Benefits Using namespaces in the test suite provides us with the following benefits: 1. If used consistently and providing they follow a set pattern (more about this below), they will make it very easy for contributors to find the test files/classes they are looking for. 2. It will allow for shorter file and test class names, while those will still be descriptive. 3. And... it will allow for mocking PHP native functions by declaring a namespaced version of that same function in the test class. 4. It will also allow more easily for multiple test classes to be created to test one particular feature/function, which the current naming scheme does not allow for. This will allow for tests for the same functionality, but which need different fixtures (setup/teardown) to be encapsulated in their own test classes. == Caveats: As the WordPress Core test suite is used not only by Core, but also by plugins and themes for integration tests, the test class namespacing should be reserved for actual test classes and - for now - not be applied to test utility classes / Abstract base test classes (i.e. the `tests/phpunit/includes` directory should NOT be touched for now). == Proposed pattern The current directory structure for tests is, to put it mildly, confusing and inconsistent. To solve that, I would like to propose the following pattern: * File paths: `tests/phpunit/tests/wp-[includes|admin]/[SubFolder/]*Class_Under_Test/FunctionUnderTest[OptionalSubsetIndicator]Test.php` * Namespace: `WordPress\Tests\WP_[Includes|Admin]\[SubFolder\]*Class_Under_Test` * Classname: `FunctionUnderTest[OptionalSubsetIndicator]Test` For WP Core files which only contain functions outside of a class structure, the following pattern is proposed: * File paths: `tests/phpunit/tests/wp-[includes|admin]/[SubFolder/]*Functions_FileName/FunctionUnderTest[OptionalSubsetIndicator]Test.php` * Namespace: `WordPress\Tests\WP_[Includes|Admin]\[SubFolder\]*Functions_FileName` * Classname: `FunctionUnderTest[OptionalSubsetIndicator]Test` The pattern I'm proposing does imply a re-organisation of the test suite directory and file structure, but that IMO is for the better. It also follows a PSR4-like pattern which will be more intuitive for new contributors to work with, as well as follow the PHPUnit recommended test class name pattern with having the `Test` as the end of the class name. This will also allow for using PSR-4 autoloading for the tests classes and adding the `autoload-dev` directive to the `composer.json` file. == Planning This should be regarded as a small project and not all renaming needs to be done at the same time. New tests should start following the above proposed pattern as soon as consensus has been reached about this proposal. Existing tests can be gradually switched over to the new pattern over time. == Additional tasks associated with this project - [ ] Updating the contributors handbook for Core. - [ ] Verify that the WordPressCS sniffs will validate this pattern correctly. - [ ] Write a Make post about the decision once consensus has been reached." jrf 20 Needs Dev / Bug Wrangler Feedback 56070 Use a consistent order of annotations in the test suite Build/Test Tools normal normal Future Release task (blessed) new dev-feedback 2022-06-24T22:18:01Z 2023-10-17T00:41:32Z "WordPress core has an [https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#docblock-formatting established DocBlock format] for inline documentation: {{{ /** * Summary. * * Description. * * @since x.x.x * * @see Function/method/class relied on * @link URL * * @global type $varname Description. * @global type $varname Description. * * @param type $var Description. * @param type $var Optional. Description. Default. * @return type Description. */ }}} This is more or less consistently applied in core, which is helpful for reusing this template for newly added functions without the guesswork of where to put each particular tag. Unit tests also use some of these tags: * `@since` * `@see` * `@global` * `@param` * `@return` (for tests with dependencies) as well as some [https://make.wordpress.org/core/handbook/testing/automated-testing/writing-phpunit-tests/#annotations test-specific annotations]: * [https://phpunit.readthedocs.io/en/9.5/annotations.html#ticket `@ticket`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#group `@group`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#covers `@covers`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#depends `@depends`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#requires `@requires`] * [https://phpunit.readthedocs.io/en/9.5/annotations.html#dataprovider `@dataProvider`] * `@expectedDeprecated` * `@expectedIncorrectUsage` However, the order of these annotations differs in various test classes and can be almost random even in test methods of the same class. These inconsistencies increase cognitive load when writing new tests or reviewing test PRs to bring them in line with existing tests. I would like to propose a DocBlock template that can be consistently applied across the test suite. Something like: {{{ /** * Summary. * * Description. * * @since x.x.x * @ticket 12345 * * @group group_name_1 * @group group_name_2 * * @covers function_name_1 * @covers function_name_2 * * @requires function function_name * * @expectedDeprecated * @expectedIncorrectUsage * * @see Function/method/class relied on * @link URL * * @depends test_name * @dataProvider data_provider_name * * @global type $varname Description. * @global type $varname Description. * * @param type $var Description. * @param type $var Optional. Description. Default. * @return type Description. */ }}} Notes: * All of these annotations are optional and may not be present on a particular test, so most of the time the DocBlock would be much shorter. But if they are present, the order should be consistent across the test suite. * `@since` and `@ticket` are grouped together because they are both related to when a test was introduced. * `@group` and `@covers` are separated into their own sections for better readability when a test belongs to multiple groups and/or covers multiple functions. * `@depends` and `@dataProvider` are grouped together and moved closer to globals and parameters, because they are both related to passing data to the test. When reviewing the current usage of `@depends` in the test suite, I found some instances that don't pass any data but seem to (incorrectly) assume that this annotation defines the order in which the tests are executed. That can be addressed separately. Any thoughts on using this DocBlock format or any suggestions for improving it are welcome." SergeyBiryukov 15 Needs Dev / Bug Wrangler Feedback 43733 Replace Underscores.js with Lodash.js adamsilverstein External Libraries normal normal Awaiting Review task (blessed) assigned dev-feedback 2018-04-10T14:30:08Z 2023-07-17T23:20:28Z "Should we replace Underscores.js with Lodash.js? [https://wordpress.slack.com/archives/C5UNMSU4R/p1523367735000195 Discussed in Slack today (April 10th, 2018)]. It was suggested for converting WP Core to lodash, [https://github.com/facebook/jscodeshift jscodeshift] could be leveraged. Here is a list of [https://github.com/lodash/lodash/wiki/Migrating API pairings between lodash and underscores]. Concerns: Lodash 5.0 is set to have some [https://github.com/lodash/lodash/wiki/Roadmap backwards incompatible changes] that could make the migration awkward. General backwards compatibility concerns as well. How do we want to handle Backwards Compat? Most likely only core will be changed, and a migration path/tool will be offered out to theme/plugin authors." ChopinBach 16 Needs Dev / Bug Wrangler Feedback 55604 Update SimplePie to version 1.7.0 External Libraries 6.0 normal normal Future Release task (blessed) new needs-unit-tests 2022-04-21T20:05:26Z 2024-02-05T20:11:34Z "A new version of SimplePie has just been released. This version contains a few enhancements and some bug fixes. The most notable change, however, is that this release contains a ''forward-compatibility'' layer for the change to PSR-4 namespaced classes which is targetted for SimplePie 2.0.0. With some similarity to Requests - the namespaced versions of the classes are in a different base directory (`src`) from the original versions (`library`). As WP currently only includes the files in the `library` directory, I would like to suggest to continue doing so for now. This still makes the ''forward-compatibility'' layer available as all files in the `library` directory now create a ''class alias'' to their namespaced version. Once 2.0.0 has been released, the files included in WP, should be switched to the files from the `src` directory (which is currently in place mostly to allow for Composer autoloading) and should start using the namespaced names for the SimplePie classes. I'd recommend for this update to be mentioned in a dev-note, so plugins/themes directly using SimplePie can decide for themselves when they want to change to using the namespaced names for SimplePie classes. Refs: * https://github.com/simplepie/simplepie/releases/tag/1.6.0 * https://github.com/simplepie/simplepie/blob/1.6.0/CHANGELOG.md#160---2022-04-21 * https://github.com/simplepie/simplepie/compare/1.5.8...1.6.0 I've done a cursory check of the changes and they look sane to me, but would very much like to invite a second opinion and I'd recommend testing this change (more thoroughly than usually done for upgrades like these). I'd also like to recommend for a few cursory tests to be added to the WP test suite to ensure that both the PSR-0 as well as the PSR-4 class names load correctly when only including the `library` directory in WP. I'd recommend for this update to be applied in WP 6.1 **early**. Previous: #36669, #51521, #54659" jrf 31 Needs Dev / Bug Wrangler Feedback 59233 Improve error handling for unserialize() General normal normal 6.6 task (blessed) new dev-feedback 2023-08-28T23:47:32Z 2024-02-26T22:05:20Z "From https://core.trac.wordpress.org/ticket/59231: > === [https://wiki.php.net/rfc/unserialize_warn_on_trailing_data Make unserialize() emit a warning for trailing bytes] > > While based on the current test suite, WP is not ''directly'' affected by this, the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function could still be confronted by data with trailing bytes. > > However, the call to the PHP native `unserialize()` within `maybe_unserialize()` silences all (PHP 8.0+: non-fatal) errors, so this new warning will not affect WP or its ecosystem as long as the `maybe_unserialize()` function is used. > > Having said that, a critical look at `maybe_unserialize()` may be warranted as the new warning in PHP is related to security issues discovered in other projects, so WP may want to consider rejecting unserialization for data throwing this warning. > > Also note that there are 7 uses of `unserialize()` in total within WP Core, one within `maybe_unserialize()`, but the function is also used in 6 other places and 5 of those do not use error silencing. > > > === [https://wiki.php.net/rfc/improve_unserialize_error_handling Improve unserialize() error handling] > > This, again, affects the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function and this time, the code should probably be adjusted to handle the new errors which `unserialize()` can now throw. > > The change does not affect unserializing valid data, but in the case of invalid data, the type of and severity of the notices/warnings/catchable exceptions have been changed. > > All 7 uses of `unserialize()` in WP Core should be reviewed and for the 6 uses outside of the `maybe_unserialize()` function, it should be reviewed whether they can/should switch to using `maybe_unserialize()` and/or whether they should get their own (improved) error handling. " jrf 4 Needs Dev / Bug Wrangler Feedback 55603 PHP 8.2: address deprecation of the utf8_encode() and utf8_decode() functions hellofromTonya General 6.0 normal normal 6.6 task (blessed) assigned dev-feedback 2022-04-21T19:24:21Z 2024-03-06T17:40:19Z "== Context The [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode PHP RFC to remove the `utf8_encode()` and `utf8_decode()` functions] from PHP in PHP 9.0 has recently been accepted. This means in effect that as of PHP 8.2, those functions will be deprecated and a deprecation notice will be thrown whenever they are called. The reasoning behind the deprecation and removal is that these functions are confusing and rarely used correctly. See the [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode#usage Usage section] of the RFC for an analysis of the various (mostly incorrect) uses of the functions. == The Problem The [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode#alternatives_to_removed_functionality typical replacements for these functions] are using the [https://www.php.net/manual/en/book.mbstring.php MBString extension] and/or the [https://www.php.net/manual/en/book.iconv.php Iconv extension]. As these extensions are both ''optional'' extensions in PHP, they cannot be relied on to be available in an open source context. WordPress uses the `utf8_encode()` function a few times in the codebase: * 1 x `utf8_encode()` in `src/wp-admin/includes/export.php` * 2 x `utf8_encode()` in `src/wp-admin/includes/image.php` * 1 x `utf8_encode()` in `tests/phpunit/tests/kses/php` Aside from that the external dependency [https://github.com/JamesHeinrich/getID3 GetID3] also uses both these functions a number of times. A search of the plugin and theme directory shows more worrying results with a plenitude of matches: * [https://wpdirectory.net/search/01G16P0SWHB37G2965MP8R4ZYK 11247 matches in 3315 plugins], including 15 plugins with over a million installs. * [https://wpdirectory.net/search/01G16P2K39TQ538M9KRTVXT4CA 40 matches in 22 themes]. == Options So, what are the options we have ? In my opinion, especially seeing how these functions are used so often in plugins, there are only two realistic options: === 1. We could polyfill these functions. While some functions which may not be available are polyfilled by WP, this is generally only done to have access to ''new'' PHP functionality or to allow for using functions which require certain optional extensions to be enabled. As far as I know, no PHP native function has ever been polyfilled due to it being removed from PHP. **Pro**: Relatively simple solution and everything keeps working (deprecation notices will still show when running on PHP 8.x, though these could silenced). **Con**: As most uses of these functions are likely to be incorrect usage (especially in plugins), these ""bugs"" will remain and not be reviewed or addressed, undercutting the improvement PHP is trying to make. === 2. We could make the MbString (or the Iconv) extension a requirement At this moment, [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-site-health.php#L876 both the MbString as well as the Iconv extension are recommended, but not required by WP]. A couple of MbString functions are also polyfilled in WP, so now might be a good time to make the MbString extension a requirement for WP. **Pro**: MbString being available will allow for fixing the deprecations in a forward-compatible manner. It will also allow for other code improvements to be made to improve WPs support for languages using non-latin based scripts. **Con**: A new requirement would be added to WP which should not be taken lightly. At the same time, it should be noted that MbString is generally enabled already anyway, so this will impact only a small percentage of users. ==== Why MbString instead of Iconv ? While both are included (though not enabled) by default with PHP, Iconv [https://www.php.net/manual/en/iconv.requirements.php requires the `libiconv` library], which may not be available, while MbString has [https://www.php.net/manual/en/mbstring.requirements.php no external dependencies]. MbString is [https://www.php.net/manual/en/mbstring.installation.php not enabled by default in PHP], but generally ''is'' enabled in practice. [https://www.php.net/manual/en/mbstring.installation.php Iconv is enabled by default] in PHP, but can be disabled. Having said that, MbString offers much more functionality than the limited functionality offered by Iconv and - as indicated by a number of functions being polyfilled - is already in use in WP. Still, it would be helpful if someone with access to the underlying statistics data collected by WP could add figures to this issue showing how often either extension is enabled on systems running WP. == Recommendation I'd strongly recommend option 2, but would like to hear the opinions of additional Core devs. == Action lists === General - [ ] Report the issue to GetID3 === Action list for option 1 - [ ] Polyfill the functions. - [ ] Review the uses of the functions in WP Core anyhow to see if those could/should be removed/the code using them should be refactored. - [ ] Add a note about the polyfills in a dev-note with a recommendation for plugin/theme authors to review their use of these functions anyhow. === Action list for option 2 - [ ] Make the MbString a requirement for installing WP/in the WP bootstrapping. - [ ] Change the MbString extension from optional to required in the Site Health component. - [ ] Remove the current MbString related polyfills from the `compat.php` file. - [ ] Review the uses of the functions in WP Core and replace with more appropriate alternatives. - [ ] Add a note about the deprecation in the PHP 8.2 dev-note with a recommendation for plugin/theme authors to review their use of these functions and noting that the MbString extension can be relied upon to be available (as of WP 6.1). " jrf 66 Needs Dev / Bug Wrangler Feedback 40365 Introduce a REST API endpoint for sites REST API normal normal Future Release task (blessed) new needs-unit-tests 2017-04-05T00:18:18Z 2020-04-03T05:00:47Z "It should be possible to manage sites in a multisite configuration through the REST API. * List sites: `GET wp/v2/sites/` * Retrieve a site: `GET wp/v2/sites/` * Create a site: `POST wp/v2/sites/` * Update a site: `PUT wp/v2/sites/` * Delete a site: `DELETE wp/v2/sites/` Data included in a site object should at least mirror the data available for the site in `wp_blogs`. Additional ideal pieces of data for a site include `blogname`, `blogdescription`, `home`, and `siteurl`. It's possible that creating a new meta table for sites can help developers register meta for inclusion with a site object (See #37923). Sites should be accessible by default for authenticated users only. Network (global) admins should have access to all sites. Site users should have access to the sites they are members of. The ""My Sites"" list is a great candidate for exploring how this will work. See #15317. As of the introduction of `get_sites()` in 4.6.0, retrieving sites is a much better experience. The methods used to create, update, and delete sites in multisite are not as pleasant right now. We should investigate each of these and determine what can be done to streamline the process. The first improvement is probably in creating a site. See #40364." jeremyfelt 14 Needs Dev / Bug Wrangler Feedback 56017 Check the required PHP extensions during WordPress installation and updates Upgrade/Install normal normal Future Release task (blessed) new dev-feedback 2022-06-20T15:59:16Z 2022-10-11T12:50:49Z "Background: #55603 Currently, marking a PHP extension as required in Site Health displays a warning on existing sites if the extension is unavailable, but it does not block the WP installation for new sites, nor the updates to the new version for older sites. To avoid fatal errors, WordPress core should check for the required PHP extensions both during installation and updates, similar to how we check for the required PHP and MySQL versions. As also noted by @jrf in comment:2:ticket:55603: > Might also be a good time to improve the code re-usability in that regards (have one master list of requirements and recommendations, which both the requirements checker on installation/load + the Site Health component draw from)." SergeyBiryukov 12 Needs Dev / Bug Wrangler Feedback 51928 Provide plugin/theme update failure data to dot org Upgrade/Install normal normal Future Release task (blessed) assigned dev-feedback 2020-12-03T19:44:16Z 2023-07-05T18:15:26Z "With plugin auto-updates in core there have been instances of update failures leaving the user's site without the update and without any idea why the update failed. We receive core auto-update failure data to dot org and receiving plugin/theme failure data would help significantly in determining the causes of these failures. I'm mostly guessing from how `class-core-upgrader.php` sends failure data via `wp_version_check( $stats )` and I've added similar data and a call to `wp_update_{plugins|themes}( $stats )` in `class-wp-upgrader.php` Thanks @pbiron If it actually does send the data to dot org it could be useful. This requires the return of `WP_Error`s at potential points of failure. I have added one of these in #51857. Feedback from the dot org maintainers will be needed." afragen 72 Needs Early Attention 60096 Remove back-compat for database servers that don't support utf8mb4 johnbillion Database trunk normal normal 6.6 task (blessed) assigned has-patch 2023-12-18T19:45:03Z 2024-02-28T00:31:19Z Since [57173] the minimum supported version of MySQL is 5.5.5, which means the utf8mb4 charset is supported by all supported database servers. The back-compat code for handling servers that don't support it can therefore be removed, along with related tests and health checks. johnbillion 6 Needs Early Attention 51812 Update jQuery step three SergeyBiryukov External Libraries normal normal Future Release task (blessed) reviewing has-patch 2020-11-18T09:34:57Z 2024-01-27T08:55:38Z "Follow up from #37110 and #50564. Remove jQuery Migrate 3.3.x. This ticket represents step 3 in the following roadmap for updating jQuery to 3.x in Core: https://make.wordpress.org/core/2020/06/29/updating-jquery-version-shipped-with-wordpress/. " azaozz 133 Needs Docs or Unit Tests 40538 Fix or remove useless PHPUnit tests johnbillion* Build/Test Tools normal normal Future Release task (blessed) accepted needs-unit-tests 2017-04-23T01:11:24Z 2022-09-01T22:54:20Z "There are 29 tests in the test suite which don't perform an assertion. They should be fixed or removed. PHPUnit 6 has switched to being strict about useless tests by default, so that gives us an additional reason to address them. In addition, there's no reason for core's default PHPUnit configuration to not be strict about useless tests so the same behaviour is seen when running older versions of PHPUnit. Previously: #36016" johnbillion 12 Needs Docs or Unit Tests 42093 Improve handling of SUBDOMAIN_INSTALL test coverage jeremyfelt Build/Test Tools normal normal Future Release task (blessed) assigned needs-unit-tests 2017-10-04T18:55:45Z 2023-10-20T14:15:29Z "We have a bunch of tests that run (or are skipped) based on `is_subdomain_install()`, but our Travis CI configuration never runs the tests in a subdomain configuration. To run the tests now, you need to setup the environment manually. In its current state, 7 tests fail: {{{ 1) Tests_Multisite_Site::test_created_site_details 2) Tests_Multisite_Site::test_new_blog_url_schemes with data set #0 ('https', 'https', false) 3) Tests_Multisite_Site::test_new_blog_url_schemes with data set #1 ('http', 'https', false) 4) Tests_Multisite_Site::test_new_blog_url_schemes with data set #2 ('https', 'http', false) 5) Tests_WP_oEmbed::test_wp_filter_pre_oembed_result_multisite_sub_samesub 6) Tests_WP_oEmbed::test_wp_filter_pre_oembed_result_multisite_sub_othersub 7) Tests_WP_oEmbed::test_wp_filter_pre_oembed_result_multisite_preserves_switched_state }}} The first is a result of our site factory only creating new subdirectory sites. I believe the `test_new_blog_url_schemes` should be skipped for `is_subdomain_install()`, but I haven't verified. I'm not sure yet what the issue is with the oEmbed tests. I'd like to: * Clean up the existing tests so that they pass. * Determine a good way of running these in our Travis CI configuration. It'd be nice *not* to run the entire set of core/multisite tests again just to account for this. Hopefully there's a creative approach to run only the subdomain specific tests. Previously: #36567, #36566. " jeremyfelt 8 Needs Docs or Unit Tests 35857 Add QUnit tests for Customizer preview, including Selective Refresh Customize 3.4 normal normal Future Release task (blessed) assigned needs-unit-tests 2016-02-18T08:26:15Z 2023-03-17T17:06:23Z "Initial Customizer unit tests for PHP and JS were added in #28579. The QUnit tests were done specifically for the Customizer controls (pane) and not the Customizer preview. This was understandable since he preview was devoid of much unique JS functionality. With the introduction of the Selective Refresh component (#27355), this has changed. There needs to be a new QUnit test suite specifically for the Customizer preview. See @valendesigns initial foundation work here: https://github.com/xwp/wp-customize-partial-refresh/pull/32/files#diff-6fcbfd120899db12c05cdb1f6142cd87 " westonruter 17 Needs Docs or Unit Tests 12706 Custom post status bugs Posts, Post Types 3.0 normal normal Future Release task (blessed) reopened needs-unit-tests 2010-03-25T14:41:39Z 2022-06-02T13:42:36Z "A developer should be able to register a custom post status using `register_post_status()`. The admin UI (including post submit box and quick edit) should reflect this new custom post status. Furthermore, there are many hard-coded references to 'draft' and 'pending' statuses in core that should properly use the post status API. All existing arguments to `register_post_status()` should be fully implemented, should also support per-post-type arguments. As things get implemented across core, there will likely be a need for supporting capabilities and bits of API. Related: #23169 (register_post_status_for_object_type), #23168 (unregister_post_status)." ptahdunbar 167 Needs Docs or Unit Tests 9824 make better use of stubs when verbose rules should apply Rewrite Rules normal normal task (blessed) reopened needs-unit-tests 2009-05-15T01:03:56Z 2019-06-04T21:05:28Z "Related to: http://core.trac.wordpress.org/ticket/6603#comment:27 Problem fixed is: > posts show up as www.apexprd.org/page/2 and not /news-and-events/page/2 as it should. with permalinks set to /something/$postname%/ we arguably don't necessarily need verbose rules here, since there is a stub." Denis-de-Bernardy 16 Needs Docs or Unit Tests 43989 "Allow plugin searches to be filtered by ""Requires PHP"" version information" Site Health normal normal Future Release task (blessed) new needs-unit-tests 2018-05-07T14:24:41Z 2019-06-24T16:10:01Z "**Note: This ticket is a subtask for the overarching #40934 ticket.** If plugins now start making use of the ""Requires PHP"" version information in their plugin header, we should make sure that plugin searches can be filtered by their required PHP version. This might include changes to the indexing infrastructure (indexing that information and allowing indexed queries against it) as well as changes to the UI (giving users the possibility to either use search flags in text form or faceted search mechanisms to communicate such a query." schlessera 5 Needs Docs or Unit Tests 47880 Extend unit tests for Site Health component. Site Health 5.2 normal normal Future Release task (blessed) new needs-unit-tests 2019-08-15T00:49:49Z 2020-07-06T23:20:09Z "A file for site health check unit tests has been added in `tests/phpunit/tests/site-health.php`. At the time of writing it only includes tests for various states of cron, expanding these would help with future development of the component." peterwilsoncc 9 Has Patch / Needs Testing 49715 Alternate views for WP List Tables audrasjb Administration normal normal Future Release task (blessed) reopened has-patch 2020-03-27T16:56:24Z 2020-12-01T19:19:16Z "Currently, the WP List Table supports two views: default and ""excerpts"". This distinction is confusing and doesn't easily allow for other differences between the two views. As a way to create more flexibility in WP List Tables, we'd like to implement mechanisms for users to choose different views, similar to what's found in Gmail, e.g.: Compact, Default, Comfortable. This would give us a lot more flexibility in being able to resolve issues where conflicts arise between design, space, and accessibility, because we could offer views where everything is spelled out in a spacious way and also views where information is more compact. As long as the user is able to choose a persistent view that gives them all the information they need, the alternate views can use designs that disclose less detail. Example tickets that would be impacted include: #48751 #32170 #35391 " joedolson 55 Has Patch / Needs Testing 40001 Replace wp-list.js with REST API-powered JavaScript Administration 4.7 normal normal Awaiting Review task (blessed) new has-patch 2017-03-01T07:06:00Z 2021-04-06T15:33:21Z "wp-list.js is used for ''some'' list tables in WordPress, but not all. We should switch everything it does over to the REST API, and simultaneously rethink list tables to ensure consistency. (This is a stub ticket, longer post on make/core coming soon.)" rmccue 2 Has Patch / Needs Testing 40885 Update admin color scheme using the REST API Administration normal normal Awaiting Review task (blessed) new has-patch 2017-05-30T05:55:01Z 2017-05-31T13:05:44Z "Reasonably simple admin-ajax call (notably, with no significant filters) that can be replaced with a call to `/wp/v2/users`. Patch attached. One thing we can't do is provide an enum of valid color schemes, since historically these have only been registered on `admin_init` (including in core). This also applies to the sanitization callback on the meta key, which can only remove invalid characters, not validate the scheme is valid." rmccue 1 Has Patch / Needs Testing 31823 Add ESLint integration swissspidy Build/Test Tools normal normal Future Release task (blessed) assigned has-patch 2015-03-31T20:19:57Z 2024-02-23T10:36:37Z "'''Update:''' The JSCS project has merged into ESLint. So now an ESLint config is needed to be developed for core as opposed to a JSCS one. ---- The [http://jscs.info/ JSCS] project has [https://github.com/jscs-dev/node-jscs/issues/1099 added] a [https://github.com/jscs-dev/node-jscs/blob/master/presets/wordpress.json wordpress] preset. This could be useful to be included in Core. All it needs is a `.jscsrc` file located in the root which contains: {{{#!js { ""preset"": ""wordpress"", ""excludeFiles"": [ ""**/vendor/**"", ""**.min.js"", ""**/node_modules/**"" ] } }}} Related: #30153 (PHP_CodeSniffer) #25187 (JSHnt) #28543 (Allow stricter JSHint checks for core files)" westonruter 30 Has Patch / Needs Testing 56150 Add GitHub Action job summaries to workflows Build/Test Tools normal normal Future Release task (blessed) new has-patch 2022-07-05T15:11:10Z 2023-09-01T17:24:57Z "In May, GitHub released [https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/ Job Summaries for GitHub Actions], which allows markdown or raw HTML to be displayed on the workflow run summary page for jobs. This ticket is for exploring ways to use this feature in the WordPress Core workflows to make it easier to understand the data and outcomes buried in each step's log output within a job." desrosj 10 Has Patch / Needs Testing 59416 Add a GitHub Action which alerts contributors to a WordPress Playground link to use for testing PRs Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2023-09-20T20:53:28Z 2024-03-06T06:44:58Z "The following approach could help bring in many new folks to help with testing PRs as they no longer need to have a local set up and able to load patches/PRs locally and can quickly jump into a WordPress Playground environment to help test. ---- Gutenberg has a GitHub Action that builds a ZIP of the plugin ([https://github.com/WordPress/gutenberg/blob/trunk/.github/workflows/build-plugin-zip.yml workflow file], [https://github.com/WordPress/gutenberg/actions/runs/6250831688 example Gutenberg PR with built ZIP attached]) which then [https://developer.wordpress.org/playground/ WordPress Playground] makes use of in the [https://playground.wordpress.net/gutenberg.html Gutenberg PR Previewer]. Taking that above functionality a step further and integrating for Core: 1. Add a GitHub Action for [https://github.com/WordPress/wordpress-develop/ wordpress-develop] that builds a ZIP of core for a PR (similar to the Gutenberg action). 2. Have that same action also add a comment to the PR with a link to a WordPress Playground that's built using the ZIP from the PR. So a comment like: > Thanks <@PR-author>! Here's a link to a site created from this PR that can be used for testing: . In my quick review of the [https://wordpress.github.io/wordpress-playground/ WordPress Playground documentation] it does reference an ability to [https://wordpress.github.io/wordpress-playground/build-your-first-app/#preview-pull-requests-from-your-repositorypreview pull requests from your repository], but I think that's crafted more for plugin developers and not for WordPress core itself. I took a look at [https://wordpress.github.io/wordpress-playground/api/client/interface/ReplaceSiteStep/ ReplaceSiteStep], but I think that's just for loading in alternate content and not a full on separate WordPress ZIP. So, this functionality might require additional functionality within WordPress Playground but I'll try and chase down folks from that team to comment here on the topic. " JeffPaul 58 Has Patch / Needs Testing 54510 Add a GitHub Action workflow which alerts contributors if they propose changes to third party files johnbillion Build/Test Tools normal normal 6.6 task (blessed) reviewing has-patch 2021-11-25T14:06:52Z 2024-02-22T10:25:50Z "WordPress core includes files from several third party libraries such as ID3, SimplePie, and Requests. Changes to these libraries shouldn't be made directly in core, they should be made upstream. If a contributor opens a pull request proposing changes to these files it would be great if a comment was automatically posted to the PR explaining that they've proposed changes to a third party library and they should visit the corresponding project's repo for info about contributing to it. While there's not much we can do about this when a contributor submits a patch to a file in an affected path, it should be possible to do this when a PR is submitted via GitHub. A GitHub Action workflow could use the `path` keyword to post a comment to the PR whenever a file in an affected path is changed. There are also files that get copied from Gutenberg and can clobber those in core, I opened https://github.com/WordPress/gutenberg/issues/36868 to discuss that." johnbillion 7 Has Patch / Needs Testing 48086 Add required extensions and libraries to composer.json Build/Test Tools 5.2.3 normal normal 6.6 task (blessed) new has-patch 2019-09-20T12:00:49Z 2024-02-26T16:59:03Z "Composer offers a way to require or suggest certain platform packages: https://getcomposer.org/doc/01-basic-usage.md#platform-packages Ticket 48081 addresses the PHP version, and this one covers the required libraries and extensions. I've used the WP-CLI ext package (https://github.com/johnbillion/ext) to generate all the required and suggested extensions and libraries. " dingo_d 14 Has Patch / Needs Testing 41870 Code Editor: Add grunt task for building new CodeMirror bundles from external dependencies adamsilverstein Build/Test Tools normal normal Future Release task (blessed) assigned has-patch 2017-09-13T18:06:08Z 2022-01-30T16:51:32Z "After [41376] for #12423, it would be ideal if the CodeMirror bundling logic (via browserify) could be added as part of core. In this way, the external dependencies (CodeMirror and the linter linraries) can be managed by NPM. For now, just the minified bundles are being included. The logic used in the Better Code Editing plugin for creating the bundles can be seen here: https://github.com/WordPress/better-code-editing/pull/92/files Depends on #40894 which replaces Browserify with Webpack in core. See also #42424, where we need to fix line-endings for CSSLint. Additionally, the linters are currently being included as separate assets. They are not being minified, other than they are already minified as distributed. These could either benefit from additional uglification or bundling with codemirror if they are not going to be enqueued separately. The same goes for the `htmlhint-kses` script." westonruter 45 Has Patch / Needs Testing 60129 Comment on a PR when no Trac ticket is included Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2023-12-21T17:45:51Z 2024-03-02T11:21:06Z "When contributing to Core using a pull request on GitHub, a [https://make.wordpress.org/core/handbook/contribute/git/github-pull-requests-for-code-review/ Trac ticket is required for the contribution to be considered]. Even though the pull request template notes this, it's easy to forget or overlook. Adding a job in the Pull Request Comments workflow to add a reminder comment when a Trac ticket link is missing is an easy way to help avoid contributions being lost in the shuffle." desrosj 5 Has Patch / Needs Testing 59779 "Consider testing against MySQL ""Innovation Releases""" Build/Test Tools normal normal 6.5 task (blessed) new has-patch 2023-10-31T18:40:24Z 2024-02-27T05:34:36Z "The [https://dev.mysql.com/blog-archive/introducing-mysql-innovation-and-long-term-support-lts-versions/ MySQL project has announced a new version release cadence] that it has begun following with version 8.1 (eleased on July 18, 2023), and has since been superseded with 8.2 (released on October 25, 2023). I recommend reading their full post, but here are some important details I've extracted: > Support for Innovation releases is limited until the next minor release (Innovation or LTS). The current cadence goal is to have an Innovation release every quarter, incrementing the minor version number (eg. 8.2, 8.3, etc.). Patch releases within Innovation releases are possible but are less likely to happen. > About every 2 years a new Long Term Support version will be released (blue). An exception is the 8.x LTS release which will happen well before EOL of 8.0 > Innovation releases will also be Generally Available and are recommended to be used in production environments. Bugfixes and Security patches will generally be included in the next Innovation or LTS release and not as part of a patch release within that Innovation release. When using Innovation releases, it is necessary to upgrade to the latest innovation releases regularly to keep up with the latest bugfixes and security patches. Because innovation versions are considered production safe, we should consider testing against these new versions of MySQL as they are released. However, since innovation releases are replaced more frequently, it's not clear how long we should consider testing against them. For example, the current Innovation release is 8.2, which will be replaced by 8.3 in (approximately) January 2024. Because of backwards compatibility concerns, should 8.1 and 8.2 continue to be tested? Or is testing against the latest innovation release, and any supported LTS versions enough?" desrosj 13 Has Patch / Needs Testing 54334 E2E tests for Uploading New Version of Themes & Plugins Build/Test Tools normal normal Future Release task (blessed) new has-patch 2021-10-28T16:57:28Z 2022-10-17T10:23:56Z "This is the feature of showing notice when uploading a new version of an already installed theme/plugin This ticket is to add E2E test for this feature" juhise 15 Has Patch / Needs Testing 60227 HTML API: Add external test suite Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2024-01-10T15:31:28Z 2024-03-06T06:54:42Z "Problem: The HTML API is a complex and important feature being implemented by a small group of developers. The implementation follows the HTML Standard https://html.spec.whatwg.org/. The tests and the implementation of the HTML API both depend on the interpretation of the standard by the same small group of developers. This means there is a risk of misinterpretation or overlooked edge cases. Needs: A suite of tests that can serve to test the HTML API that does not depend on our own interpretation of the HTML Standard and is implementation agnostic. Benefits: Many software projects such as browsers implement the HTML Standard. We should be able to use a third-party implementation-agnostic test suite to validate our implementation of the HTML API. This mitigates the risk where our implementation and tests all derive from the same interpretation of the specification." jonsurrell 34 Has Patch / Needs Testing 59648 PHPUnit tests: Add/improve @covers annotations for WP 6.6 hellofromTonya Build/Test Tools 4.8 normal normal 6.6 task (blessed) reviewing has-patch 2023-10-17T12:08:13Z 2024-02-26T13:17:15Z "Previously: * #58851 (6.4) * #57958 (6.3) * #56782 (6.2) * #39265 (up to 6.1) Continuation of ongoing work to add and/or improve the PHPUnit tests `@covers` annotations for more accurate coverage reporting." pbearne 22 Has Patch / Needs Testing 60306 PHPunit test for wp_enqueue_emoji_styles Build/Test Tools normal normal Awaiting Review task (blessed) new has-patch 2024-01-19T22:43:38Z 2024-02-28T17:41:04Z pbearne 3 Has Patch / Needs Testing 60705 Test tool and unit test improvements for 6.6 Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2024-03-06T06:53:46Z 2024-03-06T06:58:16Z "Previously: * #59647 (6.5) * #58955 (6.4) * #57841 (6.3) * #56793 (6.2) * #55652 (6.1) * #54725 (6.0) * #53363 (5.9) * #52625 (5.8) * #51802 (5.7) * #51344 (5.6) This ticket is for various fixes and improvements in PHPUnit tests that don't have a more specific ticket, as well as general improvements to the GitHub Actions workflows that run automated testing." SergeyBiryukov 2 Has Patch / Needs Testing 57844 Tests/Script Loader: Run build step in PHP Unit test actions. Build/Test Tools normal normal 6.6 task (blessed) new close 2023-03-02T04:00:26Z 2024-02-29T22:16:36Z "The files `src/wp-includes/assets/script-loader-react-*.php` are created during the NPM build and included within the script loader. Unlike `src/wp-includes/assets/script-loader-packages.min.php`, these files are not included in the commit when updating WordPress packages. As a result the PHP Unit actions are now throwing warnings due to the missing files: {{{ Warning: include(/var/www/src/wp-includes/assets/script-loader-react-refresh-entry.php): failed to open stream: No such file or directory in /var/www/src/wp-includes/script-loader.php on line 243 Warning: include(): Failed opening '/var/www/src/wp-includes/assets/script-loader-react-refresh-entry.php' for inclusion (include_path='.:/usr/local/lib/php') in /var/www/src/wp-includes/script-loader.php on line 243 Warning: include(/var/www/src/wp-includes/assets/script-loader-packages.php): failed to open stream: No such file or directory in /var/www/src/wp-includes/script-loader.php on line 278 Warning: include(): Failed opening '/var/www/src/wp-includes/assets/script-loader-packages.php' for inclusion (include_path='.:/usr/local/lib/php') in /var/www/src/wp-includes/script-loader.php on line 278 Warning: Invalid argument supplied for foreach() in /var/www/src/wp-includes/script-loader.php on line 280 }}} To resolve this, an `npm run build:dev` will need to be included in the phpunit actions." peterwilsoncc 31 Has Patch / Needs Testing 59482 Tests: Introduce Reflection API helper methods. costdev Build/Test Tools normal normal 6.6 task (blessed) assigned has-patch 2023-09-28T02:39:22Z 2024-02-26T11:05:32Z "In unit tests, the Reflection API is often used to get or set a `private` or `protected` property's value, or to invoke a `private` or `protected` method. To do so, the `Reflection::setAccessible()` method must be called with `true` before use, then should be called again with `false` afterwards. There are quite a lot of instances in the test suite where the Reflection API is used, and for a decent number of these, accessibility is not reset. For brevity, much like `assertSameSets()`, and to ensure that accessibility is always reset, this ticket aims to introduce new methods to the `WP_UnitTestCase_Base` class: `::reflect_and_invoke( object $obj, string $method, mixed ...$args ) : mixed` - Reflects a `private` or `protected` method and invokes it. - Returns the method's return value. `::reflect_and_get_value( object $obj, string $property ) : mixed` - Reflects a `private` or `protected` property and gets its value. - Returns the property's value. `::reflect_and_set_value() : mixed` - Reflects a `private` or `protected` property and sets its value. - Returns the previous value for convenient resetting. While this means the creation of new `Reflection` objects and two calls to `::setAccessible()` for each, I think that this is worthwhile as it helps us have a more robust test suite, with less code to write in test methods. Plus, we could also explore possible caching in future." costdev 5 Has Patch / Needs Testing 60706 Tests: Reduce usage of assertEquals for 6.6 Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2024-03-06T06:55:52Z 2024-03-06T06:56:39Z "Follow-up to: * #59655 (6.5) * #58956 (6.4) * #57855 (6.3) * #56800 (6.2) * #55654 (6.1) * #54726 (6.0) * #53364 (5.9) * #52482 (5.8) * #38266 (5.7) The `assertEquals()` test method does not check that the types of the expected and actual values match. This can hide subtle bugs especially when the values are falsey. Tasks: * Switch to using `assertSame()` when the type of the value in the assertion is important * Replace overall usage of `assertEquals()` with type-strict assertion methods, with the aim of potentially removing its usage altogether To help ease the effort of merging tests, changes should also be made upstream in the Gutenberg repository." SergeyBiryukov 1 Has Patch / Needs Testing 54183 Tests: decide on how to handle deprecations in PHPUnit SergeyBiryukov Build/Test Tools normal normal Future Release task (blessed) assigned has-patch 2021-09-25T14:55:56Z 2022-10-05T09:42:35Z "PHPUnit just released version 9.5.10 and 8.5.21. This contains a particular (IMO breaking) change which I believe we should have a think about how to handle: > Changed > > * PHPUnit no longer converts PHP deprecations to exceptions by default (configure `convertDeprecationsToExceptions=""true""` to enable this) > * The PHPUnit XML configuration file generator now configures `convertDeprecationsToExceptions=""true""` == Let's unpack this: Previously (PHPUnit < 9.5.10/8.5.21), if PHPUnit would encounter a PHP native deprecation notice, it would: 1. Show a test which causes a deprecation notice to be thrown as **""errored""**, 2. Show the **first** deprecation notice it encountered and 3. PHPUnit would exit with a **non-0 exit code** (2), which will fail a CI build. [[Image(ticket:54183:deprecations-in-phpunit-9.5.9.png)]] As of PHPUnit 9.5.10/8.5.21, if PHPUnit encounters a PHP native deprecation notice, it will no longer do so. Instead PHPUnit will: 1. Show a test which causes a PHP deprecation notice to be thrown as **""risky""**, 2. Show the **all** deprecation notices it encountered and 3. PHPUnit will exit with a **0 exit code**, which will show a CI build as passing. [[Image(ticket:54183:deprecations-in-phpunit-9.5.10.png)]] == Options IMO, there are three options here: ==== 1. Leave as is. Deprecation notices means something will still work for the time being and will not change the behaviour of WordPress. **Pro:** - All deprecations caused by a particular test will be shown, not just the first. **Con:** - As CI builds pass, deprecations may go unnoticed, while they will eventually still need to be fixed as in the next PHP major will become errors. - More deprecations will stay in WP, causing more churn from end-users reporting notices seen. ==== 2. Revert to the previous behaviour by adding `convertDeprecationsToExceptions=""true""` to the PHPUnit configuration. **Pro:** - Deprecation notices can not go unnoticed as CI builds will fail on them. **Con:** - You will only see the first deprecation notice for a test, there may be more issues hiding behind a deprecation. - (minor) The PHPUnit configuration will no longer validate against the XSD scheme on PHPUnit 5/6/7. ==== 3. Add `failOnRisky=""true""` to the PHPUnit configuration. **Pro:** - All deprecations caused by a particular test will be shown, not just the first. - Deprecation notices will cause the CI builds to fail, so can not go unnoticed. **Con:** - The WP test suite contains a number of other tests which are currently marked as ""risky"". These will now also cause a build to fail. I personally favour option 2 or 3, but would love to see some more opinions on this. Pinging @hellofromtonya @johnbillion @sergey @netweb for visibility. Changelogs: * https://github.com/sebastianbergmann/phpunit/blob/9.5/ChangeLog-8.5.md * https://github.com/sebastianbergmann/phpunit/blob/9.5/ChangeLog-9.5.md Related: #53363 " jrf 28 Has Patch / Needs Testing 53011 Tests: review all setUp() and tearDown() Build/Test Tools normal normal Awaiting Review task (blessed) new has-patch 2021-04-09T16:21:16Z 2022-06-04T15:32:27Z "The `setUpBeforeClass()`, `setUp()`, `tearDown()` and `tearDownAfterClass()` (and the WP test suite native variants of these) methods in test classes are used to set up fixtures which will be used by all tests in the test class. Also see: https://phpunit.readthedocs.io/en/9.5/fixtures.html For tests to properly be able to test just and only that which is being tested, we need to make sure that changes to the ""global state"" are undone after each test. This includes: * Changes to variables in `$GLOBALS`, changes to global variables via `global $var_name`. * Changes to superglobals, like `$_GET`, `$_POST` or `$_REQUEST`. * Filters being hooked or ''un''hooked to WordPress using `add_filter()`, `remove_filter()`, `add_action()`, `remove_action()` (and all their variations) calls in `setUp()` methods - or in the tests themselves. * Changes in the file system - file being created by a test should be deleted after the test. * And more contentiously: changes in the database ought to be undone after a test as well. This doesn't mean that any posts being created for a test and only being used by that test need to be deleted, but it does mean that any schema changes, any new tables created etc ''should'' be undone after the test. At this time, the WP Core test suite does not consistently ""undo"" changes to the global state for each test, as @hellofromTonya and me found while reviewing tests for an unrelated patch. We would like to recommend a full review of the test suite for best practices regarding global state resetting after each test. Note: if a ""reset"" action is being done within the code of a test ''function'', it may not get executed when the tests fails. To that end, these type of ""reset""s should generally be done in the `tearDown()`, even when they only apply to one test in the test class. The ""reset"", in that case, should be accompanied by a comment pointing to the test to which it applies." jrf 7 Has Patch / Needs Testing 53746 Tidy up the tearDown() methods Build/Test Tools normal normal Future Release task (blessed) new has-patch 2021-07-22T17:53:42Z 2022-06-04T15:32:47Z "The `tearDown()` method in several of the test classes perform redundant operations, for example removing or reinstating hooks, which are already taken care of in the base test class. This means there's code that can be removed from these methods to tidy them up. Related: #53011 Previously: [50463]" johnbillion 6 Has Patch / Needs Testing 43731 Use Webpack + NPM scripts to build all the things whyisjake* Build/Test Tools normal normal Future Release task (blessed) accepted has-patch 2018-04-10T12:44:12Z 2021-03-09T21:04:30Z "With [https://core.trac.wordpress.org/ticket/40894 the introduction of Webpack in WordPress core], we could consider using it to perform build tasks currently performed with Grunt. The main advantage of having [https://webpack.js.org/ Webpack] build everything is that this would reduce the different tools developers would have to learn in the standard development process for WordPress core. NPM scripts would also make the available tools more discoverable and understandable through `package.json`. Having a unified approach towards building / bundling also helps in other area's, such as general asset management and devtooling. It could for example be great if we could start using Webpack dev server at some point to serve assets in development and introduce [https://webpack.js.org/concepts/hot-module-replacement/ hot module replacement]. Webpack would be totally suitable for this goal, as can also be read from its documentation: > Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. Webpack provides a unified approach towards building. For example: It would be quite easy to configure Webpack to perform the following tasks: - copying files: https://webpack.js.org/plugins/copy-webpack-plugin/ - uglification: https://webpack.js.org/plugins/uglifyjs-webpack-plugin/ - Sass to CSS compilation: https://github.com/webpack-contrib/sass-loader - CSS post processing (autoprefixing) and linting: https://github.com/postcss/postcss-loader - JS linting: https://github.com/webpack-contrib/eslint-loader The above tasks are just some of the more prominent examples. But anything is possible really. NPM scripts can be used to invoke the separate tasks like linting, building etc." omarreiss 36 Has Patch / Needs Testing 59851 test for send_frame_options_header Build/Test Tools normal normal Awaiting Review task (blessed) new has-patch 2023-11-08T21:52:52Z 2024-03-03T18:16:50Z pbearne 3 Has Patch / Needs Testing 59816 Bump default theme versions for WordPress 6.5 Bundled Theme normal normal 6.5 task (blessed) new has-patch 2023-11-06T14:33:24Z 2024-03-12T05:39:55Z "All bundled themes from 2010 to 2024 will need a version bump for the 6.5 release. Previously: #58832 - 6.4 #57857 - 6.3 #57689 - 6.2 #56450 - 6.1 #55754 - 6.0 #54783 - 5.9 #53277 - 5.8 #52704 - 5.7 #51919 - 5.6 #50889 - 5.5 #49743 - 5.4" mukesh27 17 Has Patch / Needs Testing 60751 Add fallback for the default font folder path Editor trunk high normal 6.5 task (blessed) new has-patch 2024-03-11T20:34:57Z 2024-03-19T01:16:26Z "Implement this design decision: > For installations that don’t support modification of the wp-content directory, the Font Library will use wp-content/uploads/fonts as a fallback location, ensuring we stay true to our project philosophy of designing for the majority while still making the feature available to anyone out of the box without extra steps from the user. Reference: https://make.wordpress.org/core/2024/03/07/unblocking-wp6-5-font-library-and-synced-pattern-overrides/" mmaattiiaass 12 Has Patch / Needs Testing 60315 Editor: Update the WordPress packages to the latest versions for 6.5 Editor normal normal 6.5 task (blessed) assigned has-patch 2024-01-22T10:21:29Z 2024-03-19T08:06:35Z This ticket tracks updates to @wordpress npm packages for 6.5 release. youknowriad 77 Has Patch / Needs Testing 37486 Make emojis accessible Emoji 4.2 normal normal Future Release task (blessed) new has-patch 2016-07-27T15:01:59Z 2021-01-05T08:08:42Z "Splitting this out from #37432. Currently, the WordPress Emojis are not accessible. The alt text contains the emoji character (vs a HTML encoded entity, or the emoji description) and that's a deliberate implementation choice, see [ticket:37433#comment:3] intended to allow copy and pasting the emojis. We've discussed a bit this issue in the accessibility weekly meeting and agreed there's room for improvements. At least, starting a discussion about emojis accessibility would be very welcome. Quickly checking how screen readers announce the WordPress emojis, there's no accessible name or description they can use: [[Image(https://cldup.com/oioYLgdQ86.png)]] Note: VoiceOver reads out ""group"" because the image is a `svg` file. Just adding an `aria-label` attribute (I've quickly edited in the browser console) gives screen readers an accessible name to announce: [[Image(https://cldup.com/xP0gzKlsnK.png)]] Comparing with what others do, for example Twitter because they usually have great solutions for accessibility, they use `png` images and both an `aria-label` and a `title` attribute, so VoiceOVer in this example reads out both. I guess the title attribute is used just to show the browser's ""tooltip"" with the emoji name: [[Image(https://cldup.com/MwMY0nHtoQ.png)]] {{{ }}} The aria-label solution is mentioned also on a related issue on the twemoji GitHub: https://github.com/twitter/twemoji/issues/41" afercia 19 Has Patch / Needs Testing 60700 Coding Standards fixes for WP 6.6 General normal normal 6.6 task (blessed) new has-patch 2024-03-06T05:03:13Z 2024-03-18T15:44:26Z "Previously: - #59650 (6.5) - #58831 (6.4) - #57839 (6.3) - #56791 (6.2) - #55647 (6.1) - #54728 (6.0) - #53359 (5.9) - #52627 (5.8) - #51799 (5.7) - #50767 (5.6) - #49542 (5.5) - #49222 (5.4) - #47632 (5.3) - #45934 (5.1)" mukesh27 6 Has Patch / Needs Testing 41121 Consistency of the _deprecated_function() calls and related documentation. SergeyBiryukov General 4.9 normal normal Future Release task (blessed) reviewing has-patch 2017-06-22T03:00:23Z 2023-07-06T11:14:14Z "While working on [https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/pull/979 updating the `WP.DeprecatedFunctions` sniff] which is part of the [https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/ WordPress Coding Standards] project, we've come across a number of inconsistencies in the application of the function and/or the related documentation. @jdgrimes previously already reported this concerning three functions in #41094 (has its own patch in that ticket), however since then a lot more inconsistencies have been identified. In a series of patches which I will add to this ticket I will address these: === Patch 1: Fix deprecation info in various docblocks * Fix incorrect deprecation comment naming the deprecated function as its own alternative * Fix typo in docblock `@deprecated` tag which meant that deprecation is not indicated on the dev ref website * Add missing `@deprecated` tags for two functions * Add missing alternative in `@deprecated` comment for `wp_get_sites()` === Patch 2: Add missing replacement functions to various `_deprecated_function()` calls * Add missing parentheses to a few deprecated function replacement function strings to be consistent with how this is done everywhere else. * Add missing alternative for the WP_Customize Widget deprecated methods. * Add missing alternative for three deprecated ms functions * Add missing alternative for deprecated `wp_cache_reset()` function === Patch 3: Add missing `_deprecated_function()` function calls to various functions * Add missing `_deprecated_function()` call for `funky_javascript_callback()` * Add missing `_deprecated_function()` call for `_save_post_hook()`. * Add missing `_deprecated_function()` call for `default_topic_count_text()`. * Add missing `_deprecated_function()` call for `screen_meta()`. * Add missing `_deprecated_function()` call for two screen icon related functions * Add missing `_deprecated_function()` call for nine wp_dashboard related functions * Add missing `_deprecated_function()` call for `wp_ajax_wp_fullscreen_save_post()`. * Add missing `_deprecated_function()` call for `ms_deprecated_blogs_file()` === Patch 4: Add missing `_deprecated_function()` calls to various deprecated class methods * Add `_deprecated_function()` calls to all methods within the deprecated WP_User_Search class. * Add missing `_deprecated_function()` call for four methods in WP_Customize_Image_Control === Patch 5: Add missing `_deprecated_function()` calls for four deprecated pluggable functions. Not all functions complied with what the docblock at the top of the files states: > Deprecated warnings are also thrown if one of these functions is being defined by a plugin." jrf 46 Has Patch / Needs Testing 52699 Flash is dead General low normal Future Release task (blessed) reopened has-patch 2021-03-03T06:08:42Z 2022-07-29T16:39:21Z "Hello, since Adobe does not support Flash anymore and nearly all browsers and OS too, I think it does not make sense to include follow things: - swfobject - flash fallback for upload - pupload flash " mkeck 3 Has Patch / Needs Testing 53465 PHP 8.1.: the default value of the flags parameter for htmlentities() et all needs to be explicitly set hellofromTonya General normal normal 6.6 task (blessed) assigned has-patch 2021-06-20T18:19:22Z 2024-02-26T16:59:59Z "From the PHP 8.1 changelog: > `htmlspecialchars()`, `htmlentities()`, `htmlspecialchars_decode()`, > `html_entity_decode()` and `get_html_translation_table()` now use > `ENT_QUOTES | ENT_SUBSTITUTE` rather than `ENT_COMPAT` by default. This means > that `'` is escaped to `'` while previously it was left alone. > Additionally, malformed UTF-8 will be replaced by a Unicode substitution > character, instead of resulting in an empty string. Ref: https://github.com/php/php-src/blob/28a1a6be0873a109cb02ba32784bf046b87a02e4/UPGRADING#L149-L154 If effect this means that the output of the above mentioned functions may be different depending on the PHP version and the passed text string, unless the `$flags` parameter is explicitly passed. I've run an initial scan over WordPress core with a new (not yet published) sniff for PHPCompatibility and this flags 33 issues. * 1 issue in GetID3 which should be fixed upstream and the copy of GetID3 used in WP should be updated once the issue is fixed. * 1 issue in PHPMailer which should be fixed upstream and the copy of PHPMailer used in WP should be updated once the issue is fixed. * 1 issue in SimplePie which should be fixed upstream and the copy of SimplePie used in WP should be updated once the issue is fixed. * And 30 issues in WP Core native code or code from external dependencies which are no longer maintained externally. Detailed issue list: https://gist.github.com/jrfnl/9d56b4053faa62a0fe91dea1b14839bf To fix this issue, the `$flags` parameter should be explicitly passed in each of these function calls. Some investigation will be needed for each of these instances to determine what will be the optimal value for `$flags`. Take note that the ""old"" parameter default in the function signature is documented as `ENT_COMPAT`, while in the parameter detail documentation, it states that the default, in actual fact, is ` ENT_COMPAT | ENT_HTML401`. However, by the looks of it, the full range of flag constants is available to us, which is at least one less problem. There is no mention of any of the flags being added since PHP 5.6. Ref: https://php-legacy-docs.zend.com/manual/php5/en/string.constants It is **strongly** recommended to make sure that for each of these at least one unit test exists which exposes the difference in output between PHP < 8.1 and PHP 8.1 to safeguard the fixes which will be added for the future. Also see: * https://www.php.net/manual/en/function.htmlentities.php * https://www.php.net/manual/en/function.html-entity-decode.php * https://www.php.net/manual/en/function.htmlspecialchars.php * https://www.php.net/manual/en/function.htmlspecialchars-decode.php * https://www.php.net/manual/en/function.get-html-translation-table.php" jrf 25 Has Patch / Needs Testing 56009 Prepare for PHP 8.2 General normal normal 6.6 task (blessed) new has-patch 2022-06-19T23:09:04Z 2024-02-17T16:12:46Z "This is a meta ticket to track the efforts to prepare for PHP 8.2. For PHP 8.0/PHP 8.1 specific fixes, please refer to the generic WP 6.1 PHP 8.x ticket: #55656 Please link patches related to a specific PHP 8.2 related task to the appropriate dedicated issue, if there is one (see the links in the description below). Generic/one-off PHP 8.2 related patches can be linked to this ticket. ---- == PHP 8.2: Important dates PHP 8.2 is [https://wiki.php.net/todo/php82 expected to be released on November 24 2022]. Other note-worthy dates: * The first alpha was released on June 9th 2022. * Feature freeze will be on July 19, 2022. **Note**: The below represents the status per June 20, 2022. As PHP 8.2 is not yet in feature freeze, these statuses can still deteriorate based on additional RFCs being accepted/implemented. == Readiness of essential tooling === [https://github.com/composer/composer Composer] Current status: * CI for Composer itself is being run against PHP 8.2. * No known issues in the last release (2.3.7). === [https://github.com/sebastianbergmann/phpunit PHPUnit] Current status: * CI for PHPUnit itself is being run against PHP 8.2. * No known issues in the last release (9.5.21). === [https://github.com/Yoast/PHPUnit-Polyfills PHPUnit Polyfills] Current status: * CI for PHPUnit Polyfills itself is being run against PHP 8.2. * No known issues in the last release (1.0.3). === [https://github.com/wp-cli/wp-cli WP-CLI] Current status: * CI for WP-CLI is NOT (yet) being run against PHP 8.2. * **''Status unknown''**. === Other tooling Other tooling doesn't necessarily have to run against PHP 8.2 (yet), so has not been evaluated. == Initial DevOps Tasks Typical tasks which need to be executed to allow WordPress to prepare for PHP 8.2: === [https://github.com/WordPress/wpdev-docker-images Docker] * Add PHP 8.2 to the Docker images. A [https://github.com/WordPress/wpdev-docker-images/pull/87 PR for this] was merged on Jun 23, 2022 === GitHub Actions **TODO:** * Add PHP 8.2 to the GitHub Actions `phpunit-tests.yml` configuration. Status: Committed in [53922] Notes: - Test failures on PHP 8.2 should not (yet) fail the build. - The `composer install` will most likely need to run with `--ignore-platform-req=php` as not all dependencies of PHPUnit 9.x have declared compatibility with PHP 8.2 yet. == PHP 8.2 changes for which WordPress will need to prepare Similar to the rest of this ticket, this list is based on the current status of PHP 8.2 and still subject to change. === [https://wiki.php.net/rfc/deprecate_dollar_brace_string_interpolation Deprecation of ${} string interpolation] Only two small issues + one in the tests. This was being tracked in #55787. Committed in [54134] === [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode Deprecation of utf8_encode and utf8_decode] The issue will not affect WordPress Core much, but **will** have a significant impact on plugins/themes. The recommendation is to make the MbString extension a requirement for WP Core to help plugins/themes mitigate this. This is being tracked in #55603. === [https://wiki.php.net/rfc/deprecate_partially_supported_callables Deprecation of partially supported callables] No significant problems expected in WP Core. WordPress does use callables extensively, but the particular type of callables being deprecated are not typically used within WordPress. === [https://wiki.php.net/rfc/deprecate_dynamic_properties Deprecate dynamic properties] This is the big one and I expect a HUGE amount of problems due to this. In my opinion two groups of patches are needed to at least try and mitigate this. ~~I intend to write up the details for this in two separate tickets over the next week or so.~~ I have opened two tickets to track and address these issues: * #56033 for ""known"" dynamic properties which should be declared on the class. * #56034 for ""unknown"" dynamic properties Ticket #55357 is related to this, but should not be actioned in isolation. === [https://wiki.php.net/rfc/strtolower-ascii Locale-independent case conversion] Needs investigation if and if so, how extensive the impact will be on WordPress. If there is any impact, making the MbString extension a requirement for WP Core would likely go a long way to mitigate this. === [https://wiki.php.net/rfc/mysqli_support_for_libmysql Remove support for libmysql from mysqli] This is primarily an issue which may impact webhosts. No direct impact on WordPress itself is expected. == Status of External Dependencies === [https://github.com/JamesHeinrich/getID3 GetID3] Current status: * A [https://github.com/JamesHeinrich/getID3/pull/385 PR has been merged] to enable linting against PHP 8.2. The build passes without finding any PHP 8.2 related issues. * **Important**: the project has no test suite, so the linting passing on PHP 8.2 is only a small comfort and does not provide any real security. * In other words: **''status unknown''**. * WordPress is using the latest version (1.9.21), see #54162 === [https://github.com/PHPMailer/PHPMailer PHPMailer] Current status: * Linting and tests are being run against PHP 8.2. * No known issues in the last release (6.6.2). * WordPress is using the latest version, see #55976 === [https://github.com/paragonie/random_compat Random Compat] Current status: * A [https://github.com/paragonie/random_compat/pull/180 PR has been merged] to enable running of the tests against PHP 8.2. The build passes without finding any PHP 8.2 related issues. * No known issues in the last release (2.0.21). * WordPress is using the latest version, see #55181 === [https://github.com/WordPress/Requests Requests] Current status: * A [https://github.com/WordPress/Requests/pull/751 PR was opened] to enable running of linting and tests against PHP 8.2. The PR build found one, test-only, issue in Requests for PHP 8.2, which has no impact on the production code. * No known issues in the last release (2.0.3). * WordPress was upgraded to `2.0.0` via [54997] (see #54504) I've done a test run of Requests 1.8.1 against PHP 8.2 and based on the tests and aside from the already known PHP 8.1 deprecations, there are no relevant PHP 8.2 issues known at this moment. === [https://github.com/simplepie/simplepie SimplePie] Current status: * A [https://github.com/simplepie/simplepie/pull/739 PR is open] to enable running of the tests against PHP 8.2. The PR build passes without finding any PHP 8.2 related issues. * No known issues in the last release (1.6.0). * WordPress is behind and is still using version `1.5.8`, while the latest release is `1.6.0`, see #55604 I've done a test run of SimplePie 1.5.8 against PHP 8.2 and based on the tests, there are no relevant PHP 8.2 issues known at this moment. === [https://github.com/paragonie/sodium_compat Sodium Compat] Current status: * A [https://github.com/paragonie/sodium_compat/pull/146 PR has been merged] to enable running of the tests against PHP 8.2. The build passes without finding any PHP 8.2 related issues. * No known issues in the last release (1.17.1). * WordPress is using the latest version, see #55453 / [52988]. " jrf 42 Has Patch / Needs Testing 59231 Prepare for PHP 8.3 General 6.4 normal normal 6.6 task (blessed) new has-patch 2023-08-28T23:15:51Z 2024-02-17T16:12:34Z "This is a meta ticket to track the efforts to prepare for PHP 8.3. For PHP 8.0/8.1/8.2 specific fixes, please refer to the generic WP 6.4 PHP 8.x ticket: #58850 Please link patches related to a specific PHP 8.3 related task to the appropriate dedicated issue, if there is one (see the links in the description below). Generic/one-off PHP 8.3 related patches can be linked to this ticket. ---- == PHP 8.3: Important dates PHP 8.3 is [https://wiki.php.net/todo/php83 expected to be released on November 23 2023]. Other note-worthy dates: * The first alpha was released on June 8th 2023. * Feature freeze started on July 18, 2023. **Note**: The below represents the status per August 28, 2023. As PHP 8.3 is in feature freeze, these statuses should be reasonably reliable. == Readiness of essential tooling === [https://github.com/composer/composer Composer] Current status: * CI for Composer itself was not yet being run against PHP 8.3. I've opened [https://github.com/composer/composer/pull/11601 a PR] for this. ''[JRF: this PR has since been merged]'' * I've ran linting, PHPCompatibility (bleeding edge) and the test suites against PHP 8.3 and found no problems for PHP 8.3 though. * The only issues I've managed to identify are in the test suite of Composer, which has no impact on end-users of Composer. === [https://github.com/sebastianbergmann/phpunit PHPUnit] Current status: * CI for PHPUnit itself is being run against PHP 8.3. * No known issues in the last release supported for the WP test suite (9.6.11). === [https://github.com/Yoast/PHPUnit-Polyfills PHPUnit Polyfills] Current status: * CI for PHPUnit Polyfills itself is being run against PHP 8.3. * No known issues in the last release (1.1.0). === [https://github.com/wp-cli/wp-cli WP-CLI] Current status: * CI for WP-CLI was not (yet) being run against PHP 8.3. A [https://github.com/wp-cli/.github/pull/68 PR to change this has been opened and merged]. * **''Status unknown''**. === Other tooling Other (PHP) tooling doesn't necessarily have to run against PHP 8.3 (yet), so has not been evaluated. == Initial DevOps Tasks Typical tasks which need to be executed to allow WordPress to prepare for PHP 8.3: === [https://github.com/WordPress/wpdev-docker-images Docker] * Add PHP 8.3 to the Docker images. A [https://github.com/WordPress/wpdev-docker-images/pull/113 PR for this] was merged on July 26, 2023 === GitHub Actions * Add PHP 8.3 to the GitHub Actions `phpunit-tests.yml` configuration. [https://github.com/WordPress/wordpress-develop/pull/5106 GH PR #5106] ''[JRF: this PR has since been merged]'' Notes: - Test failures on PHP 8.3 should not (yet) fail the build, but as the actual script to run the tests has been moved, it is currently impossible to use `continue-on-error` as that keyword is not supported when calling a reusable workflow... /cc @desrosj == PHP 8.3 changes for which WordPress will need to prepare === [https://wiki.php.net/rfc/deprecations_php_8_3 Generic deprecations for PHP 8.3] Based on initial (bleeding edge) PHPCompatibility scans + the tests, WP is not affected by the deprecations which passed from this RFC (not all of them did). === [https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signature Deprecation of functions with overloaded signatures] This RFC only partially affects PHP 8.3. If a replacement is readily available already, the deprecation of the overloaded signature takes place in PHP 8.3. If no replacement was available, the replacement functions are being introduced in PHP 8.3 and the actual deprecation of the overloaded signature takes place in PHP 8.4. Based on initial (bleeding edge) PHPCompatibility scans + the tests, WP is affected by two of the deprecations in PHP 8.3: * `get_class()` and `get_parent_class()` - this is already being tracked in #58876, there is a patch available, which IMO is ready for commit. ''[JRF: the PR for this has since been merged]'' * `ReflectionProperty::setValue()` with static properties. [https://github.com/WordPress/wordpress-develop/pull/5105 GH PR #5105] ''[JRF: this PR has since been merged]'' The other deprecations in this RFC do not appear to affect WP Core at this time. There is one - `stream_context_set_option()`, which will impact Requests, but only in PHP 8.4 and [https://github.com/WordPress/Requests/pull/822 a patch has already been pulled] for this. === [https://wiki.php.net/rfc/saner-inc-dec-operators Saner increment/decrement operators] To my surprise, I have not found any issues in WP with this change based on the tests alone, but I would not be surprised if the odd issue around this gets reported over time. === [https://wiki.php.net/rfc/marking_overriden_methods Marking overridden methods] This is a new feature with limited validation functionality attached. The attribute basically allows to mark methods in a (child) class/interface which overload a method in a parent class or from an interface, as doing so intentionally. Per the RFC: > ... being able to express if a method is intended to override another method or implement an interface would make it easier to debug a mistake, to refactor and to clean up existing code. Another possible use case is to easily detect a possibly breaking change in a parent class that was provided by a library without needing to read the changelog in detail or missing some item in the list of changes I'd like to advocate for adding these attributes to WP Core in all the relevant places as it: * Increases awareness of the method overload for contributors. * Can serve as a warning that the method signature should not be touched (unless the parent method signature changes). * Has no downside as attributes are ignored in older PHP versions and in PHP versions where the attribute referenced does not exist. In the rare case that the attribute, once added, would result in a fatal error, that would be fantastic, as that means we have actually found a bug in WP before it got into a stable release. Separate ticket to allow for discussing this proposal in more detail and for patches: #59232. === [https://wiki.php.net/rfc/unserialize_warn_on_trailing_data Make unserialize() emit a warning for trailing bytes] While based on the current test suite, WP is not ''directly'' affected by this, the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function could still be confronted by data with trailing bytes. However, the call to the PHP native `unserialize()` within `maybe_unserialize()` silences all (PHP 8.0+: non-fatal) errors, so this new warning will not affect WP or its ecosystem as long as the `maybe_unserialize()` function is used. Having said that, a critical look at `maybe_unserialize()` may be warranted as the new warning in PHP is related to security issues discovered in other projects, so WP may want to consider rejecting unserialization for data throwing this warning. Also note that there are 7 uses of `unserialize()` in total within WP Core, one within `maybe_unserialize()`, but the function is also used in 6 other places and 5 of those do not use error silencing. === [https://wiki.php.net/rfc/improve_unserialize_error_handling Improve unserialize() error handling] This, again, affects the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function and this time, the code should probably be adjusted to handle the new errors which `unserialize()` can now throw. The change does not affect unserializing valid data, but in the case of invalid data, the type of and severity of the notices/warnings/catchable exceptions have been changed. All 7 uses of `unserialize()` in WP Core should be reviewed and for the 6 uses outside of the `maybe_unserialize()` function, it should be reviewed whether they can/should switch to using `maybe_unserialize()` and/or whether they should get their own (improved) error handling. Separate ticket to allow for discussing this and the previously listed RFC in more detail and for patches: #59233. === [https://wiki.php.net/rfc/assert-string-eval-cleanup Deprecate remains of string evaluated code assertions] As WP Core does not use assertions, it is not affected by the changes in this RFC. Plugins/themes may still be affected, though I'd hope none of those would use `assert()`.* * `assert()` is intended for dev-only use. The behaviour of `assert()` is heavily affected by ini settings which cannot be changed at runtime, which means that end-users may be confronted by unexpected fatal errors due to the use of `assert()` if they run on an incorrectly configured webhost. === [https://wiki.php.net/rfc/proper-range-semantics Define proper semantics for range() function] This RFC adds a number of errors and warnings for incorrect use of the `range()` function. WP Core has 8 uses of this function in `src`, 2 in `class-wp-text-diff-renderer-table.php` and 6 in various files from external dependencies. I've visually reviewed each of these and they all look to be okay, though a check to safeguard that the WP native uses are covered sufficiently by tests would be prudent. [TODO] === [https://wiki.php.net/rfc/datetime-exceptions More Appropriate Date/Time Exceptions] This RFC reclassifies warnings and errors from the DateTime extension to catchable Exceptions when the OO-interface is used (procedural use of the DateTime functionality is not affected). Based on the tests, WP Core is not affected by this and as the DateTime use of WP Core is pretty well tested, I'm fairly confident, we'll be fine. === [https://wiki.php.net/rfc/json_validate New json_validate() function] This function is a high-performance way to validate json prior to decoding it. This function cannot be polyfilled without a performance hit. However, due to the potential for using json for Denial-of-Service attack vectors (via a HUGE file/stream), I would strongly recommend for WP Core to start using this new function in all appropriate places wrapped within an `if ( function_exists() ) {}`. The `json_decode()` function is used 44 times within `src` (excluding external dependencies). We may want to consider introducing a `wp_json_decode()` function to ensure the use of `json_validate()` (when available). This would then mirror the already existing [https://developer.wordpress.org/reference/functions/wp_json_encode/ `wp_json_encode()`] function. See: #59234 == Status of External Dependencies === [https://github.com/JamesHeinrich/getID3 GetID3] Current status: * Linting is enabled against PHP 8.3. The build passes without finding any PHP 8.3 related issues. * **Important**: the project has no test suite, so the linting passing on PHP 8.3 is only a small comfort and does not provide any real security. * In other words: **''status unknown''**. * WordPress is using the latest version (1.9.22), see #56692 === [https://github.com/PHPMailer/PHPMailer PHPMailer] Current status: * Linting and tests are being run against PHP 8.3. * No known issues in the last release (6.8.0) (aside from something in the PHPMailer test suite, which doesn't affect WP). * WordPress is using the latest version, see #57873 === [https://github.com/WordPress/Requests Requests] Current status: * Linting and tests are being run against PHP 8.3. * No known issues in the last release (2.0.7) (aside from something in the Requests test suite, which doesn't affect WP). * WordPress is using the latest relevant version `2.0.6`, see #58079. Requests 2.0.7 only updated the certificates bundle, while WP uses its own) === [https://github.com/simplepie/simplepie SimplePie] Current status: * Tests are being run against PHP 8.3. * No known issues in the current `master` branch. * WordPress is behind and is still using version `1.5.8`, while the latest release is `1.6.0`, see #55604 I've done a test run of SimplePie 1.5.8 against PHP 8.3 and based on the tests, there are no relevant PHP 8.3 issues known at this moment. === [https://github.com/paragonie/sodium_compat Sodium Compat] Current status: * A [https://github.com/paragonie/sodium_compat/pull/160 PR has been opened] to enable running of the tests against PHP 8.3. The build passes without finding any PHP 8.3 related issues. ''[JRF: this PR has since been merged]'' * No known issues in the last release (1.20.0). * WordPress is using the latest version, see #58224. === [https://github.com/openwall/phpass PHPass] Current status: * Tests are being run against PHP 8.3. * No known issues in the current `main` branch, which translates to the `0.5.4` version. * WordPress is using version `0.5.0`, but the script is a little out of sync with upstream, though not in a way that it impacts the running of WP on PHP 8.3." jrf 13 Has Patch / Needs Testing 52264 Rename `$array` when used in `@param` tags General normal normal Future Release task (blessed) new has-patch 2021-01-08T22:38:56Z 2022-02-25T18:55:08Z "Related: #52243 Several functions, filters and actions pass `$array` as a parameter. Usage of `$array` in `@param` tags for actions and filters should be replaced with a more appropriate (and descriptive) variable name. Example: In `class-requests.php` {{{ /** * Convert a key => value array to a 'key: value' array for headers * * @param array $array Dictionary of header values * @return string[] List of headers */ public static function flatten($array) { }}} Could be replaced with: {{{ /** * Convert a key => value array to a 'key: value' array for headers * * @param array $headers Dictionary of header values * @return string[] List of headers */ public static function flatten( $headers ) { }}}" audrasjb 10 Has Patch / Needs Testing 60648 Update the `$_old_files` array for 6.5 swissspidy* General normal normal 6.5 task (blessed) accepted has-patch 2024-02-27T16:43:31Z 2024-03-06T06:54:12Z "Updating from 6.4 to 6.5 Beta 3 results in the following files being removed: {{{ File removed: wp-includes/ID3/license.commercial.txt File removed: wp-includes/blocks/query/style-rtl.min.css File removed: wp-includes/blocks/query/style.min.css File removed: wp-includes/blocks/query/style-rtl.css File removed: wp-includes/blocks/query/style.css File removed: wp-admin/images/about-header-privacy.svg File removed: wp-admin/images/about-header-about.svg File removed: wp-admin/images/about-header-credits.svg File removed: wp-admin/images/about-header-freedoms.svg File removed: wp-admin/images/about-header-contribute.svg File removed: wp-admin/images/about-header-background.svg }}} See also https://make.wordpress.org/core/handbook/about/release-cycle/releasing-major-versions/#dry-run While there is an initial patch already, please double check before committing." swissspidy 4 Has Patch / Needs Testing 60303 About Page for 6.5 Release Help/About normal normal 6.5 task (blessed) new has-patch 2024-01-19T19:17:45Z 2024-03-12T15:00:41Z "This ticket will serve as a hub for the discussion, planning, design, and other related work for creating the WordPress 6.5 About page. Anyone involved in the release is invited to follow this ticket as part of their release-related duties and offer their input. " laurlittle 63 Has Patch / Needs Testing 49631 Test coverage for media_sideload_image() _source_url meta killua99 Media 5.4 normal normal Future Release task (blessed) assigned has-patch 2020-03-12T14:38:46Z 2020-10-22T14:21:30Z "Since #48164 when an image is sideloaded we store the original attachment URL in `_source_url`. There should be test coverage across this feature that validates that the meta is being properly stored. @pbiron mentioned in the Media meeting where this was discussed that there are currently no existing tests around the `media_sideload_image()` function. This would be a great start to getting that covered. @joemcgill also mentioned that ""You may want to consider writing the test in a way that sideloads an image that is already available on the test site."" Link to media meeting where this took place: https://wordpress.slack.com/archives/C02SX62S6/p1584022312111000" antpb 13 Has Patch / Needs Testing 55645 Docs: Improve the documentation for `plugins_api()`. Plugins 2.7 normal normal Future Release task (blessed) new has-patch 2022-05-02T02:23:02Z 2024-02-19T20:37:31Z "The docblock for [https://developer.wordpress.org/reference/functions/plugins_api/ plugins_api()] needs some improvement, including: - it does not document the make-up of possible return values. - it has a self-reference in the `@return` annotation. Related ticket: #55480" costdev 14 Has Patch / Needs Testing 41459 Introduce a REST API endpoint for networks / network options REST API normal normal Future Release task (blessed) new has-patch 2017-07-27T16:55:56Z 2020-04-03T04:51:03Z "Similar to sites in #40365, there should be a networks endpoint as part of the REST API. Through recent multisite discussions, we have come to the conclusion that, while multi-network should never be part of core, there should be basic and unopinionated APIs present that can be used by whoever wants to implement it. A basic networks API in these terms implies that it's a simple CRUD API for the `wp_site` database table. #29411 will introduce the internal core functions that this endpoint will be able to use. The endpoint should be able to do the following: * List networks: `GET wp/v2/networks/` * Retrieve a network: `GET wp/v2/networks/` * Create a network: `POST wp/v2/networks/` * Update a network: `PUT wp/v2/networks/` * Delete a network: `DELETE wp/v2/networks/` Once the changes in #25344 is in place, a network meta endpoint should be created as well. For now this will be part of this ticket too. Note that this ticket is an early one and will lay around for a while. The other non-network-related roadmap items have a higher priority." flixos90 6 Has Patch / Needs Testing 18289 Direct link to plugin installation should have admin chrome Upgrade/Install normal normal Future Release task (blessed) reviewing has-patch 2011-07-29T06:02:19Z 2022-08-02T19:37:24Z "We should be able to provide a direct link to the page to install a plugin, based on the plugin's slug. This does it: wp-admin/plugin-install.php?tab=plugin-information&plugin=log-deprecated-notices. However, there's no admin chrome, no real indication which site you're on, and no name of the plugin. If we're not loading that page inside an iframe request, it needs the admin around it, as well as a heading. Probably new styling too. This would serve as a replacement for [http://coveredwebservices.com/wp-plugin-install/ Jaquith's bookmarklet], which broke in 3.2 (frame busting), as well as allow us to integrate a link on extend/plugins for plugin installation. Related, #16923, which is now closed." nacin 15 Changes Requested 51126 Document the update offer parameter for auto updates desrosj Upgrade/Install normal normal Future Release task (blessed) reviewing changes-requested 2020-08-24T21:37:54Z 2022-10-10T15:21:25Z "The ""update offer"" for auto updates gets retrieved from the updates API, passed between methods, stored in transients, and sent through filters. Its shape should be documented in all these places." johnbillion 36 Has Patch / Needs Testing 39309 Secure WordPress Against Infrastructure Attacks Upgrade/Install 4.8 normal critical Future Release task (blessed) assigned has-patch 2016-12-16T17:50:14Z 2022-05-26T22:30:44Z "(Similar to #25052 but much more focused on the implementation details) == Background == Recommended reading: 1. http://seclists.org/oss-sec/2016/q4/478 2. https://www.wordfence.com/blog/2016/11/hacking-27-web-via-wordpress-auto-update/ 3. https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers Currently, if an attacker can compromise api.wordpress.org, they can issue a fake WordPress update and gain access to every WordPress install on the Internet that has automatic updating enabled. We're two minutes to midnight here (we were one minute to midnight before the Wordfence team found that vulnerability). Given WordPress's ubiquity, an attacker with control of 27% of websites on the Internet is a grave threat to the security of the rest of the Internet. I don't know how much infrastructure could withstand that level of DDoS. (Maybe Google?) The solution is to make the automatic update mechanism secure **even if the update server is totally owned up**. As published in the third link, the core elements of a totally secure automatic update system are: 1. Offline Cryptographic Signatures 2. Reproducible Builds 3. Decentralized Authenticity / Userbase Consistency Verification 4. Transport-Layer Security 5. Mirrors and Other Availability Concerns 6. Separation of Privileges However, I'm mostly interested in 1, 2, and 3. I believe 4 is already implemented (if not, this just became a lot scarier). == Proposed Solution == We're going to have to roll this out in phases, rather than all at once. 1. Offline Cryptographic Signatures 1. Decide on a digital signature algorithm and/or cryptography library to use. 2. Generate a keypair for the release managers to use. 3. Pin the public key in a major release (e.g. 4.8 or 4.9). 4. Add signature verification to the update process, but for the first release or two, **don't enforce it**. Just collect data until we're sure it works for everyone. 5. Enforce digital signatures. Then this is satisfied. 2. Reproducible Builds. 1. The update file should be easily reproduced by any end user. 2. The update file and update served by api.wordpress.org should be easily verifiable. 3. We wrote Pharaoh for auditing PHP Archives; something similar may be useful for WP updates: https://paragonie.com/project/pharaoh 3. Decentralized Authenticity / Userbase Consistency Verification * See below. 4. Make plugin/theme updates secure. Once core updates are secure, the next step is to allow plugin/theme developers to upload their own public keys which can be used to sign their own extensions. If you want a reference implementation, we already have a working secure automatic update system built into CMS Airship (which is GPL 3): * https://paragonie.com/blog/2016/05/keyggdrasil-continuum-cryptography-powering-cms-airship * https://github.com/paragonie/airship/blob/master/src/Engine/Continuum.php * https://github.com/paragonie/airship/blob/master/src/Engine/Keyggdrasil.php === Decentralized Authenticity === In CMS Airship, we're totally decentralized: Every Airship maintains its own record of every update file or new/revoked public key since its inception. (This is because CMS Airship aims for maximum security.) For WordPress, I'm recommending a federated model instead, but the concepts are mostly the same: 1. Notaries (WordPress blogs or other services that opt in to hosting/verifying the updates) will mirror a Merkle tree which contains (with timestamps and signatures): * Any new public keys * Any public key revocations * Cryptographic hashes of any core/extension updates 2. WordPress blogs will have a pool of notaries they trust explicitly. (This can be provided by your hosting provider, who runs the single source of truth for all their clients, so long as they themselves practice due diligence.) 3. When an update is received from the server, after checking the signature against the WP core's public key, they will poll at least one trusted Notary (send a challenge nonce, current timestamp, a checksum of the update file, and any other useful identifying metadata e.g. ""wp-core version 4.9.2""). The Notary will verify that the update exists and matches the checksum on file, and respond with a signed message containing: * The challenge nonce * The response timestamp * Whether or not the update was valid This will be useful in the event that the WP.org's signing key is ever compromised by a sophisticated adversary: If they attempt to issue a silent, targeted update to a machine of interest, they cannot do so reliably: To pull off their attack, they have to allow the Merkle tree (that is mirrored by every Notary) to record/broadcast evidence of their attack in order for it to succeed. So while targeted attacks may still be theoretically possible, it will no longer be possible to do them silently. In addition to a security layer, it's a deterrent against the most sophisticated threats. === Securing Plugins and Themes === This will probably be the last piece tackled. Basically: Offer the same signing capabilities to theme/plugin developers that will already be in the hands of the core team. This can be done piecemeal (i.e. optional field on WP.org that allows them to upload their public key, generated by some tooling we provide developers). We should incentivize packages that provide their own signature by, for instance, placing them higher in the listings and/or giving them an attractive and desirable UI element that says ""we're secure"". If we one day reach near-100% coverage of the WP ecosystem with digital signing, we can discuss making it mandatory. == Implementation Recommendations == Okay, this section is going to be technical so feel free to skip most of this if you're not into cryptography. TL;DR - We need a libsodium polyfill, which Paragon Initiative Enterprises is willing to write for free if (and only if) the cost of an independent third party audit is covered by the community and/or the community's corporate sponsors. === Digital signatures === PHP, out of the box, only supports RSA signatures (via the OpenSSL extension), but doesn't support RSASSA-PSS+MGF1SHA256. PKCS1v1.5 padding is unacceptable. It may be tempting to move towards something like ECDSA, but a mix of security concerns (the Sony ECDSA k-value reuse incident, invalid curve attacks against Weierstrass curves) makes us wary even of RFC 6979 (deterministic ECDSA). We propose a standardized digital signature algorithm based on twisted Edwards curves. Namely, **Ed25519** or **Ed448** (EdDSA over the RFC 7748 curves). === Merkle Trees === The TrimmedMerkleTree in Halite is probably the best starting point: https://github.com/paragonie/halite/blob/master/src/Structure/TrimmedMerkleTree.php Halite's Merkle tree implementations are based on the BLAKE2b hash function (a SHA3 finalist with great performance in software based on the ChaCha20 round function). === Checksums === One of the following algorithms should be used where ever a checksum is required: * BLAKE2b * SHA-512/256 * SHA-512/224 * SHA-384 At no point should MD5 or SHA1 be considered. SHA-256 and SHA-512 are vulnerable to length-extension attacks and are not recommended. == Action Plan == First, if this plan is agreeable by WordPress's security team, we'll get to work on a libsodium polyfill that works as far back as PHP 5.2.4 (in the spirit of WordPress's backwards compatibility tradition). Once that's finished, independently audited by cryptography experts, and released to the public, we'll work on getting the core cryptographically signed. This will require some additional tooling; the release managers will need to run a command to produce a valid signature of the update file before releasing it. After core updates are signed and signatures are being verified, we'll build the decentralized verification layer. Then, we can move forward with making everyone's plugins and extensions securely delivered. --- Edit Jan 3, 2019: As noted in [comment:50 comment #50], adding the sodium_compat library has been split out to a separate ticket, #45806, as it can serve a wider purpose than protecting against infrastructure attacks. -- @peterwilsoncc" paragoninitiativeenterprises 104 Needs Patch 40330 Reconsider the usage of infinite scrolling across the admin Administration normal normal Future Release task (blessed) assigned 2017-04-01T14:24:24Z 2021-05-08T11:20:11Z "As accessibility team, we've often discussed and we're aware of some a11y issues in the WordPress admin but haven't formalized them in a Trac ticket yet. That's because they're general, broad, issues and they probably can't be solved soon, as they have a big impact on the way some relevant parts of the user interface are built. They would require some extensive discussion and research. Nevertheless, if we're not going to at least open a discussion, the solution is not going to happen 🙂 . During the last accessibility weekly meeting we've decided to open a series of tickets and use a special keyword to group them, something like `a11y-task`. This is the first ticket of the series. Infinite scrolling (sometimes known as ""endless scrolling"") can be a serious accessibility barrier. It's used in the admin in a few places, for example: - Media Grid - Add Themes screens - Customizer > Add menu items - Editor > Insert/Edit link > Search - any other places? For a comprehensive view of all the potential issues, I'd refer to the list of resources below. I'd recommend everyone to have a look at those posts. I'd say the issues can be grouped in three different categories: accessibility, usability, and performance. Just to mention some of the most relevant ones: - a11y: it's impossible or very hard for keyboard users to reach content placed after an infinite scrolling region: think for example at the Media Grid, where tabbing through attachments loads more and more attachments (potentially hundreds or thousands of them) forcing users to keep tabbing indefinitely - a11y: no audible feedback or instructions about how infinite scrolling works, the current and total number of items, or when new items get loaded - usability: infinite scrolling often breaks the browser's history - usability: there's no JS fallback - performance: memory footprint can be huge, especially when loading hundreds of big images, see the Theme install screens Resources mostly focused on accessibility: http://adrianroselli.com/2014/05/so-you-think-you-built-good-infinite.html http://simplyaccessible.com/article/infinite-scrolling/ http://www.webaxe.org/infinite-scrolling-and-accessibility/ http://www.ssbbartgroup.com/blog/infinite-scrolling-impact-on-assistive-technologies-series-1/ Resources mostly focused on usability: https://webmasters.googleblog.com/2014/02/infinite-scroll-search-friendly.html https://www.nngroup.com/articles/infinite-scrolling/ https://www.sitepoint.com/ux-infinite-scroll-good-bad-maybe/ http://www.webdesignerdepot.com/2015/11/how-infinite-scrolling-breaks-ux/ https://www.smashingmagazine.com/2016/03/pagination-infinite-scrolling-load-more-buttons/ https://www.smashingmagazine.com/2013/05/infinite-scrolling-lets-get-to-the-bottom-of-this/ Resources focused on memory footprint: http://engineering.linkedin.com/linkedin-ipad-5-techniques-smooth-infinite-scrolling-html5 https://www.sencha.com/blog/the-making-of-fastbook-an-html5-love-story/ http://dannysu.com/2012/07/07/infinite-scroll-memory-optimization/ Maybe for the future: the ARIA role `feed` https://www.w3.org/TR/wai-aria-1.1/#feed (at the time of writing, ARIA 1.1 is still a Candidate Recommendation, and as far as I know, no assistive technologies support the role `feed`) See also: http://www.ssbbartgroup.com/blog/differences-aria-1-0-1-1-additions-role/ See #19815, #28927, #28998. " afercia 24 Needs Patch 40925 Review the usage of the change event on select elements joedolson* Administration normal normal Future Release task (blessed) accepted 2017-06-05T12:47:01Z 2023-09-22T16:09:18Z "See also #31634 The change event can be problematic when used on select elements because browsers fire the event in different ways across different platforms. In this ticket I'll try to clarify what this difference is, why it matters for keyboard users, and why some actions shouldn't be triggered when a select option gets selected. On macOS, when using the keyboard to navigate content and a select element gets focused, using the arrow keys always opens the select ""drop-down"": [[Image(https://cldup.com/rU6roN4wAO.png)]] This behavior allows users to explore the content of the select, scroll through the options, and select an option pressing Enter or Spacebar. This way, the change event fires after an explicit user action. Instead, on Windows using the arrow keys on a select doesn't automatically open the ""drop-down"". To clarify what happens, I've made a short video using the Archives and Categories widgets as an example: https://cloudup.com/iuFxQ7CkA7k Historically, this behavior was typical of all browsers on Windows, except Firefox. However, a recent change made Firefox behave like all the other browsers. For more details, see https://bugzilla.mozilla.org/show_bug.cgi?id=1350700 Since the drop-down doesn't open (it does only when pressing Alt+Down arrow), it's hard to scroll the list of options without firing the event at each arrow keys press. Users would need to explore the content of the select before making a choice, and to do so they use the arrow keys. However, while exploring the select content, the action associated to the change event runs. In the case of these widgets, the action triggers a full page reload. Actions that have a big impact like a full page reload or a complete change of context should only be triggered after an intentional choice of the user, i.e. when pressing a button close to the select. In other cases, when the action triggers minor changes, using the change event could be OK. The best option would probably be to evaluate the interaction on a case by case basis. There are a few places in WordPress where the change event is used this way, not pretending to be a complete list, here's some of them: Media views: - Filter by type - Filter by date Customizer - Menu > Menu locations - Static front page > A static page" afercia 15 Needs Patch 23432 "Review usage of target=""_blank"" in the admin" sabernhardt* Administration 3.2 normal normal Future Release task (blessed) accepted 2013-02-09T15:26:25Z 2023-11-17T17:54:28Z "Some links in the Setting Pages (General, Discussion, Permalink) pages open in same window, which sometime can be awful. [[BR]] While the users can press cmd/ctrl + click and click the link to open it in new tab but If the user does not open the link in new window, options (which are not saved) will be lost and one have to go through them again.[[BR]] Also links in the Edit Profile page and all the links in the help tab open in new window except a few.(so it is possible that users may just click it thinking them to alike other links which open in new window)[[BR]] So a consistency will be there and ux can be a little better." theadityajain 56 Needs Patch 26504 Semantic elements for non-link links joedolson* Administration 3.8 normal normal Future Release task (blessed) accepted 2013-12-09T14:29:18Z 2024-01-30T15:12:56Z "Using the [http://heydonworks.com/revenge_css_bookmarklet/ revenge.css bookmarklet] on the dashboard gives a very [http://d.pr/i/yVYh clear indication] that some of the links on there are semantically incorrect - they should be buttons, even if they should look like links. The Actual Buttons Are Actual section of this [http://coding.smashingmagazine.com/2013/08/20/semantic-css-with-intelligent-selectors/ article] sums it up nicely why. Unless the accessibility team have indicated otherwise, each of the 74+ occurrences (only counting PHP files, more in JS files) of links with `href=""#""` should probably be a ` // Basic CSS: .no-button { background: none; border: none; color: #0074a2; } .no-button:hover { color: #2EA2C9; cursor: pointer; } " GaryJ 52 Needs Patch 47682 "The links ""hover"" color has insufficient color contrast" joedolson* Administration normal normal 6.6 task (blessed) accepted 2019-07-11T12:32:43Z 2024-02-06T15:50:53Z "Supersedes #35622 and #47157. During the contributor day at WCEU 2019, it was proposed to merge #35622 and #47157. They're strictly related and the root issue needs to be tackled holistically across the whole WordPress admin. == Problem Default links (and ""button-links"") in WordPress are blue. The ones for destructive actions are red. Generally, the default colors for their normal state do have a sufficient color contrast ratio of 4.5:1 with the background. However, the colors used for the ""hover"" (and ""active"") state don't. == Relevant standard W3C Web Content Accessibility Guidelines (WCAG) [https://www.w3.org/TR/WCAG21/#contrast-minimum 1.4.3 Contrast (Minimum) (Level AA)] == Details #35622 dived into the red links issue and after some exploration it became clear that finding a color **pair** (one color for the normal state and one for the hover/active state) that always works across the admin, is nearly impossible given the several, different, background colors used in the admin pages. Part of the problem is that the hover color is ""lighter"" than the default one. Worth noting the color used for the ""focus"" state is darker instead. More importantly, there are several different background colors, including [https://core.trac.wordpress.org/ticket/35783 an arguable amount of grey shades]. Trying to summarise the reason why #35622 didn't progress: - darkening the ""hover"" red forced to darken also the default red - once a new color pair was identified, it worked well on ''some'' backgrounds - however, it didn't work on other darker backgrounds - started from scratch and further darkened the color pair - it worked on more backgrounds - found edge cases - darkened the color pair again - at some point the normal red was so dark to look almost ""brownish"" - failure The same problem applies to the blue links, as reported in the WPCampus accessibility report. See #47157. == Some examples **The ""hover"" blue `#00a0d2`:** 3.02 contrast ratio on white background 2.67 contrast ratio on the admin default grey background `#f1f1f1` 2.87 contrast ratio on the tables zebra-stripe grey `#f9f9f9` **The ""hover"" red `#dc3232`:** 4.62 contrast ratio on white background (which is OK) 4:39 contrast ratio on the tables zebra-stripe grey `#f9f9f9` 4.09 contrast ratio on the default grey `#f1f1f1` 4.16 contrast ratio on media views grey `#f3f3f3` 3.98 contrast ratio on customizer grey `#eee` Note: these are just a few examples. There are more background colors to take into consideration and also edge cases, e.g. the yellow background for unapproved comments. == Some screenshots [[Image(http://cldup.com/q5MYm6DKL1.png)]] [[Image(http://cldup.com/rawfy7Eth9.png)]] [[Image(http://cldup.com/IoW1cBF-Pl.png)]] [[Image(http://cldup.com/PGDfF4zXTZ.png)]] [[Image(http://cldup.com/PMx2qmF8zQ.png)]] [[Image(http://cldup.com/Kgp8htI4g5.png)]] [[Image(http://cldup.com/vdAtUeFEyZ.png)]] == Questions and possible options - Does the hover state needs to be communicated with a color change in the first place? - If so, does the hover color needs to be ""lighter""? Using the darker color already used for the ""focus"" state may help. Generally, the color used for the hover state shouldn't be ""lighter"", as that reduces contrast right in the moment when users need it the most. - Are there better ways other than a color change? For example: toggling the link underline, or using a border, or an additional shape, would allow to use just one color and greatly simplify things. == Background colors Background colors are an important part of this problem. I do realise design considerations led to use different background colors in different parts of the WordPress admin. For example, the media views and the customizer made some autonomous design choices for their background colors. There are historical reasons for that. However, this led over time to a great inconsistency across the admin. For the greater good of maintenance, consistency, and simplification, I'd strongly suggest to start by exploring a way to drastically standardise the shades of grey used as background in WordPress. Ideally, there shouldn't be more than 3-4 shades of ""light"" grey used for the background. Some work in this regard was done in #35783 but there's still a lot of work to be done. == Note on accessibility standards for links According to [https://make.wordpress.org/core/handbook/best-practices/coding-standards/accessibility-coding-standards/#links-underline-or-no-underline the WordPress accessibility coding standards]: > When links can be identified as such by the context, for example because they're part of a menu, or a set of links clearly identified as user interface controls, they don't necessarily need to be underlined. In all the other cases, especially for links surrounded by other text (in a line or block of text), links need to be always underlined. " afercia 39 Needs Patch 24766 Title attributes galore. They serve no useful purpose. sabernhardt* Administration normal normal Future Release task (blessed) accepted 2013-07-16T00:29:25Z 2024-02-14T19:05:13Z "This is a full list of methods, including what files they're from, where HTML title attributes are in use. The title attribute provides a tooltip on certain browsers. Other than that, it is essentially useless. As provided in WordPress, the title attribute is both redundant and useless, because in most cases, it is a complete duplicate of the link's text. Therefore the tooltip provided is of no value whatsoever. For users of assistive technologies, the title attribute is useless at best and sometimes an annoyance. Users of text-to-speech software who have configured their software to do so will hear the title attribute twice. Essentially the extensive use of title attributes throughout WordPress Core amounts to unnecessary code bloat. I recommend eliminating the title attributes from all of the methods below: {{{ // user.php wp_authenticate_username_password() // post-template.php wp_page_menu() wp_get_attachment_link() // media.php get_image_tag() // media-template.php wp_print_media_templates() // link-template.php edit_term_link() edit_post_link() edit_comment_link() edit_bookmark_link() get_adjacent_post_rel_link() the_shortlink() // default-widgets.php widget() // comment-template.php comments_popup_link() comment_form() // class-wp-theme.php markup_header() // class-wp-editor.php wp_fullscreen_html(). There is one title attribute here on what I think is a TinyMCE button. If that looks like a button, it should actually be a button. // class-wp-customize-section.php render() // category-template.php get_category_parents() get_the_category_list() wp_generate_tag_cloud() start_el() // bookmark-template.php _walk_bookmarks() // author-template.php get_the_author_link() the_author_posts_link() wp_list_authors() // rss.php wp_rss() get_rss() // general-template.php get_calendar() // class-wp-admin-bar.php _render_item() }}} * Note: Ignored: All Third party classes " karlgroves 61 Needs Patch 60127 Fix the Performance Testing workflow in the 6.4 branch thelovekesh Build/Test Tools trunk normal normal 6.5 task (blessed) assigned 2023-12-21T17:19:15Z 2024-03-13T15:05:28Z "Since [57198] all runs of the Performance Workflow [https://github.com/WordPress/wordpress-develop/actions/workflows/performance.yml?query=branch%3A6.4 on the 6.4 branch] are failing on the ""Run baseline performance tests"" step. This is likely due to that step trying to run performance tests against `BASE_TAG` version that has been set to 6.1.1 since the workflow was introduced, since that WP version did not support PHP 8.3. Some potential options to consider: 1. Update the version used for the baseline tests each major version. 2. Set the PHP version used by performance tests to the current recommended version, rather than the latest version. 3. Run benchmarks using independent environments rather than changing the WP version on the same install between tests." joemcgill 15 Needs Patch 60733 GitHub Actions updates and improvements for 6.6 Build/Test Tools normal normal 6.6 task (blessed) new 2024-03-09T01:05:07Z 2024-03-09T01:07:53Z " This ticket is for various updates and improvements for Core's GitHub Actions workflows. Previously: - 6.5 (#59805) - 6.4 (#58867) - 6.3 (#57865) - 6.2 (#57572) " desrosj 1 Needs Patch 30017 Many automated tests are unnecessarily slow wonderboymusic Build/Test Tools normal normal Future Release task (blessed) assigned 2014-10-17T02:07:19Z 2021-03-24T14:47:08Z "Our test suite is getting bigger (that's good!). But many of our tests are, of necessity, integration and functional tests that require lots of setup: creating factory data, resetting globals, etc. This process can be slow (that's bad!). Poking around in the tests, it looks like some of the worst offenders are those who create lots of database content in the `setUp()` method. Creating more dummy data than is absolutely necessary to test an assertion is - at best - wasteful. At worst, it actually introduces unnecessary variables into what is supposed to be a narrowly defined test. (Fake but illustrative example: if you create 25 posts to test some default value in `WP_Query`, you now have to worry about pagination in addition to whatever value you're testing.) Changing existing tests is a tedious and potentially dangerous task - you don't want to introduce regressions into our regression-preventing tests. But if we can shave 10-20% off of the execution time of our suite (which I think is a pretty conservative estimate), it'd be a huge step toward getting more people to actually run the dang things, as well as things like continuous integration. Opening this ticket for discussion and/or patches." boonebgorges 69 Needs Patch 54029 Rename WordPress native expectDeprecated() and @ExpectedDeprecated to avoid confusion with PHPUnit native expectDeprecation and for future-proofing Build/Test Tools normal normal Awaiting Review task (blessed) new 2021-08-27T19:50:02Z 2022-06-20T18:16:15Z "WordPress' test suite has a native expectation and annotation for expecting a deprecation notice: `expectDeprecated()` and `@ExpectedDeprecated`. [https://phpunit.readthedocs.io/en/8.5/writing-tests-for-phpunit.html#testing-php-errors-warnings-and-notices PHPUnit 8 introduced a new set of deprecation expectations]: `expectDeprecation()`, `expectDeprecationMessage()`, and `expectDeprecationMessageMatches()`. Notice naming conventions between WordPress and PHPUnit. They are very similar. ||= WordPress =||= PHPUnit =|| || `expectDeprecated()` || `expectDeprecation()` || || `@ExpectedDeprecated` || - || == What is the problem? The names are too similar. As such, confusion over which to use can happen. There's a potential of using the wrong one. Future-proof against future PHPUnit changes: Luckily PHPUnit used ""deprecation"" instead of ""deprecated"". However, there's the potential of future changes which may conflict with the native WP ones. == Proposal Rename the expectation to include `WP` and deprecate the currently ones. Why deprecate? To avoid a backwards-compatibility break for any extenders using WordPress' native one. 1. Confusion and potential to use the wrong one: the names are too similar. 2. Future-proof: https://youtu.be/SAtiKaUwLU4?t=12019" hellofromTonya 5 Needs Patch 59844 Run HTTP related automated tests with multiple versions of cURL Build/Test Tools normal normal 6.6 task (blessed) new 2023-11-08T19:01:36Z 2024-02-19T09:03:16Z See: Bugs over the years that have affected only certain versions of cURL. jorbin 4 Needs Patch 53119 Tests: introduce naming conventions for data providers and use named test cases Build/Test Tools normal normal Awaiting Review task (blessed) new 2021-04-30T15:58:51Z 2023-10-24T01:46:08Z "A number of tests use dataproviders - functions which return a multi-level array of test cases, where each sub-array is a set of parameters to pass to the actual test function -. Also see: https://phpunit.readthedocs.io/en/9.5/writing-tests-for-phpunit.html?#data-providers Currently there are: * No naming conventions for data providers - the functions are called whatever the author wanted to call them. * No placement conventions for data providers - sometimes the functions are at the top of a file, sometimes at the bottom, sometimes just before or after the test function using them. I'd like to recommend streamlining this a little more to: 1. Make it more obvious which functions are data providers. 2. Make the data providers easier to find. With that in mind, I'm proposing: 1. That the function name of all data provider functions starts with `data_`, similar to how all test functions are prefixed with `test_`. 2. That data providers when used by only one test are placed directly after that test. 3. That data providers when used by multiple tests which directly follow each other, are placed directly after the last test using the data provider. 4. ~~That data providers used by multiple tests throughout a test file are placed at the bottom of the class.~~ **Updated**: That when a data provider is used by multiple tests throughout a test file, that the tests using the data provider are grouped together and that the data provider is then placed directly after the last of the tests using it, as per 3. Additionally, there is an awesome, but little known feature in PHPUnit which allows to ""name"" each test case in a data provider by adding an index key for each test data set. This will make test failure information more descriptive and will make the test case which is causing the failure easier to find than having the default numeric indexes for test cases. And when coupled with the `--testdox` feature, especially when selectively running a filtered set of tests will make it much more obvious what is being tested. So I'd also like to recommend implementing the use of named test cases when using data providers. To illustrate the difference: Screenshot of a test run with a dataprovider and `--testdox` without using named test cases: https://speakerdeck.com/jrf/my-top-10-phpunit-tips-and-tricks-e6ea54ce-2515-4ea9-aacf-9bf7ab3b3141?slide=26 Screenshot of a test run with a dataprovider and `--testdox` WITH named test cases: https://speakerdeck.com/jrf/my-top-10-phpunit-tips-and-tricks-e6ea54ce-2515-4ea9-aacf-9bf7ab3b3141?slide=28 Code sample of how to implement this: https://speakerdeck.com/jrf/my-top-10-phpunit-tips-and-tricks-e6ea54ce-2515-4ea9-aacf-9bf7ab3b3141?slide=27 Once this ticket has been actioned, I'd like to recommend that the conventions applied will be added to the Core contributors handbook. /cc @hellofromTonya" jrf 16 Needs Patch 53118 Tests: review of correctly setting output expectations Build/Test Tools normal minor Awaiting Review task (blessed) new 2021-04-30T15:32:35Z 2021-04-30T15:32:35Z "While looking at the tests in the context of another ticket, @hellofromTonya and me came across various tests doing things like: {{{#!php assertRegExp( $regex, $contents ); }}} PHPUnit has dedicated functionality build-in to set output expectations which will then automatically test that the output conforms to those expectations. When using those, the above code would become: {{{#!php expectOutputRegex( $regex ); // Do something which generates output... }}} I suspect that in most cases were `ob_*()` functions are being used to ""catch"" output before testing it, this can (and should) be replaced with using the PHPUnit native `expectOutputString()` and `expectOutputRegex()` functions. Note: each test can only have **ONE** output expectation when using the PHPUnit native functionality. Also see: https://phpunit.readthedocs.io/en/9.5/writing-tests-for-phpunit.html#testing-output I'd recommending a complete review of the test suite to verify whether output expectations are tested correctly. To find all instances of this code pattern a search should be done for the use of `ob_*()` functions in the `tests/phpunit` directory." jrf Needs Patch 48703 Update compressed images for a clean precommit:image output SergeyBiryukov Build/Test Tools normal normal Future Release task (blessed) assigned 2019-11-18T16:43:35Z 2023-08-07T18:38:46Z "Previously: * #48206 (5.3) Background: #48203 `grunt-contrib-imagemin` was updated in [46404] and some GIF images were re-minified, however I still get a bunch of changed files after running `grunt imagemin`: {{{ src/wp-admin/images/loading.gif src/wp-admin/images/media-button-image.gif src/wp-admin/images/media-button-video.gif src/wp-admin/images/resize-2x.gif src/wp-admin/images/resize-rtl-2x.gif src/wp-admin/images/resize-rtl.gif src/wp-admin/images/resize.gif src/wp-admin/images/sort-2x.gif src/wp-admin/images/spinner-2x.gif src/wp-admin/images/spinner.gif src/wp-admin/images/wpspin_light-2x.gif src/wp-admin/images/wpspin_light.gif src/wp-includes/images/smilies/icon_cry.gif src/wp-includes/images/smilies/icon_lol.gif src/wp-includes/images/smilies/icon_redface.gif src/wp-includes/images/spinner-2x.gif src/wp-includes/images/spinner.gif src/wp-includes/images/wpspin-2x.gif src/wp-includes/images/wpspin.gif }}} Per a [https://wordpress.slack.com/archives/C18723MQ8/p1574082406038400 quick check in Slack], this is the case for other committers as well, so it seems like the files should be updated." SergeyBiryukov 26 Needs Patch 60701 Bump default theme versions for WordPress 6.6 Bundled Theme normal normal 6.6 task (blessed) new 2024-03-06T05:03:35Z 2024-03-06T05:03:35Z "All bundled themes from 2010 to 2024 will need a version bump for the 6.6 release. Previously: #59816 - 6.5 #58832 - 6.4 #57857 - 6.3 #57689 - 6.2 #56450 - 6.1 #55754 - 6.0 #54783 - 5.9 #53277 - 5.8 #52704 - 5.7 #51919 - 5.6 #50889 - 5.5 #49743 - 5.4" mukesh27 Needs Patch 35214 Custom Comment Types Comments normal normal Future Release task (blessed) assigned 2015-12-24T00:28:11Z 2021-07-13T16:02:18Z "It's time to take another look at Custom Comment Types. We have a nice stable example in post types, but there's a '''lot''' to do here, so we'll use this as a centralized tracking ticket for everything. As such, I'm sure the description here will be fluid for a while as we figure out how much there is to do. Here's a rough list of things that need to be looked at and addressed: * UI/UX - In order for custom comment types to be really useful, we need to put some serious thought into the UI/UX surrounding comments in the admin. * The `comment_type` field needs to start using `'comment'` instead of `''` for comments. This will mean an upgrade routine as well as some back-compat work. * We need to decide what to do about non-default comment types in various admin areas (comments table, recent comments, etc). The thing that makes most sense is for `WP_Comment_Query` to be adjusted to only show default comment types (comments, pingbacks, and trackbacks) by default. Additional comment types would then be handled by whatever plugin or theme adds them. Unfortunately, this is a breaking change (comment:58:ticket:12668) because right now those areas show all comment types. Maybe we can create new management areas to be able to pull these out of the default one? Lets put our heads together. * A lot of existing functions, like `comment_type()`, will need to be fixed to make room for newly registered comment types and their registered strings. Previous tickets for history: #25674 #12668 " aaroncampbell 40 Needs Patch 30181 Add more Underscore.js array methods to wp.customize.Values and re-use _ for Customizer JS methods Customize 3.4 lowest normal Future Release task (blessed) new 2014-10-29T18:53:41Z 2017-03-14T17:02:13Z "Now that the Customizer explicitly uses Underscores.js (#26061), we should re-use Underscore.js as much as possible to eliminate duplicated logic, and to flesh out our Customizer models to have an API consistent with Backbone models. This depends on having QUnit tests (#28579)." westonruter 4 Needs Patch 40278 Customizer: Introduce theme uploading Customize 4.9 normal normal Future Release task (blessed) new 2017-03-27T18:12:04Z 2020-11-22T16:01:06Z "This is an offshoot of #37661. Please note: this ticket only addresses uploading themes to the Customizer. It does not touch on browsing and discovering new themes. Theme switching in the Customizer was introduced in 4.2. Within the Customizer, you can preview any theme you currently have installed on your site. This feature would allow you to upload new themes directly from the Customizer, so you can preview them immediately without having to jump back into your themes admin screen. Additionally, this introduces a new header for the Themes section, which was initially mocked up in #21666. This header will hopefully clarify some of the confusion between going in and out of the Themes section, by adapting the back arrow the other Customizer panels use. See mockups for specific details and interactions." melchoyce 22 Needs Patch 50544 Move Navigation screen's PHP code from Gutenberg to Core Editor normal normal Future Release task (blessed) new 2020-07-03T01:21:18Z 2020-07-03T01:23:27Z "The Gutenberg plugin currently contains an experimental new Navigation screen. If and when this is merged to Core, there are a few bits of PHP code that must be moved from the Gutenberg repository into Core. This ticket tracks those changes. https://github.com/WordPress/gutenberg/issues/22931" noisysocks 1 Needs Patch 53451 Chrome 92 userAgent notice adamsilverstein General normal minor Future Release task (blessed) assigned 2021-06-18T17:12:13Z 2022-05-02T08:32:17Z "Starting Chrome 92, Chrome dev tools will start warning about the usage of navigator.userAgent: https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html Although it is colored blue and not red and hence not an error message, it's better to not see it. Many scripts user navigator.userAgent, especially wp-emoji.js which loads on all sites. A way to continue using it is to see if navigator.userAgentData is true and prevent new Chrome from executing navigator.userAgent. " superpoincare 5 Needs Patch 60699 Docblock improvements for 6.6 General normal normal 6.6 task (blessed) new 2024-03-06T04:57:35Z 2024-03-11T14:06:52Z "Previously: - #59651 (6.5) - #58833 (6.4) - #57840 (6.3) - #56792 (6.2) - #55646 (6.1) - #54729 (6.0) - #53399 (5.9) - #52628 (5.8) - #51800 (5.7) - #50768 (5.6) - #49572 (5.5) - #48303 (5.4) - #47110 (5.3) - #46543 (5.2) - #42505 (5.1) - #41017 (4.9) - #39130 (4.8) - #37770 (4.7) - #32246 (4.6)" SergeyBiryukov 5 Needs Patch 59649 PHP 8.0: improvements to allow for named parameters in 6.6 General normal normal 6.6 task (blessed) new 2023-10-17T12:16:28Z 2024-02-26T10:21:48Z "Previously: * #58976 (6.4) * #57838 (6.3) * #56788 (6.2) * #55650 (6.1) * #55327 (6.0) * #51553 (5.9) Quoted in full below: > PHP 8.0 introduces the ability to pass named parameters to function calls. > Ref: https://wiki.php.net/rfc/named_params > > Code example: > {{{#!php > // Using positional arguments: > array_fill(0, 100, 50); > > // Using named arguments: > array_fill(start_index: 0, num: 100, value: 50); > > // Named arguments do not have to follow the same order as positional arguments: > array_fill(value: 50, num: 100, start_index: 0); > }}} > > **More than anything, this means that, as of PHP 8.0, renaming a parameter in a function declaration is a backward-compatibility break! ** > > This should most definitely get prominent mention in the PHP8 dev-note as a lot of Core/plugin/theme developers will not be aware of this at this time. > > > I'm opening this ticket to address a number of issues this brings up for WordPress Core. > > I've so far identified three tasks which should be executed ASAP to prepare for named parameters in function calls. > > == Task 1: Review Function Signatures of methods in child classes > > Methods in child classes may use different parameter names than those used for the same method by its parent. Similarly, classes implementing an interface do not have to use the same parameter names. > > While this does not change in PHP 8, it could create problems when the method is called using named parameters. > > To quote from [https://wiki.php.net/rfc/named_params#parameter_name_changes_during_inheritance the RFC]: > > > If an inheriting class changes a parameter name, calls using named arguments might fail, thus violating the Liskov substitution principle (LSP). > > > PHP will silently accept parameter name changes during inheritance, which may result in call-time exceptions when methods with renamed parameters are called > > Code sample: > {{{#!php > interface I { > public function test($foo, $bar); > } > > class C implements I { > public function test($a, $b) {} > } > > $obj = new C; > > // Pass params according to I::test() contract > $obj->test(foo: ""foo"", bar: ""bar""); // ERROR! > }}} > > > **Note: For variadic functions this will not cause an error, but will move the unrecognized names to be part of the variadic argument, which can cause all sorts of problems.** > Code sample [https://twitter.com/giveupalready/status/1312139952776306688 courtesy of Chris Riley] illustrating the problem: https://3v4l.org/MhJ79 > > With regards to WordPress, I'd like to propose making the parameter names in child classes/classes implementing an interface consistent to prevent such issues. > > > > > == Task 2: Review Other Function Signatures > > 1. The function signatures of existing functions and methods of all WordPress code should be examined and non-descriptive parameter names should be fixed (renamed) **NOW** as later will no longer be an option without creating a BC-break. > 2. While using reserved keywords as parameter name labels is allowed, in the context of function calls using named parameters, this will easily lead to confusion. I'd like to recommend to rename function parameters which use reserved keywords to remove this confusion. > {{{#!php > function array_foobar($toggle = false, $array = []) {} > > array_foobar(array: $value); > }}} > > > == Task 3: Review all uses of `call_user_func_array()` > > Named parameters cause a BC-break for `call_user_func_array()` when passing an associative array. > In previous PHP versions, the array keys would have been ignored. In PHP 8, string keys will be interpreted as parameter name labels. > > For more detail, see: https://wiki.php.net/rfc/named_params#call_user_func_and_friends > > Basically, we need to make sure that any array passed to `call_user_func_array()` does NOT have string keys. If it does or if the format of the array is unknown (like when it is passed in via a function parameter), we need to add extra safeguards to make the code cross-version compatible. > A typical way to do this would be to use `array_values()` on the array before passing it to `call_user_func_array()`, though beware that ''**will**'' break code written for PHP 8 which actually expects the label to be used. > > > > > > > == Other references: > > * https://twitter.com/CiaranMcNulty/status/1312087225857970182 > > > Related Trac tickets: #50913, #50531" hellofromTonya 1 Needs Patch 56034 PHP 8.2: proposal for handling unknown dynamic properties deprecations hellofromTonya* General normal normal 6.6 task (blessed) accepted 2022-06-22T04:19:45Z 2024-02-26T10:21:38Z "Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0, though this last part is not 100% certain yet. RFC: https://wiki.php.net/rfc/deprecate_dynamic_properties **This ticket is only intended for situations 3 and 4 (see below) where fixing a typo or explicitly declaring the property is not possible.** == The problem === What is a dynamic property ? {{{#!php id = $id; // This is a dynamically created property as the property // is not declared on the class. $this->field_name = $field_name; } } }}} Dynamic properties can both be created from inside a class, like in the above example, as well as from outside the class (see the below example), which makes these issues very tricky to find via static analysis. {{{#!php type = 'something'; }}} === When is something not a dynamic property ? 1. When the property is explicitly declared on the class. 2. When the property is explicitly declared on the (grand)parent class. === When are dynamic properties not problematic ? 1. When the class, or one of its parents, has a magic `__set()` method which assigns the property to a declared property. {{{#!php field_name = $field_name; // Not problematic. } public function __set( $name, $value ) { $this->fields[ $name ] = $value; } } }}} 2. When the class, or its parent, extends the PHP native `stdClass`, which has highly optimized versions of the `__set()` magic method available. == Mitigation The solution needed depends on the specific situation and each instance where a deprecation is thrown needs to be individually evaluated. We can basically categorize dynamic properties into four base situations: || ||= Situation =||= Solution =|| || 1. || Typo in property name || Fix the typo, either in the property as declared or where the property assignment happens || || 2. || Known, named, dynamic property || Declare the property on the (parent) class || || 3. || Known use of unknown dynamic properties || Declare the full set of magic methods on a class (preferred) or let the class extend `stdClass` (discouraged) || || 4. || Unknown use of unknown dynamic properties || Use the `#[AllowDynamicProperties]` attribute on the (parent) class and/or declare the full set of magic methods on a class and/or let the class extend `stdClass` || Note: the `#[AllowDynamicProperties]` attribute is expected to be a temporary solution and it is expected that support for the attribute will be removed at some point in the future. == The larger problem === Intended future roadmap for PHP The deprecation of dynamic properties in PHP is only step 1 in a larger plan to remove support for dynamic properties completely. No impact analysis was done for the RFC, as even PHP Core realized that identifying all uses of dynamic properties via static analysis is neigh impossible. With that in mind, the `#[AllowDynamicProperties]` attribute was introduced to allow for doing an actual impact analysis for the next step of the plan, i.e. removing support for dynamic properties altogether. **Note**: ''when support for dynamic properties would be removed altogether, correctly set up magic `__set()` methods will still continue to work, including those in the `stdClass`.'' At this time it is unclear when the removal of support for dynamic properties will land, but it is ''expected'' to be either in PHP 9.0 or 10.0. Once it lands, the attribute is expected to no longer be respected. === WordPress infrastructure Due to the extendable nature of WordPress and its large plugin and theme infrastructure, the problem facing WordPress is exponential as every single class in WordPress ''may'' be used and/or extended from within plugins and themes and these plugins/themes ''may'' be setting dynamic properties on the WordPress Core classes. Now, while WP Core at least has tests for a small part of its codebase and runs those diligently, which allows for finding (a subset of the) dynamic properties via the deprecation notices, the majority of plugins/themes do not have any tests. As noted previously, finding dynamic properties via static analysis is hard, so these plugin/themes would have to largely rely on error logging/user reporting of the PHP 8.2 deprecation notices to fix things and that is still providing the plugin/theme is actively maintained, while a large number of plugins/themes are not. Also note that the PHP 8.x uptake under WordPress users is low (due to WP Core not being fully compatible) and the number of users logging errors is also low, so user reporting is not a reliable method to allow plugins/themes to get ready for this change. Altogether, this means that end-users run a significant risk of their sites going down once PHP removes support for dynamic properties and the user upgrades to that PHP version, with little advance notice. == Proposal Taking all of the above into account, I would like to propose the following: 1. Introduce two traits into WP Core: `trait DeprecateDynamicProperties` and `trait ForbidDynamicProperties`. * The `DeprecateDynamicProperties` trait would contain a full set of the magic methods (`__isset()`, `__get()`, `__set()`, `__unset()` and will throw a deprecation notice whenever any of those methods are called. Properties will still be set via the magic methods. This trait is intended to be a temporary stop-gap solution and will not fall under the WordPress BC promise. When PHP removes support for dynamic properties, this trait should be removed from WordPress as well. * The `ForbidDynamicProperties` trait would contain a full set of the magic methods (`__isset()`, `__get()`, `__set()`, `__unset()` and will throw a fatal error whenever the `__set()` method is called. Properties will **not** be set via the magic methods, `__isset()` will always return `false`, `__get()` will always result in an undefined property warning. 2. Evaluate every single class in WP Core `src` directory: * If the class - or one of its parents - already has a full set of properly implemented magic methods in place, no action is needed. * If the class - or one of its parents - already extends `stdClass`, no action is needed. * If the class really **''should''** support dynamic properties, the magic methods should be implemented on the class itself (or its parent). * For every single class which does not fall into the above categories, the `DeprecateDynamicProperties` trait should be added, as well as the `#[AllowDynamicProperties]` attribute (to allow the class to be recognized for the PHP Core scan for the next RFC). 3. Every new class introduced to WP Core ''after'' the initial change from step 2, would be **required** to either have a full set of the magic methods or to add the `ForbidDynamicProperties` trait. New classes should not be allowed to have the attribute. If the above proposal is accepted, it would effectively ''backport'' the PHP 8.2 deprecation all the way back to PHP 5.6, making it far more likely that users discover any dynamic property related issues in their site. This will give end-users plenty of time to either contact the plugin/theme owner to mitigate the issue and/or to switch to other plugins/themes if the plugin/theme is no longer actively maintained. It will also give plugin and theme authors plenty of time to notify WP Core of Core classes which use the `DeprecateDynamicProperties` trait, but should, in all reality, fully support dynamic properties. For those cases, after evaluating the merit of the specific use-case and finding it valid, the full set of magic methods could then be added to the WP Core class and the use of the trait and the attribute removed. Altogether, this should greatly diminish the dramatic impact of PHP removing support for dynamic properties altogether in a future release. === Practical I'm perfectly happy to prepare the patch for this together with some people. However, as the proposed patch comes down to a huge amount of work, I want to see some second opinions supporting this proposal first before starting the work on this. ---- Related: #56009 Trac ticket #56033 is open for addressing dynamic properties in category 1 and 2." jrf 62 Needs Patch 59654 PHP 8.x: various compatibility fixes for WordPress 6.6 General normal normal 6.6 task (blessed) new 2023-10-17T12:33:14Z 2024-02-26T10:20:59Z "Previously: * #57837 (6.3) * #56790 (6.2) * #55656 (6.1) * #54730 (6.0) * #53635 (5.9) * #50913 (5.6) This ticket will be used as an ""epic"", allowing a variety of small patches each fixing a specific failure to be added to and committed against this ticket. For patches addressing all instances of failures related to one specific PHP version (such as PHP 8.0, 8.1, or 8.2) change across the codebase, separate tickets should still be opened. For an example of issues/patches with separate tickets, see: * #53299 PHP 8.1: Update `is_serialized` function to accept Enums * #53465 PHP 8.1.: the default value of the flags parameter for `htmlentities()` et all needs to be explicitly set When opening a separate ticket, please tag it with the appropriate PHP version keyword so that these tickets can be easily found: * PHP 8.3: keyword is `php83` with its report https://core.trac.wordpress.org/query?keywords=~php83 * PHP 8.2: keyword is `php82` with its report https://core.trac.wordpress.org/query?keywords=~php82 * PHP 8.1: keyword is `php81` with its report https://core.trac.wordpress.org/query?keywords=~php81 * PHP 8.0: keyword is `php8` with its report https://core.trac.wordpress.org/query?keywords=~php8" hellofromTonya 1 Needs Patch 59653 PHPStan: Fix function argument type issues for WP 6.6 General normal normal 6.6 task (blessed) new 2023-10-17T12:31:23Z 2024-02-26T10:20:45Z "Previously: * #58852 (6.4) * #57782 (6.3) * #51423 (<= 6.2) Continuation of the the work to fix function argument type issues as reported by PHPStan. These issues are argument types passed to a WP Core and PHP's built-in functions. The last report was created 3 years ago https://gist.github.com/xknown/77f8cbe233da75080d1e9258a8c94f95. A new report should be generated as a starting point what issues remain to be fixed in 6.3. Goals are to: * retain the current behavior (i.e. to avoid breaking changes). * retain the triggering of notice/warning/error, which are clues and indicators (i.e. rather than silently letting the problem propagate downstream). * gain PHP 8 compatibility. * ensure code coverage to validate changes. This ticket is part of the effort to achieve PHP 8+ compatibility." hellofromTonya 4 Needs Patch 59652 Replace trigger_error() with wp_trigger_error() for 6.6 General normal normal 6.6 task (blessed) new 2023-10-17T12:28:49Z 2024-02-26T10:20:21Z "This ticket tracks an initiative to replace each instance of `trigger_error()` with `wp_trigger_error()`. The initiative seeks to avoid generating E_USER family errors unless `WP_DEBUG` is on. In doing so, users should not see these messages in normal production. Previous releases: * #59455 (6.4) References: * #57686 introduced `wp_trigger_error()` via [56530], [56707]" hellofromTonya 1 Needs Patch 24791 Map audio/video shortcode IDs on import Import normal normal task (blessed) new 2013-07-17T21:39:47Z 2019-06-04T20:05:43Z See #24458. nacin Needs Patch 33186 Stop sending password via e-mail when creating a new site in Multisite Networks and Sites normal normal task (blessed) reopened 2015-07-29T18:32:29Z 2019-06-04T20:50:55Z "We should continue on this ""don't e-mail passwords work"" and stop e-mailing passwords when new sites are created. see #33175 and #32428" markjaquith 3 Needs Patch 39544 REST API: Improve users endpoint in multisite REST API normal normal Future Release task (blessed) new 2017-01-11T11:22:13Z 2021-08-17T17:53:20Z "As per the discussion that happened during the past two weeks' multisite office-hours, the REST API users endpoint needs to be improved to support multisite behavior. This ticket is supposed to act as a general task for discussion, and then for the actual implementation smaller spin-off tickets should be opened. Currently, the four steps (possibly four tickets) we're thinking about are: * The users overview at `wp-json/wp/v2/users` should continue to only show users of that site by default, but a request like `wp-json/wp/v2/users?global=true` should show all users in the WordPress setup. This parameter must only be available to network administrators though, more specifically users with the `manage_network_users` capability. In the future a `network` parameter might also be introduced for support of multi networks, but at this point core does not support querying users per network. Accessing global users should be available from all sites in a setup instead of only from the main site. While this approach makes these endpoints duplicates of each other, it has several benefits like preventing the requirement for cross-domain requests, allowing easier API discovery and not requiring the main site of a setup to be exposed to REST API calls to a sub site. * Assigning an existing user to a site and removing a user from a site should generally be only available to network administrators, and the site administrators of the site that is being interacted with. * Similarly, editing a user that does not belong to the current site should only be possible for a network administrator. Currently this is available to site administrators as well which is probably wrong. * Deleting any user completely should only be available to a network administrator. A good way to handle the `reassign` parameter needs to be found though. For background information, please read the posts at https://make.wordpress.org/core/2017/01/09/improving-the-rest-api-users-endpoint-in-multisite/ and https://make.wordpress.org/core/2017/01/11/controlling-access-to-rest-api-user-functionality-for-multisite/ (the latter contains the above list as well)" flixos90 26 Needs Patch 39851 WP_REST_Posts_Controller::get_items() has too many concerns REST API 4.7 normal normal Future Release task (blessed) new 2017-02-11T23:20:39Z 2019-01-17T18:58:52Z "I've written a bunch of custom endpoints that return collections of posts of one or more post types. I'd like my responses to be the same formatting, body and header as the default post routes provide. This allows for a client designed to consume default routes to be more easily modified to use custom routes. Achieving this with a subclass of WP_REST_Posts_Controller still requires some cut and paste for collections of posts, since the get_items() method has way too many concerns. I'd like to break out the preparing of response body, as well as response header into separate methods, so that they can be used with different types of requests or ways to create arrays of WP_Post objects, while still providing a consistent response. " Shelob9 3 Needs Patch 37616 Replace `is_super_admin()` calls with real capability checks Role/Capability normal normal Future Release task (blessed) reviewing 2016-08-09T18:18:57Z 2017-05-08T17:18:40Z "As discussed in Multisite office hours (https://wordpress.slack.com/archives/core-multisite/p1470762377000454), there are plans to improve capability handling in WordPress, to also support network-wide (and possibly global) capabilities. The current `is_super_admin()` check system is no actual role- and capability-based system which makes it impractical to refine roles and capabilities on this level. While a super admin should have access to all capabilities, we should get rid of all `is_super_admin()` checks that happen outside of `WP_User` and the `map_meta_cap()` function and replace those calls with dedicated capabilities. There might be a few other occurrences where `is_super_admin()` is actually the right choice, but generally it shouldn't be used in other locations anymore. This will open up new possibilities to think about how we can implement a true role- and capability-based system beyond the scope of a site. The hardest part of this ticket will probably be finding names for the new capabilities. The good thing is that we most likely won't need to touch any roles or adjust `map_meta_cap()` since the new capabilities should only be granted to the super admin for now anyway. We should probably create a list of occurrences and think about names for the capabilities (or whether we can use existing capabilities) first." flixos90 66 Needs Patch 50437 Add leniency to the overdue check for plugin and theme auto updates Security 5.5 normal normal Future Release task (blessed) new 2020-06-20T09:10:29Z 2020-07-14T20:48:36Z "The `Automatic Updates` column on the Plugins listing screen shows a message if a pending update for a plugin is overdue. There should be some time leniency before the message gets shown, to avoid a false positive if the cron event simply hasn't fired yet. For example, I loaded my Plugins screen and was shown a message saying that an update was overdue by 1 second. Let's add leniency to this message so it doesn't show up within, for example, one minute of the scheduled update time. I'm not sure if this same message is shown for themes, I've not tested it yet." johnbillion 7 Needs Patch 50787 Consolidate the logic for displaying WP & PHP compatibility messages for themes SergeyBiryukov* Site Health normal normal Future Release task (blessed) accepted 2020-07-27T15:29:23Z 2021-02-22T15:04:43Z "Background: #48491 As part of the changes on [48636-48638,48640], these messages are duplicated in at least seven different places: * ""This theme doesn’t work with your versions of WordPress and PHP. Please update WordPress, and then learn more about updating PHP."" * ""This theme doesn’t work with your version of WordPress. Please update WordPress."" * ""This theme doesn’t work with your version of PHP. Learn more about updating PHP."" See comment:36:ticket:48491 for the list of relevant areas. It would be nice to consolidate the logic in one place." SergeyBiryukov 21 Needs Patch 38227 Term Status API Taxonomy normal normal Future Release task (blessed) new 2016-10-04T15:52:34Z 2021-04-10T18:04:51Z See #37914, #37915, and make/core post (coming in a moment). boonebgorges 3 Needs Patch 45344 Add Two New Theme Tags on Theme Directory Themes normal normal Future Release task (blessed) reopened 2018-11-14T09:15:49Z 2024-02-02T04:07:07Z "As per the [https://wordpress.slack.com/archives/C02RP4Y3K/p1542132120930800 discussion] of theme review team, we want to add two tags `align-wide` and `block-styles`. * `align-wide` - Support for Wide Align * `block-styles` - Has styles for the block editor Also, we need this tags on the theme filter. " kafleg 5 Needs Patch 31596 Make it easier to update TinyMCE TinyMCE low normal Future Release task (blessed) new 2015-03-11T14:07:00Z 2019-09-22T17:29:20Z "* Load from src like the other tests * Automatically add the plugins without overwriting files. * Don't run tests where no plugins are loaded. We're running these test just to test our plugins. * Remove everything we don't use. " iseulde 9 Needs Patch 43395 Add Automated E2E Tests for Core Updates Upgrade/Install normal normal WordPress.org task (blessed) new 2018-02-23T20:10:48Z 2020-03-04T11:21:34Z "This is a follow up to the issues introduced in #43103 and described in https://make.wordpress.org/core/2018/02/06/wordpress-4-9-4-release-the-technical-details/ Essentially, due to the way automated updates work, we need automated tests that can confirm they are working. Due to the code loading path differences between phpunit, wp-cli, wp-cron, and the WordPress UI, it's important that this test work as close as possible to the way the majority of sites are autoupdated. " jorbin 15 Needs Patch 31531 Shiny Updates: Updates on update-core.php Upgrade/Install normal normal Future Release task (blessed) assigned 2015-03-05T04:10:58Z 2021-08-11T15:49:10Z "Branched from #29820. There are several improvements that can be made to `update-core.php`. Adding inline update support to each of the sections on the page would be a great start, allowing everything to be updated without leaving the page. Once this is in place, some sort of ""Update Everything"" button would potentially be a nice addition - it would also lay the groundwork for hiding a lot of the UI. If everything can be updated from one button, do we really need to show update buttons for every plugin and theme? Finally, (this has been mentioned a few times since the original shiny updates work was done), this page is the ideal place for allowing admins to opt-in to auto updates for major WordPress releases, plugins, and themes." pento 3 Needs Dev / Bug Wrangler Feedback 52762 About page widget to Dashboard Administration normal normal Awaiting Review feature request new dev-feedback 2021-03-10T13:49:05Z 2023-05-31T20:53:57Z "The obstacle in making people well informed is that most users are not paying attention to the About page, especially if an update was automatically made or someone else is making it for them. Or even if they saw this page, imagine: If I have just updated my site to the latest version, my first priority - to go and check if everything is working and all this useful information including the message about contribution will never catch my attention again, if everything is fine I will go to do what I was about to do before this urge to update. The desired solution - to make the Dashboard page each time a bit different and interesting, alternative and more simple solution — a widget to Dashboard with a very small piece about a new version with a call to action to read more." oglekler 3 Needs Dev / Bug Wrangler Feedback 60789 Administration Email Address: Allow method to deactivate Administration normal normal Awaiting Review feature request new close 2024-03-16T01:23:43Z 2024-03-18T21:12:43Z "As a manager of many client sites, my email address is used on a lot of sites in the ""Administration Email Address"" in Settings > General. Over time, clients move to other vendors, and sometimes this happens without the opportunity to change the Administration Email Address before it is moved. In many cases, this email address remains unchanged for years, and I continue to receive software update, user account, and other emails for accounts I have no contact with, and no way to access to change the setting. This has been mentioned by other WordPress developers as well, and I believe it is a widespread problem, although one easy to dismiss on a day-to-day basis. I did a search through Trac tickets and didn't see anything like it, so I am posting this ticket in hopes that a solution can be reached. Ideally, I'd like to see a solution that includes a time-sensitive link (similar to new account registrations) that would allow the owner of the admin to click through to the link, and agree to have the email address removed as the ""Administration Email Address""." andrewhoyer 15 Needs Dev / Bug Wrangler Feedback 50158 Hide columns in the list of posts for user levels Administration 5.4.1 normal normal Awaiting Review feature request assigned dev-feedback 2020-05-13T21:11:14Z 2020-05-14T15:47:40Z "On the page all posts, columns of information are shown (Titles, Author, Categories, Tags, ...). And there may be some columns that we don't want to show to all user levels, for example on my website I have installed the “Search Exclude” plugin and they insert a column in the list of posts to inform whether each post is hidden or visible, https://prnt.sc/sab4vw But, this column is not required to be shown to users who are not Administrators or even Editor levels. So, I would like to hide this column for Author, Contributor, Subscriber and ect levels. But the plugin does not offer this option, and with that I have no option to hide. The WP has the “Screen options” feature where each user can hide certain columns. However, this feature applies individually to each user, that is, each user hides the column only for him. And what I wanted, as a site administrator, is to have the control to hide columns for all levels of users and to control which levels of users I want. In fact, I, as an administrator, could even have the control to hide columns for certain users (I select the column I want to hide and then select the users to whom that column should be hidden). WP does not offer this feature. So I would like to leave this suggestion to the development staff. Thank you! Rodrigo Carlos" vejapixel 2 Needs Dev / Bug Wrangler Feedback 49509 Proposal: support Server-Timing in core Bootstrap/Load normal normal Awaiting Review feature request new dev-feedback 2020-02-25T08:00:03Z 2021-01-12T10:15:52Z [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server-Timing Server-Timing] is a new HTTP header to measure server performance. Would be a very useful tool in maintenance mode. Oreolek 3 Needs Dev / Bug Wrangler Feedback 60407 WP Starter Page is a source for HACKERS Build/Test Tools 6.4.3 normal critical Awaiting Review feature request new dev-feedback 2024-01-31T21:40:44Z 2024-01-31T21:40:44Z "I am convinced that the WP starter page, with the BOLG option is the source for all and any hacker to hack a site. Prove me wrong: Example, I have had my website online for 20 years, I have used several different website dev. Apps. I have never been hacked. After setting up WP on my sites; 3 to be exact, I soon started to get spam emails from the comment section of the blog. I am not a website programmer, btw, I had no idea where these comments. were being submit, I looked at the pages on my dashboard and there was nothing there. I kept looking, granted not a lot because it didn't concern me. But the SPAM was annoying and often inappropriate. Eventually when my site(s) were hacked and shut down, I found the hidden blog page, and deleted it. Because my sites were shut down this was a challenge. I still continued to get SPAM even after shutting down the blog comment page. My other 2 sites were still getting comments. It took a bit of sleuthing to find this hidden blog page on each site, You cant edit it either, WP has embedded the comment section. Eventually I deleted them all, but I still had 3 hacked sites. recently I deleted one of the site and reinstalled WP. And guess what, even though I though I deleted the WP Blog page, I started to immediately get SPAM and the site was hacked. OK point being SHUT DOWN THE AUTOMATICALLY AND HIDDEN BLOG PAGE, SHUT DOWN THE COMMENTS UNLESS YOUR POINT IS FOR US TO GET HACKED!!! I AM CONVINCED THIS IS A SERIOUS PROBLEM THAT YOU HAVE TO FIX. Your welcome to drop me an email, that hopefully isnt spam, to let me know you are fixing this gateway for hackers. Thanks Jimmy" dpmatlosz Needs Dev / Bug Wrangler Feedback 51858 Twenty Sixteen: Add Telegram and Whatsapp support to Social Media Menu Bundled Theme normal normal Awaiting Review feature request new dev-feedback 2020-11-24T02:29:03Z 2021-10-25T17:50:26Z "This is a follow-up to #43999. Please, add Telegram and Whatsapp support to Social Media Menu on Twenty Sixteen bundled theme. Support for these icons were added to Twenty Seventeen and Twenty Twenty. Can it be added to Twenty Sixteen as well? Thanks!" Valery Kondakoff 3 Needs Dev / Bug Wrangler Feedback 54173 Twenty Twenty-One: Social icons Bundled Theme normal normal Awaiting Review feature request new dev-feedback 2021-09-23T19:34:24Z 2021-10-05T16:44:29Z "twentytwentyone/classes/class-twenty-twenty-one-svg-icons.php in that beautiful theme mail is take into account and and mailto: links are shown with an envelope icon shouldn't be the same with a tel: link ? (a phone icon) IMHO yes" marco.milone 5 Needs Dev / Bug Wrangler Feedback 48800 Twenty Twenty: Conditional loading of language/locale specific css and php files Bundled Theme 5.3 normal normal Awaiting Review feature request new dev-feedback 2019-11-26T20:52:30Z 2019-11-26T22:01:42Z "First reported on GitHub by @nukaga https://github.com/WordPress/twentytwenty/issues/970 In the current site design, the title is too large in Japanese and Chinese. The center alignment is also extraordinary. https://github.com/WordPress/twentytwenty/issues/118#issuecomment-541292567 https://github.com/WordPress/twentytwenty/issues/118#issuecomment-538964579 Solution Is it possible to separate the title and body CSS in several languages?" ianbelanger 1 Needs Dev / Bug Wrangler Feedback 48779 Twenty Twenty: Copyright and WordPress as text widget Bundled Theme 5.3 normal normal Awaiting Review feature request new dev-feedback 2019-11-24T11:46:32Z 2022-07-08T16:08:09Z "I would request to have all content elements easily editable. The only elements I couldn't change from the wp-admin interface were the footer copyright and wordpress text. I would like to change the Copyright to make it linkable and add creative commons to it. Now I had to do it a technical way by child theming, but not everyone is that technical. Custom HTML (copyright) & Text widgets (wordpress link) with a third footer or so could be a solution? Only disadvantage is that WordPress doesn't support PHP by default for security reasons so you can't add the actual site name by code. But a lot of sites doesn't use their company name as site name so it can also be some lorum ipsum text. e.g. © My Company " jurjendevries 4 Needs Dev / Bug Wrangler Feedback 53807 Add function or filter to send all customizer setting default values to the database upon theme installation Customize normal normal Future Release feature request new dev-feedback 2021-07-27T23:41:15Z 2021-08-02T13:18:23Z "I am learning theme development and developing my first WordPress theme from scratch. My new theme contains ''many'' customizer settings, most of which include default values. I discovered recently that upon theme installation, these customizer default values only appear in the customizer view, but are not entered into the database and are not shown on the front end. To insert the customizer default values into the database so that they display on the front end upon theme installation, I believe (?) each theme mod must be manually entered into the database by using set_theme_mod(). This requires duplication of every default value twice within the theme code, and the addition of many lines of code for themes that create many new customizer settings. I recommend creating a function or filter that theme developers can activate within functions.php to send all default customizer values to the database upon theme installation. This will avoid having to duplicate default values in both add_setting() and set_theme_mod() and reduce lines of code in themes." curtiskessler 8 Needs Dev / Bug Wrangler Feedback 40451 Customizer: Introduce plugin management Customize 4.7.3 normal normal Future Release feature request new dev-feedback 2017-04-14T18:23:53Z 2019-01-15T21:13:52Z "There is currently not a way to discover or upload plugins in the customizer, the only way is in WP Admin. https://codex.wordpress.org/Managing_Plugins#Automatic_Plugin_Installation https://codex.wordpress.org/Managing_Plugins#Manual_Plugin_Installation Themes already have #37661 and #40278." lukecavanagh 10 Needs Dev / Bug Wrangler Feedback 59639 Dedicated tables for media libary Database normal major Awaiting Review feature request new changes-requested 2023-10-16T20:29:09Z 2023-10-16T20:29:09Z "I suggest to use a dedicated media library table in the database like (wp_media, wp_media_meta) to improve performaces for sites that have many media with many posts. This would lead to an overall improvement in the site's performance." sh1zen Needs Dev / Bug Wrangler Feedback 54070 "Increase CPT ""machine name"" limit from its current maximum of 20 characters." Database 2.1 normal normal Awaiting Review feature request new dev-feedback 2021-09-03T13:30:04Z 2022-10-04T18:08:03Z "In order to accommodate proper namespacing for Custom Post Types (as well as, potentially, transliteration from non-Latin alphabets), 20 characters is often not enough. Custom Taxonomies currently have a machine name limit of 32 characters. It would be nice to see CPTs have at least that many, although 64 characters would be even better." taupecat 15 Needs Dev / Bug Wrangler Feedback 10660 Time zone suggester based on nascent WordPress.org API call rmccue Date/Time 2.8.4 normal normal Future Release feature request assigned dev-feedback 2009-08-20T05:59:42Z 2019-09-02T06:45:02Z "The attached patch uses a new API call to http://api.wordpress.org/core/ip-to-zoneinfo/1.0/ to retrieve a suggested time zone based on client (not server) IP address. A button is added next to the existing dropdown list of time zones providing the option to ""Suggest a time zone"". This calls the API using an AJAX/JSONP request which then auto-selects a time zone for the user from the dropdown. Visual feedback is via a spinner when fetching and then a text response. Additionally the Date and Time settings have been split out to a new settings page. Related ticket: #10324" sambauers 20 Needs Dev / Bug Wrangler Feedback 54288 Argument for allowed blocks when registering a post type Editor normal normal Future Release feature request new dev-feedback 2021-10-19T08:54:12Z 2021-10-19T23:15:41Z "Add argument for allowed blocks when registering a post type: {{{ function wporg_custom_post_type() { register_post_type('wporg_product', array( 'labels' => array( 'name' => __('Products', 'textdomain'), 'singular_name' => __('Product', 'textdomain'), ), 'public' => true, 'has_archive' => true, 'allowed_blocks' => array( 'core/image', 'core/paragraph', 'core/heading', 'core/list', 'core/embed', 'core/missing', 'core/button', 'core/buttons', ), ) ); } add_action('init', 'wporg_custom_post_type'); }}} " smeedijzeronline 1 Needs Dev / Bug Wrangler Feedback 50823 Miss button add new post on page edit post (editor guttenberg) audrasjb* Editor 5.4.2 normal major Future Release feature request accepted dev-feedback 2020-07-31T03:04:15Z 2022-10-20T05:40:29Z "Hey guys, In the classic Editor when you were adding a post, you already had the button to add another one on the same screen and it speeds up the process a lot, please bring it back! (in red: add new)[[Image(https://prnt.sc/tpkyp8)]]" welitonmartins 10 Needs Dev / Bug Wrangler Feedback 34414 Add extra item fields to exported WXR file Export 4.4 normal normal Future Release feature request new close 2015-10-23T12:01:43Z 2022-07-15T16:24:54Z "Hello I am one of WPML developers. WPML is plugin which allows user to make multilingual sites, set language information to posts etc. Straight to the point: we want to make it available to add to exported posts/pages an information about their language. Language information is stored in our own tables, so we cannot use existing WXR elements like those for taxonomies or custom fields. It would be perfect if before closing tag would be executed hookable action which will echo those additional elements, coming from plugins such our. I am attaching proposed patch. Example of usage: {{{ add_action('wxr_export_item_extra_fields', 'here_wxr_export_item_extra_fields'); function here_wxr_export_item_extra_fields($post) { echo """"; } }}} " kkarpieszuk 6 Needs Dev / Bug Wrangler Feedback 56118 Exception to escapement: Exported or imported data Export normal major Awaiting Review feature request new needs-docs 2022-07-01T02:21:19Z 2022-07-01T02:21:19Z "JSON data echoed for download as in https://plugins.trac.wordpress.org/browser/anrghg/tags/1.3.1/admin/includes/export.php?rev=2749921#L327 cannot be escaped using `wp_kses()`. I’m opening this ticket for documentation purposes. `wp_kses()` calls `wp_kses_split()`, that calls `_wp_kses_split_callback()`, that calls `wp_kses_split2()` (https://docs.classicpress.net/reference/functions/_wp_kses_split_callback/). And the first thing `wp_kses_split2()` does is to “fix” the data by calling `wp_kses_stripslashes()`, that strips backslashes from in front of double quotes (https://docs.classicpress.net/reference/functions/wp_kses_split2/ and https://developer.wordpress.org/reference/functions/wp_kses_stripslashes/) and thus breaks JSON. Anyway, cxported data is expected to truly mirror the existing data, so there seems to be no way to escape anything here when echoing for download. The same holds true when importing data as in https://plugins.trac.wordpress.org/browser/anrghg/tags/1.3.1/admin/includes/import.php?rev=2749921#L362 For PHPCS, such instances need to be whitelisted and I’m held accountable for linking to relevant documentation acknowledging the exceptions." anrghg Needs Dev / Bug Wrangler Feedback 60689 Concerning use of external libraries External Libraries normal normal Awaiting Review feature request new dev-feedback 2024-03-05T08:20:16Z 2024-03-05T10:17:53Z "As you get more advanced in using wordpress the need arises to use external libraries like bootstrap,font library,icon libraries,tailwind etc,off course this can be added using insert code plugins.the biggest disadvantage of this is that 1.you cannot maintain libraries version 2.You cannot delete the libraries. This problem can be solved through a feature request to create an interface to manage external libraries.In this feature: 1.User adds external libraries through a url 2.user can edit the libraries url 3.user can delete the libraries,libraries ceases to exist in the wordpress environment 4.Ability of the interface to distinguish/or give user opportunity to distinguish between and Thus it does not currently seem possible to serve the video from a CDN. https://cdn.stratuscloud.co.za/wp-content/uploads/2017/06/Flying.mp4 vs https://www.stratuscloud.co.za/wp-content/uploads/2017/06/Flying.mp4 Is it possible to override this value on database or file level or would this require an additional feature to be added to the Theme?" fbotha 1 Needs Patch 57732 Add a filter for comment template block Comments 6.1.1 normal normal Awaiting Review feature request new 2023-02-16T10:01:03Z 2023-02-16T10:01:03Z "It would be good to be able to filter the block content when rendering comments in the comment template block. This would enable developers to inject content in / before / after specific comments. Ideally something like this on line 68 of /wp-includes/blocks/comment-template.php ... {{{#!php update_option(""myopt"", ""myvalue"", $autoload, ""wooslider"") which the 4th arg is the name of my example plugin and its REQUIRED type ALSO the name of the plg/theme can be auto inserted from an PHP constant -> (define('WOODMART_CORE', __FILE__); ) NOTE: By using this new system, whenever a person wants to manually optimize the database, she/he can easily find out which information is not needed and quickly query and delete them, Also, the plugins that perform database cleaning are much easier and more efficient, fully automatically find out which plugins no longer exist and which information is related to them and can be deleted without any trouble! See the pic plz... https://mdezign.ir/wp-content/uploads/2023/07/aasdsadasdasd.jpg Consider this as a Great New development in order to optimize and speed up all WordPress sites! Thanks a lot. " mdesignfa Needs Patch 59281 Support for Database Cursor Database normal normal Awaiting Review feature request new 2023-09-04T19:34:08Z 2023-09-27T13:47:35Z Is it possible to do a cursor query using the `$wpdb` instance or could it be added, which will return a generator (yield)? heera 1 Needs Patch 51762 Unix authentication support via unix_socket Database normal normal Awaiting Review feature request new 2020-11-12T12:15:50Z 2020-11-12T12:15:50Z "Hi, It seems WordPress supports unix_socket for the database, but not unix authentication - it would greatly increase the security of deployments (one less password is always better) and accelerate deploying speed, as you can just use the unix user for authentication. More info here: https://mariadb.com/kb/en/authentication-from-mariadb-104/ Cheers!" biztems Needs Patch 18146 Add user-level & front end timezone display flexibility according to a fixed time [GMT:0] Date/Time normal normal Future Release feature request assigned 2011-07-17T06:25:21Z 2023-05-30T04:01:59Z "Timezone can currently only be set on the blog level. This makes sure that the blog displays times in the timezone chosen by the blog's owner. It would also make sense to add a timezone setting for registered users, so we can show times in their own timezone, or use that setting as a default for new blogs or other features in a multi-site setting." RanYanivHartstein 57 Needs Patch 49396 Inconsistent Time format Date/Time 5.3.2 normal normal Awaiting Review feature request new 2020-02-10T19:55:39Z 2020-05-29T05:51:59Z "Why is the time format in settings:general given as 12:51 pm (with other options) yet the time for scheduling a post is in military time (e.g. 13:51). And, there's no option for military time in the Time Format in general settings. It would be really great if this were consistent. It's really easy to intend to schedule a post for 4:31 pm, but it posts immediately, because wordpress is set to treat this as 04:31 (i.e. 4:31 am). " daveslc Needs Patch 58774 Sorting Posts after Published Date OR Last Update should be a standard function Date/Time 6.2.2 normal normal Awaiting Review feature request new 2023-07-10T20:19:01Z 2023-07-10T20:19:01Z "I am quite surprised that it is not a standard WP function to let the users of my website choose whether to sort Posts after Published Date OR Last Update Date! I have not even been able to find a plugin that adds this function. " hero2 Needs Patch 57849 About supporting markdown officially Editor 6.2 normal normal Awaiting Review feature request new 2023-03-02T12:53:08Z 2023-03-02T12:53:08Z Hello, as we know, markdown is now widely use in blogs, notes app(for example: evernote), or github issue and so on. Has wordpress ever consider supporting both markdown editing and block editing, is true that there are some markdown plugins, but its not good, I hope wordpress can support markdown editing officially. Thank you! xiebruce Needs Patch 59396 Allow the user to add a poster to YouTube videos Editor 6.4 normal normal Awaiting Review feature request new 2023-09-19T16:07:10Z 2023-09-19T16:07:10Z "YouTube embedded videos get YouTube's branding before they get fired, which is not really clean. Instead, I'd like being able to set a poster." schwipps Needs Patch 50214 "Consider introducing the concept of ""Editors""" Editor normal normal Awaiting Review feature request new 2020-05-20T15:55:55Z 2020-11-23T09:26:09Z "The recent release of the Iceberg Editor plugin [https://github.com/useIceberg/iceberg-editor] (built on Gutenberg) has got me thinking about the concept of ""Editors"" and Publishing flows. The REST API opens up a huge world of possibilities in regards to editing/publishing experiences. WordPress core itself currently has 2 ""Editors"" (until at least 2022, perhaps longer): - The Block Editor (Gutenberg) - The Classic Editor (5+ million installs) There are many other plugins which introduce other Publishing experiences: - Iceberg (https://github.com/useIceberg/iceberg-editor) - Elementor (5+ million installs) - Divi - Beaver Builder - etc If WordPress embraced these Publishing flows with a proper Editor/Publisher Registry, it would allow all of these amazing Publishing experiences to be used together, with the user being empowered to pick the right tool for the right job. This would even open up possibilities for plugins like WooCommerce, where a ""Product Editor"" could be created for ""Products"", allowing a completely streamlined experience for publishing products. Every type of content (and especially for post_types) could benefit from a streamlined publishing experience. For example, for publishing videos, a Video Editor (plugin) could emulate YouTube's step-by-step publishing experience. If WordPress core created a proper registry for Editors/Publishers, it could empower both developers and users to build streamlined and focused publishing experiences right into the WordPress dashboard in a way that a single Editor never could. This seems like a natural next-step in the WordPress journey, especially watching the explosion of creativity and user-response (millions upon millions of installs) happening around publishing experiences and flows for WordPress. A flow for creating a new post might look like this: 1. Click on ""Create new post"" 2. If multiple Editors are installed+registered for this post_type, show an Editor Picker. If only a single Editor exists for this post_type, immediately show it. 3. You now experience the publishing experience provided by that Editor, and publish. 4. Future edits to that post will automatically use the Editor initially chosen. 5. When viewing your existing posts in the posts UI table, a column for ""Editor"" is shown to indicate ""Gutenberg"", ""Elementor"", etc. I think ideally this registry is something that would exist in WordPress core, giving developers an official API to work with, and a consistent flow for users to pick their editor of choice. " johnstonphilip 4 Needs Patch 50615 Editor: Create standalone JSON schema for block type definition Editor normal normal Awaiting Review feature request new 2020-07-08T16:34:50Z 2022-04-30T04:59:05Z "There is an existing schema for block type definition embedded in the new REST API endpoint: https://github.com/WordPress/wordpress-develop/blob/c3993eb19dee52dfd6ca9f9ef7cec785538e361d/src/wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php#L363-L569 There is also another schema being developed for Block Directory that will take part in `block.json` file validation: https://github.com/tellyworth/plugin-directory/blob/25388b9c12193194a16db5264ed84f2f3965552e/block-json/class-validator.php#L36-L182 It would be great to consolidate efforts and make such schema publicly accessible as it would benefit other projects in the WordPress ecosystem like WP-CLI. There is a related discussion related to translatable strings extraction, see https://github.com/wp-cli/i18n-command/pull/210#issuecomment-634107470 > This kind of schema would need to live somewhere outside of WordPress context, where WP-CLI and other tools can easily assess which fields in `block.json` are translatable and which aren't. All that would make it also possible to easily extend the schema in one place and related tools consuming it could automatically adjust their behavior based on the changes applied." gziolo 9 Needs Patch 53864 Feature Request - Add sizing options for Video Block Editor normal normal Awaiting Review feature request new 2021-08-03T04:20:30Z 2021-08-03T04:20:30Z It would be great to have a sizing option for Video Block, similar to what we have in Image block. If the dragging option is not possible, it would be great if there can be width field within the block settings. nagpai Needs Patch 56069 Footer Template Parts and Reusable Blocks Have Added Spacing By Default Editor 6.0 normal normal Awaiting Review feature request new 2022-06-24T18:46:03Z 2022-08-10T21:14:34Z "I noticed when working with WordPress 6.0 that both Footer Template Parts (I have not tested on Header Template Parts) and Reusable Blocks have spacing around the block by default. This creates unwanted aesthetics such as a thick white line between a block with a color background and the footer (when the footer also has a color background). In most cases when designing a website people will not want this spacing between the blocks. This problem is made worse by a misrepresentation of how the Template Part will look in the Site Editor - it appears there is NO space when viewing the same region in the Site Editor. However, when publishing and viewing the live changes on the site, the white line appears. The workaround to alleviate the problem is to add custom CSS to set the ""margin-block-start"" to 0 for the block elements in question (.wp-site-blocks in the case of the footer template part). However, editing the custom CSS in WordPress 6.0 is a whole different problem in itself as one must get back to the deprecated Customizer through a series of hidden steps to access the ""Additional CSS"" field and customize the CSS. In short, the default setting should be that the ""margin-block-start"" is set to 0 for block elements to remove annoying/unwanted spacing between blocks from footer template parts or reusable blocks." daviesmediadesign Needs Patch 54024 Internal links with href=outdated-slug and a data-type data-id as fallback should use that and update href=new-slug instead of resulting in broken link (404) Editor normal normal Awaiting Review feature request new 2021-08-27T13:16:19Z 2021-09-06T19:35:30Z "**1) The main expectation is in the issue title:** - Internal links, that are inline A elements with href=outdated-slug and which have the attributes data-type data-id as fallbacks should indeed use that fallback and update href=new-slug instead of resulting in a broken link (404), as I experienced it on **Wordpress 5.8 on a PHP 8 server with the Astra theme**. Thoughts: - Maintaining and updating internal pretty-URLs, I deem that a core feature of a CMS. - I really hope it's only a bug, but that use case in general is handled by WordPress or if not by a pretty - robust and popular plugin (recommendations appreciated, if that's the case!). **2) An appreciated feature would be: When changing a post's title (for all post types!) offer an option to bulk process the link text of incoming links.** - Definition of ""link text"" a.k.a. ""link label"" a.k.a. ""navigation label"": - That is the text between the opening and closing of the html a tag: {{{ Link Label was like Old Title or was a Custom Label ` }}} - Overall expectation: If a link has a custom link text, I'd expect that no automatic mechanism of WordPress ever kicks in, but the link text remains as is, as the link creator surely put some (contextual) consideration into it. - When changing a page's title or slug, it would be cool to have these ""Processing options"" in a ""Title Widget"" of Gutenberg or the Classic Editor: {{{ For internal incoming links update their link text to the new title? (•) Don't change existing link text at all! ( ) Only if the old link text was exactly the old title [√] and in the same case ( ) Regardless of the old title ⚠️ }}} - Note: The options and also the defaults are sorted from no changes at all to most destructive. - Hover/click on ⚠️ gives this tooltip: Warning: Authors probably put special contextual consideration when creating custom link text (aka label). This resets all those link texts to the new title. It is an un-doable batch operation! In doubt, first perform a backup. **Followup** - For both 1+2 see my screenshot series full with annotations, which will be attached below. - Questions: - I'm not sure into which component this falls. - Whether 2) should be a separate ticket. - I used Gutenberg's ""Insert link"" feature and this creates the markup. But I am pretty sure what I observed is not Gutenberg-specific, but that generated markup and its handling the the database for rendering, is core functionality." abitofmind 2 Needs Patch 55951 Page List and Latest Posts Text Colors Do Not Automatically Adjust to Background Color in 6.0 Editor 6.0 normal major Awaiting Review feature request new 2022-06-08T15:51:00Z 2022-06-24T18:48:45Z "I am using the Twenty Twenty-Two theme in WordPress 6.0. I created a cover block with a black background, added a column block, then added the ""Page List"" block and ""Latest Posts"" block to the columns. The bullet points automatically changed to white, whereas all the links remained black - and thus could not be read/seen since they were the same color as the background. I am assuming this is because the ""links"" color in my ""Styles"" are black, but there is no option to adjust the link styling in the case where the background color is darker (i.e. a link color alternative). If I change the link color, it will affect all the links across my site - not just the links on a dark background. A much-needed feature is either the ability to edit link colors from the Block Settings Sidebar, or to have a link color alternative for darker backgrounds available to set in the ""Styles"" section. I'll add that I'm aware that such customizations can be made using CSS, but I think these features should be built-in to WordPress and should not require custom coding. Thanks, Mike - a humble WordPress user/teacher. " daviesmediadesign 1 Needs Patch 58786 Support for adding custom, post-level meta descriptions in WP core. Editor normal normal Awaiting Review feature request new 2023-07-11T21:22:29Z 2023-10-30T13:25:23Z "Hi, the WordPress page/post editor needs a field for a custom written meta description. Meta descriptions are ubiquitous, been around forever, supported by all other (major) CMSs out there, an accessibility feature. Users should not need to install third party software for something this basic. Thanks." xroox 3 Needs Patch 59201 Taxonomy Query Loop Editor normal normal Awaiting Review feature request new 2023-08-25T08:22:58Z 2023-08-25T14:29:42Z "Hello, In the page editor and FSE, we really need a way to query terms like the ""Query Loop"" block does. Am I the only one who needs this? A ""**Taxonomy Query Loop**"" block would list them by tree structure, displaying the title and description. Either inherited from the query, or on a specific taxonomy and a specific parent term. Thank you so much Stephan" StephanR 1 Needs Patch 57984 Template Change Reset Editor normal normal Awaiting Review feature request new close 2023-03-25T13:38:30Z 2023-03-26T01:16:47Z "Hi, if you change some details of an template, than you have the option to reset this template to default. I wish there is a security question. For now all changes are gone, even by accident. " heikostueber 1 Needs Patch 58120 oEmbed Mastodon Embeds normal normal Awaiting Review feature request new 2023-04-12T14:31:06Z 2023-04-22T23:53:00Z "Porting [https://github.com/WordPress/gutenberg/issues/49687 this issue] here for discussion. > If I put a link to a Mastodon toot in the embed block, it embeds, but it has no style applied and looks bad: >[[Image(https://user-images.githubusercontent.com/1994311/230915699-45480012-7db9-4eff-93cd-f64dd4e46a09.png)]] As I mentioned there Since [https://joinmastodon.org/servers Mastodon is not 1 single website], but software that can be deployed to any url, we might need a different approach than the provider whitelist." mediaformat 9 Needs Patch 50013 [Feature Request] Tools: Export: Post, Categories: All - but exclude these Export normal normal Awaiting Review feature request new 2020-04-26T09:22:54Z 2020-04-26T09:22:54Z "When exporting Posts, you can select which post categories you want to export. My FR is about a inverse selection - export all but the selected categories. Means having category A, B, C, D, I want to export all but A. This could be made with an additional checkmark defining it is a inverse selection." mmattel01 Needs Patch 52012 Bundle jQuery plugin temporarily to encourage adoption of auto-updates External Libraries 5.5 normal normal Awaiting Review feature request new 2020-12-10T10:48:30Z 2020-12-19T17:53:52Z "**Some background: ** I wanted to include some comments here that I see as representative of the user experiences I have read about across the interwebs when they upgraded to to WordPress 5.6: {{{ Hello Wordfence team, Thank you for this very interesting post. Every update of WP makes me worried, especially lately because of all the plugin and themes update needed after... and the risk of big bug... For the security, Wordfence is installed in all my websites for many years now and it really help me to sleep well ;) Merry christmas time for all Cécile }}} {{{ Thank you for this useful rundown of the newest WordPress update. While it does sound exciting, I'm going to hold off for the time being and make sure all my plugins have caught up. }}} {{{ Do you think I should postpone the WordPress update to the latest? And I have to test the latest WordPress first on my local site? And is there no problem if I delay updating WordPress to the latest version? Are there no security holes or other bugs if I delay updating WordPress to the latest version? }}} {{{ i had upgraded my website to latest version of wordpress from 5.5 to 5.6. after few hours from upgrade my site started showing blank popup on screen which was not removeable even this have a cancel icon at top. my whole structure of [readacted] was disturbed. so I've downgraded back to 5.5 now it's working fine. so if you want to upgrade your version. do it at your own risk. }}} The above comments are from the WordFence blog: https://www.wordfence.com/blog/2020/12/wordpress-5-6-introduces-a-new-risk-to-your-site-what-to-do/ **The Problem: ** There were a large number of questions on the Forums during 5.5. and 5.6. where sites experienced fatal errors or other unexpected behaviour. While plugins that have not updated to the latest version of jQuery libraries are certainly not the only reason for fatal errors or unexpected behaviour - and while the number of active installations of the jQuery Helper plugin are probably inflated at this point - the number of downloads for the plugin and trends regarding questions on the Forums and other WordPress-related Help sites, in combination with other indicators like the number of plugins in the repository that make reference to outdated jQuery libraries suggest that the problem is not trivial. When sites break, non-technical users tend to want to roll back. This breaks trust in auto-updates and is highly likely to lead to users staying on older Core versions for longer and not trying to update again for years. **The Proposed Solution:** Please note that this solution on its own won't magically solve all update problems. However, it is one part that seems like it can be mitigated to reduce the ""noise"" (not suggesting that the concerns are not valid - suggesting that word of mouth is highly effective) / friction in the ecosystem. Bundle the jQuery Helper into Core (like Hello Dolly). Strongly consider running a cron job to disable (and possibly delete) the plugin after a certain number of admin logins (say 20). Have a prominent message (possibly redirect to a ""landing page"") to show the admin user how many logins they have left before the plugin is automatically disabled / deleted. Consider allowing the admin to extend the number of admin logins (perhaps to 200), or to enable the plugin until disabled (for sites that use plugins reliant on the outdated jQuery libraries). If possible, consider making use of Site Health to give an indication to the admin user as to whether or not the plugin is needed on their current setup or not. A bundled plugin approach could potentially be used for other breaking changes in the future - as one of the main constraints .org has always had to contend with was that there hasn't really been a good way to communicate these to a large number of site owners / admins. The goal here is **not** to let people use insecure libraries indefinitely - the goal is to get them **off** those libraries as soon as possible by facilitating communication and by not leaving them with a broken site (potentially during the middle of the night without them even being aware that the auto-update is happening) and scaring them off updating at all." carike 13 Needs Patch 58939 Option to bypass fetch_feed cache on call. Feeds normal minor Awaiting Review feature request new 2023-07-30T20:47:35Z 2023-07-30T20:47:35Z "I have a use case where users are limited to the normal 12 hour cache restrictions, but I would like to enable admins to be able to bypass the cache and pull the feed. Maybe a filter or optional parameter that would allow this? " picard102 Needs Patch 43205 Allow filtering the list of characters to be replaced by wptexturize Formatting normal normal Awaiting Review feature request new 2018-02-01T18:41:46Z 2019-01-16T06:43:09Z "I'd like to selectively disable the replacement of a subset of the characters replaced by wptexturize. There are already filters to control which html tags & shortcodes are exempt from being texturized: `no_texturize_shortcodes` & `no_texturize_tags`. I think a similar filter should exist to control which characters are texturized. This filter would take at least two parameters: `$dynamic_characters` & `$dynamic_replacements`. I am interested in writing a patch if you'll consider it. Would this enhancement be acceptable?" cyclic Needs Patch 53096 Color Settings include alpha channel for transparency Formatting normal normal Awaiting Review feature request new 2021-04-27T08:31:13Z 2021-04-27T08:31:13Z "a good feature for Gutenberg could be to add the alpha channel for transparency wherever (if it's possible) where the user can select a background or a foreground color since it is used a lot from designers. The best way is to add it as rgba first or/and as hexadecimal with the 2 digits in the end like #00000020 (black with 20 as hex for opacity)" fotisps Needs Patch 55326 Conditional classes directives in formatting Formatting 5.9.1 normal normal Awaiting Review feature request new 2022-03-06T18:01:43Z 2022-03-07T02:02:55Z "Hey people, I am here with a suggestion and core feature request for conditional classes directive for HTML class attribute. Similar to [Laraval conditional-classes](https://laravel.com/docs/9.x/blade#conditional-classes) If this function is already available in WP then please let me know about it, I wasn't able to find a similar function. There are many cases in development where we're creating a `$clasess` array variable and then with if-else or using conditional statements adding classes into it. While working with PHP code the code/file format in files look good and it's easy to manage but sometimes with HTML and PHP combination writing inline if-else make the code/file format ugly. and we also have to repeat the escape and echo things again n again if we have a couple of conditional CSS to write. I have created this custom code to use in my custom development, which allows passing set or array or single sting or strings with comma/space and then it conditional validate and output the string. {{{#!php $class_name ) { // Check if array has integer key, which means no conditions // are set for this class, if class is not empty then keep it. if ( is_int( $key ) && is_string( $class_name ) && ! empty( $class_name ) ) { $class_set[] = trim( $class_name ); } elseif ( ! empty( $class_name ) && ! empty( $key ) ) { $class_set[] = trim( $key ); } } /** * Filter array with empty values. * Make array unique. * Sanitize class name. * Implode by space. */ $output = implode( ' ', array_map( 'sanitize_html_class', array_unique( array_filter( $class_set ) ) ) ); } } if ( $echo ) { echo esc_attr( $output ); } else { return esc_attr( $output ); } } }}} so using this function we could save time to not write a few lines of if-else and keep the code look clean and simple as well, e.g. {{{#!php '; }}} this will convert into this. {{{#!php has_post_thumbnail(), 'is-featured' => has_term( 'featured', 'category' ), ), ); echo '
; // false is for returning the values. }}} however, it does not save too many lines but we are repeating things less and I feel it looks clean in code reading. :) But this function can be very useful while writing mixed HTML and php. {{{#!php "">
}}} {{{#!php is_sidebar_active( 'right-sidebar' ) && is_sidebar_active( 'righleft-sidebar' ), 'col-md-8' => ! is_sidebar_active( 'right-sidebar' ) && is_sidebar_active( 'righleft-sidebar' ), 'col-md-8 md-offset-4' => is_sidebar_active( 'right-sidebar' ) && ! is_sidebar_active( 'righleft-sidebar' ), 'col-md-8 md-offset-2' => ! ( is_sidebar_active( 'right-sidebar' ) && is_sidebar_active( 'righleft-sidebar' ) ), ); ?>
"">
}}} Please let me know what you people think about having a directive function for classes. Thanks," vijayhardaha 2 Needs Patch 57434 Extending the list of supported inline CSS properties allowed by safe_style_css Formatting normal normal Awaiting Review feature request new 2023-01-09T15:18:16Z 2023-01-09T15:18:16Z "I propose extending the list of safe CSS properties allowed in KSES to provide a better UX. My current employer has a steady drip of requests to add new properties, `box-shadow`, `word-wrap` etc., that look like they could be easily supported. We also get requests for positioning properties like `top`, `left` etc., which can be used for clickjacking and the like. I think it would be good to widen support and also put it on record why specific properties are not supported. I am happy to do most of the work preparing the lists of properties, but first, I would like to gauge the general appetite for such a change. Please chime in with your thoughts.  " mk9287 Needs Patch 52100 Include highlight.js in core for syntax highlighting for codeblocks in markdown Formatting normal major Awaiting Review feature request new 2020-12-17T07:05:58Z 2020-12-31T00:38:43Z "The solution is highlight.js and it is described here: https://github.com/Automattic/jetpack/issues/18035#issuecomment-746791498" DBJ 1 Needs Patch 41328 lightbox plugins cannot get image address to open except from image link Gallery 4.8 normal normal Awaiting Review feature request new 2017-07-14T14:43:04Z 2019-05-02T13:39:24Z "it would be good if you put image sizes specially for lightbox plugins. it is already possible to edit A tag's href attributes manually by adding something like ""-768x1024"" but that endings differ for different images so it is not easy. it is not possible to edit links of images of gallery at all, though it is possible to copy-past gallery code from preview's html source and then edit it manually. by default single images and gallery images link to full version of image or to attachment page, and it is not possible to change to smaller version from gui. it would be good if it would be possible to easily select smaller image from gui because as i said they can have different endings. and it would be especially more comfortable for galleries because it would change many links at once. maybe it would be good to provide additional image address in additional attribute for usage by lightbox plugins. so A tags around image might link to full image or attachment as configured and lightboxes would get get image address from custom attribute." qdinar 1 Needs Patch 52824 A separate sub-menu to organize the extensions belonging to parent plugins. General normal normal Awaiting Review feature request new 2021-03-16T04:17:28Z 2021-03-23T00:57:15Z Generally, when we try to find plugin conflicts we have to deactivate every single plugin, including the extensions belonging to the parent plugins. If a site has 50 plugins including the extensions, it's impossible to differentiate the extensions as well. Because the extensions are mixed inside the plugins sections as well. So a separate sub-menu should be added to keep track of all the extensions, belonging to the parent plugin. Since WordPress is getting bigger, I assume this feature is very important to every plugins and extension organized. cu121 1 Needs Patch 20194 Add Description meta to General Settings General 3.3 normal minor Awaiting Review feature request new 2012-03-07T20:59:05Z 2021-08-10T05:46:44Z "Add a description field to General Settings b/c these days with themes doing all kinds of kooky things, the automatic excerpt is often not representative of the site content. All the SEO-lovers will be happy, searchers will get more accurate results, and it's a nice end-user feature without high overhead. Could have sworn I made a ticket like this once before, but can't find it in search, so if anyone remembers it/is better at searching trac than I just was, go ahead and close this as duplicate." jane 32 Needs Patch 60656 Add Linktree icon to social icons options General 6.4.3 normal normal Awaiting Review feature request new 2024-02-29T08:15:58Z 2024-02-29T08:15:58Z Linktree, Carrd, etc are becoming more popular. I'd like to include a social icon link for these, but most espcially Linktree in my situation. tingc888 Needs Patch 33252 Add a Faster SHORTINIT-like admin-ajax Alternative General 4.2.3 normal normal feature request new 2015-08-04T03:34:47Z 2019-06-04T19:50:21Z "The existing `admin-ajax.php` is slow because it loads the whole Core. Even though that's useful, this makes `admin-ajax.php` slow to use in front-end scenarios where you need fast responses. Some code snippets exist that circumvent this by creating their own ajax handlers that utilize the SHORTINIT constant. Although these solutions would require you to load `wp-load.php` yourself which is not advised. E.g. https://coderwall.com/p/of7y2q/faster-ajax-for-wordpress from 2012 I'd like to propose a feature request for an `admin-ajax.php` likehandler that: * doesn't load the whole core, * loads only some essential functions similar to the functionality given by SHORTINIT Implementation suggestion: The best way to implement this in my opinion is to create 2 new action hooks `wp_ajax_shortinit_{action}` and `wp_ajax_shortinit_nopriv_{action}` that behaves identically with `wp_ajax_{action}` and `wp_ajax_nopriv_{action}` except that the SHORTINIT-like environment is implemented." bfintal 3 Needs Patch 60698 Add optimized set lookup class. General trunk normal normal Awaiting Review feature request new 2024-03-06T01:18:34Z 2024-03-06T01:18:34Z "In the course of exploratory development in the HTML API there have been a few times where I wanted to test if a given string is in a set of statically-known strings, and a few times where I wanted to check if the next span of text represents an item in the set. For the first case, `in_array()` is a suitable method, but isn't always ideal when the test set is large. {{{#!php contains( '¬in' ) ) { … } while ( true ) { $was_at = $at; $at = strpos( $text, '&', $at ); if ( false === $at ) { $output .= substr( $text, $was_at ) break; } $name = $named_character_reference->read_token( $text, $at ); if ( false !== $name ) { $output .= substr( $text, $was_at, $at - $was_at ); $output .= $named_character_replacements[ $name ]; $at += strlen( $name ); continue; } // No named character reference was found, continue searching. ++$at; } }}} ---- Further, because WordPress largely deals with large and relatively static token sets (named character references, allowable URL schemes, file types, loaded templates, etc…), it would be nice to be able to precompute the lookup tables if they are at all costly, as doing so on every PHP load is unnecessarily burdensome. A bonus feature would be a method to add and a method to remove terms. ---- In [https://github.com/WordPress/wordpress-develop/pull/5373 #5373] I have proposed such a `WP_Token_Set` and used it in [https://github.com/WordPress/wordpress-develop/pull/5337 #5337] to create a spec-compliant, low-memory-overhead, and efficient replacement for `esc_attr()`. The replacement `esc_attr()` is able to more reliably parse attribute values than the existing code and it does so more efficiently, avoiding numerous memory allocations and lookups." dmsnell Needs Patch 43328 Add support for Web App Manifests westonruter* General normal normal Future Release feature request accepted 2018-02-15T09:33:11Z 2019-03-01T13:44:17Z "Per [https://developer.mozilla.org/en-US/docs/Web/Manifest MDN]: > The web app manifest provides information about an application (such as name, author, icon, and description) in a JSON text file. The purpose of the manifest is to install web applications to the homescreen of a device, providing users with quicker access and a richer experience. > > Web app manifests are part of a collection of web technologies called progressive web apps, which are web applications that can be installed to the homescreen of a device without needing the user to go through an app store, along with other capabilities such as being available offline and receiving push notifications. For populating the manifest: * `description` can be pulled from the `blogdescription` * `name` can be pulled from `blogname`. * `background_color` can be pulled from the `custom-background` theme support. * `lang` can be pulled from the site locale. * `icons` can be pulled from site icons. A filter can be present for themes and plugins to augment the manifest. See also #36995 for adding service worker support to core." westonruter 10 Needs Patch 48587 Allow customization of Admin Color Schemes for dashboard General normal normal Future Release feature request new 2019-11-13T01:47:15Z 2021-03-10T12:39:05Z "This issue -- #48585 -- highlights the need for a sorely missed core accessibility feature: the ability for users to customize the preset Admin Color Schemes for the administrative dashboard. I know there are plugins that can customize the dashboard, but I believe this feature belongs in core for these reasons: 1. It affects users' ability to access and manage the basic functions of any WordPress installation. 2. The necessary styles already exist in core and there is already provision to save specific color scheme settings in the user profile. This functionality would be a refinement of pieces already baked in. 3. The accessibility shortcomings of the default set of Admin Color Schemes are already a known issue. 4. For intermediate users, being able to make certain customization choices to an existing scheme or palette is typically the easiest way to achieve a desired result. (More complex functionality, like altering the button layouts, would probably be best left to plugins aimed at more advanced users.) As a user, I want to emphasize that color selection for accessibility is very much an individual choice. There are, for example, W3C standards-validated high-contrast color schemes that are very hard on my eyes. Regardless of whatever other changes may be made to the default Admin Color Schemes for accessibility, it would be beneficial to allow users to further tailor those schemes to suit their own needs. Since the Admin Color Scheme choices are saved in the individual user profile and the color choices are not publicly facing, there's no obvious reason why WordPress users shouldn't have that option. Ideally, such a customization option would include some kind of color picker interface. In a pinch, providing a hyperlink to an external color chooser with clear instructions to copy and paste the hexadecimal code for the desired color into the appropriate spot would probably be adequate and would still be a significant improvement. I'm not a developer, so the engineering of such a feature is beyond my scope, but I figured it was worth asking." Ate Up With Motor 3 Needs Patch 46394 Create a Function to Allow the WordPress Search to Only Return Results from a Specified Post Type General normal normal Awaiting Review feature request new 2019-03-01T17:24:37Z 2019-03-01T17:54:34Z "Hi I'd like to install the WP search box on a custom post type archive page and have it only return results from this custom post type. Is there any way in the future WordPress could allow you to add a parameter to the get_search_form() function (or create a similar function) that would allow this? An example being, if I had a custom post type called jobs, when I add the WP search box on the jobs archive page I could add 'jobs' as a parameter so it only returned matches from the jobs post type i.e. get_search_form('jobs') This would be so awesome." pauljohnknight 1 Needs Patch 32528 Create a new search_form_content hook in get_search_form() General 4.3 normal normal feature request new 2015-05-29T16:22:28Z 2019-06-04T19:49:21Z "The only viable method for creating a custom search form in a plugin or theme is to replace the entire default search form. This runs the risk of introducing possible security issues should a patch be issued in the default search form. More importantly it means more potential deviation from ""the WordPress standard"". Instead of requiring developers to recreate a new feature that mimics the HTML that get_search_form() provides, consider adding a new filter that allows developers to easily add HTML elements to the search form. The current general-template.php get_search_form() snippet: {{{ if ( 'html5' == $format ) { $form = '
'; } else { $form = '
'; } }}} Allow developers to easily insert additional input elements between the search input and submit elements: {{{ if ( 'html5' == $format ) { $form = '
'. apply_filters( 'search_form_content', '' ) . '
'; } else { $form = '
' . apply_filters( 'search_form_content', '' ) . '
'; } }}} There are a number of ways to implement this, including the possibility of passing in the initial label + input fields HTML as a parameter to the filter. The general idea is to keep the form HTML and submit HTML intact to ensure maximum functionality/compatibility with the core search feature. As long as the hook processor does not impart too much overhead, this may be a viable feature to keep more control over the search form and simplify/eliminate many custom searchform.php files that only need to add an extra input element such as ""select a category"" to further refine the search mechanism. " charlestonsw 2 Needs Patch 51917 Create a staging environment within Core General normal normal Awaiting Review feature request new 2020-12-02T14:32:43Z 2021-01-26T06:16:05Z "A lack of trust and fear of things breaking seems to be the reason why a lot of people do not update their WordPress Core installation or plugins. It seems like a built-in staging environment (along with the ability to roll back) can go a long way towards improving the adoption of auto-updates without alienating stakeholders. It seems like a possible way to do this may be to create a staging site (sharing the DB by default, but with the possibility of separate DBs via a constant) under a subfolder." carike 1 Needs Patch 54626 Custom Objects General normal normal Awaiting Review feature request new 2021-12-14T23:42:46Z 2021-12-14T23:42:46Z "Custom Post Types are great, but it has been used for many things (like WooCommerce Products) in the past/present that really should be stored as custom tables. I thing its great to start looking into creating the idea of ""Custom Objects"". I think Hubspot has a great example we can learn from for building this out in WordPress. WordPress can start by introducing rest endpoints to create/updated/delete ""Custom Objects"". These endpoints can be used to create the custom tables (maybe meta tables), and later features such as associations, like taxonomies. Further Reading: * https://developers.hubspot.com/docs/api/crm/crm-custom-objects * https://knowledge.hubspot.com/crm-setup/use-custom-objects * https://product.hubspot.com/blog/custom-objects" bhubbard Needs Patch 55086 Different URLs according to environment type with filters to work smoothly in all envs without replacement in the database General normal normal Awaiting Review feature request new 2022-02-05T08:05:53Z 2022-02-05T08:05:53Z "Add different URLs (WP_HOME, WP_SITEURL) for different environment types and filter query results (the_content etc) according to env type. It can allow to build the site using production URLs but filter the content according to the current environment - dev or stage and work with the site without a need to replace URLs while moving from env to env. This will ease regular deployments and help avoid mistakes when on production some links are still pointing to the dev or stage environment." oglekler Needs Patch 43334 Include Post/Page status when restoring the previous revision General normal normal Awaiting Review feature request new 2018-02-16T01:07:32Z 2018-02-16T20:05:03Z "I noticed page/post status is not included in the restore previous version. Would be a great addition to the next build. Thanks" necromuncher 1 Needs Patch 49032 Introduce __return_value() General normal normal Awaiting Review feature request new 2019-12-18T18:40:32Z 2019-12-18T19:25:11Z "WordPress has, since quite long time, helper functions like `__return_true` and [[https://developer.wordpress.org/?s=__return_&post_type%5B%5D=wp-parser-function|others]]. These are useful to be added to filters. Now that minimum PHP version is 5.6 we could have something like: {{{#!php element linked to your webcam inside any form. Very easily. As a plus, it also supports audio! Like that also those who can hear, not just deaf people, could just hit the record button, say something and submit that right away. That would be awesome for everyone. Just takes few seconds to encode, depending on the length and your bandwidth. All plain JS, using the getUserMedia() API. I am not trying to advertise my code but to distribute it on well-known CMS, this to improve the lives of Deaf people including me (I've been hacking JS, PHP, HTML and much more for > 22 yrs). Feedback very welcome. I am very happy to submit PRs if I have your blessings and can count on your guidance where to start. Michael" michael.heuberger 14 Needs Patch 60546 Posts link management in post editor sidebar General normal normal Awaiting Review feature request new 2024-02-15T10:24:12Z 2024-02-15T10:24:12Z Currently, in a post, when I add links, I have to manually manage the links. For example if I want to open all the links in a new tab, then I have to manually find them and then mark the checkbox. Instead, if all the added links were displayed in a section in the sidebar of the post editor window (similar to [this image]https://drive.google.com/file/d/1PlOlQ4_gG6eMC34Txk_iYGT60zzA1qhQ/view?usp=sharing), then it would be easier to manage all the links. shaugatashraf98 Needs Patch 59519 Reconsider including Google branding and product in WordPress core (Google Fonts) General 6.4 normal normal Awaiting Review feature request new 2023-10-02T18:49:44Z 2023-10-05T16:09:55Z "In this [https://github.com/WordPress/gutenberg/issues/53307 Gutenberg Github issue], a Google Fonts integration is being added directly to WordPress core. I know the great work being done is with the best of intentions: to help streamline things for users. However, despite copying the font from Google Fonts, including this Google integration in WordPress core has a few problems. - It is a ""vote of confidence"" in Google by the WordPress project - It's free advertising for a brand in WordPress core - It opens up future political problems for WordPress leadership to deal with Are we willing to say that the WordPress project is giving a ""vote of confidence"" for Google, the brand? Are we willing to provide free marketing for Google in this way? Furthermore, any other brands we might add to WordPress core in the future would also be getting that same ""vote of confidence"" from the WordPress project. Are we also willing to do it for them? If so, how are we deciding who gets these ""votes of confidence""? Is there a process a brand should go through to earn this vote of confidence? What steps should they take? When do we/they know it's enough? If we add this Google integration by default in WordPress core, it opens up a bunch of problems we can avoid. WordPress has a plugin interface for this exact type of thing. Why not use it? This could surely be made into a plugin, right? So my request here is to reconsider adding a Google Fonts integration to WordPress core itself, and allowing it to be a plugin instead. While I believe that manually uploading fonts is good enough, if a core integration with an outside font API is required, I would propose that it should use Openverse. This has already been done with the Media Library. Additionally, (and this is somewhat beside the main point) but Google, specifically, doesn't have a great track record for keeping its products alive. The number of products killed by Google is astounding: https://killedbygoogle.com/ They also **just** sold their domains service to Squarespace, a direct competitor to the WordPress project. In my opinion, these are reasons enough to be wary of adding Google products and branding directly to WordPress core. " johnstonphilip 2 Needs Patch 49442 Request: filter for parse_blocks() result General 5.0 normal normal Future Release feature request new 2020-02-15T04:43:18Z 2020-02-15T06:55:35Z "I'd like to be able to access and if needed modify the parsed blocks for a page before it's rendered on the frontend. My particular use case invovles ensuring pages have a certain structure with some exceptions that can't reliably be address by simply using hasBlockType or filtering an individual block's data. My current solution is to hook into the `block_parser_class` filter and return my own extension that simply filters the ouptut of `WP_Block_Parser:parse()`. It works great but it's a bit of a round-about way. I think for sanity/caching friendliness it should be added in the return logic of `parse_blocks()`." dougwollison 2 Needs Patch 40852 Support Micropub General normal normal Awaiting Review feature request new 2017-05-24T01:13:06Z 2020-09-09T01:30:15Z "Micropub is now a W3C Recommendation. https://www.w3.org/TR/micropub/ It is used to create, update and delete posts using third-party apps. Micropub uses OAuth 2.0 Bearer Tokens for authentication and uses traditional form posts as well as JSON posts, which is both simpler and more secure than an XMLRPC approach. The REST API is specific to WordPress, whereas Micropub is platform agnostic, which has its advantages. " dshanske 3 Needs Patch 36995 Support for Service Workers westonruter* General 5.1 normal normal Future Release feature request accepted 2016-06-02T00:18:09Z 2022-05-03T22:21:12Z "It might make sense into looking to offer a basic service worker for WordPress. It can start with something simple like caching files for `wp-admin`. Beyond that there are many ways it could be expanded: * Cache all scripts and styles for themes/plugins, possibly offering offline mode for sites * Possibly Notifications * etc Useful links: * https://developers.google.com/web/fundamentals/getting-started/push-notifications/step-03?hl=en * https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API/Using_Service_Workers * https://justmarkup.com/log/2016/01/add-service-worker-for-wordpress/" bhubbard 25 Needs Patch 54628 Third-Party API Integrations General normal normal Awaiting Review feature request new 2021-12-15T00:25:28Z 2024-03-18T18:13:35Z "I have had to write many integrations with Third-Party APIs for WordPress. I would love to see WordPress introduce a more formal way to integrate with various APIs. Take for example Slack, many plugins and themes have written custom code to integrate Slack messages, but the end call to the api is typically the same using `wp_remote_post()`. Currently I have seen some sites with 5 different plugins all connecting to Slack's API. I would love to see the following: A page on WordPress.org (similar to plugins, blocks, etc) where I choose what app/services I want connected to my WordPress install. Theme/Plugin Authors could use these connections instead of writing their own. This can help with managing security and performance with Third-Party APIs. With multiple apps connected to my WordPress install, in the future we can have workflows, similar to Zapier, IFTTT, etc. Many of these integrations are for WordPress Plugins such as Gravity Forms or WooCommerce. If I want to create workflows with those tools and other services, it would be nice if it can be done all within WordPress. " bhubbard 1 Needs Patch 50375 Using post_type_archive_title() does not return the right laebl General 5.4.2 normal normal Awaiting Review feature request new 2020-06-12T16:58:35Z 2023-04-04T08:58:21Z "This seems to return the name label of the post type. It does not return the archives label. Shouldn't it return the archives label? $post_type_obj->labels->archives " shamai 2 Needs Patch 59148 WordPress CDN/Mirror plugins/themes... General normal normal Awaiting Review feature request new 2023-08-19T04:16:53Z 2023-08-19T04:16:53Z "Hello. Does the wordpress theme and plugin repository have a distributed CDN/Mirrors system? We are a cloud hosting service provider in Vietnam. Our customers 90% use wordpress. And when connecting to wordpress to download, update, and get plugin/theme information, the connection is often lost. Because our country VN has a connection to the international or interrupted. Don't know if WordPress.org has distributed servers to download data?" tranbinhcse Needs Patch 59605 activate, deactivate items in menue General normal normal Awaiting Review feature request new 2023-10-12T21:16:25Z 2023-10-12T21:16:25Z It will be nice for an feature, to activate/deactivate the items in the menue. joskis Needs Patch 44159 feature request: otption for removing save my name in comments General 4.9.6 normal normal Awaiting Review feature request new 2018-05-20T04:14:29Z 2018-05-25T12:19:17Z "Hi, As I see in wordpress 4.9.6, a new option has been added under comments fields that says: sava my name, email and etc… Thant very nice. thank you so much But I think it would be better if there was an option in wordpress settings to let website owners choose whether to select it or not to show on frontend. Thank you very much" longman2020 1 Needs Patch 45832 php-pm support General normal normal Future Release feature request new 2019-01-04T14:03:25Z 2019-01-14T21:52:28Z "Hi, this is more of a question/discussion starter about [[https://github.com/php-pm/php-pm|php-pm]] support. On php-pm github page it's stated that: > For all WordPress lovers out there: PPM is not going to work with WordPress due to the lack of request-response abstraction. We highly doubt that WordPress is ever going to be compatible because its architecture is written in a way that makes it currently impossible to serve multiple requests in one application process. Are there any plans to support it? Has anyone thought about adding support for request-response abstraction?" calin 2 Needs Patch 39425 sending mails with e-sign certificate feature request General 4.7 normal normal Awaiting Review feature request new 2016-12-30T11:25:28Z 2019-03-15T00:52:29Z "Since PHP4 in 2007, the phpmail had an option ""SIGN"" to digitaly sign outgoing mails with a P12,x509 certificat. But all my search in worpress plugin let me see that this very important function is not yet used. in 2017 the all EU will be asked to sécure and sign the mails so it will be soon a problem also. " studiojurdan 1 Needs Patch 54343 set custom name for metadata value in custom-fileds metabox select box General 5.8.1 normal normal Awaiting Review feature request new 2021-10-29T18:44:51Z 2021-10-29T18:44:51Z "I use postmeta_form_keys filter to add some extra custom metadata to custom-fileds metabox. but i want to set name for metadata. Beacuase i use persian language, it isnt good to set persian letter as metadata. its better i can set a name and value for each metadata. for example in postmeta_form_keys callback: {{{ function filter_function_name_1552( $keys, $post ){ if($post->post_type == 'car') { $keys['قیمت'] = 'regular_price'; } return $keys; } }}} that 'قیمت' is custom name to display in meta select option text and regular_price is meta key (option value to save and access) i dont know this restrictions and how to handle it. but its my idea in wp-admin/template.php line ~693 change $keys to Associative arrays (import every value as key too) to support submitted metadatas {{{ $keys = $wpdb->get_col( $wpdb->prepare( ""SELECT DISTINCT meta_key FROM $wpdb->postmeta WHERE meta_key NOT BETWEEN '_' AND '_z' HAVING meta_key NOT LIKE %s ORDER BY meta_key LIMIT %d"", $wpdb->esc_like( '_' ) . '%', $limit ) ); foreach($keys as $index=>$key){ unset($keys[$index]); $keys[$key] = $key; } }}} and in same file line ~734 add $index and change $key with $index in foreach {{{ foreach ( $keys as $index => $key ) { if ( is_protected_meta( $key, 'post' ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) ) { continue; } echo ""\n'; } }}} also i know should be change codes when get submitted metadata and i dont any idea for it. tnx a lot" myousefi08 Needs Patch 59021 Is there a way to monitor active connection initiated by cron and other running script (similar to netstat in windows) HTTP API normal normal Awaiting Review feature request new 2023-08-09T11:24:27Z 2023-08-09T11:33:25Z Is there a way to monitor active connection initiated by cron and other running script (similar to netstat in windows) and if possible to terminate or block specific outbound connection/IP. havoc2k7 Needs Patch 42839 wp_remote_post should support multipart uploads HTTP API normal normal Awaiting Review feature request new 2017-12-08T13:49:32Z 2020-01-22T11:05:19Z Currently `wp_remote_post` doesn't support multipart uploads (file uploads). Because of this many plugin authors need to workaround this by implementing their own way to upload files remotely. calin 6 Needs Patch 58354 Translate screenshots for the About page Help/About normal normal Awaiting Review feature request new 2023-05-19T05:14:43Z 2023-09-29T01:45:28Z "Many locales' polyglots are working on translating the About page and providing great experience and clear information for local native language users, but screenshots cannot be replaced and translated, and as a result, what is highlighted in the screenshots looks different in the translated admin interface. I propose to translate images src for screenshots with text as well and provide logic for that. The path to images can be restricted to WordPress CDN and the images themselves can be uploaded by GTE to a local media library, or the images can be submitted separately somewhere before actual strings translation." oglekler 2 Needs Patch 37491 Improve Iranian functionality in WordPress johnbillion I18N normal normal Future Release feature request assigned 2016-07-27T18:33:49Z 2020-01-07T20:22:06Z "I'm currently one of [https://wordpress.org/plugins/wp-parsidate/ Parsi Date] core developers. Parsi Date, enables Shamsi calendar, aka Iranian calendar, for WordPress. WordPress is really popular in Iran, many people use it as an accelerator in their own business, so I thought that enabling Iranian calendar, might be a good idea to step the progress of internationalizing WordPress. Can it be enabled in WordPress? Where to start?" iEhsan.ir 5 Needs Patch 50021 "Internationalization of excerpt function in ""Latest Posts"" block" I18N 5.4 normal normal Awaiting Review feature request new 2020-04-28T07:02:29Z 2024-02-29T04:51:04Z "In ""Latest Posts"" block, when extracting excerpts from posted articles, they are always separated by the specified number of words. The Japanese text is not space-separated, so the excerpt displayed by the ""Latest posts"" block is not shortened. The wp_trim_words function is used to extract excerpts from ""post"". This function determines whether to cut off by the number of words or the number of characters by the following conditions. {{{ if ( strpos( _x( 'words', 'Word count type. Do not translate!' ), 'characters' ) === 0 && preg_match( '/^utf\-?8$/i', get_option( 'blog_charset' ) ) ) { }}} I think it is desirable to be able to extract the ""latest posts"" block excerpt under the same conditions. " tmatsuur 2 Needs Patch 16460 Category/tag converter should support all public taxonomies Import 3.0 normal normal Awaiting Review feature request new 2011-02-05T04:56:39Z 2022-07-15T16:27:46Z The category to tag converter should let you convert terms to custom taxonomies, if any are defined. I'm attaching a rewrite of the plugin based on 1.5.2, which included support for post formats. sillybean 8 Needs Patch 44863 Modify the WordPress importer to handle .zip as well as .xml files Import normal normal Awaiting Review feature request new 2018-08-29T15:15:16Z 2018-08-29T15:34:49Z "Wordpress.com exports sites in two ways, as a .zip file (full of XML files) or as a single XML file, depending on whether the export is done from Calypso or wp-admin. The importer is expecting a single XML file, and fails if the user tries to import the zip file. Suggestion: Modify the importer to accept the .zip file, unzip it into tmp, and then import each of the included XML files." sterndata 1 Needs Patch 48345 Add Caps lock message to login screen Login and Registration normal normal Future Release feature request new 2019-10-17T12:05:10Z 2023-05-23T07:36:58Z "Users are often experiencing issues logging in which is a result of them having CAPS LOCK on, without them realising. Many wireless keyboards too don't have a light on them, which makes noticing this even trickier. There are a number of plugins available that will flag to the user when the CAPS LOCK is on (a message rather than a warning as it may be intentional!) but it would make sense for this to be added into core (possibly alongside other request improvements, such as the ability to display the typed password). Apologies if this is already a ticket - I did look but my search-fu on Trac isn't great." dartiss 8 Needs Patch 41170 Allow the newbloguser screen to be themed Login and Registration 3.0 normal normal Awaiting Review feature request new 2017-06-25T19:59:04Z 2017-06-26T07:58:12Z "The appearance of the `newbloguser` screen is not themeable. It should be. Related: #37921" johnbillion 1 Needs Patch 39985 Do action before send email of retrieve password Login and Registration 4.7.2 normal normal Awaiting Review feature request new 2017-02-28T14:01:07Z 2017-03-08T02:49:10Z "Add do_action before sending email to recover password. Inspiration: I needed to integrate an SMS sending to recover password, where I had to use retrieve_password_message filter hook to get the user's phone number. https://github.com/WordPress/WordPress/pull/275" bonus369 2 Needs Patch 51717 Emails in WordPress (Templating and Sending methodology) Mail normal normal Awaiting Review feature request new 2020-11-05T20:50:48Z 2020-11-08T10:39:51Z "Hello, One issue that has come up with clients and the ability to apply branding to emails consistently across website generated emails. Because plugin developers need to implement their own templating for emails. Some Woo-commerce extensions use the Woo-commerce system, which is great, but some don't. Between contact forms (not WooCommerce related), Orders and WordPress emails etc, its quite problematic to implement a consistent presentation for emails across the system. Another item I've noted - is with my custom apps built previously we have used a scheduling system to send system generated emails, this excludes delays for very important items like forgotten passwords. But essentially all it is, is a database table for to be sent emails, that are sent after that point in time. This could also be used as a log. I understand this could be setup as a plugin, but if implemented well and inline with the desired future functionality of WordPress could be a nice addition to the system and could have some small performance improvements for requests that generate emails (this is was observed by myself moving to this setup with custom apps/sites/software in the past it is now my standard in any application of quality). " Nate1 1 Needs Patch 22937 Bulk Actions > Edit could allow batch-assignment of taxonomies to Media following the WP 3.5 media changes Media normal normal feature request new 2012-12-14T13:59:37Z 2023-10-18T15:53:15Z "[First and foremost the media improvements in WP 3.5 are wonderful, thanks to all involved.] Now that you can assign taxonomies to media easily, it would be extremely useful if you could also use Bulk Actions > Edit (as you can with posts / pages / custom post) to assign them to multiple images more quickly. Real world case: we added a taxonomy to media yesterday for a client, so they could categorise their ~500 images into sitewide categories, and they immediately replied to ask if there was a way of doing it in batches..." yeswework 2 Needs Patch 54226 Cleanup Unused Image Sizes Media normal normal Awaiting Review feature request new 2021-10-06T09:45:25Z 2021-10-06T11:21:46Z I have just spent my morning cleaning up over 400,000 unused image sizes taking up over 14Gb of disk space on my site. This comes from both WordPress & WooCommerce not cleaning up after thumbnail sizes have been changed in the past. I am luckily an advanced user and able to do this via the command line but I really feel for the average user who is paying a premium for hosting to host a plethora of images that are old and never used. WordPress & Woocommerce really need to look at cleaning up after themselves. mitchellk 1 Needs Patch 34223 Core support for image regeneration Media 4.3 normal normal feature request new 2015-10-08T20:26:48Z 2023-10-18T15:52:00Z "Making this a separate ticket from #34196 so as to not hijack another conversation. I’d like to discuss WordPress doing image regeneration as a part of core. Images are most often defined in themes, and when switching themes, I think it makes sense to at least offer the ability to easily regenerate images to create the images a theme expects to exist. Similarly, if the default image sizes are changed, it’d be nice if users could regenerate images to make older images compatible to new size definitions. I think the nomenclature for images (i.e.: medium, large) help define images well enough that regenerating an image that exists on an old post would not alter it in a way that is out of expectation. And if we have a new image size that’s equivalent to the content width (and I’d actually argue to make that the standard insert size), it would make sense to be able to change it easily, with core, as part of a theme switch routine." krogsgard 5 Needs Patch 57238 Criteria for Responsive Images of WebP: Preserve Alpha + Preserve Lossless + Smaller in size than original adamsilverstein Media normal normal Future Release feature request assigned 2022-12-01T00:07:55Z 2023-02-21T13:09:28Z "On WordPress 6.1.1 I uploaded different WebPs (lossless/lossy + with/without alpha channel) and the Responsive Images that WordPress creates from them should fulfill these criteria 1. ✅ Preserve the alpha channel → To maintain layout/design capabilities 2. ✅ Lossless original should result in lossless sized versions → To preserve full quality (e.g. screen designs, diagrams, etc) 3. ✅ File size of smaller sized versions should never be larger than the original → Else the purpose of Responsive Images to conserve bandwidth is moot. To my shock in one case ALL 3 criteria were violated, in other cases some criteria were violated. == Input: WebP, lossless, with alpha channel **Original**: Axure-Prototyping-2-dynamic-title-scaled.webp • 2880 × 1750 • 21.77 KB • 1:926 (compression factor) 1. ❌ Without alpha channel → Looses me layout/design capabilities. - Found no ticket ""Responsive Images of WebP should preserve alpha channel"" - Should we file this? 2. ❌ Lossy versions from lossless original → Looses me quality against my intention. - Possibly related to one of those: - #53663 another example for a failed feature detection? - #53669 maybe related? 3. ❌ Larger in file size, even if smaller in dimensions → Contrary to the intended goal of Responsive Images. - Axure-Prototyping-2-dynamic-title-scaled.webp • 2560 × 1556 • 29.67 KB • 1:536 - Axure-Prototyping-2-dynamic-title-2048x1244.webp • 2048 × 1244 • 23.89 KB • 1:426 - Axure-Prototyping-2-dynamic-title-1536x933.webp • 1536 × 933 • 16.20 KB • 1:353 - Is the first one to be smaller in file size than the original - Issue #53653 fixed larger file sizes by avoiding lossless versions from lossy original. - But here we have the reverse, but nevertheless an increase in file size! Also need to avoid that. == Input: WebP, lossless, without alpha channel Original: Confluence-Absence-Inspector-in-Create-Mode.webp • 2880 × 1620 • 672.73 KB • 1:27 1. N/A No alpha channel present in the original. So no alpha channel can be lost either. 2. ❌ Lossy versions from lossless original → Undesired! 3. ✅ File size of smaller sized versions are all smaller than the original: - Confluence-Absence-Inspector-in-Create-Mode-scaled.webp • 2560 × 1440 • 136.88 KB • 1:107 - Already the first smaller version is already smaller in file size - Thanks to compression ofc. Note: When the version would remain lossless (see point 2) I still would have that expectation ofc. == Further notes - The WebP files were created from PNGs with GraphicConverter 11.7.1 (beta build 5672) with these metadata options: - Without any color profile information (the raw pixel values are sRGB compliant, so the default fallback sRGB applies) - With a [https://www.lemkesoft.info/forum/viewtopic.php?p=27608#p27608 minimal Exif chunk which only stores resolution info] (I tag my Retina images as 144 PPI, something which I would like WordPress to detect as a @2x Retina image, but that's another issue) - Btw I was concerned that that Exif chunk is at the end of the file (at the end of the linked post), but the developer of GraphicConverter said, [https://www.lemkesoft.info/forum/viewtopic.php?p=27646#p27646 I just use the public code from Google to create the WebP and can't influence the order, that's how the WebP comes out.] - Wanted to mention it here for completeness, maybe relevant. - With webpinfo I confirmed the existence of alpha channel and lossless/lossy status of WebP for all mentioned files (originals + responsive image versions by WordPress) ." abitofmind 8 Needs Patch 48462 Download from Media in Backend Media 5.2.4 normal normal Awaiting Review feature request new 2019-10-30T10:48:12Z 2019-11-15T15:26:41Z "It would be great to quickly download multiple images/files from the media in the backend. This would speed up the editing process, when an editor needs help with image editing. Mark multiple images > click download." diebombe 3 Needs Patch 60250 Feature Req – Media Library Grid-List Media normal normal Awaiting Review feature request new 2024-01-14T16:18:41Z 2024-03-06T16:57:57Z "Hello, i have site with lots of images so i have to check attachment details of images and upload new ones everyday. so in grid view of media library, the attachment details modal is really helpful and i have infinite scroll enabled. i have to check old images after uploading a new into media library but need to scroll a lot and it’s very annoying. on the other side in list view there is a pagination so i can remember page number everyday but there is No attachment modal thats why I have to open attachment page of every image and update info which takes lots of time. I really need pagination in grid view or attachment details modal in list view. kindly add an one feature in media library. it will save lots of time in future. Thank You 🙂 " smtkapps Needs Patch 55093 Feature Request - Media Uploads option for year-based folders (without month) Media normal normal Awaiting Review feature request new 2022-02-05T22:18:22Z 2022-10-26T15:53:30Z "Feature Request (maybe while you’re working on 5.9.1… :-)) : On Settings > Media (wp-admin/options-media.php screen), under “Uploading Files” In addition to “Organize my uploads into month- and year-based folders”, an option to “Organize my uploads into year-based folders” Cheers, Kim" wardencenter 1 Needs Patch 52978 Feature Request: option to show full images in Media Library Media 5.7 normal normal Awaiting Review feature request new 2021-04-06T04:58:27Z 2021-09-02T14:20:14Z "It would be very helpful to have an option (perhaps in Settings/Media) to have the Media Library show the full image even if it’s not square, instead of cropping everything to square. There are a lot of reasons why some of us (perhaps many or even most) don’t like the images shown cropped to square – here are three: (1) the full content is not visible, (2) searching for items you know are a certain aspect ratio is much more difficult, (3) multiple images that are the same in the center but cropped differently (or extended with additional background to make a certain shape) look identical. I would be perfectly happy if the CSS was simply changed to always show the full image, but I suppose some people might be used to the squares (although I don’t see what advantage that would have other than looking tidy), so I’m suggesting a setting to allow the user to choose. Currently I’m using a workaround on some of my sites – I installed the “Add Admin CSS” plugin and added this CSS: {{{ .wp-core-ui .attachment .portrait img { max-height: 100%; } .wp-core-ui .attachment .landscape img { max-width: 100%; } }}} But it would be better if WordPress could do this natively. Here are two screenshots of the same Media Library before and after using my workaround: [[Image(https://imgur.com/a/Vt5hX9H)]]" OsakaWebbie 2 Needs Patch 50092 Implement Focal Point Picker for all images in the Media Library Media normal normal Awaiting Review feature request new 2020-05-05T15:18:55Z 2022-09-16T13:23:25Z "The FocalPointPicker component which came as a part of the Cover element is a great idea, but it only applies to that block. Can we implement this in the Media Library when editing the properties of an image? For themes that uses background images (eg: in tiles) this could allow for a standardised way of setting / getting the default background-position for that specific image." sfoxe 2 Needs Patch 41279 Make PDF Thumbnail (WP 4.7 feature) accessible via the Media Manager Media normal normal Awaiting Review feature request new 2017-07-09T19:24:26Z 2020-10-21T12:55:14Z "When you upload a PDF file WordPress creates a ""preview image"" - This was added as of WP 4.7 This feature request to have that image also added into the database so that it is accessible via the Media Manager. The use case for this feature is that I have a Monthly Newsletter and want to use the preview image (page 1 of the PDF) as the featured image for the post where I am putting the link to the PDF Additionally some plugins (like visual composer) allow you to insert single images, however, you need to be able to select it from the media manager, not just put in a URL" sflwa 7 Needs Patch 51952 Media Library - Focal Point Chooser Media 5.7 normal minor Future Release feature request new 2020-12-07T05:04:19Z 2021-01-07T16:50:45Z "I appreciate how simple Gutenberg is for both developers and end users. One of the specific features I find nice and simple to use is the focal point chooser for the cover and media/text images. I feel that all images should be able to have a global focal point, regardless of the context. This will allow theme developers to ensure that sliders and featured images etc can be cropped to fit fully responsive layouts. Cover and other media blocks would still allow you to select a specific focal point, so those features should not need to change. To that effect, I propose adding the focal point chooser to the media library, and storing the focal point as part of the image meta. There may be plugins available which can provide similar functionality, however I was unable to find any which are still being maintained and are as simple or sleek as the Gutenberg version. Please investigate the possibility of porting the existing Gutenberg focal point chooser to the media library. I've tried looking into this myself, however everything is react and I'm unable to find a nice way to add this to the media library. Example scenarios: 1. A blog page is set out to have the posts set out into a grid or masonry layout. The featured images are displayed as either squares or similarly shaped rectangles, where the images are both cropped and centred. A new post is created and the image of a person is uploaded as the featured image, however their head is cut off when it is displayed on the blog page. Having the ability to set a global focal point for this image will allow us to position the image so that the head is visible regardless of the image dimensions. 2. Custom meta field is created which will allow a user to specify an image for a banner or slider. The image itself is quite wide but shallow and on larger desktops the full image may be visible, while on smaller desktop screens and mobiles, the sides may get cropped. If an image is uploaded with the main focus of the image close to the left hand side, it may be cropped on smaller devices. Setting the focal point of this image will allow us to ensure that just the right side is cropped as the screen size decreases. " shaunjeffrey 3 Needs Patch 19834 More Robust Capabilities for Attachments Media normal normal Awaiting Review feature request new 2012-01-15T00:43:40Z 2020-09-10T14:05:33Z "Attachments/files should have their own set of capabilities mirroring those of posts, in addition to upload_files. Specifically: - read_attachments - edit_attachments - edit_others_attachments - delete_attachments - delete_others_attachments Currently, attachments rely on the edit_posts capability, which can create complications if you don't want your users to see the ""Posts"" sidebar item, or don't want them to be able to delete the attachments they upload. " walkinonwat3r 39 Needs Patch 36842 "More global event hooks using the media.events, like ""modal:open"", ""modal:close"", etc" Media 4.6 normal normal feature request new 2016-05-15T00:30:04Z 2019-06-04T20:25:03Z "There seem to be plentiful hooks in the media backbone system, but most require listening to the frame/controller/etc vs having global hooks/events to listen to. This, obviously, would be much like WP's `do_action`. Each event should pass contextual info including the frame/controller/etc object. Select2 (as well as most JS modal libs) provides an example of prior art: [https://select2.github.io/examples.html#events] Using that implementation as an example, we could do something like: `wp:media:open` is fired whenever the modal is opened. `wp:media:opening` is fired before this and can be prevented. `wp:media:close` is fired whenever the modal is closed. `wp:media:closing` is fired before this and can be prevented. `wp:media:highlight` is fired whenever a result is highlighted (clicked). `wp:media:unhighlight` is fired whenever a result is unhighlighted. `wp:media:select` is fired when a result is chosen and modal is closed. `wp:media:selecting` is fired before this and can be prevented. `wp:media:change` is fired whenever the modal changes state. `wp:media:changing` is fired before this and can be prevented. " jtsternberg 2 Needs Patch 45710 New feature: deleted related files when deleting a page or post Media 4.9.8 normal normal Awaiting Review feature request new 2018-12-19T20:26:22Z 2020-10-02T04:11:21Z "Hello, Nowadays, when you delete a page or post there's the downside that the related images will remain on the server. It would be great if WordPress keep track of where this image is being used. For example, image.png is used on 3 pages and 2 posts. So, when you're sending a page or post to the trash can, it will be great if WordPress could check if the related images are being used on another pages or posts. If not, the system could show a message: ""X image is not being used on any page or post. Do you wish to send it to the trash can as well?"" The user would have the final choice if he wants to leave that file at the server or not. And this would also could lead to a new function to find orphan images/files." gmr1970 1 Needs Patch 29368 Pasted media do not appear in the library Media 3.9.2 normal normal feature request new 2014-08-25T17:49:15Z 2019-06-04T20:08:45Z "So I don't know if this is a bug or a feature request, but when I paste an image into a post, i would assume that it goes into the media library (where else would it live?). But when I go to then chose that image as my featured image, surprise, surprise - it's not in the library. " Matt McLaughlin 10 Needs Patch 32658 Post media attachments should show assigned media by default Media 4.3 normal normal feature request new 2015-06-16T08:56:15Z 2019-06-04T20:14:23Z "When adding the attachments to post, the popup always starts with All media files as default, so that if i want to see attached media, i need to click the select, click the Assigned to post option and wait few secs. I really hate this behaviour, i would like to see assigned media first (if there are some allready asigned). The problem is, that it is not easy to change it, without hacking the core code - the only way is to add some javascript, that changes the value after page load, but theese solutions are not trivial and buggy (http://wordpress.stackexchange.com/questions/76125/change-the-default-view-of-media-library-in-3-5) Maybe other people want different default option (i have seen a post of someone, who wanted ""unassigned""), so I think the best would be, if the script would remember the last selected value, or if there would be some option, which to select by default or (and) if at least there would be some easy filter, which we could use to change the default " thomask 2 Needs Patch 42633 Suggestion to provide Better Page and Image Management Media 4.9 normal normal Awaiting Review feature request new 2017-11-20T03:41:59Z 2017-11-20T05:24:14Z "**** This is not bug report but a suggestion **** Not at all sure if this is the right place for this however, I've been using wordpress for about 12 months now and believe it lacks somewhat in the management of pages and media. I believe that it would help tremendously helpful if we could: (1) organize pages into groups or folders as it can be overwhelming with the current long list of pages when we are working on large sites with a lot of pages, and (2) similarly, organize media into folders so for example, we could keep site media separate from post media. Thanks for listening" sixlinksrule 1 Needs Patch 40140 upload_url_path doesn't seem to make any effect Media 4.7.3 normal normal Awaiting Review feature request new 2017-03-13T06:53:00Z 2018-12-27T21:15:21Z "An site of mine had '''http://site.com/articlefiles/''' as the place to receive uploads, equally it was '''/site/root/articlefiles''' on the filesystem, instead of '''/site/root/wp-content/uploads'''. Now I migrated the site into a multisite installation as site 2 and uploads are going into /site/root/articlefiles/site/2/ and all previous uploads in old posts are linked as '''http://site.com/articlefiles/site/2/something.jpg''', causing broken images and links cause they originally don't have the ""site/2"" part. Editing the post, these links and images do not have the ""site/2"" part either. WordPress is rewriting the URL dynamically when reading the posts. I want to keep compatibility with '''http://site.com/articlefiles/''' and '''/site/root/articlefiles''' without the ""site/2"" part. I was expecting '''upload_url_path''' on options table to be the solution but it doesn't work. I put there '''http://site.com/articlefiles/'''. How can I keep URL and path compatibility when migrating a single site to a non-primary site of multi site installation ? Thank you in advance" avibrazil 1 Needs Patch 44803 Add a page to a menu by its ID or slug Menus 4.9.8 normal normal Awaiting Review feature request new 2018-08-15T15:07:48Z 2019-01-30T05:38:39Z "I'm ""porting"" a college's website from Joomla to WordPress. Said website has +2000 pages, which span from ~2013 onwards. It's the biggest mess you can imagine. There are many repeated pages, repeated categories, empty categories and so on. Building the main menu for this website has been a pain in the ass, too, because the ""adding pages to a menu"" in WordPress is meant for small websites: For example, I was trying to add a page named ""Evaluación docente"". There are several pages called exactly the same, but typing ""Evaluación docente"", or ""Evaluacion docente"" (without accents), ""evaluacion docente"" or even """"Evaluación docente"""" (with the quotes, hoping them would help to do a exact match search) returned other pages that weren't the one I was looking for - nor even the other ""Evaluación docente"" pages! Seems like a very fuzzy search. Sometimes you're lucky and you get the page you're looking for, but sometimes you don't. So I think it would be wonderful if there were some sort of way to add a page to a menu by typing its id or its slug." milerm 1 Needs Patch 51964 Add bulk moving to items in the menu screen azhiyadev Menus normal normal Future Release feature request assigned 2020-12-08T07:02:07Z 2021-01-24T09:43:14Z "Hello I am blind and I use WordPress with screen reader software (JAWS and NVDA). Using WordPress menu editor is too tedious and time-consuming for a blind user, although other features are quite accessible. When I go to Appearance > Menus and I add many items to the menu, I cannot rearrange the menu items by drag&drop. I can use Move up / Move down / Move under options for moving the menu items, but this is too time-consuming. I need to press Move Up button 20 times if I want to move an item up to 20 steps higher. If I want to move 5 items up by 20 steps, I need to press ""Move up"" 100 times, over and over. If I want to create a hierarchical menu with an average of 30 menu items, I need to take about 3 hours on rearranging the items. Bulk Action Feature Request: I want to have checkboxes beside menu items, so I can select several menu items simultaneously and apply a bulk move / reposition action on all of them simultaneously. For example, I select 6 menu items at a time and I have two comboboxes: parent item, position. I select ""About Us"" as the parent item, and ""3"" as their position. This way, all 6 items go to position 3 under ""About Us"". This is much faster than pressing ""Move Up"" 120 times for reordering those 6 items. Bulk actions are available in all WordPress taxonomies (Pages, posts, plugins, themes, etc.). I wonder why bulk actions are not available for menu items. Thank you " javad2000 6 Needs Patch 43383 Allow menu items to be inserted in place Menus 4.9.4 normal normal Awaiting Review feature request new 2018-02-21T23:47:20Z 2019-02-11T22:01:04Z "When adding menu items to a menu, they default to the bottom of the menu and then need to be dragged into the desired position. This can be time consuming when adding a lot of menu items and can also result in inadvertent changes to the position of existing menu items. My proposal is that you can select a menu item or sub-item already in the menu before adding new items to the menu and when you add the new item, it inserts itself directly under the selected item." aaronpwd 3 Needs Patch 35055 Custom Meta for nav_menu_items Menus 4.4 normal normal feature request new 2015-12-13T19:42:08Z 2019-06-04T20:19:35Z "With the release of custom meta for taxonomy terms, I can't help but suggest the same for nav_menu_items. One can currently use a custom walker class as demonstrated here: [https://github.com/kucrut/wp-menu-item-custom-fields] However this is a tedious and ultimately ridiculous method, as Core should lend itself to easy customization and display of nav_menu_item meta. Not to mention this method makes it extra difficult to utilize UI components other than a standard text input when creating options for navigation menu items. I'd love to be able to utilize add_meta_box or something similar on nav_menu_items and I'm sure others in the community would benefit as well. Thoughts/Concerns/Corrections? " vincentastolfi 1 Needs Patch 53903 Duplicate Menu Bar option Menus normal normal Awaiting Review feature request new 2021-08-09T15:56:43Z 2021-09-17T16:46:14Z "Hi, I would really like to see a way to duplicate a WordPress Menu bar. There have been countless times in the past few years of working with WordPress websites where this would have come in very handy. So if possible, please add a way to duplicate a menu bar in a future WP version. Thank you. " AlGala 5 Needs Patch 34641 Inline menu item editing in backend Menus normal normal feature request new 2015-11-10T04:03:01Z 2019-06-04T20:17:39Z "Editing menu item in WordPress in backend is very pain full when we are dealing with large menu item list. We can create editing menu item process in WordPress backed more simple by adding inline editing to menu item. Can we add a switch feature to menu item, which allow us to change any menu item to any type dynamically for which we do not have to create a new item and put it into menu list manually?" ravinderk 2 Needs Patch 54097 Menu Dividers Menus 5.8.1 normal normal Awaiting Review feature request new 2021-09-09T07:58:38Z 2021-09-09T07:58:38Z On the Menus page — along with Pages, Posts, Categories, Custom Links and other available items — it would be nice to have a Divider item so that users can organize menu items in logical groups separated by a horizontal dividing line. That divider line would not be clickable. rti451 Needs Patch 60198 Menu Handling Menus 6.4.2 normal normal Awaiting Review feature request new 2024-01-05T10:54:58Z 2024-01-05T10:54:58Z "Currently it is easy to accidentally delete a menu. In the ""Design"" / ""Menus"" backend area the ""Delete menu"" link is situated very close to the Save Button, and there is no ""Are you sure?""-question in order to prevent an accident. Some menus can be very complex, and it really takes time to recreate them. The restore of the database might loose other changes, which happened in the meantime (orders, posts) and should be kept. Addtionally it would be fine if an export and import of menus (XML, JSON) is possible without plugin. It could extend the ""Tools / Export""-section." ewerkstatt Needs Patch 34235 Multi selection in menu Menus 4.3.1 normal normal feature request new 2015-10-09T18:39:44Z 2019-06-04T20:16:58Z Can we have multiple selection of pages/posts/categories/ which are added in menu? So that if we have more number of things are there we can change order easily instead of selecting one by one. vir2714 1 Needs Patch 35048 custom menu - OPTIMIZE QUERY! Menus normal normal feature request new 2015-12-13T14:00:14Z 2019-06-04T20:19:29Z " hi.. i had an idea - developers should have an ability to set a constant i.e. USE_STATIC_CUSTOM_MENU('menu_name') = true; in general, output of custom_menus on front-end, takes long (sometimes 1 second).. so, i think, that the custom-menu output should be saved as static string, and that should be outputed on FRONT_END request by visitors... and that STATIC string should be changed/ updated every time the custom-menu is edited, or when any of that custom-menu's item is modified... i think, it will save huge resources over millions of sites/hosting.. p.s. of course, somehow, ""current-menu-item"" should be added while front-end request.." selnomeria 2 Needs Patch 14215 MultiSite: Add new > different username from blog title Networks and Sites 3.0 normal normal Future Release feature request new 2010-07-06T18:09:37Z 2018-05-07T16:58:46Z "I would like to request that the current system for adding a new blog site be expanded so that as admins, we can specify a different username that's unrelated to the blog title. That is, in '''Site Admin -> Add New''', at the bottom of the page, add a new field specifically for the username. For that matter, it would be useful to also have a field to be able to specify the password, and perhaps a little checkbox that allows you to optionally prevent an email from being sent. These features are really useful when you're manually adding sites for employees, students, and the such. I had provided a fix for wpmu 2.8.4 at one point (with a better explanation and details), you can see the thread here: http://mu.wordpress.org/forums/topic/12945 An example of the final result: http://img696.imageshack.us/img696/2551/addblogwordpress.png" Person 8 Needs Patch 56458 Multisite Theme Details Networks and Sites 6.0.1 normal normal Awaiting Review feature request new 2022-08-29T17:51:16Z 2022-09-30T14:39:06Z "It would be great if there were some accounting for the use of themes across a network. I'm thinking the /wp-admin/network/sites.php listing could show the active theme of each site. Even if there was a counter so I could confirm the number of sites using a given Theme, that would work. Or similar to the Users list, which has a column of Sites the user has access to, you could add a Sites column to the Themes listing. Use Case: I have 8 themes installed, and 97 subsites. There doesn't seem to be any way to confirm which themes are active on 0 sites, confirming which I can uninstall." hopetommola 5 Needs Patch 55263 Multisite: Multidomain Single Sign On Networks and Sites normal normal Awaiting Review feature request new 2022-02-26T10:21:26Z 2022-02-26T10:21:26Z "This came up in the Slack multisite channel a few days ago. https://wordpress.slack.com/archives/C03BVB47S/p1645670322425659 It would be very helpful to have multidomain Single Sign On as an option through the Network -> Settings -> Settings. (Should probably be renamed to General so that we do not have a Settings Settings screen.) Here is a plugin: https://wordpress.org/plugins/multisite-multidomain-single-sign-on/" paaljoachim Needs Patch 57408 Show at which sites in the multisite a plugin or theme is installed Networks and Sites 6.1.1 normal normal Awaiting Review feature request new 2022-12-31T15:42:49Z 2023-12-18T12:19:13Z "Please add to each item in the lists of plugins and themes in the multisite WordPress list of sites for which this plugin or theme is installed. It is especially useful to find plugins that are not installed (installed on zero sites) for candidates for removal." porton 2 Needs Patch 52284 Add filter for notoptions after retrieval Options, Meta APIs normal normal Awaiting Review feature request new 2021-01-12T18:17:59Z 2021-01-12T18:17:59Z "Since we are able to filter alloptions after retrieving them via `alloptions` (https://github.com/WordPress/WordPress/blob/f0078d043e0f2805c2400bd5e869eb3533712eec/wp-includes/option.php#L270), it would be nice to do the same for notoptions. This would be great in the case where a developer would want to add a check to ensure that a certain value **never** ends up there. Perhaps, this could live in a function similar to `wp_load_alloptions()`, potentially `wp_load_notoptions()`?" rebasaurus Needs Patch 54212 Add hooks to get/update/add_option functions Options, Meta APIs 5.8.1 normal normal Awaiting Review feature request new 2021-10-03T04:47:44Z 2023-10-29T06:11:44Z "It would be great if there were hooks in option saving/updating functions so that it would be possible to override usage of `serialize` in favour of `json_encode` when storing option value in DB. `serialize` gives a lot of problems with site URL when moving from one domain to another. I spent about two days already trying to replace site URL after moving the website from local to prod environment. The problem is that my prod website's domain name has couple more characters than my local domain, thus when replaced, the PHP-serialized values in DB become invalid so it breaks the entire website for me. I tried many different tools already, as well as the official `wp search-replace` CLI tool, but it also breaks the website completely, I start getting a lot of SQL-related errors. Please add away to replace that ugly serialize with json!" nik7n Needs Patch 55889 Allow specifying multiple keys as an array in meta and option retrieval functions. Options, Meta APIs normal normal Awaiting Review feature request new 2022-06-01T08:00:27Z 2022-06-01T12:24:44Z "Allow specifying multiple keys as an array in meta and option retrieval functions like get_option and get_post_meta. Currently when we have to get multiple meta values from multiple keys we have to use get_post_meta without mentioning the key to retrieve everything or make multiple calls to the function for each key. It will be really helpfull and a lot more efficient if one can specify the keys in the function call as follows get_post_meta(post_id, array('key_1, 'key_2'...)) Same applies to get_option." namith.jawahar 2 Needs Patch 41769 Custom function to display all values of a custom field (meta_key) Options, Meta APIs normal normal Awaiting Review feature request new 2017-08-31T13:25:35Z 2017-09-01T16:06:45Z "If possible, add an extra function where we can list all values of a certain custom field (meta_key). All functions I've found so far is only post id related (e.g get_post_custom_values, etc). While any developer can build this themselves, I do think other wp users could benefit from it as well if it's simly part of the core. Thanks." mireillesan 1 Needs Patch 43451 Disallow objects as meta values Options, Meta APIs 4.9.2 normal normal Awaiting Review feature request new 2018-03-01T13:01:21Z 2018-03-01T14:13:31Z "OK, I know this is probably going to be closed before anyone even reads it, but I recon it's worth to at least try and spark a discussion. As probably many people know at this point meta functions do not like backslashes. For some reason (probably db related) meta and option add / update functions run all values through `stripslashes_deep`, which means they expect the input values to be slashed. Actually this ""requirement"" seems to be undocumented even though it's here since version 3.something, why, that's beyond me. So, imagine you're a noobie WordPress developer and for some reason you have a backslash in a string you want to persist (happens more often than one might think), so you go ahead and run the following code: {{{#!php $value = 'hello \world'; update_user_meta(get_current_user_id(), '_test', $value); $meta = get_user_meta(get_current_user_id(), '_test', true); var_dump($value, $meta); }}} You save `hello \world` and expect to get `hello \world` back, but surprise surprise, the backslash is gone. So you start scratching your head, dig through stackoverflow or the source and you discover `$meta_value = wp_unslash($meta_value);`. You think this isn't right, but who are you to argue with software that's here for more than 10 years already. So, now, you are a bit more ""experienced"" and know you need to run all your values through `wp_slash` **before** you pass it to the meta functions. Then one day you need to save an array, you read through the docs which doesn't seem to forbid it, so you glance at the source and see `$meta_value = maybe_serialize( $meta_value );` - YES! - you say, you can pass basically anything and WordPress will take care of the serialization, awesome! So, now you run: {{{#!php $value = [ 'hello' => 'again \world' ]; update_user_meta(get_current_user_id(), '_test', wp_slash($value)); $meta = get_user_meta(get_current_user_id(), '_test', true); var_dump($value, $meta); }}} Which results in the same input you gave it, now that you know you need to slash everything. You weren't sure `wp_slash` could actually handle arrays, but it does, so life's good! Later on you mature even more and decide you want to save whole objects now. You know about serialization, so no worries here, right? You adapt your previous code and try to run the following: {{{#!php $value = new \stdClass(); $value->hello = 'world \again'; update_user_meta(get_current_user_id(), '_test', wp_slash($value)); $meta = get_user_meta(get_current_user_id(), '_test', true); var_dump($value, $meta); }}} ...and you get `Warning: addslashes() expects parameter 1 to be string, object given in`. Turns out `wp_slash` can't handle objects :| Alright, maybe you don't need it, so you remove it aaand the slash is gone. Then you look at the code and realize now the slash is gone even from your original object! What the... So trying to store an object as a meta value is not only not gonna work properly, but it's also going to mess with your original object! So, what then? Serialize it into a string before and after? OK, you serialize the object so it's just a string now, then run it through `wp_slash` to fix the slashes issue and then give it to the meta function: {{{#!php $value = new \stdClass(); $value->hello = 'world \again'; update_user_meta(get_current_user_id(), '_test', wp_slash(serialize($value))); $meta = unserialize(get_user_meta(get_current_user_id(), '_test', true)); var_dump($value, $meta); }}} Whew, finally everything works just fine, even though you're not absolutely sure you've covered all possible cases making sure nothing can ever go wrong again. ---- So, can anyone elaborate on this a bit more? Why are slashes such a big problem when it comes to options and meta, shouldn't the value just be converted to a string and then treated as a black box all the way up to when it needs to go in the database? Why does object serialization cause so much trouble? You can't seriously expect users to be aware that their objects are going to be deepslashed to death, values of properties modified to god-knows how deep, and be okay with it. If meta functions can't handle objects, just don't allow objects, shift the responsibility to the user, but be blunt about it. Don't say, //it's okay, we're gonna take care of serialization for you//, then strip the slashes off of properties of deep objects which might not even be part of WordPress whatsoever. This is a debugging nightmare. Lastly I would like to apologize for my tone, but I've dealt with this issue for years now. There are bug reports opened 7 years ago that still haven't been resolved properly. If nothing else it's really surprising to me that we're at 4.9.4 and such a mundane activity (persisting objects in meta) can cause so much trouble. Is it just me having these issues? Does no one else serialize stuff?" tonybogdanov 1 Needs Patch 44659 Display custom fields Options, Meta APIs normal normal Awaiting Review feature request new 2018-07-27T23:10:34Z 2019-01-16T06:40:52Z "There should be an option to display custom field data without having to acquire a plugin, rely on a theme supporting it, or hack a theme; surely this can be achieved in core, programmatically. Options could/should include (in order of importance): Global Admin settings to: 1. Enable/disable the display of raw custom field data in a post 2. Option to rewrite outputted field data (add wrapper) that may include HTML 3. Specify where in a post, the field is output, depending of available hooks 4. Specify optional regex validation 5. Specify optional data regex replacement on output 6. Specify which options above, are returned via the API to other plugins 7. Specify optional CSS for any classes and IDs added in (2) above. 8. Specify whether a custom field should be a requirement/optional 9. Specify where the custom field box should appear on the post edit page 10. Option to rewrite outputted field data using PHP snippet Even implementing only items 1-3 would provide a powerful and flexible way to manage meta data, and provide WP v5 with a significant improvement over earlier versions." iantresman 4 Needs Patch 23616 General Handler for Whitelisted Options' Submissions Options, Meta APIs normal normal feature request new 2013-02-26T03:06:55Z 2019-06-04T20:43:51Z As stated over on #18285 WordPress should move away from posting to options.php. In order to do that, the Settings API needs a general purpose function that can be safely called on all Settings Pages that can handle posts to itself (generally referred to as 'take_action' in various places) and can handle what options.php currently does. WraithKenny 1 Needs Patch 46705 "Harden WP core against ""update option"" endpoint vulnerabilities" Options, Meta APIs 5.2 normal normal Awaiting Review feature request new 2019-03-28T19:46:36Z 2019-11-25T11:01:24Z "A fairly frequent problem is plugins failing to perform nonce and permission checks on endpoints servicing their admin pages. Following discovery of such a vulnerability it is usually very straightforward for an attacker to perform a large scale attack defacing or establishing persistent administrative access by modifying the options `siteurl`, `default_role`, `users_can_register`, and likely more. I propose that all updates to these selected critical options in a web context warrant validating there has been a nonce verification and the current user has the capability to manage_options. This would force an attacker to follow a more difficult exploit path, potentially preventing large scale exploitation of these issues. The goal I have in mind here is not to be bulletproof, just to defend against a seemingly common bug class." tsewlliw 1 Needs Patch 53859 Add a filter hook to modify the paginate links arguments Permalinks normal normal Awaiting Review feature request new 2021-08-02T07:35:35Z 2023-05-24T05:51:19Z "A filter hook to modify arguments in the function paginate_links() https://developer.wordpress.org/reference/functions/paginate_links/ This filter hook can be added as below: Current: {{{ $args = wp_parse_args( $args, $defaults ); }}} After: {{{ $args = apply_filters( 'paginate_links_args', wp_parse_args( $args, $defaults ) ); }}} " ibachal 1 Needs Patch 52835 Disable permalink for images Permalinks 5.7 normal normal Awaiting Review feature request new 2021-03-17T14:02:01Z 2022-11-02T09:36:25Z "Hello. It would be nice if there is a option to disable the automatic permalink for uploaded images in mediathek. I've the problem, that I upload an image named ""star"" in mediathek. After that I want to create a single page names ""star"" where the uploaded image goes to. But this is impossible, because the permalink www.demopage.com/star/ do already exist (from the image). For all projects, I've created with WordPress, I do not need a short permalink for the uploaded images. It also would be nice if there is a build in solution to save images in folders ;) Thank's alot!" mariomd 1 Needs Patch 25006 Display date pages from categories with permalinks Permalinks normal normal feature request new close 2013-08-10T00:46:10Z 2019-06-04T20:44:39Z "When permalinks are not set up we can view posts from a specific category from a specific year (date), but if the permalinks are set up we can view only date pages or category pages. This works: `site.com/?cat=1&m=201307` (works) This does not work: `site.com/category/uncategorized/2013/07` (does not work)" alexvorn2 2 Needs Patch 42702 "Most common issue inside post edit - ""Links Live search""." Permalinks 4.9 normal normal Awaiting Review feature request new 2017-11-26T09:59:46Z 2017-11-26T09:59:46Z "'''Most common issue in WP Back End Search''': My original parmalink is not matching with Search URL and for that way i have trouble in interlinking of blog articles to 1 post to another one because of wrong category URL. I have set Primary category (Messaging). But in Search you will see wrong category (Linux). For more details please view below 2 attach files carefully… https://drive.google.com/file/d/1XoDVa_zMygIWs8bFfgaSag4-iou7BCl3/view?usp=sharing https://drive.google.com/file/d/1u5ZlOXAA_5q30qo-HLnO8Qtz75tJkj3Q/view?usp=sharing For more details: This above issue is in 2-fold i will try to explane you below… Our website permalinks are configured like so: /%category%/%postname%/ The first issue is that although a '''primary category is set for all of my posts''', when using the WordPress Link button, WordPress does not always insert the link using the primary category in the URL. I read that other people were having a similar issue where the categories where being inserted in alphabetical order. This does not seem to be the case for me as for the most part the permalink is working correctly, but not accross every post. The second issue is that the post is not redirecting to the url which contains the primary category eg. example.com/secondary/test-post is not being redirected to the correct permalink as shown below example.com/primary/test-post Instead, the post is visable on both URL’s. And for that way we have trouble in interlinking of blog articles to one post to another one because of wrong category URL But if any fix in functions.php can help to resolved above issue and for that we need your help. Your help would be appreciated. Thank you." Softfully Needs Patch 60507 Add a view for plugins with missing dependencies Plugins normal normal Awaiting Review feature request new 2024-02-12T14:39:07Z 2024-02-13T23:34:47Z "Instead of directing the user to review their plugins or look for plugins that cannot be activated, it would be really useful to have a filter (similar to Active, Update Available, etc.) that can be linked to. Maybe ""Missing Requirements"" or ""Unmet Requirements"". I don't love either of those names, but I prefer those over ""Missing Dependencies"" or ""Unmet Dependencies""." desrosj 8 Needs Patch 15971 Add ability to rate and report compatibility of plugins from wp-admin Plugins 3.1 normal normal Future Release feature request new 2010-12-24T08:25:27Z 2019-04-08T19:34:03Z "For the millions of downloads some plugins get there are way to few ratings on them. I think the ability to rate and report the compatibility of plugs from the backend dashboard page would dramatically increase participation in rating. This could be accomplished most easily placing a link to the ""details"" of a plug-in (like the one that appears while searching for a plug-in) after it is installed on plugins.php. This could be accomplished even more effectively by showing direct link next to each listing on the plugins.php page link stars/compatibility and link text reading ""rate now or ""report compatibility now""... For reference I point you to the excellent new to FireFox 4 (beta) add-on compatibility reporting features. " jb510 14 Needs Patch 48486 Add compliance tab to plugin repository pages on WordPress.org Plugins 5.3 normal normal Awaiting Review feature request new 2019-11-03T18:46:36Z 2022-01-14T16:01:25Z "== Overview ""Compliance tab"" is a working title that can be amended to be less intimidating and/or more generalized. The benefit of this tab is to provide WordPress site owners who are researching plugins with privacy, accessibility, and other information to determine if this plugin will meet their site needs prior to installation and activation. Ideally, this information can also be used in search and filter scenarios on WordPress.org to find tools compatible with the needs of site owners. == Privacy A privacy statement could include testing done against specific regulatory standards, and a statement of where data is transferred and stored at rest. It should also include any statements that need to be added to a site owner's privacy policy as part of using this plugin. This could potentially leverage the privacy policy post box information currently available under ''Settings > Privacy'', added in WordPress 4.9.6. == Accessibility An accessibility statement could include the WCAG level that the plugin targets (A, AA, etc) and where to file any issues found. == Security A security statement should include code standards followed, measures taken, and who to contact if you find a vulnerability. == Certifications Any certifications that this plugin has undergone for compliance." katwhite 39 Needs Patch 44073 Add functionality to search plugin with double quoted keyword Plugins normal normal Awaiting Review feature request new 2018-05-14T14:22:42Z 2018-05-23T14:24:28Z "Is this possible to add a feature where plugins could be searched on `Add New Plugin` page either with: - More than one keyword wrapped inside double quotes. Example: ""my plugin"" OR - Add a filter like **Match Whole Phrase** (in existing filter dropdown) In either case, it would be much easier to locate the desired plugin as the result will become more filtered and less items would appear on screen. This can avoid scrolling through ""relevant results""." subrataemfluence 3 Needs Patch 57064 "Add individual ""Support"" links to the plugin list page / theme page" Plugins normal normal Awaiting Review feature request new 2022-11-10T15:23:38Z 2022-11-10T22:27:58Z "Finding context-relevant support can be challenging for new users and many of them are not aware of the fact that each plugin has its own support forum. One simple way to bridge this gap could be to include a ""Support"" link underneath the plugin description. This link would take to that plugin's forum." mrfoxtalbot 5 Needs Patch 51731 Add the reason for deactivation to the 'deactivate_plugin' hook. Plugins normal normal Awaiting Review feature request new 2020-11-09T14:28:12Z 2020-11-09T14:38:20Z To be able to check if a plugins was disabled by a user action or because of the 'validate_active_plugins' check that is done on when visiting the plugins.php page would be great from a management perspective. Many WordPress installations have some required plugins which are not necessary for the site to work but do need to be active for one reason or another. This enables the option to notify the admin when a plugin gets disabled by accident because of a failed updated or any other reason. merlijnvanlent 1 Needs Patch 40460 Add-On Grouping for Plugin List Screen Plugins normal normal Awaiting Review feature request new 2017-04-15T16:25:17Z 2017-04-15T16:25:17Z "I'd like to see if anyone has thoughts on (or has previously discussed) reworking the plugins API & plugins list screen to group ""child"" or ""add-on"" plugins under their required parent plugin. There are obviously some API implications that go along with this. It seems pretty common now for a well-rounded base plugin, premium or free, to develop a handful of add-ons that require the base functionality of the main plugin and provide no meaningful value on their own. These ""child"" plugins can be from the same developer as the parent, or from a 3rd party community that wants to extend the usefulness of the parent plugin. Because WordPress plugins have no concept of relationships between one another, several less-than-ideal scenarios can occur. Firstly, an add-on plugin can be activated while the parent plugin is not active or even present. Without it being expressed in the title or description, there's nothing to necessarily tell a user that another plugin is required for the one they're installing to function. In the best case scenario, the add-on plugin developer has put safe guards to check for the parent plugin into their code, and will write a message out to the user upon activation to tell them why there's an issue. In the worst case scenario, the developer simply assumed that they parent plugin would exist, did no checks for the availability of the base code, and WordPress encounters a fatal error. Now dependency management is a broad and weighty topic and I do not believe that a full-blown dependency system is what I am proposing here. We do already have a pattern for how to express a basic requirement in the existing parent + child theming system. A child theme expresses that it requires the parent theme with the template attribute and appropriate handling takes place upon it's activation. I think plugins could potentially take the same form. [[Image(https://raw.githubusercontent.com/brentjett/WP-Core-Add-On-Plugins-Proposal/master/plugin-declaration-with-template.png)]] A plugin declares that it requires it's base plugin to function with a ""Template"" (or Parent, Required, etc...), and the system handles including it at the proper time, or not at all depending on the base plugin's existence. The UI benefits from this by grouping these add-on plugins with their associated parent plugin so there is a visual understanding of that relationship. This serves to organize the plugin list in a friendlier way, regardless of what a plugin my be named. [[Image(https://raw.githubusercontent.com/brentjett/WP-Core-Add-On-Plugins-Proposal/master/plugin-screen-addon-groups.jpg)]] There's plenty of complexity to work out both in the UI and API design for this to be a nice addition to the platform. The plugin list should end up more clear and easy to read, not more cluttered and disjointed in the end. I'd love to hear thoughts! Thanks for taking the time." brentjett@… Needs Patch 41627 Additional parameter for multisite activation Plugins 4.8.1 normal normal Awaiting Review feature request new 2017-08-13T13:42:15Z 2017-08-13T18:00:53Z "It could be good, if there was something additional parameter, which made 'register_activation_hook' function to be executed per individual sub-sites, while activating it from Network dashboard. that is good, because i.e. in activation hook, we want sometimes to create tables, add options ( and etc) per each sub-site." tazotodua Needs Patch 49626 Allow plugin developers to opt-out their plugin from auto updates Plugins normal normal Awaiting Review feature request new 2020-03-12T01:36:43Z 2020-07-06T12:56:31Z "I would like to request a filter for plugin developers to be able to opt their plugin out from the automatic updates completely. For example in {{{wp_autoupdates_add_plugins_autoupdates_column_content}}} we could add something like {{{#!php if this is high, it must be a quite good plugin, otherwise not so many websites would use it - in plugin repository since -> plugin can be fairly new and therefore not yet have a high number of active installs - last updated -> to filter out plugins that are not regularly updated - rating I also would like to see that 'last updated' would be added to the info for a single plugin search result (where now only the number of active installs, developer and 'tested with' is displayed), so you can see right away if a plugin is well maintained or not. I would also suggest that plugins which have not been updated or maintained at all for over a year will be marked; for example with a traffic light: orange for 'updated more than a year ago', red for 'updated more than two years ago' (and off course green for 'updated less than a year ago'). I think the least plugin writers can do is test their plugin for compatibility with each new WP version and update this information if the plugin still works fine. Maybe make this mandatory if you want your plugin to be included in the plugin reporitory? I hope this will also encourage all plugin writers to maintain their plugins better. My goal is to separate the plugins of good quality and high developer dedication from the plugins that are less well maintained. And make this visible to users. I'm looking forward to a response from the core developers community. Thanks!" prodefu 1 Needs Patch 38743 Introduce add_action_once() Plugins normal normal Awaiting Review feature request new 2016-11-10T10:26:25Z 2018-03-23T20:04:13Z "Hi there. I was wondering if noone ever needed to add a callback to some action or filter hook only if it hasn't been added (potentially by someone else) before. Possible use cases are: * only add `my_callback` if it hasn't been added before, no matter with what priority; * only add `my_callback` if it hasn't been added before with a specific priority. Naming-wise, I'd suggest `add_action_once()` and `add_filter_once()`, respetively, although one could be more verbose (e.g., `add_action_if_not_exists()` etc.). Here is a possible implementation of this: {{{#!php The Plugin Block Directory is a new feature coming in WordPress 5.5 that allows specially-written Block Plugins to be instantly and seamlessly installed in the editor, without ever leaving the page. -- https://make.wordpress.org/plugins/2020/07/11/you-can-now-add-your-own-plugins-to-the-block-directory/ WordPress 5.5 will make it easier for folks to install block plugins, as they edit their posts and pages. As a result, and as the block directory becomes more and more popular, I assume the average number of plugins installed on a WordPress site will increase. On the Plugins screen UI we know, we'll see a mix of ""regular"" plugins as well as block plugins. I wonder if we should consider making some changes to the Plugins Screen UI to clearly separate the 2 plugin types. - This would help site owners quickly skim through their plugin list. - It would help them understand how a specific plugin was added to the site. - It may help them manage their plugin autoupdates (one could imagine a scenario where you'd want block plugins, including little PHP, to be automatically updated while ""regular"" plugins would require a manual update)." jeherve 1 Needs Patch 40651 Plugins: Make it easier to find plugin settings after install Plugins normal normal Awaiting Review feature request new 2017-05-03T18:24:19Z 2017-05-04T14:01:14Z "After installing new plugins, I invariably end up spending time hunting down wherever I need to configure or use it. Some plugins add a ""Settings"" link to their plugin card (very useful!) but this isn't always the case. It would be great to find a way to direct people to the settings screens upon activation. " melchoyce 2 Needs Patch 48190 Show information from Plugins Directory into WP-Admin plugins page Plugins normal normal Awaiting Review feature request new 2019-10-01T08:33:45Z 2019-10-04T08:51:39Z "Hello everyone, This is my first ticket/suggestion here. First of all, hope this is not a duplicate request. Recently one of the websites my company has been maintained got hacked: https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/ Issue was on the Rich Review plugin. The root cause of the problem was that we had installed on that website (was a theme requirement) the Rich Review plugins. We kept up to date all the plugins, WP core itself and themes on that websites and still the website got hacked. The general guideline to keep your WordPress website safe is update everything. In this case though it failed. It failed because we did not know that the Rich Review plugin was abandoned. On plugin directory it clearly tells that the plugin has been closed for security reasons: https://wordpress.org/plugins/rich-reviews/ So my question, request is, can it be made that we show this kind of information right away on the plugins list? To improve it even further, show a WordPress notice on wp-admin when an administrater logins and he can directly see that plugin X has been abandoned or has been closed. Thank you, Arber." arberbr 3 Needs Patch 42981 Sorting plugins and themes Plugins 4.9.1 normal normal Awaiting Review feature request new 2017-12-26T09:09:56Z 2019-04-02T18:51:39Z "PLEASE - Sort themes and plugins into : Premium Fremium / Cripple ware Free and fully functional Not as described in the image (Pretty picture, preview looks nothing like it = Hours of work to make it look like the demo. I'd write a theme if I wanted the work) Anything not updated in the last 12 months - ""Abandoned"" pile, not visible Anything with ratings - Sort by rating - Under 3 - not visible Not tested on latest WP version - not visible Not tested on PhP 7 - not visible Speed test rating - Google wants a 2 second load time for mobile. Let's have an apples for apples rating. 5 pages, 10 images, 1000 words and (say) Yoast, Wordfence, WooCommerce and 4 other common plugins. I am sick to death of wasting hours on sifting this garbage - Make these 'Filters' and help everybody. You tell us to update things for security reasons and some of us professionals do that. Client sees a pretty picture then it turns into a nightmare for the above reasons and who has to fix it for free or spend hours looking for a replacement? The login Username should not be the default Editor name. You've handed a hacker half the login. Security - Set permissions to prevent malware spreading - in 2017, one client had malware uploaded to his site and it spread to all other sites and within site folders. WordPress should be containerised by default and SQL / Updates / changes should require 2 factor authentication to update anything (Just a 'secret password') Yes, I know, experts can fix this. In reality, most people do not have the skills. I buy a tool and assume the manufacturer has designed it for Joe Public to use with inbuilt basic safety. Last suggestion - A fork of WP for eCom with included carts, security etc. Google wants fast loading and WP struggles, so fork it to optimised versions : Blogs eCom Membership Versatile - Current version (as is) and the revolutionary version - Offline. This is where the site is built offline and uploaded as a stripped down html5 flat file database version that is a speed demon static site. Lauyan.com looks promising. Regards" grumblenz 1 Needs Patch 41646 activate.php and deactivate.php for Plugins Plugins 4.8.1 normal normal Awaiting Review feature request new 2017-08-15T15:01:12Z 2017-08-15T18:21:58Z "There's currently a file for `uninstall.php` to simplify things. Alternatively, there's also a hook available. There's hooks for plugin activation and deactivation. However, I think those hooks can be a bit tricky for newbie plugin developers. I think by implementing a file for `activate.php` and `deactivate.php` could simply plugin development. I'm totally fine using hooks for my own sake, but I just thought it could help simplify plugin development slightly. It might also make things easier on the code review team?" michael.ecklund 1 Needs Patch 44542 Images: Option to control when to create different image dimensions Post Thumbnails 4.9.7 normal major Awaiting Review feature request new 2018-07-08T16:17:33Z 2021-09-29T08:10:33Z "Hello, I believe that wp miss the ability to control when to create different image dimensions. Because i have see that wasting space from the disk of the server without reason. Example: When we create a gallery with the native wp gallery create dozens of different image dimensions and in fact use only the thumbnail because shows the full size with the lightbox. Its great if you add the ability to disable to create different image dimensions in any case that we want." B_Dark 1 Needs Patch 49708 Add a new function get_page_by_guid Posts, Post Types normal normal Awaiting Review feature request new 2020-03-27T09:20:31Z 2024-01-26T07:45:56Z "We have two different functions to get a post base from another field rather than ID `get_page_by_path` and `get_page_by_title`. When working with RESTful API working with unique identifier could be more handy than auto incremental or a path that could change. I propose to build a function named `get_page_by_guid` and help developers to search a Post more accurate with guid." killua99 1 Needs Patch 55733 Add option to sort Pages by Slug Posts, Post Types 5.9.3 normal normal Awaiting Review feature request new close 2022-05-14T14:49:12Z 2022-05-15T16:05:45Z "Please add an option to sort list of Pages by Slug (that is, make the Slug column sortable). Right now, for some reason, WordPress only offers to sort by Title - which is of useless as Title is just a SEO-formatted blurb that's irrelevant for a meaningful sort order. (Yes, I'm aware of a free plug-in - that appeared just 3 months ago - that allows to sort by slug. Still, this essential feature must be in core WordPress functionality)." zevrix 3 Needs Patch 60189 Add post duplication quick action Posts, Post Types trunk normal normal Awaiting Review feature request new 2024-01-03T21:59:24Z 2024-01-03T21:59:24Z "It seems like a useful feature (and one recent complaint from a client) to quickly duplicate a post so users can, for example, protect an existing version and work on a new draft. It's possible to do it right now if they copy all the blocks and paste them on a new page, but it'd be quicker and easier to click somewhere instead. I propose to add a new post quick action, as well as an action inside the post editor." zaguiini Needs Patch 28006 Add visual cues when viewing drafts on the frontend Posts, Post Types normal normal Awaiting Review feature request assigned 2014-04-24T08:07:28Z 2019-04-22T16:46:38Z "This is a relatively minor issue, but I've often had the problem where I think a post is published because I can view it on the frontend and there is nothing on the page that indicates that I am viewing a draft. If this happens to me from time to time then I'm sure it happens to other users too. I propose adding a few unobtrusive visual cues to the single post page that indicates that you are viewing a draft. I have attached my changes here - they include: * Adding ""(Draft)"" to the end the 'edit post' text in the admin bar * Adding ""(Draft)"" to the end of the default link generated by {{{ edit_post_link() }}} * Adding a new body class to single post pages: {{{ single-status-{status} }}} These changes are minor enough to not break the existing display, yet significant enough to clearly show that you are currently viewing a draft. The addition of the post status to the body class will also help with customising the page according to the current status." hlashbrooke 16 Needs Patch 55287 Allow for DISTINCT in WP_Query method Posts, Post Types 6.0 normal normal Awaiting Review feature request new 2022-03-01T15:55:09Z 2022-03-01T15:55:09Z "Dear wordpress developers, Currently I'm working with a plugin to create designs. This plugin has an element called a repeater element that basically makes use of the core WP_Query method in order to fetch custom post types or normal post types. However, since I'm using this page builder or theme builder, I am in no way capable of using DISTINCT within the filter https://developer.wordpress.org/reference/hooks/posts_distinct/ Because this requires me to send the WP_Query instance, which is basically only used within the repeater element and can not be set to a variable in this particular case. This means I'll have to rebuild everything through code, instead of being able to use my page or theme builder. Now I get the idea of saying this is a bug with the page or theme builder plugin. But in fact, what I want to know is why are we using a filter to create a DISTINCT query inside of WP_Query? Isn't it possible to implement this inside of the WP_Query arguments instead? I basically want to say: fetch posts with unique titles. This seems much more logical as the SQL query is build from WP_Query... I've already looked through the entire codex, and couldn't find any possible parameter that could be used for this... My question to you is: Can this please be added to wordpress core? I find it highly frustrating that WP_Query doesn't have this sort of capabilities out of the box." simbaclaws Needs Patch 58838 Author filter on a posts list page Posts, Post Types normal normal Awaiting Review feature request new 2023-07-18T10:57:32Z 2023-07-18T10:57:32Z "**Current Behaviour** Under the user list, it shows only the published count but when visiting the list page from the user list then it shows all the published and drafts in the list and the count shows different. **Expected Behaviour** If the draft, pending, or any other types are available then it should have a proper count based on the selected author. **Suggestion** The Author filter allows administrators to filter and view posts created by specific authors quickly. This feature is handy when managing large amounts of content or coordinating with multiple authors, making it easier to locate and work with particular posts. Redirecting from the user list page the default author should have to be preselected in the author filter." mikinc860 Needs Patch 59374 "Bulk Edit does not let me remove ""Uncategorized"" for categorized posts" Posts, Post Types 6.3.1 normal normal Awaiting Review feature request new 2023-09-17T11:23:39Z 2023-09-17T11:23:39Z "Bulk Edit Posts does not let you remove category ""Uncategorized"" even when the posts do all have an additional Category." cmdgw Needs Patch 32824 Consistent search fields between posts and terms Posts, Post Types normal normal Awaiting Review feature request new 2015-06-29T13:42:54Z 2017-07-23T02:17:53Z Searching for posts [https://core.trac.wordpress.org/browser/tags/4.2.2/src/wp-includes/query.php#L2091 currently checks] the `post_title` and `post_content` fields, while [https://core.trac.wordpress.org/browser/tags/4.2.2/src/wp-includes/taxonomy.php#L1899 searching terms] checks the `name` and `slug` fields. Could `post_name` be added to the where clause for posts, and `description` be added to terms? That way, searching would consistently check an entity's title, slug, and content. ashworthcreative 2 Needs Patch 43348 Filter by 'Authors' option in wp-admin/edit.php?post_type=page Posts, Post Types normal normal Awaiting Review feature request new 2018-02-18T21:21:44Z 2018-02-20T15:03:56Z "Hey! Currently, I am able to filter by posts created by myself, It would be handy to have the option to filter by other authors contributing to the site, to keep track of who has posted what. Possibly an author drop down could be added which lists all Authors and a filter button to show their posts, similar to how the page is currently styled." lkhwt96 2 Needs Patch 41953 Improved Meta Box Save Hook Posts, Post Types 4.8.2 normal normal Awaiting Review feature request new 2017-09-22T07:55:37Z 2017-09-22T10:39:51Z "Hi, This is suggestion how to reduce some conditionals for saving meta boxes with function for example. Below is code of meta box save function with all conditions for security and inside that function we always write some core condition for security that can be separated in one or more core functions to do that for us, so we can just call that function. {{{ if ( ! function_exists( 'save_admin_meta_boxes' ) ) { /** * Saves admin meta box to postmeta table * * @param $post_id int - id of post that meta box is being saved * @param $post WP_Post - current post object */ function save_admin_meta_boxes( $post_id, $post ) { // If we're doing an auto save, bail if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) { return; } // If default wp nonce isn't there, bail if ( ! isset( $_POST['_wpnonce'] ) ) { return; } // If current user can't edit this post, bail if ( ! current_user_can( 'edit_post', $post_id ) ) { return; } // If current post type are not in list, bail $post_types = apply_filters( 'wp_allowed_post_types_for_meta_boxes', array( 'post', 'page' ) ); if ( ! in_array( $post->post_type, $post_types ) ) { return; } // If our nonce isn't there, or we can't verify it, bail $meta_boxes = apply_filters( 'add_meta_boxes_filter', array() ); $nonce_array = array(); if ( is_array( $meta_boxes ) && ! empty( $meta_boxes ) ) { foreach ( $meta_boxes as $meta_box ) { $nonce_array[] = 'extensive_vc_meta_box_' . esc_attr( $meta_box ) . '_save'; } } if ( is_array( $nonce_array ) && count( $nonce_array ) ) { foreach ( $nonce_array as $nonce ) { if ( ! isset( $_POST[ $nonce ] ) || ! wp_verify_nonce( $_POST[ $nonce ], $nonce ) ) { return; } } } // Make sure your data is set before trying to save it global $meta_boxes_options; foreach ( $meta_boxes_options as $key => $value ) { $field_key = $_POST[ $key ]; if ( isset( $field_key ) && trim( $field_key !== '' ) ) { update_post_meta( $post_id, $key, esc_html( $field_key ) ); } else { delete_post_meta( $post_id, $key ); } } } add_action( 'save_post', 'save_admin_meta_boxes', 10, 2 ); } }}} Example function with that conditionals {{{ if ( ! function_exists( 'wp_meta_boxes_security_check' ) ) { /** * Check is meta box secure and valid for saving * * @param $post_id int - id of post that meta box is being saved * @param $post WP_Post - current post object * * @return boolean */ function wp_meta_boxes_security_check( $post_id, $post ) { $return_value = true; // If we're doing an auto save, bail if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) { $return_value = false; } // If default wp nonce isn't there, bail if ( ! isset( $_POST['_wpnonce'] ) ) { $return_value = false; } // If current user can't edit this post, bail if ( ! current_user_can( 'edit_post', $post_id ) ) { $return_value = false; } // If current post type are not in list, bail $post_types = apply_filters( 'wp_allowed_post_types_for_meta_boxes', array( 'post', 'page' ) ); if ( ! in_array( $post->post_type, $post_types ) ) { $return_value = false; } return $return_value; } } }}} and then finally code for saving meta boxes will be {{{ if ( ! function_exists( 'save_admin_meta_boxes' ) ) { /** * Saves admin meta box to postmeta table * * @param $post_id int - id of post that meta box is being saved * @param $post WP_Post - current post object */ function save_admin_meta_boxes( $post_id, $post ) { // If meta box doesn't paste check, bail if ( ! wp_meta_boxes_security_check( $post_id, $post ) ) { return; } // If our nonce isn't there, or we can't verify it, bail $meta_boxes = apply_filters( 'add_meta_boxes_filter', array() ); $nonce_array = array(); if ( is_array( $meta_boxes ) && ! empty( $meta_boxes ) ) { foreach ( $meta_boxes as $meta_box ) { $nonce_array[] = 'extensive_vc_meta_box_' . esc_attr( $meta_box ) . '_save'; } } if ( is_array( $nonce_array ) && count( $nonce_array ) ) { foreach ( $nonce_array as $nonce ) { if ( ! isset( $_POST[ $nonce ] ) || ! wp_verify_nonce( $_POST[ $nonce ], $nonce ) ) { return; } } } // Make sure your data is set before trying to save it global $meta_boxes_options; foreach ( $meta_boxes_options as $key => $value ) { $field_key = $_POST[ $key ]; if ( isset( $field_key ) && trim( $field_key !== '' ) ) { update_post_meta( $post_id, $key, esc_html( $field_key ) ); } else { delete_post_meta( $post_id, $key ); } } } add_action( 'save_post', 'save_admin_meta_boxes', 10, 2 ); } }}} Also I added some filter for allowed post types inside that function {{{ $post_types = apply_filters( 'wp_allowed_post_types_for_meta_boxes', array( 'post', 'page' ) ); }}} which allows authors to easily add their own custom post type with meta boxes for saving. Best regards, Nenad" Nenad Obradovic 1 Needs Patch 43347 Introduction of 'has_single' register_post_type parameter Posts, Post Types normal normal Awaiting Review feature request new 2018-02-18T18:28:45Z 2022-07-19T09:48:55Z "I have done some research but have not been able to find anything exactly on this issue. I frequently encounter use cases where I need to create a CPT with the following characteristics: 1) disable the slug display/editor from the admin post edit page (this is for usability. It is not used and having it available/displayed can confuse website editors) 2) maintain the archive page is viewable on the front end 3) disable the single page for the CPT on the front end I have found some partial solutions like this https://wordpress.stackexchange.com/questions/128636/how-to-disable-the-single-view-for-a-custom-post-type but setting `'publicly_queryable' => false` would disable the archive view. The `register_post_type` function includes the `has_archive` parameter. Is it possible to introduce a `has_single` parameter which will achieve the desired functionality stated above? I feel this can be beneficial in many cases, to the extent it is worthwhile introducing as a core feature. " stevepuddick 2 Needs Patch 40255 Parameter to Enable/Disable Trash on register_post_type(); Posts, Post Types 4.7.3 normal normal Awaiting Review feature request new 2017-03-24T21:39:36Z 2017-03-24T21:39:36Z "It would be nice to have the ability to toggle on/off the ""trash"" feature on specific Post Types. I figured, for extreme simplicity; A parameter could be specified during Post Type registration. Or perhaps factored into the ""supports"" parameter (similarly to revisions) Thoughts?" michael.ecklund Needs Patch 14375 Post pagination should have a show all option Posts, Post Types 3.0 normal normal Future Release feature request reopened 2010-07-21T07:03:29Z 2017-06-12T05:22:35Z When people use the nextpage html comment tag to paginate posts we should also have a show all link displayed to make it easier for people to read the whole content without pagination. westi 4 Needs Patch 58447 Posts with ‘Stick to the top of the blog’ should also stick to the top of the categories it belongs to Posts, Post Types 6.2.2 normal normal Awaiting Review feature request new 2023-06-02T18:38:43Z 2023-11-20T17:35:19Z "According to the WordPress documentation ‘Stick to the top of the blog’ seems to be designed to only stick to the top of the front page. I don't think that makes sense. It should also stick to the top of the categories it belongs to! At least the main category. " hero2 1 Needs Patch 55087 Published environment and published versions for posts/pages to be able to work on the same post/page without affecting the production version until the changes are ready to become the next version of the production post/page. Posts, Post Types normal normal Awaiting Review feature request new 2022-02-05T08:28:57Z 2023-10-30T23:38:16Z "Imagine you have several environments - dev, stage and production and you are working on several pages at once. Some of them are ready to be shown to the client and you are deploying code and database to the stage from dev, but some of them are not ready and the client will be unhappy to see unfinished work on the stage, so, you are hiding them for a while and you are starting to reverse changes you did filing that you messed up somewhere. And then the client is telling you that some of the pages need to be published straight away but others need additional work and to publish a part of the work you've done you are messing further with revisions hoping not to get confused by all this published, unpublished and reversed changes. This leads you to more work and more stress. As a result, you will publish something that isn't ready and lose something that was ready and start to think that you need to change processes to avoid this mess in future. The solution is to publish a certain version for a certain environment assuming that if the version is published for the production it is also published for stage and dev if there is no later version published for a particular env. " oglekler 1 Needs Patch 14513 Time for a wp_post_relationships table? Posts, Post Types 3.0.1 normal normal feature request reopened 2010-08-03T00:10:30Z 2023-05-30T15:04:16Z "Now that we have custom post types the obvious next step for people using them is to start relating post types using parent-child and/or many-to-many relationships. I've implemented a taxonomy-mirrored-posts plugin but am starting to discover [http://lists.automattic.com/pipermail/wp-hackers/2010-July/033510.html many of the problems that @prettyboymp has pointed out on wp-hackers] and think it might be time we consider adding a new table to allow us to relate post and to allow us to build functionality around this table such as related post pickers, etc. I'd like to offer a [http://en.wikipedia.org/wiki/Straw_man_proposal straw man proposal] to start discussions of a potential `wp_post_relationships` table added to WordPress 3.1 with three fields: `parent_id`, `post_id` and `term_taxonomy_id.` This allows us to relate any two post records and optionally associate at taxonomy+term to classify the relationship (here's the SQL to create the table): {{{ CREATE TABLE `wp_post_relationships` ( `parent_id` bigint(20) unsigned NOT NULL, `post_id` bigint(20) unsigned NOT NULL, `term_taxonomy_id` bigint(20) unsigned NOT NULL DEFAULT '0', PRIMARY KEY (`parent_id`,`post_id`,`term_taxonomy_id`), KEY `term_taxonomy_id` (`term_taxonomy_id`), KEY `post_id` (`post_id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; }}} Looking forward to your feedback." mikeschinkel 89 Needs Patch 43083 "adding ""Unlisted"" type for post visibility" Posts, Post Types normal normal Awaiting Review feature request new 2018-01-13T16:29:17Z 2018-03-02T01:27:19Z "I think there is a good reason that WP natively supported ""unlisted"" posts, in addition to PUBLIC, DRAFT and PRIVATE. Why not WP add that feature? btw, Private is not same as ""unlisted"". " tazotodua 4 Needs Patch 52903 Consent Management within WordPress Core Privacy normal normal Awaiting Review feature request new 2021-03-24T15:31:29Z 2022-10-14T19:56:55Z "**Website visitor / user Privacy choices:** a. Users who are not registered on a site, or who choose not to log in when prompted, can set their consent preferences via a simple banner (Gutenberg block) on the front end, which will set a (functional) cookie value for consent. It should be possible for plugins to filter the banner contents and to change the appearance. b. Registered users can set their consent preferences via an interface in wp-admin, after logging in. The interface should extend the ""Edit Profile"" page. Once a registered user logs out, the consent cookie value should be updated to reflect their preferences as per the database (sync). **(Sane) Defaults:** Five default consent categories have been proposed: Functional; Preferences; Anonymous Analytics; Analytics and Marketing. Website owners / admins should be able to set site-wide defaults by setting a site option value, or by using a plugin to do so. [An alternative would be to allow them to do so via filter.] It should be possible for site owners / admins to add additional consent categories, or to add nested sub-categories, or to allow a plugin to do so. As privacy legislation varies across the globe, I believe that WordPress should default to TRUE for each category, if not overridden, to maintain backwards compatibility and avoid unexpected behaviour. **Proposed Consent Management hierarchy:** 1. If the user is logged in and has set consent preferences, obtain their preferences via an extension of the REST API. Using the REST API will allow us to cater for cookies that are set in JavaScript, rather than in PHP. The basic logic: {{{#!php TRUE, ""preferences"" => TRUE, ""anon_stats"" => TRUE, ""stats"" => TRUE, ""marketing"" => TRUE); return $consent; }}} **How to integrate all of this into the Developer community:** This would require a number of approaches and mechanisms, including: New functions: Creating a wp_setcookie(); function in PHP and a corresponding function in JavaScript that checks for consent before placing a cookie; Use of wp_setcookie(); can then be required for new plugin submissions to the WordPress.org repository. Updating existing functions: Updating other functions like wp_mail(); and the HTTP and REST APIs to check for the appropriate consent. In the case of wp_mail(); for example, this can be done by adding a new parameter variable for $consent_purpose. We can add a _doing_it_wrong(); if this variable is not present. In the case of the REST API, consent could possibly be integrated into a permission callback, but that is something we'd need Timothy's (and others) input on. Education drive: Voluntary compliance is preferred. By providing documentation, resources and discussing with as many stakeholders as we can (primarily on Slack), we can encourage adoption through education. **Related tickets:** I will be closing #51188 in favour of this ticket to make it easier for new contributors to get involved. Please do feel welcome to read the closed ticket if you need / want background. #51110 deals with the design of a wp-admin interface. There is not a ticket for the design of a Gutenberg block (as a front end ""interface"") yet." carike 10 Needs Patch 51144 Create a UI for the Disclosures Tab (site-level privacy) Privacy normal normal Future Release feature request new 2020-08-26T13:52:23Z 2020-11-26T18:09:52Z "**Background:** The Disclosures Tab is an initiative that is underway in the Core Privacy Team. The aim is to help site owners / admins better understand what information their site (plugins, themes and Core) collects, where the information is stored and where it is sent - and in particular, who it is shared with. We hope to help site owners / admins make more informed privacy choices (e.g. when choosing which plugin to install) and to better understand their risk profile when it comes to privacy. For the most part, the actual ""controlling"" is planned for a sibling plugin, the Permissions Tab, which is not currently intended to be merged into Core, as this will contain more advanced settings. You can read more about the various privacy initiatives here: https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-meeting-19-august-2020/ **The Challenge:** The reach and impact of privacy initiatives are severely limited when there is no UI for it in /wp-admin/. **The Solution:** This ticket represents one milestone for the Disclosures Tab initiative. #51092 proposes a .json schema for various Core components (e.g. avatars), for plugins and for themes. The UI needs to present this information in a digestible format. It seems preferable to aggregate the information to provide a holistic understanding to the site owner / admin and then allow them to drill-down to a more granular level (e.g. a single plugin). The description fields in the schema can be used to explain the significance of each item to the site owner / admin. Create a sub-menu under Settings called ""Privacy"" (H1). Create a header called ""Disclosures"" on the page (H2). The section below this should be filterable. This section will eventually contain quite a bit of information, so it may be desirable to split it into tabs to improve the readability of the text. Suggested tabs: Overview, Core, Plugins, Themes, Blocks. This ticket was created in response to a request from Paaljoachim." carike 5 Needs Patch 51188 Website user level consent management framework (logged in users) carike* Privacy normal normal Future Release feature request accepted 2020-08-29T19:39:38Z 2022-11-17T20:56:57Z "**Background:** The Consent API is an initiative that is currently underway in the Privacy team. The code is available in the plugin repository here: https://wordpress.org/plugins/wp-consent-api/ The Feature Plugin proposal is here: https://make.wordpress.org/core/2020/04/01/feature-plugin-proposal-wp-consent-api/ While there has been a strong consensus for a long time that a consent management framework is necessary in Core, the Team is still building consensus on what the implementation should look like. One of the disagreements with the proposed feature plugin implementation, is that consent choices made by website users are not going to be reliably available if they are saved in a cookie, because the cookie may expire, or more likely, be cleared. While this is an inherent limitation for users who are not logged in, it is not necessary to subject registered users who are logged in to notice fatigue. More information here: https://make.wordpress.org/core/2020/08/22/request-for-input-consent-preferences-for-logged-in-users-consent-api/ In short, it is possible to save the registered users' consent choices in the database. **The Challenge:** Cookies are inherently transient in nature. In order to make consent choices persistent, user consent choices need to be saved in the database. This is only possible for users who are registered and logged in. **The Scope:** This ticket represents a milestone for Website User Level Consent Management. List of milestones: This ticket seeks to answer the following design questions: {{{#!php array( 'comprehensive' => true, 'remainder' => true ), 'preferences' => array( 'comprehensive' => false, 'notifications' => array( 'all' => false, 'daily' => false, 'weekly' => true, 'monthly' => false, 'none' => false, ), 'remainder' => true ), 'anon_stats' => array( 'comprehensive' => true, 'remainder' => true ), 'stats' => array( 'comprehensive' => false, 'remainder' => false ), 'marketing' => array( 'comprehensive' => false, 'newsletter' => true, 'targeted_ads' => false, 'remainder' => true ) ); }}} The above should be appropriately serialized before being saved to the database. Example 2: This shows a use case for which one additional top-level consent type (not exposed to the front end, only available on /wp-admin/) would be very useful. Plugin authors are currently allowed to advertise / provide notices, as long as they don't hijack the admin panel. One of the most common ways to permanently dismiss a notice is to add a user_meta value for it - which isn't the best use of the database / ideal for performance. The below may allow for theme authors to be able to provide installation / setup instructions via admin notifications as well. This ticket only shows a possible way it could be done. All discussion about the theme guidelines themselves should happen during Team meetings and on the relevant P2 posts. In this example, the notice has not yet been permanently dismissed. Once the notice has been permanently dismissed for that user, the boolean value for that theme under ""repos"" should be set to ""false"". {{{#!php array( 'comprehensive' => true, 'remainder' => true ), 'preferences' => array( 'comprehensive' => false, 'remainder' => true ), 'anon_stats' => array( 'comprehensive' => true, 'remainder' => true ), 'stats' => array( 'comprehensive' => false, 'remainder' => false ), 'marketing' => array( 'comprehensive' => false, 'remainder' => true ), 'repos' => array( 'comprehensive' => false, 'exampleTheme' => true, 'remainder' => false ) ); }}} The above should be appropriately serialized before being saved to the database. Example 3: This shows a use-case where the website owner needs to cater for legislative consent requirements from various jurisdictions. In this example, the website owner would still like to be able to send first party marketing to website users who choose to opt-out of the sale of their data i.t.o. the CCPA. {{{#!php array( 'comprehensive' => true, 'remainder' => true ), 'preferences' => array( 'comprehensive' => true, 'remainder' => true ), 'anon_stats' => array( 'comprehensive' => true, 'remainder' => true ), 'stats' => array( 'comprehensive' => true, 'remainder' => true ), 'marketing' => array( 'comprehensive' => false, 'sell_data' => false, 'remainder' => true ) ); }}} **Acknowledgements:** Thanks to Rogier for defining the initial 5 categories with input from the privacy team. Thanks to Paapst for the heads-up that consent needs to be re-confirmed if new cookies are added. Thanks to Retrofitter for inquiring about additional consent categories on P2. Thanks to Jono for input on a nested structure for consent." carike 27 Needs Patch 50154 About date and time request of version 5.4.1 Query 5.4.1 normal normal Awaiting Review feature request new 2020-05-13T08:33:12Z 2020-05-13T13:07:05Z "In version 5.4.1, a single page template no longer applies if the year, month, day, hour, minute, and second are all specified as query parameters. I understand that this is the effect of fixing a glitch that caused unauthenticated users to see private posts. At the same time, it is disappointing that the traditional compatibility could not be maintained. The following is the modified portion of the case, but I believe there is a fix that maintains traditional compatibility. [47641] The patch file is attached, so please check it." tmatsuur 2 Needs Patch 60490 Add 'author__in' option to WP_Query 'orderby' options Query normal normal Awaiting Review feature request new 2024-02-09T18:31:07Z 2024-02-09T21:34:45Z "I would like to be able to preserve the author ID order given in the WP_Query author_^^_in array. This would work like how the orderby post_^^_in option works but for author_^^_in instead. So, for example we already have: 'post_^^_in' – Preserve post ID order given in the post_^^_in array And we'd be adding: 'author_^^_in' – Preserve author ID order given in the author_^^_in array (https://developer.wordpress.org/reference/classes/wp_query/#order-orderby-parameters) Would it be possible to add this option to WP Core?" bburgay 2 Needs Patch 31383 Add WP_Tax_Query support to WP_User_Query Query 4.2 normal normal Future Release feature request new 2015-02-19T16:31:15Z 2024-01-02T10:46:44Z "Users like any other object type in WordPress can have taxonomy terms assigned to them. However, there is currently no way to query by taxonomies in WP_User_Query. As far as I could find, the only way to really accomplish this right now is to use get_objects_in_term(), filter out the non user objects, and then use the include parameter. Ideally, I think you should be able to accomplish this by the following: {{{ $user_query = new WP_User_Query( array( 'tax_query' => array( array( 'taxonomy' => 'tax_name', 'field' => 'slug', 'terms' => array( 'term-1', 'term-2' ), ) ) ) ); }}}" desrosj 17 Needs Patch 56168 Add a way easily perform advanced post fields queries Query normal trivial Awaiting Review feature request new 2022-07-07T13:12:12Z 2022-07-07T13:12:12Z "Currently if you want to perform advanced queries on the posts table you have to add your custom SQL to the query with the `posts_where` filter. For example, let's say we want to get the next page with a `menu_order` value greater than the current page we would currently do something like: {{{#!php query['menu_order_gt'] ?? null; if ( is_numeric( $value ) ) { $where .= "" AND {$wpdb->posts}.menu_order > {$value} ""; } return $where; }, 10, 2 ); $query = new WP_Query( [ 'post_type' => 'page', 'posts_per_page' => 1, 'menu_order_gt' => (int)get_post_field( 'menu_order' ) ] ); }}} I suggest adding a class like `WP_Meta_Query` but for post fields meaning we could achieve the same result as above but in a much cleaner and simpler way... {{{#!php 'page', 'posts_per_page' => 1, 'field_query' => [ [ 'field' => 'menu_order', 'value' => (int)get_post_field( 'menu_order' ), 'compare' => '>', 'type' => 'NUMERIC' ] ] ] ); }}} " thelevicole Needs Patch 49057 Add tag for any WP_Query for simple access in pre_get_post action Query normal normal Awaiting Review feature request new 2019-12-21T04:54:24Z 2019-12-21T04:54:24Z "At current time it is difficult for find out which query is running at pre_get_post action I offer add extra property to WP_Query as tag-name. by this way i simply find out which query is running just by custom tag that added in any WP_Query object" hamedmoodi Needs Patch 39632 Adding Query identifier attribute Query normal normal Awaiting Review feature request new 2017-01-18T19:55:17Z 2017-06-07T21:13:26Z "You create any query by passing the arguments to `WP_Query`. What will happen if we add the custom query identifier `_id` like this? {{{#!php 'custom_name', ... ); $q = new WP_Query( $args ); }}} Nothing bad, and one good thing. Using this `_id` I can work with filters like `posts_where` super easy. This would work for many other filters from ''wp-includes/class-wp-query.php'' {{{#!php query will hold the query arguments ... if ( 'custom_name' == $q->query['_id'] ){ // do our improvement on $where return $where. } return $where; } add_filter( 'posts_where', '_20170118_posts_where', 10 , 2 ); }}} If you need more details here is the original [http://wordpress.stackexchange.com/questions/252246/how-to-detect-custom-query-inside-posts-where-hook/252406#comment375812_252406 example]. This already works, but we can benefit more if we add the `_id` for all WordPress core generated queries? This should happen just after `WP_Rewrite` returns the query arguments, based on the query flags. Let's test the future in case of main search query ( `$is_search` flag is true ). You may write like this to address the search query: {{{#!php is_main_query() && $q->is_search() ){ ... // do something with $where } return $where; }}} but with the `_id` '''main-search''' argument, you could write: {{{#!php get( '_id' ) ){ ... // do something with $where } return $where; }}} This is somehow similar to the threads #15063 and #23833, but not exactly. What would be the gain? WordPress query programming may become simpler, and queries may be managed using '''human-readable''' names. " prosti Needs Patch 53060 Data Deletion - comments Query normal normal Awaiting Review feature request new 2021-04-19T16:44:31Z 2021-04-20T17:59:19Z "**Data Deletion - comments** Can we add a WP_Query parameter so that we can pull comments by author email or author user_id? **Why?** For better user privacy, I am creating a profile page for users where they can see all the comments they have made and easily delete those comments -- but in a post loop so that they have the context of the comments that they have made. **Reference** https://developer.wordpress.org/reference/classes/wp_query/#comment-parameters It seems there is no WP_Query parameter for pulling posts by comment author. I think there should be for privacy. Of course, I can make it happen the other way round with a custom DB query to find all comments by author and then get the post_id and loop the ids in_array but maybe it should be easier and more standard as to encourage user privacy respect. " megphillips91 5 Needs Patch 37837 Extend WP_Query author parameters to filter by role Query 4.7 normal normal Awaiting Review feature request new 2016-08-26T10:25:01Z 2017-03-30T17:01:37Z "WP_Query contains a series of author parameters (`author', ' author_name', ' author__in', and `author__not_in` as documented on the Codex). It wpould be nice to add `author_role__in` and maybe `author_role__not_in` as valid parameters, and be able to also query for posts given one or a set of user roles. I can see a lot of usages, and this has indeed been asked inside the community in some places, although I could not find a Track dedicated ticket. AFAIK, this would require the WP_Query database interaction to include the usermeta table, which can be expensive by default, and add a LIKE statement against the `wp_capabilities` usermeta field value, which is also expensive by default. So this might introduce performance problems and be discarded because of that. But otherwise, I would like that we consider this as a possible feature to add." jadpm 1 Needs Patch 16910 Lazy evaluation for WP_Query Query normal normal feature request new 2011-03-21T01:04:39Z 2019-06-04T20:41:58Z "Suppose we have a 'city' post type, which is associated with a 'country' post type, such that each 'city' post has a 'country' parent post. Then the 'country' CPT has a 'language' taxonomy associated to it. Now, let's say we want to find all the cities which speak a certain language. Let's assume we already have the `'post_parent__in'` query var: #13927 We could construct a two-step query, like this: 1) Get all the countries with that language: {{{ $country_ids = get_posts( array( 'fields' => 'ids', 'post_type' => 'country', 'language' => 'french', 'nopaging' => true ) ); }}} 2) Get all the cities belonging to that country: {{{ $cities = get_posts( array( 'post_type' => 'city', 'post_parent__in' => $country_ids ) ); }}} No custom SQL queries; fantastic! But, if you have many many countries (not a good example, I know), you waste a lot of time passing the IDs back and forth from PHP to SQL. Final query: {{{ SELECT * FROM wp_posts WHERE post_type = 'city' AND post_parent IN (1, 2, 3, ...) }}} It would be a lot more scalable to put the first query into the second, directly, as a subquery. So, it would now look like this: 1) Get all the countries with that language: {{{ $country_ids = get_posts( array( 'fields' => 'ids', 'post_type' => 'country', 'language' => 'french', 'nopaging' => true, 'lazy' => true' ) ); }}} 2) Get all the cities belonging to that country: {{{ $cities = get_posts( array( 'post_type' => 'city', 'post_parent__in' => $country_ids ) ); }}} $country_ids would now be a WP_Lazy_Query object, which would just contain the subquery SQL. It would be appended to the second query, when needed: Final query: {{{ SELECT * FROM wp_posts WHERE post_type = 'city' AND post_parent IN ( SELECT ID FROM wp_posts WHERE post_type = 'country' INNER JOIN wp_terms ... ) }}}" scribu 2 Needs Patch 30982 Meta query in pre_get_posts Query 4.1 normal normal feature request new 2015-01-11T20:36:44Z 2019-06-04T20:48:32Z "I don't know if it is already in place, but I want to add in the hook ""pre_get_posts"" custom field. In the page ""search.php"", I want to search ""example"" in post_title, content and custom field in all pages, posts and post-type. But this is the code I put in the hook : {{{ function recherche_avancee( $query ) { if ( !is_admin() && $query->is_search ) { $custom_fields = array( ""introduction"", ""ensavoirplus"" ); $meta_query = array('relation' => 'OR'); foreach($custom_fields as $cf) { array_push($meta_query, array( 'key' => $cf, 'value' => $_GET['s'], 'compare' => 'LIKE' )); } $query->set(""meta_query"", $meta_query); } } add_action( 'pre_get_posts', 'recherche_avancee'); }}} and this is the SQL code I get : {{{ 1. SELECT SQL_CALC_FOUND_ROWS wp_posts.ID 2. FROM wp_posts 3. INNER JOIN wp_postmeta 4. ON ( wp_posts.ID = wp_postmeta.post_id ) 5. WHERE 1=1 6. AND (((wp_posts.post_title LIKE '%exemple%') 7. OR (wp_posts.post_content LIKE '%exemple%'))) 8. AND wp_posts.post_type IN ('post', 'page', 'attachment') 9. AND (wp_posts.post_status = 'publish' 10. OR wp_posts.post_status = 'miseenavant' 11. OR wp_posts.post_author = 3) 13. AND ( ( wp_postmeta.meta_key = 'introduction' 14. AND CAST(wp_postmeta.meta_value AS CHAR) LIKE '%exemple%' ) 15. OR ( wp_postmeta.meta_key = 'en_savoir_plus_page' 16. AND CAST(wp_postmeta.meta_value AS CHAR) LIKE '%exemple%' ) ) 17. GROUP BY wp_posts.ID 18. ORDER BY wp_posts.menu_order ASC 19. LIMIT 0, 10 }}} I want to add the line 13, 14, 15, 16 on the top on the code after the search in the content and the title. And I don't want a '''AND''' before the line 13 but a '''OR'''. But here's the SQL I would need : {{{ 1. SELECT SQL_CALC_FOUND_ROWS wp_posts.ID 2. FROM wp_posts 3. INNER JOIN wp_postmeta 4. ON ( wp_posts.ID = wp_postmeta.post_id ) 5. WHERE 1=1 6. AND (((wp_posts.post_title LIKE '%exemple%') 7. OR (wp_posts.post_content LIKE '%exemple%') 8. OR ( wp_postmeta.meta_key = 'introduction' 9. AND CAST(wp_postmeta.meta_value AS CHAR) LIKE '%exemple%' ) 10. OR ( wp_postmeta.meta_key = 'en_savoir_plus_page' 11. AND CAST(wp_postmeta.meta_value AS CHAR) LIKE '%exemple%' )) 12. AND wp_posts.post_type IN ('post', 'page', 'attachment') 13. AND (wp_posts.post_status = 'publish' 14. OR wp_posts.post_status = 'miseenavant' 15. OR wp_posts.post_author = 3) 16. GROUP BY wp_posts.ID 17. ORDER BY wp_posts.menu_order ASC 18. LIMIT 0, 10 }}} Is it possible to do this now? If this is not the case, is it possible to consider it in the ""future""? Hope this is not already proposed ... Thank you for reading :-)" Spidlace 3 Needs Patch 43356 create is_403 function Query 4.9.3 normal normal Awaiting Review feature request new 2018-02-19T13:48:04Z 2018-02-19T16:04:07Z Create is_403() function and the ability to create a 403.php file in template to customize the page that visitors see when there try to access to a private content when there not loged in. fabienlege 1 Needs Patch 58600 wp_query Enhancement Query 6.2 normal normal Awaiting Review feature request new close 2023-06-22T13:21:56Z 2023-07-03T16:51:04Z "I wolud like to enhance the wp_query to retrive post base on catgory orders. Category Ex. with post Mobile -: Post-1, Post-3, Post-6 Appliance -: Post-2, Post-8, Post-10 I Need Posts like in this order using wp_query of order by category ASC/DESC Current output is according to ID order Post-1 Post-2 Post-3 Post-6 Post-8 Post-10 Expected output Post-2 Post-8 Post-10 Post-1 Post-3 Post-6" thakordarshil 1 Needs Patch 42737 Add method wp.api.getModelByType for retrieving api models adamsilverstein REST API 5.1 normal normal Future Release feature request assigned 2017-11-28T17:52:54Z 2018-10-19T18:33:35Z " For Gutenberg, it will be easier and less error prone to fetch the wp.api.model by retrieving by type instead of creating a route and searching for the model that matches that route. An open detail to work out is if namespacing is needed, can objects have the same name in different API namespaces in the same instance of wp.api. A potential solution could be an optional second argument. For example: `getModelByType( type, versionString = 'wp/v2' )` Related to #41111 Original Slack Discussion at: https://wordpress.slack.com/archives/C5UNMSU4R/p1511878493000062 " mkaz 5 Needs Patch 44862 Create REST API endpoints to lock, release and takeover post edition timothyblynjacobs REST API normal normal Awaiting Review feature request assigned 2018-08-29T13:05:41Z 2022-01-07T18:58:06Z "**Context** In this Gutenberg PR, we're trying to introduce post locking https://github.com/WordPress/gutenberg/pull/4217 To do so, we're reusing the existing ajaxActions, and the the non-REST API URLs to take over the posts. Ideally, we'd like to be able to lock, unlock and takeover edition of posts without the need of a page refresh or usage of ajax actions. **Questions** - I wonder if we should return an error in the PUT/DELETE requests on single posts if the post is locked by another user. (Not required for the ticket as a V1 but might be good to think about it). " youknowriad 13 Needs Patch 50239 REST API Debug/Dev Mode REST API 4.4 normal normal Awaiting Review feature request new 2020-05-24T19:39:55Z 2020-05-24T19:39:55Z "I think we should consider adding some additional debug/dev helpers for the REST API when `WP_DEBUG` is active. When in this mode we'd provide additional validation that the developer is following the REST API paradigms correctly, validation that would be too intrusive or slow in production. Some things that come to mind. 1. Verify that a developer is not calling `die()` in a response handler instead of using a `WP_REST_Response` object. This would be on top of #36271. I still see this in the wild. 2. Validating that the schemas themselves are valid." TimothyBlynJacobs Needs Patch 46379 REST API posts/pages response to include scripts needed for display of post content REST API normal normal Future Release feature request new 2019-02-28T19:11:35Z 2020-10-24T05:25:49Z "Often post body is dependent on external scripts and stylesheets in order to be displayed correctly, but there is no way to discover what those scripts/stylesheets are. This problem was encountered in Gutenberg on https://github.com/WordPress/gutenberg/pull/9734, and the fix was to filter the REST API response to include the list of scripts. You can't know what the scripts are required ahead of time, especially if the API client code is being run from a different server. Shortcodes and Gutenberg blocks can dynamically add scripts and stylesheets. So, I think the problem is three-fold: 1. How to detect what scripts/stylesheets are required to display a particular page/post body 2. How to return that information over the REST API 3. How can API clients (like the backbone client) use that to display the post's body correctly (with the required javascript/stylesheets)" mnelson4 6 Needs Patch 39972 REST API: Allow querying posts by post format REST API 4.7 normal normal Awaiting Review feature request new 2017-02-27T00:30:29Z 2017-05-07T05:48:09Z "Although it is listed in the REST API reference, {{{ posts?format=video }}} shows all posts." sba7elfol 3 Needs Patch 52384 WordPress API - Add Limit / Block API Access Features REST API normal normal Awaiting Review feature request new 2021-01-27T15:36:19Z 2021-01-27T15:53:27Z "Hi, WordPress API is powerful tool, but many users don't actually need or want it. While we can disable it using 3rd party plugins, I believe that basic features to limit access to API via specific/custom tokens, custom users, logged-in (authenticated) users, IP address(es) or CIDR ranges and so on -- should be provided in-core. Yes, yes I know we can achieve it via plugins, but they are not always best way to do it, and sometimes they have bugs, do not pass other internal plugins that actually use API (e.g. CF7) which may create problems, and so on. What do you think? Thanks" Darko A7 1 Needs Patch 42712 Enhance wp revisions to keep with expiration date for the revisions Revisions normal normal Awaiting Review feature request new 2017-11-27T13:16:26Z 2017-11-28T00:39:31Z "https://codex.wordpress.org/Revisions Now, the options of the revisions are: true (default), -1: store every revision false, 0: do not store any revisions (except the one autosave per post) (int) > 0: store that many revisions (+1 autosave) per post. Old revisions are automatically deleted. What about to have expiration by time also, not just with number. In that way, in big multisite installations, old revisions could desappear after X months. Decreasing the size of the database. Normally, if a post have not modifications after 1 year, is because not longer are necesary. Anyway, it would be a choice of the superadministrator of the installation. thanks" colomet 2 Needs Patch 57641 Need functionality to preview revisions for the post such as preview Revisions normal normal Awaiting Review feature request new 2023-02-06T10:19:46Z 2023-11-20T18:01:09Z "Can we add some feature requests to WordPress core that is to preview the different revisions for the posts exactly as the preview while creating the new post? This would help editors to review the revision full of content instead just checking normally content in revisions tab. With new Gutenberg editor, revisions are hard to check because blocks are not parsed while checking the revisions. We can have a preview button over the revisions page for which we are checking the revisions and can be previewed as whole content with all parsed blocks. This can help editor to review perfectly and restore the revision if needed. Current Revisions page have this kind of markup, [[Image(https://user-images.githubusercontent.com/58802366/216945642-5b5324f7-07cb-47a5-811c-ff53808de3d0.png)]] Need this type of markup with a preview button, so on click of that button, user can view the revision with that content. [[Image(https://user-images.githubusercontent.com/58802366/216946179-cb9c2a12-e4b5-4cbc-90f1-b8d244ac230c.png)]] " hbhalodia 2 Needs Patch 42086 Option to view condensed diffs for post revisions Revisions normal normal Awaiting Review feature request new 2017-10-04T16:08:37Z 2020-09-01T16:16:59Z "Viewing a revision of a post which has a lot of content in it can result in a very long screen. It would be great if there was a toggle somewhere on the revisions browser so a condensed diff view was shown. The condensed view would more closely resemble a traditional VCS diff view, which highlights only the changed lines and a handful of lines above and below each change. I haven't checked to see if the `Text_Diff` library that core uses supports such diff generation, I doubt it does but I'd like to be wrong." johnbillion 3 Needs Patch 59419 "Revisions page: how to support varying ""Go to editor"" link templates" Revisions normal normal Awaiting Review feature request new 2023-09-21T03:26:10Z 2023-11-21T01:46:00Z "For various post types, the Block Editor redirects to admin/revision.php. The page admin/revision.php has a couple of ""Go to editor"" links, which open the the current post in the editor. admin/revision.php builds the link by calling `get_edit_post_link()`, which uses the link template from `post_object->_edit_link`. For most post types, including pages and posts, the `_edit_link` template looks something like this: post.php?post=%d. get_edit_post_link() replaces the placeholder %d with the correct post id to build the edit post link. Each page under Site Editor sidebar contains a link to admin/revision.php for page revisions. However since the ""Go to editor"" links are constructed using `page_object->_edit_link`, they will always link to post editor. I would expect the links to return me to the editor from which I last came. The upshot is that we want the `_edit_link` template to vary depending on the origin of the referring URL. For pages, that means if we're coming from the Site Editor, the return template should be something similar to what the wp_template post object uses, which is site-editor.php?postType=%s&postId=%d&canvas=edit. The question is ""what would be the best way to do this?"" Challenges: 1. admin/revision.php does not know where the revision is coming from, that is Post Editor vs Site Editor, but we could use some sort of `$_GET` query param on `revisions.php` to solve that. E.g., let's call it editor: `revision.php?revision=150&editor=site`. That is very specific and might be too narrow. 2. If 1, what then? Whether we grab the query param on the revision page and pass it to `get_edit_post_link` (thereby changing the function signature), or modify `get_edit_post_link` to do the lot internally, we'd still have to build the link accordingly to some pattern. 3. If 2, where would we store that pattern? `_edit_link` is taken. Maybe a new property on the post object? `_edit_site_link` or something. It can be done I think without great fuss using the `get_edit_post_link` filter. With it we can return whatever we want. We would just have to come up with migration approach for Core and I'm not sure what the best option would be. Thank you for considering this issue! For discussion and context see: https://github.com/WordPress/gutenberg/issues/51343#issuecomment-1724580879" ramonopoly 3 Needs Patch 36292 Rewrites: Next Generation rmccue Rewrite Rules normal normal Future Release feature request assigned 2016-03-22T06:38:33Z 2020-11-19T11:28:21Z "Let's start improving rewrites. The current rewrite system is outdated and clunky for modern development, and was one of the most complained about pieces of WordPress when I [https://twitter.com/rmccue/status/710460165879898114 enquired on Twitter]. Here's what I'd like to change. == Part 1: Separate rules from WP Query == This has two parts. Firstly, we need to ensure any rule can be mapped to any set of arbitrary query parameters. Right now, this is quite hard to do for the more complex query parameters, such as [https://roots.io/routing-wp-requests/ date query]. Doing this will eliminate the need for temporary/intermediate query vars; these are typically used temporarily during the rewrite process, then changed into actual query vars in `pre_get_posts`. The second part of this is breaking the interdependency between rewrites and the main query. Currently, it's not possible to have a page that doesn't generate a main query. #10886 has attempted to tackle this in the past, however has run up against problems. This is important for things like user profile pages, and can immediately be used in core for the REST API. The current solution for these is to hook in at `parse_request`, but this causes some hooks not to be run, and changes the overall flow of a WordPress request. Part 1 will introduce a Rewrite Rule Interface that will allow better customisability of rules as well. == Part 2: Ensure the rewrite process is DRY and testable == This part will decouple the rewrite process from the global state to ensure testability. @ericlewis has made a fantastic start on this in #18877, which works well with some of the refactoring from part 1. In separating from the global state, we may be able to reuse `WP_REST_Request` as a more generic `WP_HTTP_Request` (it was designed for this from the start). This should also start cleaning up the `WP` and `WP_Rewrite` classes as concerns get a cleaner separation. Currently the boundary between the two is pretty unclear. == Part 3: Rework flushing == The `rewrite_rules` option and the flushing process are one of the toughest bits of the rewrite process. The fact with these is that they're a caching process that significantly predates transients and object caching. The reason flushing exists is to avoid regenerating expensive rules (like one-rule-per-tag) on every request, but we can create a better system using the newer tools available in core. An opt-in system for rewrite caching could potentially work well once we have a solid Rewrite Rule Interface that allows us to identify and group rules. (For example, a `WP_Rewrite_CachedRuleInterface`.) #29118 digs into some past work on this front; automatically flushing rewrites is already possible. == Other Changes == Note that these parts are in a rough order, and get more vague as they go on. We need to incorporate feedback after changes are made, and these changes might need to be reworked or rethought with previous feedback in mind. There are also other changes we may want to make based on feedback from the community. " rmccue 17 Patch Needs Refresh 5942 Add Owner role Role/Capability 3.1 normal normal Awaiting Review feature request reopened 2008-02-21T10:13:08Z 2017-11-06T17:05:19Z "This patch adds a new 'owner' role. The owner is an administrator who cannot be demoted, deleted or edited by other administrators. Owner is a secondary role - the user is both an administrator and an owner. In the current implementation there is only one owner at a time. The current owner can transfer ownership of the blog to another administrator on the Transfer Ownership tab (under Users). I implemented this as a plugin because some site owners won't want the feature there at all. This is of most interest for MU, but it's also probably useful for some regular WordPress blogs with multiple users. This would be particularly useful in conjunction with the user_role table from #5541, but it works fine with or without it." tellyworth 14 Needs Patch 41778 Archive page for user roles Role/Capability 4.8.1 normal normal Awaiting Review feature request new 2017-09-01T17:22:55Z 2017-09-02T21:23:07Z "If possible, implement userroles in the author archive page or create a seperate user archive for it. Along with an option to modify the base/slug. For example, subscribers should have their own archive page. While subscribers don't hold any rights inside wordpress, in themes such as an ecommerce website or membership website, these subscriber roles are quite important as they are considered as 'customers'. " mireillesan 2 Needs Patch 46716 Site owner unable to control admin level users in Word Press dashboard Role/Capability normal normal Awaiting Review feature request new 2019-03-29T12:25:21Z 2019-03-30T04:27:00Z "Issue details: I just created my website using WordPress. I am not a web developer and wordpress dashboard is pretty native and lacks default functionalities like giving sub headings in your page or blog ( editor should at least be as good as MS Word). Also I can create new page under parent page but can't view their title under parent page in menu after publishing the page.( expected behavior) So I need to take help of a web developer to get proper page templates, theme, plugin etc. I created a second administrator in my site to give access to a web dev to my site dashboard. Now I ( site owner ) and the web developer have equal rights in the site. the Web developer can even change my password or delete me as an administrator, or log me out!! How can wordpress allow that? There are plug ins which give different User roles but this is a core capability to add, edit or delete users including site owner. Plugins can be removed by an admin user so not useful to protect rights of site owner if he/she has to create other admins. If I do not give admin rights to web developer, he can not add templates/plugins/theme so I have to give admin rights.. Expected Behavior: To make wordpress websites secure, the site owner should have Master admin rights. Site owner should be able to add or remove other admins but other admins should not be able to view - site owner( master admin) among list of users. other admins should not be able to view, edit or delete any details of Master admin profile. Also Publishing rights should be restricted to not allow every user to publish anything they write/change. in fact there should be check box for different capabilities while creating users: 1. User Management (All- master admin) 2. User management ( all but not master admin) 3. Developer capabilities ( templates, plug ins, coding ) 4. Read, write, edit posts (self only- Jr. blog writer) 5. Read, write, edit, publish posts (self only- blog writer) 5. Read, write, edit, publish posts ( all contributors- editor) 6. Read write,edit, publish, delete posts, review publish comments ( all contributors- Sr.editor) Additional improvements: Today most blog sites have basic editing features which make them more user friendly for nontechnical bloggers. WordPress try to keep everything simple and is great for developers but please think from beginners' perspective and add basic capabilities to page editor. Also add menu editor or create core functionality to automatically add child page under parent page in main menu. " anu24 2 Needs Patch 55106 Split publish_posts in publish_posts and publish_others_posts Role/Capability normal normal Awaiting Review feature request new 2022-02-07T21:24:30Z 2022-02-08T08:10:48Z "While working on a multisite blog I've found that several capabilities have an _others_ version, but is missing on the `publish_posts` capability. This is important because you currently can't limit someone to publish only his/her own posts. It's all or nothing. Example: a newly added Author can publish a draft from the Administrator. It can also be seen as a feature the other way around: when everyone has only `publish_others_posts` capabilities, every posts has to get a second pair of eyes before getting published. **I suggest implementing:** `publish_posts` - Controls whether objects of this type __owned by current user__ can be published. Set as default capability of Super Admin, Administrator, Editor, Author. `publish_others_posts` - Controls whether objects of this type __owned by other users__ can be published. If the post type does not support an author, then this will behave like publish_posts. Set as default capability of Super Admin, Administrator, Editor. " freakenstein 3 Needs Patch 58873 Add function to pass variables to scripts Script Loader 5.7 normal normal Awaiting Review feature request new 2023-07-22T03:36:51Z 2023-07-22T03:36:51Z "Since WordPress 5.7 using `wp_localize_scripts` to pass variables to registered scripts throws a `_doing_it_wrong` notice. The suggested ""correct"" way of passing variables to scripts, using `wp_add_inline_script`, feels like a step backwards. - Instead of just passing a variable name and value through a PHP function, that abstracts all of this away, we now have to write fully qualified JavaScript code in PHP strings. - We have to actually parse/decode the values being passed on a case-by-case basis. `wp_localize_script` did this reliably. - Using `wp_add_inline_script` is more verbose and prone to errors. Static analysis tools will not work on PHP strings. - It makes for uglier code that is less human-readable. On a personal note, Converting to `wp_add_inline_script` feels a lot more like I'm ""doing it wrong"" than using `wp_localize_script`. It's simple, short and it works. (I do feel chagrined to see Query Monitor show up brown on every page load. But not enough to go and make my code uglier.) I also doubt other ""in the wild"" developers will forego the use of `wp_localize_script` because of the `_doing_it_wrong` notice. The `wp_add_inline_script` alternative is simply not as robust. Suggestion: Add a function `wp_pass_variables_to_script` (or probably a shorter name) to re-introduce the robust functionality provided by `wp_localize_script`." apedog Needs Patch 47285 Better Management of External Asset Dependencies Script Loader normal major Awaiting Review feature request new 2019-05-15T18:36:15Z 2021-01-25T22:53:10Z "**Tl;Dr**: there **must** be a way for WordPress Plugins to indicate compatible versions of external dependencies, so as to reduce enqueuing multiple copies of the same external library. The issue is urgent with the ecosystem's migration to Blocks. **Problem** We've all been there; you install 3 plugins, and your website is enqueuing four copies of FontAwesome, and two copies of Bootstrap. Plus an extra one of each from your theme. Plus 3 different datepicker libraries and two `"" /> "" /> search_box( $tax->labels->search_items, 'tag' ); ?> }}} which needs to be indented properly to make it more understandable. This can be check in other files as well where we are writing HTML as well as PHP. In this tickets preview how exactly the code is written so I am adding a screenshot as well https://prnt.sc/kmcjeu" prashantvatsh 2 Needs Dev / Bug Wrangler Feedback 48641 Discussion: links that look like buttons (and vice versa) Administration normal normal Future Release enhancement new dev-feedback 2019-11-14T17:23:30Z 2021-03-04T21:51:54Z "''This issue has been moved from GitHub to Trac to increase visibility.'' Original GitHub discussion: https://github.com/WordPress/gutenberg/issues/7534#issuecomment-549980093 == Summary Sometimes, `
` elements are made to look like visual buttons to users, even though they are not actually using the `

}}} {{{

}}} Look into same field between the two html outputs, you can see most of the p, label, and input tag has different values of the css ids and classes. for example: wp_login_form(): {{{}}} wp-login.php: {{{}}} the ids are the same, but wp_login_form(): {{{

}}} wp-login.php: {{{

}}} the classes are different Can you make the ids and classes same, so it will be easier for me to make the two login forms ( `wp_login_form()` and wp-login.php ) with consistent style? " syshut 2 Needs Dev / Bug Wrangler Feedback 20019 wpmu_validate_blog_signup(): Allow '.' and '-' in blog names Login and Registration 3.0 normal normal enhancement reopened dev-feedback 2012-02-10T23:04:29Z 2019-06-04T20:03:10Z "Canonical uses Wordpress 3.x multisite as part of voices.canonical.com, for employees who do not have or wish to list their personal blog. The code is stock, except for one patch we maintain, which allows blog names (currently in WP as lowercase alphanumeric only) to also include '.' and '-'. This matches our global username format. Attached is a patch extending wpmu_validate_blog_signup() to allow '.' and '-', with a tweak for the error text. We have been running the patch for awhile, and have not run across any problems with the rest of the code accepting this." fo0bar 21 Needs Dev / Bug Wrangler Feedback 29513 Move heavy lifting of wp_mail() to child class of PHPMailer Mail 4.0 normal normal Future Release enhancement new dev-feedback 2014-09-04T18:10:10Z 2020-09-16T18:59:53Z "If a plug-in is sending an e-mail, the class `PHPMailer` has a lot of useful methods (e.g. `addStringAttachment()`), but these are not available when using `wp_mail()`, which is a requirement to work with numerous other plug-ins owing to the hooks it triggers. `wp_mail()` does a number of things: 1. Instantiates a `PHPMailer` instance 2. Sets default values (e.g. ""from"" headers, charset, content type etc. ) 3. Parses the passed arguments and feeds it to the `PHPMalier` instance. 4. Executes a ""pre-send"" routine, (e.g. triggering hooks `wp_mail_from`, `phpmailer_init` etc) 5. Sends the e-mail The attached patch does a number of things: 1. Defines a `WPMailer` class ( a child of `PHPMailer`) 2. Defines a `WPMailerFactory` class which creates an instance with appropriate default values 3. Defines 'helper' methods which do the 'heavy lifting' of (3) above 4. Overrides the preSend method of PHPMailer to execute the 'pre-send routine' present in `wp_mail()` (i.e. (4) above) 5. Refactors `wp_mail()` to ""operate"" `WPMailer()` instance The result is that developers can either use `wp_mail()` or `$wpmailer = WPMailerFactory::getMailer()` to send e-mails, and both will behave identically (in terms of default values, and hooks being triggered), while maintaining backwards compatibility. This would also effectively close tickets #28407, #28059, #23291, #15539 , #11376 and maybe others. == Remarks == '''Why just not use `phpmailer_init`?''' This hook is very useful, but offers no context in which `wp_mail()` is called. As an example, suppose a plug-ins sends an e-mail with an ""on-the-fly"" purchase receipt attached. At `phpmailer_init` I don't know the purchase ID from which to generate and attach the receipt. '''Class/method naming standards''' I've used PHPMailer's naming standards which I understand conflicts slightly with WordPress' naming standards. A future iteration of this patch could well change this if that is deemed best. '''Global $phpmailer''' The global `$phpmailer` is redundant, as the factory creates a fresh instance for each request. Or at least it ''would''. The ''only'' reason the patch still uses this global, is that all the relevant unit tests pass without any further changes. Subject to this ticket being accepted in principle, these tests should be updated along with the patch. '''Backwards compatability''' Assuming `wp_mail()` hasn't been overriden by a plug-in/theme, then the is no change in behaviour. If it has been overridden, it's clear from the original function that the `$_GLOBAL['phpmailer']` should not be expected to exist, nor even the required classes to be loaded. As such they can be expected to operate independently of the changes made here, which are non-destructive. '''Uni tests''' For me, the mail group unit tests pass with 1 skipped. For some reason some tests failed (e.g. `Tests_DB::test_bail()`), but these failed even without this patch." stephenharris 13 Needs Dev / Bug Wrangler Feedback 38028 Send emails via an action Mail normal normal Awaiting Review enhancement new dev-feedback 2016-09-12T20:55:20Z 2020-01-16T14:30:48Z "There are a number of ways that you may want to interact with core emails in WordPress. To name two * Use a different server to send (e.g. to benefit from DKIM/SPF) * Use custom templates, HTML, multipart etc. Currently solutions to achieve these things are not ideal. Pluggable functions leave exposure to other core changes and leave no scope for a 'fallback' to default if it is necessary. Filters for content are inconsistently (if at all) applied leaving some messages totally inaccessible to developers, save through the wp_mail filter - which is hacky at best (try catching a translated message). My proposal is relatively simple - send all emails in core through an action hook. `do_action( 'wp_mail_{email_id}', $args );` `$args` of course would carry the necessary elements for the dynamic parts of a message. An call add_action can then exactly replace what is being done at present to generate the message and make the `wp_mail` call. Any developer that wants to interact with the message can then simply remove the core action and add their own - to alter the message and/or send using an alternative mechanism to `wp_mail`, falling back to it if necessary. Possibilities for developers are then endless. `wp_mail` stays in tact and as the hook call replaces current functionality there is no issue with backward compatibility - all existing filters can stay in place." markcallen 5 Needs Dev / Bug Wrangler Feedback 49687 wp_mail() - Why is no envelope sender defined? Mail 5.4 normal minor Awaiting Review enhancement new dev-feedback 2020-03-23T23:15:14Z 2022-11-17T08:47:39Z "As just figured out, some (mail) servers require the envelope sender to be set in order to accept outgoing emails. For the PHP built-in mail() function (https://www.php.net/manual/en/function.mail.php) this can be done using the additional parameter (e.g. ""-fwebmaster@example.com) as explained in example 4 of the PHP manual page. In order to use that option and set the envelope sender in PHPmailer either the sender attribute of the phpmailer object needs to be set ($phpmailer->Sender = ""sender@example.com"") or when using the setFrom() method of PHPmailer, the 3rd parameter needs to be set to true (=default). Unfortunately, the current implementation of wp_mail() explicitly sets that 3rd parameter to false, which prevents the envelope sender from being set (see https://core.trac.wordpress.org/browser/trunk/src/wp-includes/pluggable.php?rev=47494#L358). Is there any reason for doing so and could we change L358 to $phpmailer->setFrom( $from_email, $from_name, true ); ?" vbbp 9 Needs Dev / Bug Wrangler Feedback 23148 Add hook in wp_ajax_save_attachment for additional attachment fields audrasjb Media 3.5 normal normal Future Release enhancement reopened needs-docs 2013-01-08T19:25:07Z 2023-06-21T15:15:05Z "As of now, `wp_ajax_save_attachment` only looks for the attachment title, caption, description and alt text fields. Without a hook, there is no way to extend the new media system properly and take advantage of the save functionality. There should be a hook provided at the end of this function (before the JSON response is sent back) that allows devs to update any additional attachment fields that have been rendered by extending the `media.view.Attachment.Details` subview." griffinjt 52 Needs Dev / Bug Wrangler Feedback 36982 Add image attributes and additional context to the wp_calculate_image_srcset and wp_calculate_image_sizes filters adamsilverstein Media 4.6 normal normal Future Release enhancement assigned dev-feedback 2016-05-31T17:39:55Z 2021-11-18T15:46:55Z "Because the srcset and sizes attributes try to give the browser guidance on how CSS is going to handle images, we should be able to take into account image class attributes (and other attributes that could be used as CSS selectors) when using the {{{wp_calculate_image_srcset}}} and {{{wp_calculate_image_sizes}}} filters to set the appropriate srcset and sizes. It would also be helpful to be able to supply a context to functions like {{{wp_image_add_srcset_and_sizes}}} and {{{wp_make_content_images_responsive}}} so we can calculate different srcset and sizes attributes if a medium sized image is in the main content section vs. in an aside or other section." kylereicks 40 Needs Dev / Bug Wrangler Feedback 33468 Add image caption hook SergeyBiryukov Media normal normal Future Release enhancement reviewing dev-feedback 2015-08-20T17:05:05Z 2020-03-04T22:34:29Z "There is currently no proper way to hook into image captions. Image captions are stored into the excerpt of attachments posts but when the caption is retrieved it doesn't go threw any specific filter. I think it would be nice to have a `add_filter ( 'image_caption', 'your_filter' );` or something similar. This was already discussed here : [https://wordpress.org/ideas/topic/add-image-caption-hook#post-28710] Captions are used by multiple themes and plugins. They are fully supported and showed in twenty-fifteen so I think we should be able to properly hook/filter them. " guillaumemolter 7 Needs Dev / Bug Wrangler Feedback 42920 Add support for the picture element adamsilverstein Media normal normal Awaiting Review enhancement assigned needs-unit-tests 2017-12-17T06:10:52Z 2024-02-26T18:25:22Z "The `` element is in the HTML standard and should be supported in WordPress (https://html.spec.whatwg.org/multipage/embedded-content.html#the-picture-element). Similar to the `

Welcome back, Peter. By filling out the form below, you can add another site to your account. There is no limit to the number of sites you can have, so create to your heart's content, but write responsibly!.

}}} We should remove the whitespace because it isn't necessary." henry.wright 32 Needs Dev / Bug Wrangler Feedback 55607 wp-config overrides of WP_HOME and WP_SITEURL are forgotten when installing MultiSite. Networks and Sites 3.0 normal normal Awaiting Review enhancement new dev-feedback 2022-04-22T18:37:42Z 2022-12-03T20:03:10Z "The chain of events I encountered when playing with WordPress on my home server. 1. Installed WP successfully. 2. I changed the two URL settings to the wrong value by accident. 3. Tried logging back into the admin panel, but I kept being redirected to the wrong place, the one I had mis-typed. 4. Google'd for a fix that would avoid my having to reinstall from scratch and found you can override these two settings in wp-config. I added the correct values for WP_HOME and WP_SITEURL. 5. Finding access to my website restored, I forgot about the two settings editable on the setting panel. 6. I switched on Multi-Site by setting WP_ALLOW_MULTISITE in wp-config. 7. I followed the Network-Setup panel, opting for subfolders. (The sample code to paste into wp-config had the correct name for DOMAIN_CURRENT_SITE.) 8. I followed the instructions to update both wp-config and .htaccess. 9. I went to the login page and saw the page layout was all messed up. Investigating, I found the CSS etc links were all to the mistyped URL I had typed back in step 2. Note, after restoring the htaccess and wp-config (but keeping my WP_HOME and WP_SITEURL changes) I found I could not update the wrong settings in the DB, as both text boxes were greyed out. WP multi-site appears to have some reference one of the two URL settings in the database. This should defer to the replacement settings in wp-config." billpg 1 Needs Dev / Bug Wrangler Feedback 37178 Add $cache_only parameter to get_option Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2016-06-26T11:21:08Z 2023-04-24T13:03:34Z "When you do `get_option()` and the option doesn't exist in the option cache, WordPress does a query to check whether that option exists and loads it. This is great as default behavior, but when you ''know'' that an option would have been autoloaded, you might not want that to happen. I propose adding a parameter `$cache_only`, which defaults to false, which, when set to true, returns false when there is no option set in the cache. The ""workaround"" currently would be to set an empty option, but that means adding unnecessary data to the database." joostdevalk 5 Needs Dev / Bug Wrangler Feedback 40642 Add new filter to populate_options Options, Meta APIs 1.5 normal normal Awaiting Review enhancement new dev-feedback 2017-05-02T20:05:34Z 2017-05-02T20:12:33Z The populate_options is used in the install of WordPress, both single and multisite. When creating options, it loops around an array of default options. Adding a filter to this array, would allow for new settings to be populated on install. spacedmonkey Needs Dev / Bug Wrangler Feedback 32202 Add support for options page locking (settings API concurrency) Options, Meta APIs 3.6 normal normal enhancement new dev-feedback 2015-04-30T01:18:48Z 2021-08-26T21:18:12Z "If two users access an options page at the same time, the user who saves last will have their settings stick, while the user who saves first will have their settings lost. This is because options pages lack any access concurrency checking. In #31436 we propose to handle conflicts in concurrent Customizer sessions by adding locking to individual controls so that users can't override each others' values. The same functionality is needed for options pages generated generated via the Settings API. At the most basic level, locking could be implemented to block a user from accessing an options page if someone else is already there, presenting the user with the same takeover screen as shown for post locking. A more sophisticated approach would be to allow multiple users to edit an options page at once, either by syncing values across the sessions via Heartbeat, or by disabling a field entirely for other users when one user starts editing it. In this way, the disabled field would not be included when the other users submit the form. This may not work in all cases, however. Another approach, less sophisticated and not using Heartbeat at all, would be to introduce a persistent counter for saves to a given admin page. This would serve as a revision number, and the revision could be included with each settings form. If the submitted form has a setting number that is not the same as what is currently stored, then this would indicate there is a potential conflict and the user could be presented with a screen to resolve any differences." westonruter 11 Needs Dev / Bug Wrangler Feedback 44387 Add support for site meta in `register_meta()` Options, Meta APIs 5.1 normal normal Future Release enhancement new needs-unit-tests 2018-06-17T13:36:33Z 2019-09-20T23:23:10Z "#38323 adds subtype handling to `register_meta()`. These efforts include introducing a function `get_object_subtype()` which returns the object subtype of a given type and ID combination. For the initial merge, this only includes the single site types ""post"", ""term"", ""comment"" and ""user"". Since [42836], sites in a multisite also support metadata, so they should receive subtype support as well. Since sites do not actually use subtypes at this point, we basically only need to add a clause which checks whether a site with the given ID exists, and if so, return the type identifier. The tricky part into which we need to put some thought is the naming: Sites have been historically called ""blogs"", and WordPress core aims to get rid of the legacy naming in its APIs (and only the database schema remains untouched). For example, there are wrapper functions like `get_site_meta()`, but they actually call the low-level meta functions like `get_metadata( 'blog', ... )` because those are tightly coupled to the DB schema. Since registering site meta would be new, we should consider actually naming the type ""site"" here, and then only internally handling the ""blog"" part of it. However, this may introduce unexpected inconsistencies with other areas, so we need to investigate whether this is a wise choice or not. I'd generally argue the simplest solution would be to introduce `register_site_meta()` and `unregister_site_meta()` and otherwise keep the ""blog"" name (which would be consistent with the way existing site meta wrappers work) - however we decided wrappers should only be introduced for object types that use subtypes, so here with sites, developers would actually need to call `register_meta( 'blog', ... )` themselves which would be sub-optimal. Let's discuss." flixos90 12 Needs Dev / Bug Wrangler Feedback 26895 Deprecate recently_edited option Options, Meta APIs 3.8 normal minor enhancement new dev-feedback 2014-01-21T08:33:53Z 2019-06-04T20:45:22Z "recently_edited option is being set when a plugin or a theme file is edited by the builtin Editor. A search, in the WordPress 3.8 source code, tells me that the option is never being read. I suggest that we deprecate that option and replace it by an action where plugins can hook and get the value of the edited file." yani.iliev 4 Needs Dev / Bug Wrangler Feedback 42012 Do not switch roles and capabilities when accessing options through `*_blog_option()` Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2017-09-27T21:51:32Z 2021-08-03T11:42:38Z "[41625] has outsourced the functionality to switch the current user's capabilities and available roles when sites are being switched, instead this now happens in `wp_switch_roles_and_user()` which is hooked into the `switch_blog` action. When accessing `get_blog_option()`, `add_blog_option()`, `update_blog_option()` or `delete_blog_option()`, it should be safe to always unhook the function temporarily (see `WP_Roles::get_roles_data()` for an example where it already happens manually in core) to improve performance, in some cases significantly. Roles and capabilities are not needed when accessing options, however we need to be careful and think about what plugins are possibly doing here. Let's discuss whether this can happen automatically in core or whether it should be left to developers." flixos90 Needs Dev / Bug Wrangler Feedback 36655 Enhancement: Add datetime column to options table. Options, Meta APIs normal normal enhancement new needs-unit-tests 2016-04-24T15:04:51Z 2019-06-04T20:57:35Z "== Proposal == The options table in WordPress is a great key/value storage option for a wide variety of different data used by core and plugins. One improvement that would increase its utility for faster time based queries on data stored there is to add a DATETIME column. == Some examples where this benefit could be realized: == === Example 1: Transient storage. === Currently, when there is no object-cache in use, transients are stored to the wp_options table. However, for each transient there are two records. One for the actual key/value pair and then one for any timestamp set as the transient expiry. Having a datetime column would allow the transient to always only consist of one record and thus make any queries interacting with transients much simpler. === Example 2: Arbitrary plugin data using the options table for its own scheduled tasks. === A lot of plugins are using the transient system wrong because it's not intended for indicating minimum age. Having a datetime column would provide the database schema in WordPress core that allows for plugins to implement their own ""minimum/maximum age"" apis. === Example 3: Tracking creation/modification times. === Having a datetime column would allow for indicating when a key/value pair was created and/or modified which could be useful for plugins that have need to do so. === Example 4: Scheduled settings/options. === Having a datetime column could allow for scheduled changes with a sites configuration and thus more advanced previews/site preparation, (think adding scheduled changes to site title, or site description via the customizer). Having a datetime column makes such schedules simpler to implement. == Implementation == === Schema === {{{ option_date datetime NOT NULL default '0000-00-00 00:00:00' }}} === Iterations: === 1. Add the column and modify options api to expose the new column to queries (get_option, update_option, site option functions etc). 2. Convert transient API to implement new option_date column for setting expiries when object-cache is not in use. == Who and When == I'd be willing to spearhead putting some patches together and getting the initial code going but before I invest some time in this I'm just testing the waters to see if this is even something that would be considered/welcomed for core. I'm not aware of any potential conflicts this may pose with the purpose for the option table but if there are any I'm sure I'll find out! I definitely don't see this as going in 4.6 but it might have potential for 4.7 if work begins fairly soon. " nerrad 1 Needs Dev / Bug Wrangler Feedback 48393 Fix from #38903 prevents options autoload parameter update SergeyBiryukov* Options, Meta APIs normal major Future Release enhancement accepted dev-feedback 2019-10-22T07:46:00Z 2023-08-28T21:00:43Z "This is a follow-up to #38903. 3 years ago fix for not * If the new and old values are the same, no need to update. * But this condition does not check if method call intention was to update autoload field of the option. Currently the issue can be resolved by force update options when update_option method is called with autoload != null and check * If the new and old values are the same, no need to update. * should be skipped." anonymized_16833402 11 Needs Dev / Bug Wrangler Feedback 44042 Hook for ‘delete_option’ behaviour required Options, Meta APIs 1.2 normal normal Future Release enhancement new dev-feedback 2018-05-11T07:45:45Z 2022-06-02T13:51:37Z "Hi, I posted this about one month ago in the wordpress support forum: [https://wordpress.org/support/topic/hook-for-delete_option-behaviour-required/] I did not receive any answers there but referred to this forum, so I post it here again:\\ Hi, I would need to prevent and change the deletion of certain options by the WP core function ‘delete_option’. There is a hook {{{ do_action( 'delete_option', $option ); }}} available here: [https://core.trac.wordpress.org/browser/tags/4.9.4/src/wp-includes/option.php#L532]\\ But this does neither provide a way to exit the delete_option function before the option is deleted nor to change the option name to be deleted. In fact this existing hook seems to be pretty useless. Therefore I would need a filter in the first line of the delete_option core function like {{{ $option = apply_filters( 'delete_option_name', $option ); }}} . Or change the line 535 from {{{ $option = trim( $option ); }}} to {{{ $option = trim( apply_filters( 'delete_option_name', $option )); }}} Any chances to get this into core immediately?\\ Thx, Robert " RobertoDonPedro 6 Needs Dev / Bug Wrangler Feedback 56548 Introduce `get_option` action Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2022-09-11T19:00:11Z 2022-09-11T20:14:00Z "There has been the `option_{$option}` filter for a long time, and it makes sense that this filter should be used to tweak options when reading them. However, there is sometimes a need for running certain logic for when an option is being read. For example, the WordPress performance team is currently working on a feature to optimize the autoloaded options list. For such purposes, we would like to add a new `get_option` action: * The reasoning for making it an action is to not falsely encourage developers to think they could use this to filter an option value (which would be excessive since it would be running for every option read). * The action would get parameters for the option name, the value, and whether the value is based on the default (rather than being looked up from the database). * The action name would be aligned with the existing actions `add_option`, `update_option`, and `delete_option`. * It would be documented so that it should only be used for special cases (similar to e.g. the `all` filter)." flixos90 1 Needs Dev / Bug Wrangler Feedback 38690 Introduce classes for settings Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2016-11-07T08:53:14Z 2019-03-26T13:14:34Z "Let's add classes surrounding settings to provide a better structure for dealing with them. It will also allow us to get rid of some globals if we are in a position to remove them (in terms of BC). Here is what I have in mind: * A `WP_Settings` class should be introduced that contains `get()`, `update()`, `add()` and `delete()` methods. This will mostly be copy-paste from the related functions. The functions themselves will become wrappers. * A `WP_Settings_Registry` will be introduced. It should contain all methods that handle registered settings (mostly introduced in 4.7). Again, the functions would become wrappers. We could get rid of the `$wp_registered_settings` global here and store these in a class property instead. * The `WP_Settings_Registry` instance will be contained by the `WP_Settings` instance as a public property. * A function `wp_settings()` will be introduced to access the `WP_Settings` instance or generate it if it does not exist yet. I'm not sure yet how to store the instance: The easy way is a global, but I was wondering where we're at with plans like a `WP::get( 'settings' )` so that we could do it differently. Anyway, let's assume a global first. I think it would be a good pattern to build the class in a flexible way, so that the registry instance and database instance are passed to the class constructor. The following is how I would envision the `wp_settings()` function: {{{ function wp_settings() { global $wp_settings; if ( ! isset( $wp_settings ) ) { $wp_settings = new WP_Settings( new WP_Settings_Registry(), $GLOBALS['wpdb'] ); } return $wp_settings; } }}} I think once we agree on an approach, we should do something similar for metadata. But let's have the discussion in here first and open the other ticket afterwards." flixos90 Needs Dev / Bug Wrangler Feedback 43209 REST API should take settings errors into account Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2018-02-01T23:59:10Z 2018-02-01T23:59:10Z "The `WP_REST_Settings_Controller` should notify the client when updating a setting fails due to an invalid value provided per the setting's `sanitize_callback` (should actually be validation, see related #43208). Currently this goes completely unnoticed. While `update_option()` doesn't return any information like that, it may be possible to use the information passed to `add_settings_error()` in case of a validity issue, and forward that to the client by returning a `WP_Error` with the message." flixos90 Needs Dev / Bug Wrangler Feedback 43208 Separate setting validation from sanitization Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2018-02-01T23:45:12Z 2020-11-06T23:12:25Z "As widely known, validation is different from sanitization. A value should first be validated and then be sanitized. Historically, WordPress has been mixing these two responsibilities in the `sanitize_option()` function, however it is easily possible to add an extra layer on top of that which maintains full backward-compatibility. Newer parts of core, such as the Customizer and the REST API, have been dealing with this in a better way, keeping the two separate. We can achieve the same for options themselves too. I suggest introducing a `validate_option_{$option}` filter that works somewhat similar like the `customize_validate_{$setting_id}` filter used in the Customizer. It passes an empty `WP_Error` object that can be added to. In addition to allow separate validation from sanitization, it also makes handling of validation easier, since it can then automatically set the value to the previous value and call `add_settings_error()`, passing any error messages set, which matches current core behavior." flixos90 10 Needs Dev / Bug Wrangler Feedback 14125 Seperate out non-editable options in edit site sorich87* Options, Meta APIs normal normal enhancement accepted dev-feedback 2010-06-28T04:11:36Z 2019-06-04T20:41:23Z "In the edit site screen, blog options which are arrays are shown as SERIALIZED and the textbox is disabled. The attached patch pulls those options out of the options metabox and displays the option name in another metabox below. Related: #14120" wpmuguru 7 Needs Dev / Bug Wrangler Feedback 55584 Settings API autoload hook Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2022-04-18T04:56:49Z 2023-08-31T17:43:17Z "Currently all settings registered via Settings API is forced to enable autoload, There is no hook to replace this. Lets imagine just for example: 1. all wordpress plugins is using this to register their settings data. but not delete this value during uninstall. 2. Average wodpress admin install then uninstall 50 plugins in their lifetime. 3. Average autoloaded setting is 100kb per plugin there will be 5mb autoloaded options which not used anymore. that event is per pageload. Just imagine that. " hir88en 5 Needs Dev / Bug Wrangler Feedback 43360 Third parameter for get_option function to return default value instead of empty string Options, Meta APIs 4.9.4 normal normal Awaiting Review enhancement new close 2018-02-19T21:47:16Z 2022-05-26T10:20:04Z "`get_option($option, $default = false)` function returns empty string if the required field exist but doesn't contain any value e.g. NULL or empty string. For example, there is an option field 'test' exist in the option table but without any value(NULL or empty). Now `get_option('test', 'Hello World')` function will return an empty string as it is; from the database but developer may be expecting ""Hello World"" in return. To avoid this situation third parameter may be introduced for `get_option()` function which will decide to return NULL/empty-string or default value. Here is my proposed solution `get_option( $option, $default = false, $return_null = true)` Now calling `get_option('test', 'Hello World', false)` function for above problem will return default value which is '''Hello World'''. wp-includes\options.php file requires little changes to address the above enhancement." farhan.noor 2 Needs Dev / Bug Wrangler Feedback 38896 avatar_settings help text may not be accurate if avatar_defaults is filtered Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2016-11-21T22:04:36Z 2019-03-19T00:49:20Z "The string says: {{{ For users without a custom avatar of their own, you can either display a generic logo or a generated one based on their email address. }}} But, I have a need to remove generated Gravatars entirely using the `avatar_defaults` filter, which makes this text misleading. In addition, this text is not wrapped in any defining HTML, making it impossible to reliably target with CSS or JS even." johnjamesjacoby Needs Dev / Bug Wrangler Feedback 40523 populate_options doesn't use correct add_options actions Options, Meta APIs 1.5 normal normal Awaiting Review enhancement new dev-feedback 2017-04-21T23:17:27Z 2017-05-02T20:15:25Z populate_options is a special function, used to populate default option in the options table. To populate the options table, a single (and large) insert is used. Because the add_option isn't used, it means none of that functions actions are run. spacedmonkey 2 Needs Dev / Bug Wrangler Feedback 43598 site-options notoption only queried and never set in not multisite wordpress installs SergeyBiryukov Options, Meta APIs 4.9.5 normal normal Future Release enhancement reviewing dev-feedback 2018-03-21T10:08:34Z 2019-09-23T23:15:04Z "We have notoptions mechanism that works well. WordPress core does also query $network_id:notoptions regardless of multiste. However, such option is set only in multisite installs. As a result, if you are not running multisite, you are only querying for $network_id:notoptions and you never set it. It beats the idea of notoptions - we read it, but we never set it - what's the point? Possible solutions: - read $network_id:notoptions only in multisite installs - set $network_id:notoptions also in not multisite installs" Grzegorz.Janoszka 4 Needs Dev / Bug Wrangler Feedback 55553 update_blog_option should accept autoload parameter Options, Meta APIs 5.9.3 normal normal Awaiting Review enhancement new dev-feedback 2022-04-10T21:22:46Z 2024-01-31T21:27:10Z The function update_blog_option doesn't accept any autoload parameter, even though it calls the function update_option that accepts an autoload parameter. giuse 2 Needs Dev / Bug Wrangler Feedback 35796 """Permalink Settings"" admin page is largely blog/post specific" Permalinks normal normal enhancement new dev-feedback 2016-02-10T17:44:29Z 2020-02-06T19:41:12Z "The current verbiage in `options-permalink.php` is a little cryptic, and in a world pull of custom post types (including Pages) it's actually a bit confusing: Here's the current verbiage: > '''Permalink Settings''' > > WordPress offers you the ability to create a custom URL structure for your permalinks and archives. Custom URL structures can improve the aesthetics, usability, and forward-compatibility of your links. A number of tags are available, and here are some examples to get you started. I'd like to see these changed to something more like: > '''Post Link Settings''' > > WordPress offers the ability to customize the URL structure of your post and post-archive permalinks, improving the aesthetics, usability, and forward-compatibility. Several tags are available, and we've included the most popular configurations below: In addition, I'd like to propose we include the permalink tags in the dropdown Help section, rather than link off to WordPress.org. All of this would offer several UX improvements: * Keep the user on the same page rather than link off and open a new browser tab for WordPress.org * It better expresses to the end-user that this settings page is largely dedicated to posts, implying that pages and custom post types get pretty URLs largely as a consequence * Now that `unregister_post_type()` is in trunk, we should start thinking about trimming the options down to ""Pretty"" and ""Unpretty"" if the ""Posts"" type isn't even registered anymore. (There are likely to be many other considerations in this circumstance, but it's relevant here.) * It's a friendly nod to developers to remind them that this page won't help them with their custom post types, taxonomies, or rewrite rules for other purposes." johnjamesjacoby 10 Needs Dev / Bug Wrangler Feedback 10483 Change post_name's length from 200 to 400 SergeyBiryukov Permalinks normal minor Future Release enhancement reviewing dev-feedback 2009-07-25T06:31:52Z 2023-12-29T16:39:52Z "Hello, guys! Thank you very much for providing such a great piece of software! I love WordPress very much! :) I use WordPress in Russian language and the URLs on my [http://www.ielnur.com blog] consist of Russian characters. There is a [http://www.ielnur.com/blog/2009/05/снова-бросить-курить-30-тидневное-испытание/ post] with not such a long URL in Russian, but since it gets encoded to special characters it becomes too long to get fit into `post_name` field of `post` table. I've found what code needs to be changed to increase the length. I make these changes every time a new version is released. I think it would be better to submit a patch here so that others people can benefit from it and I will not need to make those changes every release. I'm attaching the patch to this ticket and asking you to apply it to the code. Thank you very much again, guys! You do a great job! :) Cheers, Elnur" elnur 52 Needs Dev / Bug Wrangler Feedback 6778 Detect when the config will cause infinite loop Permalinks 2.5 normal normal Future Release enhancement reopened dev-feedback 2008-04-19T13:46:14Z 2019-03-15T00:34:39Z "Behavior: If you put in http://www.domain.com in the ""Wordpress Address"" setting, then Wordpress will automatically do a redirect from http://domain.com to http://www.domain.com. Many hosting packages allow the user to deal with www and non-www versions of their domain. This will cause an infinite redirect loop if, for example, the ""Wordpress Address"" is set to http://www.domain.com and the hosting setting is set remove the www from the domain address-- to redirect http://www.domain.com to http://domain.com. Expected behavior: When setting the ""Wordpress Address"" setting, it should detect if the canocical code will cause an infinite redirect loop and warn/correct the mistake" Analogpoint 21 Needs Dev / Bug Wrangler Feedback 9825 Enforce permalink history, outright Permalinks 2.8 normal normal enhancement assigned needs-unit-tests 2009-05-15T01:06:37Z 2019-06-04T20:40:43Z "currently, we enforce old slugs and www pref (not even sure that works, since I ended up fixing it in a plugin). canonical doesn't work for pages, or hardly. we should enforce permalink history, outright. store it in a a db field, and query against it to optimize url2post()." Denis-de-Bernardy 13 Needs Dev / Bug Wrangler Feedback 10425 Improvements to IIS7 Rewriting Code Permalinks 2.8.1 low normal enhancement assigned dev-feedback 2009-07-16T14:12:09Z 2019-06-04T21:03:34Z "#8974 introduced a set of functions and changes which allow to automatically generate Rewrite Rules for Wordpress installs running on IIS7. There are some issues with that implementation that I think are worth being written down and discussed somewhere so here we go: 1) There's no '''""Verbose"" option''' for IIS rules; while I can't say when it would make sense to have a verbose listing of all WordPress rewrite rules in `.htaccess`/`web.config` it might be something that should be available for both systems? 2) IIS does not add '''non wordpress rules''' (`$non_wp_rules`) to the `web.config` file (`iis7_url_rewrite_rules()`) which means that any custom rewriting which plugins/users can do on apache don't work on IIS. 3) At the moment it's assumed that there is only ONE single rule needed for IIS. Especially when looking at the merge with WPMU this is going to become a problem because WPMU uses '''multiple rules'''. Every rule has to have a unique name and functions like `iis7_rewrite_rule_exists()` and `iis7_delete_rewrite_rule()` only look for one rule with name ""wordpress"". Custom Rules (see 2) also won't work without a change here. For a partial fix see misc.php in [http://trac.mu.wordpress.org/attachment/ticket/991/991-webconfig.patch Patch on MU #991]) Any comments?" bforchhammer 9 Needs Dev / Bug Wrangler Feedback 49871 REST API post link should be permalink for scheduled posts Permalinks 4.7 normal normal Future Release enhancement new dev-feedback 2020-04-10T19:13:25Z 2020-07-02T13:35:48Z "Scheduled posts now return something like this: {{{ { ""id"": 34, ""date"": ""2039-12-09T20:19:00"", ""slug"": ""message-from-the-past"", ""status"": ""future"", ""link"": ""https://example.com/?p=34"", } }}} But I believe it makes more sense to actually return the permalink as link: {{{ { ""id"": 34, ""date"": ""2039-12-09T20:19:00"", ""slug"": ""message-from-the-past"", ""status"": ""future"", ""link"": ""https://example.com/2039/12/09/message-from-the-past"", } }}} The only caveat is that we will need to create 301 redirects in case the slug changes (which is the case for published posts already). For example. if the slug becomes `old-message` the new link would be `https://example.com/2039/12/09/old-message`, but visiting `https://example.com/2039/12/09/message-from-the-past` should redirect to the new URL. There has been some discussion about this over here: https://github.com/WordPress/gutenberg/pull/21410#issuecomment-612132635" Jules Colle 12 Needs Dev / Bug Wrangler Feedback 23060 Throw 404 if URL Rewriting is Used With Default Permalinks Permalinks 3.5 normal normal Awaiting Review enhancement reopened dev-feedback 2012-12-26T20:54:55Z 2019-04-19T15:21:06Z "Suddenly I discovered that my blog is not returning error 404 page. My blog permalink is set as default style http://test.onetarek.com/?p=123 Now I am trying to create 404 error by using this url http://test.onetarek.com/adsfjkasjdd , it showing home page. Then I tested http://test.onetarek.com/?p=123654 now it shows 404 page. Then I tried to load a not existing image http://test.onetarek.com/wp-content/themes/twentyeleven/images/headers/not-image.jpg it shows my home page instead of 404 page. I changed my permalink settings to ""Day and name"" then it show 404 page. I tested this problem in my another blog, this blog is return 404 page but that is not generated by wordpress. Wordpress 404 theme page is not being loaded. A blank page is being loaded with a message by Apache Server ""Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request...."" So what is the problem with permalink settings and 404 page." onetarek 4 Needs Dev / Bug Wrangler Feedback 43791 Add the call to pingback_url to core instead of themes Pings/Trackbacks 4.9.5 normal normal Awaiting Review enhancement new dev-feedback 2018-04-17T20:03:24Z 2021-01-13T19:44:19Z "The `` section contains a lot of `` items that WordPress core generates. Why should themes be responsible for outputting the `pingback_url()` ``? The core code should remove this burden from the theme and ensure that it is handled every time and correctly. Currently, the theme needs code like this: {{{ function mytheme_pingback_header() { if ( is_singular() && pings_open() ) { echo ''; } } add_action( 'wp_head', 'mytheme_pingback_header' ); }}} and a lot of themes don't even have it, so then there are core options that don't work correctly. This logic belongs in core. " joyously 6 Needs Dev / Bug Wrangler Feedback 38207 Disable Trackbacks by Default Keep Pingbacks On Pings/Trackbacks low minor Awaiting Review enhancement new dev-feedback 2016-10-01T19:21:01Z 2017-03-07T23:23:29Z "Trackback is a manual technology. Pingback is an automated technology(automatically pings sites linked to in post content). The question comes from me as the component maintainer and I'm opening this as a place for if the proliferation of Trackback Spam and the manual requirement has made it worth disabling the receipt and/or sending of trackbacks by default while leaving pingbacks enabled. I continue to be committed to pingback and the concept in general, but I have to ask regarding the interest in trackback. I'm putting out a call for comment in this regard. The only recent trackback related requests involve expensive queries to send trackbacks(See #36824). Related #37007." dshanske 8 Needs Dev / Bug Wrangler Feedback 32653 Improve Linkback Presentation Pings/Trackbacks normal normal Awaiting Review enhancement new dev-feedback 2015-06-15T12:04:10Z 2017-02-14T20:31:27Z "The current default presentation for linkbacks(pingbacks and trackbacks) does not encourage their use. Currently,the presentation looks something like this: […] A pingback example. […] People have complained that the utility of linkbacks has been overshadowed by their use as a vector for DDOS attacks and spam. The recent improvements to Press This show we can do better in presentation of linked content. The pingback specification is a bit vague in terms of presentation suggestions, stating: ""Bob's blog also retrieves other data required from the content of Alice's new post, such as the page title, an extract of the page content surrounding the link to Bob's post, any attributes indicating which language the page is in, and so forth."" I am proposing by default we switch to a default with improved readability and more consistent with the user experience on other websites. For example, a basic linkback should display the author/site name, the name of the linked content, etc, rather than the summary, and that information stored as comment meta. This would look more like a citation. That display could be (optionally) progressively enhanced by other factors, for example, page markup such as MicroFormats, Microdata, or OpenGraph(popularized by Facebook), etc to add a better experience if the linked site supports it. The basic point is that linkbacks are unusable by people in their current form, but the idea of letting people know you linked to their content is a good one. It encourages conversation and interaction. I think we just need to make it a better experience. Otherwise, everyone just turns it off. I'm aware the above could be done by a plugin(and may start as a 'feature' plugin), however I think the basic structure of this change belongs in core." dshanske 5 Needs Dev / Bug Wrangler Feedback 56221 Add download URL to plugins REST create (install) endpoint TimothyBlynJacobs* Plugins 5.5 normal normal Future Release enhancement accepted dev-feedback 2022-07-14T21:51:39Z 2023-06-27T07:04:57Z "The `wp-json/wp/v2/plugins` endpoint allows installing plugins by POSTING the `slug` parameter. It then queries the .org plugin repo for the download link and proceeds to download and install that zip file using `Plugin_Upgrader`. I would like to be able to specify the download URL so I can install plugins from outside the .org plugin repo. My plan is to install plugins to my site when a I create a new release on GitHub, i.e. use GitHub Actions to POST the new download URL to my site, then serve the plugin to other sites using SatisPress. I tried unsuccessfully to find past related tickets that maybe discussed if omitting this functionality was intentional. It looks like a relatively easy change. I'll make PR for it soon. https://github.com/WordPress/WordPress/blob/4c265b66297074f09d66c17d9f14d11a5fffdb00/wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php#L289-L313" brianhenryie 13 Needs Dev / Bug Wrangler Feedback 38183 Add hooks to be run before and after each callback Plugins normal normal Future Release enhancement new needs-unit-tests 2016-09-28T23:41:23Z 2017-08-25T21:15:07Z "Since before the dawn of time, debugging tools have relied on the `all` hook to collect information about how long hooks take to run, and which callbacks are registered to that hook. This has a few drawbacks. Primarily, it's not possible to collect timing information about individual callbacks, and it's quite difficult to manage recursive hook behaviour. With that in mind, hooks that run before and after each callback would be quite valuable, but they do need to be considered carefully. * What kind of performance impact would they have? If there are no callbacks registered to these hooks, there should ideally be no performance impact. * Should they be `WP_DEBUG` only? This would discourage plugins from abusing them on production systems - they would only be used if the site admin explicitly sets the site to debugging mode. * Dealing with recursion is fun, should they provide any helpers for indicating recursion level, or is it up to the code hooking into them to handle that?" pento 3 Needs Dev / Bug Wrangler Feedback 31136 Allow plugin authors to register an additional 'Uninstall Notification' plugin header and to display back to the user during plugin uninstall flow Plugins normal normal Future Release enhancement new needs-unit-tests 2015-01-26T06:14:19Z 2017-02-05T09:58:14Z "In wp-admin/plugins.php wordpress displays to the user information about the plugins you are attempting to uninstall. Currently it only displays the name of the plugin name ($plugin[ 'Name' ]) and the plugin author ($plugin[ 'AuthorName' ]). In V4.1 this output is generated around lines 289-304. Is it possible to add another field that contains a short piece of information from the plugin author, that can be presented to the user for each plugin? The plugin would need to register this information with wordpress when it was installed or updated. Specifically, I envisage this being used for details that the user might need to follow to preserve any data that they might have before they actually delete the plugin. An example string that I can see being used by a plugin: If you wish to uninstall without losing your data, see the details at http://example.com/plugin-uninstall. Notes: - Such a string should of course be optional to preserve backward compatibility. - Appropriate filtering and length checks should be done on the string to ensure that the uninstall plugin UI isn't easily broken or disturbed. This avoids the plugin author filling the field with a string that stops the user from being unable to uninstall the plugin." cefiar 9 Needs Dev / Bug Wrangler Feedback 12718 Better structure for admin menu Plugins normal normal Future Release enhancement reopened dev-feedback 2010-03-26T01:05:37Z 2018-02-07T09:17:16Z "Currently, the global $menu variable is one big linear array: {{{ $menu = array( [2] => array('Dashboard', ... [4] => array('', 'read', 'separator1', ...), [5] => array('Posts', ...) ... ) }}} To allow plugins to add a menu item at the end of a group, we use a bunch of additional global variables that remember the last element in each group. Also, we use arbitrary numeric indexes to specify the order of the items, instead of being able to position items relative to one another. It's all very low level. Things would be a lot easier if we had an actual API for manipulating the menu items." scribu 87 Needs Dev / Bug Wrangler Feedback 46571 Fix contributors list in plugin information + duplicate CSS Plugins 5.2 normal normal Awaiting Review enhancement new dev-feedback 2019-03-20T08:28:07Z 2019-03-20T09:07:32Z I think the contributions list can be better with this change. mostafa.s1990 1 Needs Dev / Bug Wrangler Feedback 37656 Improve plugin bootstrapping processes Plugins normal normal Awaiting Review enhancement new dev-feedback 2016-08-14T11:32:28Z 2019-12-13T19:04:03Z "I recently thought about if we could make bootstrapping plugins easier and take away some common tasks that (should) happen in every plugin. It would also be nice to have a general plugin class registry. What I was thinking of is to introduce an abstract class `WP_Plugin` that plugin developers can extend for their plugin's main class. Then they would call a new function `register_plugin( __FILE__, $plugin_class_name )` to register that class with WordPress. We could take some regular processes away from the developer and, by doing that, also make sure that they don't implement it the wrong way. For example, we could take care of plugin installation routines: If the class implements a static method `install()`, the base class `WP_Plugin` would register an activation hook to an internal function that takes care of whether the plugin is activated network-wide. The actual `install()` method would only contain those steps necessary for the setup on the current site (`WP_Plugin` would take care of switching sites as appropriate). Many plugin developers overlook Multisite in their setup routines, causing the plugin to only install on the main site although being network-activated. We could also deal with other tasks, like hooking the `bootstrap()` method of the plugin class in `plugins_loaded` or `muplugins_loaded` (detected by the base class). I think this whole concept could improve the way plugins initialize themselves. It would not be mandatory (since several plugins don't even use classes), but it would become a best practice. This is just an idea that I wanted to throw on Trac to discuss about it. If we get to the point that we agree this is a good idea, we would need to come up with actual details (of which I don't have any yet)." flixos90 15 Needs Dev / Bug Wrangler Feedback 39441 Improve the Settings API for accessibility and ease of use. Plugins normal normal Future Release enhancement new dev-feedback 2017-01-02T21:58:14Z 2023-01-10T18:32:17Z "Today a kickoff meeting for the Settings API took place on Slack (Archive: https://wordpress.slack.com/archives/accessibility/p1483376507000492) where we discussed ways to improve it, both in terms of accessibility and ease of use. After a good discussion we came to the conclusion that we would like to focus on the existing Settings API for now and do what we can to improve it. The Fields API project will eventually make the process of registering settings and having them automatically rendered even easier and complete, but we should not wait until it is ready for a core-merge, as some issues in the existing Settings API should be solved sooner than later. We figured out two main goals: * Add some basic support to automatically render fields so that plugin developers no longer need to write their own callback functions for basic fields. * Get rid of the table structure to improve accessibility. Furthermore the accessibility team should also ensure that the markup generated as the core field output is accessible. For the technical improvements, we would like to do the following: * Adjust `add_settings_field()` to support a predefined set of identifiers for a field type instead of a callback function. In that case a default callback function that we would introduce in core would take care of rendering the field. The requirement to write custom callbacks for even the most basic fields is one major issue with the current Settings API and why most people rely on external libraries for that. * Enhance the `$args` parameter of `add_settings_field()`. It should become more significant and probably go through some validation, filling it with default values. This is especially important for the new default callbacks. * Possibly support providing one `$args` array as sole parameter to `add_settings_field()` that contains the other parameters as well. This would of course need to work in a backward-compatible way. For the accessibility part, we would like to do the following: * Scaffold an HTML prototype for what a settings page should look like. This will give a good overview of the accessibility approach we should take without having to deal with the PHP implementation. * Get rid of the current table structure. Whatever the above prototype looks like, it will not have tables anymore. We can generally remove the table structure and change it to something else easily, since all the table output is generated by core (in particular by `do_settings_sections()` and `do_settings_fields()`). For everyone who uses the API as recommended, this will not bring any BC issues unless they are using specific table-related selectors (like `td`) in CSS or JS code. It is unclear whether these should be considered edge-cases and whether a dev-note reflecting the changes is sufficient, or whether we should only support the new markup through an additional parameter which would default to the current `table` way. The latter is backward-compatible, but on the other hand it would decrease the amount of sites that become more accessible out-of-the-box. * Do not deal with people who completely write the table markup manually. We simply cannot do this, other than recommending them to switch to using the Settings API or at least changing their markup. The only thing to keep in mind here is that we should never remove any CSS related to these tables, in order to keep their code working. All of these enhancements would also benefit #38734 as it would become a lot easier to change core's own settings pages to actually use the Settings API. We will from now on have meetings on Slack to continue discussion in detail every 2 weeks on Monday at 17:00 UTC. However, general opinions and discussion can and should also be placed in this ticket." flixos90 36 Needs Dev / Bug Wrangler Feedback 44853 Remove extra condition Plugins normal minor Awaiting Review enhancement new dev-feedback 2018-08-28T03:45:58Z 2018-09-04T17:06:56Z Remove extra `if` condition from `get_plugins` function. abhijitrakas 1 Needs Dev / Bug Wrangler Feedback 60061 "Rename ""add new plugin"" button" Plugins normal normal Awaiting Review enhancement new dev-feedback 2023-12-13T16:26:01Z 2024-01-26T09:31:53Z "Hello For several versions now, we can update a plugin (and theme) by using the ""add new plugin"" feature. I think we should find a better wording because the button is not only to add a new plugin, we can update one too. At first, we could change the label button to ""Add new or update a plugin"" but it's quite long label" sebastienserre 4 Needs Dev / Bug Wrangler Feedback 27425 Templates For Posts Formats Post Formats normal normal enhancement new dev-feedback 2014-03-15T18:16:18Z 2019-06-04T20:46:12Z "If I opt to use Custom Post Templates, then I can easily put a custom post template by putting a file named single-[name of the custom post], but that same feature is not available for the post formats. I love the post format feature in WordPress, and people just don't want to use that for some reasons, but this would really attract some of the audience to use the post formats. For example, a post with Audio format will first look for single-audio.php or single-audioformat.php or anything cuz it single-audio.php may effect the Audio Custom post type. What do you guys think of this idea?" hardeepasrani 4 Needs Dev / Bug Wrangler Feedback 15230 Action hook before the inserting post into the database Posts, Post Types 3.1 normal normal Future Release enhancement new dev-feedback 2010-10-27T09:18:46Z 2021-05-11T12:51:37Z "Something like {{{ do_action( 'pre_post_insert', $data, $postarr ); }}} added to ''wp_insert_post'' function right after the ""else"" statement on line 2501 in .../wp-includes/post.php " johnnypea 14 Needs Dev / Bug Wrangler Feedback 23207 Add $labels argument to register_post_status() Posts, Post Types 3.0 normal normal enhancement reopened dev-feedback 2013-01-15T19:32:54Z 2019-06-04T20:43:43Z "WordPress functions '''register_taxonomy()''' and '''register_post_type()''' has '''labels''' argument. Why not add labels to '''register_post_status()'''? The current way to add status: {{{ $args = array( 'label' => __( 'draft', 'text_domain' ), 'label_count' => _n_noop( 'Draft (%s)', 'Drafts (%s)', 'text_domain' ), 'public' => false, 'show_in_admin_all_list' => true, 'show_in_admin_status_list' => true, 'exclude_from_search' => true, ); register_post_status( 'draft', $args ); }}} The new way (using labels): {{{ $labels = array( 'name' => __( 'Draft', 'text_domain' ), 'singular_count' => __( 'Draft (%s)', 'text_domain' ), 'plural_count' => __( 'Drafts (%s)', 'text_domain' ), 'any_other_label' => __( 'Any Other Label', 'text_domain' ) ); $args = array( 'labels' => $labels, 'public' => false, 'show_in_admin_all_list' => true, 'show_in_admin_status_list' => true, 'exclude_from_search' => true, ); register_post_status( 'draft', $args ); }}}" ramiy 8 Needs Dev / Bug Wrangler Feedback 46171 "Add ""backing up this post in your browser"" label to post-type" Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2019-02-01T20:58:56Z 2019-02-01T20:58:56Z "When the internet connection is lost, on a non-block-based post-type, some helpful text appears in an admin notice to alert users their content will not be lost: ""We’re backing up this post in your browser, just in case"" Keyword: **post**. It would be nice if that string were post-type specific, perhaps part of the `labels` array of the post-type registration process." johnjamesjacoby Needs Dev / Bug Wrangler Feedback 41893 Add URL filter in posts list table get_edit_link() Posts, Post Types 4.9 normal normal Awaiting Review enhancement new dev-feedback 2017-09-15T19:58:55Z 2020-02-15T13:02:42Z "In `get_edit_link()` in the WP_Posts_List_Table class, the URL to edit.php is hard-coded and is not filterable. I'm currently working on a project that has complex filtering and the client wants to maintain the filters as they click through to different statuses. Currently, the only way to update just the URL to edit.php is to use the `""views_{$this->screen->id}""` filter, use regex to find the URL in the markup, then update the URL in the markup as-needed. The proposed `wp_posts_list_table_edit_url` filter would allow filtering of the generated URL separate from the markup. " GunGeekATX 1 Needs Dev / Bug Wrangler Feedback 36492 Add `WP_Post_Status` class Posts, Post Types 3.0 normal normal enhancement reviewing dev-feedback 2016-04-12T10:30:14Z 2019-06-04T20:56:46Z "Similar to #36217 and #36224, a dedicated class for post statuses would make it easier to work with those as they are currently represented through raw objects. The global variable `$wp_post_statuses` would then hold objects of `WP_Post_Status` which would provide the benefits of autocompletion in IDEs, and we could possibly add methods to the class in the future to make post status management easier." flixos90 16 Needs Dev / Bug Wrangler Feedback 54020 Add a filter to allow updating post without changing the modified dates Posts, Post Types 5.9 normal normal Awaiting Review enhancement new dev-feedback 2021-08-26T22:40:11Z 2021-09-29T21:12:15Z "wp_update_post calls wp_insert_post which has code that always changes the modified date this causes problems when trying to fix posts via batch/wp-cli type operations {{{#!php post_date_gmt; $data['post_modified_gmt'] = $post->post_date_gmt; return $data; }; add_filter( 'wp_insert_post_data', $function, 10, 2 ); $updated = wp_update_post( $args ); remove_filter( 'wp_insert_post_data', $function ); }}} This function needs to make get_post() call for each insert and this slows the process in a big way I have added a filter that allows us to turn off the modification and set the date if needed {{{#!php date1, 'post_date_gmt' => date2 ) */ $update_date = apply_filters( 'wp_update_post_preserve_dates', false, $postarr ); if( false === $update_date ) { $post_modified = current_time( 'mysql' ); $post_modified_gmt = current_time( 'mysql', 1 ); } elseif ( ! is_array( $update_date ) && strtotime( $update_date ) ){ $post_modified = $update_date; $post_modified_gmt = get_gmt_from_date( $update_date ); } elseif ( is_array( $update_date ) && isset( $update_date['post_modified'] ) && isset( $update_date['post_modified_gmt'] ) ){ $post_modified = $update_date['post_modified']; $post_modified_gmt = $update_date['post_modified_gmt']; } else { $post_modified = $postarr['post_modified']; $post_modified_gmt = $postarr['post_modified_gmt']; } } else { $post_modified = $post_date; $post_modified_gmt = $post_date_gmt; } }}} " pbearne 8 Needs Dev / Bug Wrangler Feedback 50546 Add better error notices when deleting things fail Posts, Post Types normal normal Future Release enhancement new dev-feedback 2020-07-03T09:50:01Z 2020-07-07T13:48:56Z "I've stumbled upon this when working with foreign key restraints and post deletion. Working on a project I've added some data to the custom DB table row that has a foreign key association with custom post type post. So, when I try to delete the post it will fail, as it should 🎉. But the error I got was: `Error in deleting`. Hmmm, ok. Not a big deal. WordPress is pretty flexible in most cases, so there's bound to be a filter for that. When searching for it, upon checking the above string I've found 5 matches in 3 files. So if some error happens when deleting a post, you'll get that message in `wp_die`. If it happens on attachment delete, the same message. How are you supposed to know where that error came from, just from the message? You need to check the error log, etc. Which is ok when you're a developer, but what if you're not? A user could get this message on the screen from some plugin and then they'll open up a support question with this message. Not really helping the debugging process. I'm not saying the entire stack trace should be visible (that is advanced debugging), but even just adding `Error in deleting a post`, or `Error in deleting an attachment` would be an improvement IMO. Having some extra details would be even better, but small steps first. " dingo_d 5 Needs Dev / Bug Wrangler Feedback 12726 Add get_post_by_*() functions Posts, Post Types 3.0 normal normal enhancement assigned dev-feedback 2010-03-27T05:57:13Z 2019-06-04T20:41:11Z "Current there are get_page_by_path() and get_page_by_title() function but they hardcode the post_type of 'page'. With support for new custom post types I'm finding a need for functionality to look up posts of custom post types: {{{ $args = array('post_type','my_custom_post_type'); $path = 'foo-bar'; $post = get_post_by_path($path,$args); $title = 'Foo Bar' $post = get_post_by_title($title,$args); }}} Another option would be a simple get_post_by(): {{{ $args = array('post_type','my_custom_post_type'); $path = 'foo-bar'; $post = get_post_by('path',$path,$args); $title = 'Foo Bar' $post = get_post_by('title',$title,$args); }}} This code is not hard to write but looking at the functions in post.php there's not one consistent style so I'm not sure what the best approach would be to write it. Further, I don't completely understand the significance of all the code in get_page_by_path() so wouldn't want to start with it (although I could see it being modified to use the more generic functions that I propose.) I can make these updates if I get enough direction from the core team, or I'd happily just see them get done. :) " mikeschinkel 8 Needs Dev / Bug Wrangler Feedback 14077 Add support for removal of multiple features from a post type in remove_post_type_support Posts, Post Types 3.0 normal minor enhancement new dev-feedback 2010-06-24T18:10:59Z 2020-01-09T00:34:23Z "From [http://groups.google.com/group/wp-hackers/browse_thread/thread/1843101eba1f29fc this thread] add_post_type_support allows an array to be passed as the 2nd parameter, but remove_post_type_support doesn't. The patch attached adds the functionality." Utkarsh 11 Needs Dev / Bug Wrangler Feedback 32545 "Adding actions before and after ""Add New"" button" Posts, Post Types 4.2.2 normal normal Awaiting Review enhancement reopened dev-feedback 2015-06-01T05:33:27Z 2019-05-30T00:04:12Z "We need a proper action to add new customs options (button, link, information) before and after the ""Add New"" button of post pages. Such as http://stackoverflow.com/questions/29811433/wordpress-add-custom-button-on-post-type-list-page on #wp-admin/edit.php line 281 on #wp-admin/edit-form-advanced.php line 395 This is just a addition of actions to make wordpress more customizable and modular. Few use-case scenarios [[Image(screenshot1.png)]] [[Image(screenshot2.png)]] '''Solution''' We can use the following sample code to solve the problem. {{{#!php /** * Fires before the Add New button is added to screen. * * The before_add_new- hook fires in a number of contexts. * * The dynamic portion of the hook name, `$pagenow`, is a global variable * referring to the filename of the current page, such as 'edit.php', * 'post.php' etc. A complete hook for the latter would be * 'before_add_new-post.php'. */ do_action('before_add_new-'.$pagenow); if ( current_user_can( $post_type_object->cap->create_posts ) ) echo ' ' . esc_html( $post_type_object->labels->add_new ) . ''; /** * Fires after the Add New button is added to screen. * * The after_add_new- hook fires in a number of contexts. * * The dynamic portion of the hook name, `$pagenow`, is a global variable * referring to the filename of the current page, such as 'edit.php', * 'post.php' etc. A complete hook for the latter would be * 'before_add_new-post.php'. */ do_action('after_add_new-'.$pagenow); }}} " vivekbhusal 8 Needs Dev / Bug Wrangler Feedback 55978 Adding optional post parameter to get_the_modified_author function Posts, Post Types 2.8 normal normal Future Release enhancement new changes-requested 2022-06-14T17:57:41Z 2023-02-07T06:14:00Z "With the current implementation of the `get_the_modified_author()` it is not possible to use this function with the custom WP_Query loop. It takes the post ID using the `get_post()` which returns the global post id and there is no way to pass the ID from the custom query. We want to add the optional post parameter in `get_the_modified_author` function so that we can use this function in custom loops as well. By doing this change we also make this function follow the same standard as other ""get_the_"" functions like `get_the_title`, `get_the_content`, `get_the_terms` etc. " samirmalpande 11 Needs Dev / Bug Wrangler Feedback 35537 AllPosts page: sorting is not remembered Posts, Post Types 4.4.1 normal minor Future Release enhancement new dev-feedback 2016-01-19T22:43:43Z 2017-02-06T09:13:22Z "STEPS TO REPRODUCE 1) Log in (administrator). 2) Remove all posts. 3) Create 3 new posts with titles accordingly ""1"", ""2"", ""3"" 4) Go to AllPosts page. 5) Click on ""Title"" column header to sort posts by title (as a result: posts is sorted in order 1,2,3). 6) Click ""Published (3)"". 7) Click ""All (3)"" EXPECTED RESULT: posts is sorted in order 1,2,3 ACTUAL RESULT: posts is sorted in order 3,2,1" antonrinas 2 Needs Dev / Bug Wrangler Feedback 52888 Docs: Update get_children function SergeyBiryukov Posts, Post Types normal minor Future Release enhancement reviewing dev-feedback 2021-03-23T01:38:42Z 2022-09-20T00:31:17Z get_children documentation is very confusing to read, an entire essay for what could be said in a single paragraph, so I've rewritten it. ribaricplusplus 7 Needs Dev / Bug Wrangler Feedback 38715 Facilitate posts storing raw JSON in post_content by short-circuiting KSES and other filters Posts, Post Types normal normal Future Release enhancement new dev-feedback 2016-11-08T21:55:55Z 2019-03-26T07:59:01Z "When attempting to store arbitrary JSON in WordPress, the `post_content` field is the logical choice. Using `post_content` to store arbitrary JSON instead of postmeta is more performant and it also means that the JSON content will automatically get support for revisions. Storing JSON is done in core now for `customize_changeset` posts and it is done in the `widget_instance` post type in the Customize Widgets Plus plugin. In both cases, however, there are challenges when storing the JSON due to filters that may apply on `content_save_pre`. In particular, the KSES filters will apply on the `post_content` and strip out markup that is intended to be contained within JSON strings. The solution taken by changesets is to wrap the updates to the `customize_changeset` post type by the `\WP_Customize_Manager::save_changeset_post()` method. Before this method calls `wp_update_post()`/`wp_insert_post()` it suspends the KSES filters temporarily: {{{#!php $post_type, 'meta_key' => $meta_key, 'meta_value' => $meta_value, 'meta_compare' => '=', ); $posts = get_posts( $args ); if ( ! empty( $posts[0] ) ) { return $posts[0]; } return false; } }}} " DaveyJake Needs Dev / Bug Wrangler Feedback 51365 Introduce dedicated function to check if post meta exists Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2020-09-20T21:12:09Z 2020-09-20T23:15:28Z "Just wanted to suggest a simple function that checks for pre-existing metadata for the native `post` post type. Looking forward to getting more involved and collaborating with everyone! {{{#!php register() Posts, Post Types 5.4 normal normal Awaiting Review enhancement new dev-feedback 2020-03-13T16:12:45Z 2020-03-13T17:16:54Z "I have not looked at `register_post_type()` in several years, but was pleasantly surprised to find major improvements where most of the logic was refactored and moved to `WP_Post_Type`. Still though, it appears there are a few missing capabilities that a bit more refactoring would resolve. I propose we move most of the logic found in `register_post_type()` into `WP_Post_Type->register()` and a bit of the validation logic into `WP_Post_Type->__construct()` ''(see attached patch.)'' Similarly, it would make sense to also move the logic in `unregister_post_type()` to a `WP_Post_Type->unregister()`. One of the benefits of this change is that currently `register_post_type()` has validation logic but `WP_Post_Type->__construct()` does not so someone can call `new WP_Post_Type('this-is-a-far-too-long-post-type-name')` and not get an error and allow a too-long post type name to be registered whereas `register_post_type('this-is-a-far-too-long-post-type-name')` currently throw an error and not let the name through. With this change, but approaches would validate. The benefit of adding `WP_Post_Type->register()` and `WP_Post_Type->unregister()` is simply that those wanting to use the object to create their post types do not need to duplicate the logic in `register_post_type()`. The benefit of this is being able to write code like this and leverage PHP's validation of object property names: {{{#!php label = __( 'Widgets', 'my_app' ); $post_type->public = true; $post_type->menu_icon = 'dashicons-admin-generic'; $post_type->register(); }}} Notice I added a backward-compatible additional parameter to the `unregistered_post_type` hook to indicate if the post type existed in `$wp_post_types` before the attempt to unregister it. AFAICT there will be no backward compatibility or documentation issues with this change, so this should be a slam-dunk, right? " MikeSchinkel 3 Needs Dev / Bug Wrangler Feedback 49773 Navigating through list of posts on single.php is not functioning Posts, Post Types 5.5 normal major Awaiting Review enhancement new dev-feedback 2020-04-01T23:30:54Z 2020-04-02T02:44:45Z "Wordpress is fantastic, but there are some flaws (at least from my perspective). I don't know if this can be classified as a bug or an enhancement, but WordPress expects that (single) pages could contain archive listings and might require pagination, yet single posts do not expected to have archive listings which is causing this issue. Instead of taking the page-slug/page/#/, it should take the post-slug/#/ when using the pagination in single.php. What's happening is that the page # request portion is ignored and $paged will always be 1, and the “wrong” URL is rewritten to the “correct” one. Taking the $paged value from the main query and use it in a custom query often is problematic. So, it does not allow us to add navigate through a list of posts in single.php. When using e.g. this snippet: {{{
...
}}} It will only spit out the HTML elements, but not the buttons, as there is nothing to show. Another example: {{{#!php 25, 'paged' => $paged, ) ); $paged = ( get_query_var( 'paged' ) ) ? get_query_var( 'paged' ) : 1; if ( $wp_query->have_posts() ) : ?> have_posts() ) : $wp_query->the_post(); ?>
  • "">
    "">
  • }}} Nothing works. Best case scenario is that it adds a page, but you then get the following: websiteURL/post-url/page/number And of course, that also does not work and therefore you can't scroll through posts as you like. Can we get this checked and hopefully fixed, please? I am desperately waiting for this, and many more are like me (Stackoverflow is filled with these questions)." 1BJK903 1 Needs Dev / Bug Wrangler Feedback 39848 New filter 'the_title_wrap' Posts, Post Types 4.7.2 normal normal Awaiting Review enhancement new dev-feedback 2017-02-11T20:46:21Z 2017-07-03T15:18:35Z "== Problem: In plugin I wish to add some markup after/before the post and page title so, naturally, I use `the_title` filter. However, this filter is applied on `get_the_title()` function which is used by all instances of post title all over the page (menus, edit links etc). On top of that, more and more themes are using `the_title()` with before and after params which makes all my custom markup wrapped inside this before and after. So when theme is using `the_title( '

    ', '

    ' )`, and my markup in filter is, for example an image, then I get: {{{

    The title

    }}} Or something even worse if my custom markup is more complex. == Proposal (possible solution): I have tested another filter on `the_title()` function **(wp-includes/post-template.php)** and it gave me exactly what I needed: {{{#!php /** * Display or retrieve the current post title with optional markup. * * @since 0.71 * * @param string $before Optional. Markup to prepend to the title. Default empty. * @param string $after Optional. Markup to append to the title. Default empty. * @param bool $echo Optional. Whether to echo or return the title. Default true for echo. * @return string|void Current post title if $echo is false. */ function the_title( $before = '', $after = '', $echo = true ) { $title = get_the_title(); if ( strlen($title) == 0 ) return; $title = $before . $title . $after; /** * Filters the post title after 'the_title' filter. * * @param string $title The post title. */ $title = apply_filters( 'the_title_wrap', $title ); if ( $echo ) echo $title; else return $title; } }}} I named it `the_title_wrap` because it wraps everything that comes with `the_title` function and filter. This filter doesn't apply on menus, edit links etc. Tested on twenty* themes, it applies only on posts and pages title on singulars and on posts title inside the loop on archive pages. Also, my custom markup doesn't end up inside `

    ` or `` tags. Now it looks like this: {{{

    The title

    }}} This is, of course, somewhat uncertain because I'm counting on theme author to use `the_title()` instead of `get_the_title()` but I think it's worth of effort as sometimes it becomes nearly impossible to target only entry title on singular or inside loop on archives etc. Thank you." milana_cap Needs Dev / Bug Wrangler Feedback 35097 New filter: `edit_post_type_title` Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2015-12-15T09:15:30Z 2017-02-05T13:53:13Z "Filter in edit.php to filter title. Why ? I filter this page by term and I want have title of current term edit.php?post_type=investor-day&funds-categories=title" sebastian.pisula 4 Needs Dev / Bug Wrangler Feedback 14017 "New template ""tag"": get_custom_field()" obenland Posts, Post Types 3.0 normal normal Future Release enhancement assigned needs-unit-tests 2010-06-21T04:13:03Z 2022-08-14T14:59:34Z "It would be helpful to have a way to retrieve a custom field value that is somewhat agnostic of current context. '''Current way to do this''' In the header (i.e., before the Loop), one has to access the currently-queried object to get a custom value, with something like this: `$value = get_post_meta($GLOBALS['wp_query']->get_queried_object_id(), 'field', true);` In the Loop: `$value = get_post_meta(get_the_ID(), 'field', true);` And, lots of tutorials out there tell people to do things like the following, with varying degrees of success (depending on variable scope): `$value = get_post_meta($id, 'field', true);` or `$value = get_post_meta($post->ID, 'field', true);` '''My proposed function (or ""template tag"")''' mixed '''get_custom_field''' ( string ''$fieldname'' [, int ''$post_id'' ] ) `$value = get_custom_field('field');` It picks the current object like so: {{{ Passed post object ID? / \ yes no | | use it | | within Loop? / \ yes no | | use current | Loop ID | | currently queried object is singular? / \ yes no | | use its ID ID = 0 }}}" filosofo 13 Needs Dev / Bug Wrangler Feedback 45864 On list page All(x) count does not consider Trash items. Hence Trash should appear differently Posts, Post Types 5.0.2 normal normal Awaiting Review enhancement new dev-feedback 2019-01-08T13:29:48Z 2019-05-22T12:33:17Z "I find it confusing with the way WordPress shows `All(xx)` along with a broken down counts of each status when we have trashed items, `All(xx)` only considers un-trashed posts. So I feel displaying `Trash(xx)` exactly as rest of the status is not visually right. Since Trashed items are not considered in `All` count, it needs to be displayed a bit differently. I think if we can do something like the following it will look more logical. 1. Increase left margin before `Trash(xx)` so that it looks a bit separated. 2. Change the color of Trash link to `#dc3232`. Since `Delete Permanently` and `Trash` links are also using red color. 3. One more observation. We are writing `Published`, `Scheduled`, so I think rather `Trashed` could be used instead of `Trash` to match the rest. Here is a proposed solution: File: `/wp-admin/css/common.css` {{{ .subsubsub li.trash-posts { margin-left: 2rem; } .subsubsub li.trash-posts a { color: #dc3232; } }}} File: `wp-admin/includes/class-wp-list-table.php` {{{#!php $view ) { if( 'trash' === $class ) { $views[$class] = ""\t
  • $view""; } else { $views[$class] = ""\t
  • $view""; } } ... } }}} File: `wp-includes/post.php` {{{#!php _x( 'Trash', 'post status' ), ... ... 'label_count' => _n_noop( 'Trash (%s)', 'Trashed (%s)' ), ... ) ); }}} Please let me know if this makes sense." subrataemfluence Needs Dev / Bug Wrangler Feedback 36324 Post status labels use inconsistent grammar Posts, Post Types normal normal enhancement new dev-feedback 2016-03-25T05:57:25Z 2019-06-04T20:56:27Z "Our post status labels switch back and forth between being verbs, adjectives, or potentially past-participles: * All * Mine * Published * Scheduled * Drafts * Trash I'd like to suggest we tidy these up. Maybe something like: * All * Authored (I don't love this, but you get the idea) * Published * Scheduled * Drafted * Trashed " johnjamesjacoby 1 Needs Dev / Bug Wrangler Feedback 39666 "Put front page on top of ""All pages"" list" Posts, Post Types normal normal Future Release enhancement new dev-feedback 2017-01-23T03:33:36Z 2020-02-27T21:57:27Z "I'd like to see the front page and blog page as first elements in the pages list (if such are set of course), no matter what priority they may have. What do you think? Screenshot follows." Presskopp 13 Needs Dev / Bug Wrangler Feedback 40825 Re-addressing validation/sanitization of IDs to allow filtering before WP_Post (and others) database query Posts, Post Types 4.7.5 normal normal Awaiting Review enhancement new dev-feedback 2017-05-20T00:00:04Z 2017-09-26T21:47:27Z "The following ticket spawned from a desire to import content from outside of the WordPress database but have it treated as a native content type. A concept that has a clear audience that desires this functionality (see ticket: #12955) and has been addressed in a number of different ways. I believe the least impactful way to address this ''without'' removing the 'final' keyword from the WP_Post class that also improves standards for validation and sanitization of the ID value typically passed to get_posts() is to use the ID as a sort-of 'decorator' unto itself. When merging the content from multiple sources to be displayed in a theme the biggest conflict to arise is duplication of IDs. Since the remote source is ignorant to the ID numbers already in use in the wp_posts table, a requirement for a ""decorated"" ID determined. WordPress currently does not have a standard method for validating the format of the variable that will ultimately be passed to get_post() to create a new WP_Post object. The following methods are implemented in core files to attempt to sanitize '''''or''''' validate the value passed as an ID ^(*see links for pro/cons of usage in WP)^: * [https://gist.github.com/LinzardMac/b27e738aee52cb3e45c1909fb555cec5 (int) Typecast / intval()] * [https://gist.github.com/LinzardMac/0d1915dfe78fc68f0b3c64d50cf2cb41 is_numeric()] * [https://gist.github.com/LinzardMac/31ed99f8faa34ffad6e666f213e99870 absint()] == '''My Suggestion''' == I recommend creating a new function that will standardize the validation and sanitization of ID numbers that are being passed to a database query. All instances of is_numeric, (int), intval(), and absint() that are used as a way to validate or sanitize (or both validate and sanitize) an ID number that is passed to a query from an external function should be replaces with a new function that will serve both purposes. The new function will return a falsey response OR throw an exception when validation fails or if validation passes, will sanitize the value to a format compatible with the typical MYSQL type for the ID column (bigint). Inside of this new function we can include a filter that will allow developers to override certain restrictions, specifically for allowing external content to be treated as a WP_Post object or some other native content that commonly would exist in WordPress’ database. Since WP_Post will always look for a cached version of the object before querying the database, we make sure to store all necessary values in the cache before the template is loaded after we run our remote_get. We utilize the concatenated ID which is formatted like 12345-REMOTE as the ID in the cache so as to avoid conflicts w/ existing post IDs that are also stored in the memory cache. The only hurdle to this was the fact that core files were forcibly casting IDs as integers long before a query of any sort were to be made. The argument for sanitizing early was to catch malformations early, but all it seemed to do was force the type early and never truly ""caught"" a bad value passed as an ID. A true “early catch” would either sanitize early w/ a falsey response or Exception and/or find the cached version as early as the sanitization so as to avoid the rest of the process of getting the WP_Post instance anyways. Available in the following gist is my suggestion for a better validation function I called ```is_valid_id()```, an example of how filters can be used on this sanitization function to allow external content to be treated as if it was a WP_Post object, and it's usage within a core file that previously used one of the subpar validation functions ( in this case meta.php using is_numeric() ) *comments in the file are just opinions and alternative thoughts I had while crafting this https://gist.github.com/LinzardMac/38bbe22feb0b0a3fbabfcf64d797cd80 !** It could be worthy of note that I have been using some version of this code in a live production site for the last 4 months without any changes needed to plugins or template files to account for this ""non native"" content. " LindsayBSC 5 Needs Dev / Bug Wrangler Feedback 35842 Register Post Type function label default Posts, Post Types normal normal enhancement new dev-feedback 2016-02-16T10:14:42Z 2019-06-04T20:55:17Z "When registering a Post type if the label or labels arguments are not set the label takes on a default of 'Posts' and not the Post type's name. It states in the documentation that the label takes on the name of the Post type passed in as the first argument. I believe the fix is as simple as updating the defaults variable in wp-includes/post.php on line 1017 with the label argument set to the post_type variable. {{{#!php $post_type, 'labels' => array(), 'description' => '', 'public' => false, 'hierarchical' => false, 'exclude_from_search' => null, 'publicly_queryable' => null, 'show_ui' => null, 'show_in_menu' => null, 'show_in_nav_menus' => null, 'show_in_admin_bar' => null, 'menu_position' => null, 'menu_icon' => null, 'capability_type' => 'post', 'capabilities' => array(), 'map_meta_cap' => null, 'supports' => array(), 'register_meta_box_cb' => null, 'taxonomies' => array(), 'has_archive' => false, 'rewrite' => true, 'query_var' => true, 'can_export' => true, 'delete_with_user' => null, '_builtin' => false, '_edit_link' => 'post.php?post=%d', ); }}}" moshiezz 2 Needs Dev / Bug Wrangler Feedback 24672 Remove final from WP_Post class Posts, Post Types 3.5 normal normal Awaiting Review enhancement reopened dev-feedback 2013-07-02T03:48:03Z 2018-04-18T19:44:22Z "After discussing it with stephdau and reading through #21309, I think a discussion should be had on the validity of using the final keyword on the class. While I agree that a decorator pattern is probably best for building the class, there is still no reason for the keyword to be used. If someone wants to extend the class then they should be allowed to do so." carlalexander 23 Needs Dev / Bug Wrangler Feedback 14558 Separate Database Table Support for Custom Post Types Posts, Post Types normal normal Awaiting Review enhancement reopened dev-feedback 2010-08-07T06:55:07Z 2024-03-04T09:51:27Z "While working on custom post types, I felt need for this enhancements. This can be achieved by adding an extra argument to the register_post_type function like below... {{{ register_post_type( 'acme_product', array( 'labels' => array( 'name' => __( 'Products' ), 'singular_name' => __( 'Product' ) ), 'public' => true, /* Database separation */ 'db_tables' => array( 'prefix' => '', //by default, value of $table_prefix will be used. If user sets this value to something, it will be used as prefix for both of following tables 'base_prefix' => '' , //this will control it tables are to be kept sitewide or per blog 'posts_name' => 'acme', 'postmeta_name' => 'acmemeta', ), ); }}} This small enhancement (not from coding perspective) will help more plugins authors go for custom post type. Reasons are - first they will get option to have separate data storage. Second - if some other badly coded plugin manipulates wp_posts table in some wrong way, it won't have sideeffect on third-party data. Third - Plugin authors will get more space to experiment as at any time they will be dealing with their own plugin's data. Of course, one of the goal of this nice feature must be to abstract database layer, but as a developer I feel it would be better if I can have some control over database without loosing power of this new (custom post type) feature." rahul286 41 Needs Dev / Bug Wrangler Feedback 24572 Should be able to unlock a post outside of ajax handler Posts, Post Types normal normal enhancement new dev-feedback 2013-06-12T20:28:37Z 2019-06-04T20:44:25Z "Right now you can programmatically lock a post for editing using wp_set_post_lock, but you can't unlock it in a similar fashion. The only unlocking code is found in the ajax handler wp_ajax_wp_remove_post_lock. I've created a function wp_unset_post_lock in the style of wp_set_post_lock that unlocks a post with a given ID. I've also refactored wp_ajax_wp_remove_post_lock to use this function. The only resulting difference is that we use the current user's ID instead of the one supplied in the ajax call, but since we're unlocking the post instead of locking it, it doesn't really matter who's ID is in the meta. This change was requested by Joey Kudish of the VIP team." bbrooks 4 Needs Dev / Bug Wrangler Feedback 39439 Should wp_insert_attachment() update GUID Posts, Post Types 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-01-02T12:58:08Z 2021-08-06T11:58:02Z "I have a ""special"" case scenario related to media library attachments. For the context, I've built a plugin that connects to an external server and sync images stored into the remote server into local WordPress media library. The importer upload files, generate the thumbnails and create a new ""attachment"" post. Now, an import process is ran everyday, and basically we re-import the remote images into WordPress but in order to avoid duplicates, we're updating existing attachments if exist. Now, during this update process, we only remove the files stored into the `uploads` directory, import the new one with its thumbnails and update the attachment post. Before doing so, our first approach was to check if an attachment exists, if exists, delete the attachment + its files and then simply create a new attachment. This first approach works but we're having huge ID number into the DB after the import as it generates thousand of new records which we didn't want. So now, only the files are updated, if an attachment post exists, we update its metadata and everything works as expected. Now the issue/remark we have is that during the update of the attachment post, each time we import the new image file, we set the `guid` property to change and use the new imported file path. But when we check the database table, the `guid` is not updated at all and reflects the path to the image file imported the first time. Looking at source code, during an update, the `guid` is not modified in general as for RSS feeds we need that unique `guid`. Our question is, is it relevant in this scenario to keep old `guid` property that points to a file that no longer exists? and so should we allow the `guid` to be updated by default in core for the attachment? If RSS readers need that `guid`, why attachments use the file path and not an attachment page permalink ? Is there another location that uses this `guid` property in place of the meta data for the file path ? " jlambe 5 Needs Dev / Bug Wrangler Feedback 18400 "Suggested label change for ""Stick this post to the front page""" Posts, Post Types normal normal Future Release enhancement new dev-feedback 2011-08-14T01:19:53Z 2020-02-06T19:45:40Z "In the Publish meta box, it would be more clear to say ""Stick this post to the top of the front page"" compared to saying ""Stick this post to the front page""." designsimply 12 Needs Dev / Bug Wrangler Feedback 48769 meta_input, tax_input, tags_input and post_category arguments are not available in functions or methods hooked to wp_insert_post Posts, Post Types normal normal Awaiting Review enhancement new dev-feedback 2019-11-22T15:24:55Z 2020-01-02T02:12:39Z "Functions and methods hooked to `wp_insert_post` are currently passed `$post_ID`, `$post` and `$update`. When a call to `wp_insert_post()` is made we can pass an array argument. The array can have `meta_input`, `tax_input`, `tags_input` and `post_category` elements. Current call to `do_action()`: {{{ do_action( 'wp_insert_post', $post_ID, $post, $update ); }}} Proposal: {{{ do_action( 'wp_insert_post', $post_ID, $post, $update, $postarr ); }}} Thoughts: `$postarr` could be either the raw array passed to `wp_insert_post()` or the result of the raw array being merged with the set of defaults used. There are more hooks in the `wp_insert_post()` function such as `save_post`. These could be updated in the same way for consistency. " henry.wright 3 Needs Dev / Bug Wrangler Feedback 24705 wp_link_pages() does not showing active current element Posts, Post Types 2.2 normal major Awaiting Review enhancement new dev-feedback 2013-07-07T22:19:44Z 2018-12-09T22:00:39Z "By full analogy of all wp functions, wp_link_pages must generate active class element too. {{{ 1 2 3 4 }}} but should be {{{ 1 2 3 4 }}} " Alexufo 6 Needs Dev / Bug Wrangler Feedback 43910 Add actions and filters so plugins can easily extend export/erasure functionality Privacy 4.9.6 normal normal Awaiting Review enhancement new dev-feedback 2018-04-30T22:24:35Z 2018-08-13T21:47:01Z "Splitting this from #43481 . We're waiting for some feedback first to add more thoughts into this, but it needs it's own ticket at the moment." xkon 19 Needs Dev / Bug Wrangler Feedback 43880 Add functionality to add an anonymous user an get its ID for anonymization of data related to a WordPress user. tz-media Privacy normal normal Future Release enhancement assigned needs-unit-tests 2018-04-27T14:05:28Z 2018-07-09T17:58:08Z "When we need to anonymize data that is (or can be) associated with a WordPress user, we anonymize it by changing the user ID of that data to a user that represents anonymized content. But currently no such user exists, so we set the ID to 0. In order to display an actual user name (at least for posts), we would need an actual user 'Anonymous' that we can re-assign the content to. This might be created on WordPress install by default (maybe even with a User ID of `0` that we can then hardcode into the anonymized functions), or by calling a function like `_wp_privacy_get_anonymous_user_id()` that creates the user if not already created and returns the user ID (that might be stored in a site_option)." TZ Media 9 Needs Dev / Bug Wrangler Feedback 43879 Add tools for anonymizing of post authors tz-media Privacy normal normal Future Release enhancement assigned needs-unit-tests 2018-04-27T13:46:24Z 2020-09-07T08:30:09Z "Logged-in users that post content can request the removal of their personal data. So we should add functionality to add the posts to the erasure infrastructure that is already committed to trunk. See #43442 for reference (anonymize commenters)." TZ Media 14 Needs Dev / Bug Wrangler Feedback 43437 Add way for registered users to request deletion or anonymization of their private data Privacy 4.9.6 normal normal Future Release enhancement new dev-feedback 2018-02-28T16:04:55Z 2020-10-17T07:54:02Z "All registered users can edit or delete most of their data in WordPress like name, nickname, email, site, etc. The only exception is they cannot delete or anonymize their own account. Generally a registered user can contact an admin and request this, but it would be better to have a standard ""procedure"" to do that. It will need to be confirmed to avoid misuse. A good way to do that would be to have a simple button on the user profile screen where the user can request anonymization. Clicking it will email the user a confirmation link, similar to the password reset link. When clicked, it will load wp-admin again and will send email to the site admin. " azaozz 43 Needs Dev / Bug Wrangler Feedback 44161 Expired session tokens need to be removed from database because GDPR Privacy 4.9.6 normal normal Awaiting Review enhancement new dev-feedback 2018-05-20T15:12:32Z 2019-01-17T07:42:47Z "WordPress stores the IP address (which is considered personal information) as part of its session tokens in the usermeta table. When the session expires, GDPR would seem to require the IP address to be removed from the database, as there is no longer a reason to keep it. There should be some kind of garbage collection that removes expired session tokens on a daily basis." mechter 4 Needs Dev / Bug Wrangler Feedback 44261 Export User Data includes media URLs, not the actual media files in zip file Privacy 4.9.6 normal normal Awaiting Review enhancement new dev-feedback 2018-05-29T14:06:16Z 2020-10-16T22:44:17Z "Use of media URLs rather than the media files in original in Exported User Data zip file is probably to keep the file small in size so that it could be transferred quickly. **But what if admin or any user with the same level of privilege can delete one of more media files of the user requesting a personal data export accidentally after the Export is initiated and is emailed / downloaded. ** Do we already have a guard or option to deal with such a situation? Is this possible to include the physical media files in the zip or at least create a separate area where these files would be backed up and reference URLs point to this location? We can warn user (in the same email with the download link) to download the file say within next 72 hours otherwise the download link would expire. In the background after the stipulated time period the backup would be erased automatically. A new request needs to be initiated if this happens. This will make sure that the server space is not being overused for a longer period of time. How far you see the possibility of accidental deletion and user ends up with broken media link(s)? Do you think this could be a probable solution to avoid such a situation?" subrataemfluence 6 Needs Dev / Bug Wrangler Feedback 44683 Export and Erase personal data - emails sent to wrong address if username is an email address which is different from the actual email address xkon Privacy 4.9.6 normal normal Future Release enhancement reviewing dev-feedback 2018-07-31T13:28:29Z 2021-01-27T18:05:13Z "This issue might had been already discussed in another ticket but I was unable to find it. When a user has set his username to an email address (may not be a valid one), then WordPress will be forced to send the verification request to wrong one. Here is an example: Username: `fake@bbbb.com` For the above, the following code block won't execute: {{{ if ( ! is_email( $username_or_email_address ) ) { ... } }}} but this line will be executed: {{{ $email_address = $username_or_email_address; }}} Which means email is now supposed to be sent at `fake@bbbb.com`. I would suggest even a username looks to have a valid email address pattern like above, rather than directly assign it against `$email_address` variable, we might take an extra step to find the real email address attached to this account before sending the request. Here is a suggestion: {{{#!php user_email; } else { $email_address = $username_or_email_address; } } }}} Please let me know if this makes any sense!" subrataemfluence 9 Needs Dev / Bug Wrangler Feedback 44043 Framework for logging/retrieving a users consent state Privacy normal normal Future Release enhancement new dev-feedback 2018-05-11T09:33:28Z 2020-11-26T09:21:03Z When a users visits a website for the first time, the user should be able to opt in or out from cookies. There are a couple of WP plugins that provide such functionality. The most common cookie categories are; necessary, preference, statistics, marketing. Other plugins should be able to retrieve the users consent state through WP Core, which allows them to avoid putting unwanted cookies in the users browser, without having to explicitly support certain cookie consent plugins. cookiebot 44 Needs Dev / Bug Wrangler Feedback 49602 New design for Privacy settings page and hooks Privacy normal normal Awaiting Review enhancement new dev-feedback 2020-03-08T19:15:39Z 2020-12-16T07:55:25Z "I proposed a year ago some changes on privacy settings page Hereattached are the updated screenshots Can it be possible to add a hook on this page for plugins to add some simple settings. Thank you" arena 13 Needs Dev / Bug Wrangler Feedback 54390 Privacy Policy should be generated on the site language (locale) and not on users language Privacy normal normal Awaiting Review enhancement new dev-feedback 2021-11-07T08:59:03Z 2021-11-08T04:48:27Z "If the user chose another language for admin and generated the Privacy Policy page, it was created in its chosen language and not in the site's language (locale). Example: While managing site with German language and English language as personal preference, I've got English Privacy Policy page and not Datenschutzerklärung as I've exected. It can be even better to give a user option to change the default (site's language) to another available one as an added feature." oglekler 3 Needs Dev / Bug Wrangler Feedback 44133 Should the Data Export indicate when we have no information on the user xkon Privacy 4.9.6 normal normal Future Release enhancement assigned dev-feedback 2018-05-17T20:45:33Z 2021-11-08T00:27:04Z "Hello, If a data export is done for a non-existent user should we indicate in the .html file provided that we have no information on the subject? Currently the file is provided and just the initial table provided. If there's nothing else should a message be there to indicate that we currently have nothing stored on them? Thanks" garrett-eclipse 60 Needs Dev / Bug Wrangler Feedback 44845 _get_list_table: Support for privacy requests tables Privacy 4.9.6 normal normal Future Release enhancement assigned dev-feedback 2018-08-27T09:32:12Z 2020-02-21T17:52:46Z "The admin table classes are served with {{{_get_list_table()}}}. I wonder if we should add a support for the classes: - {{{WP_Privacy_Data_Export_Requests_Table}}} - {{{WP_Privacy_Data_Removal_Requests_Table}}} in {{{_get_list_table()}}} for consistency. " birgire 8 Needs Dev / Bug Wrangler Feedback 35476 Allow posts to be filtered before return when `fields` parameter is used with `WP_Query` adamsilverstein* Query normal normal Awaiting Review enhancement accepted close 2016-01-15T16:46:59Z 2023-09-19T21:10:23Z "Right now, when the '''fields''' parameter is used with '''WP_Query''' (""ids"" or ""id=>parent""), the returned posts are not filterable at all. Later in WP_Query, the_posts can be used to filter returned posts. This functionality should be mimicked with fields queries. The use case for this is in plugins that bypass MySQL in WP Query (Elasticsearch). Fields queries right now can not be bypassed. Patch attached." tlovett1 9 Needs Dev / Bug Wrangler Feedback 57416 Do not split query if requesting one post spacedmonkey Query 3.0 normal normal Future Release enhancement assigned needs-unit-tests 2023-01-03T13:49:30Z 2023-11-16T12:36:42Z When using WP_Query and requesting posts_per_page = 1, there is little to no value in splitting the query and priming posts using _prime_post_caches. This results in one query to get the posts and another to prime it. This means two database queries when this could simply be one. spacedmonkey 4 Needs Dev / Bug Wrangler Feedback 49278 Improve meta query Query 5.3.2 normal normal Future Release enhancement new dev-feedback 2020-01-23T16:32:32Z 2023-01-03T20:14:48Z "When having a couple of Meta Query statements in WP_Query the query becomes very slow. I think this is because of the way the JOINs are created. Currently the JOINs are only done on the Post ID. The JOIN can become enormous, which means that filtering (the WHERE part) will take a lot of time. I checked /wp-includes/class-wp-meta-query.php and posted the code between line 557 and 573 . {{{ // JOIN clauses for NOT EXISTS have their own syntax. if ( 'NOT EXISTS' === $meta_compare ) { $join .= "" LEFT JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; if ( 'LIKE' === $meta_compare_key ) { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key LIKE %s )"", '%' . $wpdb->esc_like( $clause['key'] ) . '%' ); } else { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key = %s )"", $clause['key'] ); } // All other JOIN clauses. } else { $join .= "" INNER JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; $join .= "" ON ( $this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column )""; } }}} Apparantly when using the 'NOT EXISTS' compare the 'AND $alias.meta_key' part is added to the JOIN, but when NOT using the 'NOT EXISTS' compare this part is not there. This means that when NOT using the 'NOT EXISTS' compare the a lot of data is joined in the temporary data set. I played with this part a bit and when adding the 'AND $alias.meta_key' part to those JOINs as well it sped up my query a lot. My query went from 38 seconds to 0.01 seconds with the same results. My 'test' code: {{{ // JOIN clauses for NOT EXISTS have their own syntax. if ( 'NOT EXISTS' === $meta_compare ) { $join .= "" LEFT JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; if ( 'LIKE' === $meta_compare_key ) { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key LIKE %s )"", '%' . $wpdb->esc_like( $clause['key'] ) . '%' ); } else { $join .= $wpdb->prepare( "" ON ($this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key = %s )"", $clause['key'] ); } // All other JOIN clauses. } else { $join .= "" INNER JOIN $this->meta_table""; $join .= $i ? "" AS $alias"" : ''; $valid_compares = array( '=', '!=', '>', '>=', '<', '<=', 'IN', 'NOT IN', 'EXISTS', ); if( in_array($meta_compare, $valid_compares ) && !empty($clause['key']) && 'LIKE' !== $meta_compare_key ) { $join .= $wpdb->prepare( "" ON ( $this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column AND $alias.meta_key = %s )"", $clause['key']); } else { $join .= "" ON ( $this->primary_table.$this->primary_id_column = $alias.$this->meta_id_column )""; } } }}} I'm not really sure if this works in all cases (with all compare/compare_key variations), but I think it would be good to check it out (on Github I've seen that the last improvements here have been done at least 2 years ago). For now I 'solved' my slow query by parsing the JOIN and WHERE on the filter 'get_meta_sql' and add the 'AND' part in the JOIN. Below the query that gets created before and after the changes. Query before (38 seconds): {{{ SELECT SQL_CALC_FOUND_ROWS riff19_posts.ID FROM riff19_posts INNER JOIN riff19_postmeta ON ( riff19_posts.ID = riff19_postmeta.post_id ) INNER JOIN riff19_postmeta AS mt1 ON ( riff19_posts.ID = mt1.post_id ) INNER JOIN riff19_postmeta AS mt2 ON ( riff19_posts.ID = mt2.post_id ) INNER JOIN riff19_postmeta AS mt3 ON ( riff19_posts.ID = mt3.post_id ) JOIN riff19_icl_translations wpml_translations ON riff19_posts.ID = wpml_translations.element_id AND wpml_translations.element_type = CONCAT('post_', riff19_posts.post_type) WHERE 1=1 AND ( ( riff19_postmeta.meta_key = 'pinplugin_event_start_date' AND CAST(riff19_postmeta.meta_value AS DATE) < '2020-01-23' ) OR ( ( ( mt1.meta_key = 'pinplugin_event_start_date' AND CAST(mt1.meta_value AS DATE) = '2020-01-23' ) AND mt2.meta_key = 'pinplugin_event_start_time' AND ( mt3.meta_key = 'pinplugin_event_end_time' AND CAST(mt3.meta_value AS TIME) <= '17:19:19' ) ) ) ) AND riff19_posts.post_type = 'event' AND (riff19_posts.post_status = 'publish' OR riff19_posts.post_status = 'acf-disabled' OR riff19_posts.post_status = 'private') AND ( ( ( wpml_translations.language_code = 'nl' OR 0 ) AND riff19_posts.post_type IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) OR riff19_posts.post_type NOT IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) GROUP BY riff19_posts.ID ORDER BY riff19_posts.menu_order, CAST(riff19_postmeta.meta_value AS DATE) DESC, CAST(mt2.meta_value AS TIME) DESC, CAST(mt3.meta_value AS TIME) DESC LIMIT 0, 12 }}} Query after (0.0028 seconds): {{{ SELECT SQL_CALC_FOUND_ROWS riff19_posts.ID FROM riff19_posts INNER JOIN riff19_postmeta ON ( riff19_posts.ID = riff19_postmeta.post_id AND riff19_postmeta.meta_key = 'pinplugin_event_start_date') INNER JOIN riff19_postmeta AS mt1 ON ( riff19_posts.ID = mt1.post_id AND mt1.meta_key = 'pinplugin_event_start_date') INNER JOIN riff19_postmeta AS mt2 ON ( riff19_posts.ID = mt2.post_id AND mt2.meta_key = 'pinplugin_event_start_time') INNER JOIN riff19_postmeta AS mt3 ON ( riff19_posts.ID = mt3.post_id AND mt3.meta_key = 'pinplugin_event_end_time') JOIN riff19_icl_translations wpml_translations ON riff19_posts.ID = wpml_translations.element_id AND wpml_translations.element_type = CONCAT('post_', riff19_posts.post_type) WHERE 1=1 AND ( ( riff19_postmeta.meta_key = 'pinplugin_event_start_date' AND CAST(riff19_postmeta.meta_value AS DATE) < '2020-01-23' ) OR ( ( ( mt1.meta_key = 'pinplugin_event_start_date' AND CAST(mt1.meta_value AS DATE) = '2020-01-23' ) AND mt2.meta_key = 'pinplugin_event_start_time' AND ( mt3.meta_key = 'pinplugin_event_end_time' AND CAST(mt3.meta_value AS TIME) <= '17:18:05' ) ) ) ) AND riff19_posts.post_type = 'event' AND (riff19_posts.post_status = 'publish' OR riff19_posts.post_status = 'acf-disabled' OR riff19_posts.post_status = 'private') AND ( ( ( wpml_translations.language_code = 'nl' OR 0 ) AND riff19_posts.post_type IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) OR riff19_posts.post_type NOT IN ('post','page','attachment','wp_block','location','person','news','blog','case','service','event','vacancy','whitepaper' ) ) GROUP BY riff19_posts.ID ORDER BY riff19_posts.menu_order, CAST(riff19_postmeta.meta_value AS DATE) DESC, CAST(mt2.meta_value AS TIME) DESC, CAST(mt3.meta_value AS TIME) DESC LIMIT 0, 12 }}}" jillebehm 29 Needs Dev / Bug Wrangler Feedback 48193 Improve the WordPress loop Query normal normal Awaiting Review enhancement new dev-feedback 2019-10-01T18:53:57Z 2024-01-20T15:01:13Z "Currently, there are a number of ways that the ""loop"" can be handled in WordPress. Each depends on whether you are using the WP_Query global, a custom WP_Query instance, or an array of posts. I propose that we add a PHP 5.6+ compatible generator function called `wp_loop()` that will simplify all of these use cases into a single, more modern approach. See [https://wpscholar.com/blog/creating-better-wordpress-loop/]" wpscholar 6 Needs Dev / Bug Wrangler Feedback 41678 Make sure all field returns use filters in WP Query Query 1.5 normal normal Awaiting Review enhancement new needs-unit-tests 2017-08-20T13:01:32Z 2023-04-20T13:19:18Z Currently if fields is set to either `id` or `id=>parent`, it doesn't run through all the filters as these return early. spacedmonkey 2 Needs Dev / Bug Wrangler Feedback 57211 Split up `WP_Query::get_posts()` costdev Query normal normal Future Release enhancement assigned dev-feedback 2022-11-26T15:37:55Z 2023-01-23T07:15:50Z "[https://developer.wordpress.org/reference/classes/wp_query/get_posts/#source WP_Query::get_posts()] is a huge method at ~1650 lines. This makes it quite hard to follow and maintain. By splitting it up: - It's easier to follow. - It's easier to maintain. - It's easier to write tests. - Our scroll wheels will last a little longer. As this is possibly the most critical method in Core, the aim of this ticket is not to refactor the logic, but just to abstract functionality. Changes to logic and such could be done later, in more maintainable code. This should significantly reduce the chance of introducing regressions, and hopefully mean that committing such a change can be done in the near future. All new methods should have `private` visibility." costdev 3 Needs Dev / Bug Wrangler Feedback 41819 Support the paged argument in WP_Site_Query and WP_Network_Query spacedmonkey Query 4.6 normal normal Future Release enhancement assigned dev-feedback 2017-09-06T18:21:04Z 2017-11-01T17:47:07Z "The {{{WP_Site_Query}}} and {{{WP_Network_Query}}} both support the {{{offset}}} and {{{number}}} arguments. It would be handy to be able to use the {{{paged}}} argument, to make the pagination easier. " birgire 5 Needs Dev / Bug Wrangler Feedback 49429 There seems to be no way to check query value for NULL Query 5.3.2 normal normal Awaiting Review enhancement new dev-feedback 2020-02-14T04:56:53Z 2020-02-14T12:29:13Z "NOT EXISTS and EXISTS both don't do what I want I want to check `WHERE meta_value IS NOT NULL` exists does this, applied to meta field related_post_id2: ` ""where"" ""mt5.meta_key = 'related_post_id2'"" ""join"" "" INNER JOIN wp_2_postmeta AS mt5 ON ( wp_2_posts.ID = mt5.post_id )"" ` that is not what I want NOT EXISTS does: ` ""where"" ""mt5.post_id IS NULL"" ""join"" "" LEFT JOIN wp_2_postmeta AS mt5 ON (wp_2_posts.ID = mt5.post_id AND mt5.meta_key = 'related_post_id2' )"" ` well, thats not what I want either, because now it checks ""if there is a row with related_post_id2"". I want ""A row where the meta_value is not null"" in reality what I want is Any entry, that has: No value for related_post_id2 empty string for related_post_id2 or null for related_post_id2 does that make sense? " Jossnaz 4 Needs Dev / Bug Wrangler Feedback 56689 Use WP_Query in get_page_by_path spacedmonkey Query normal normal Future Release enhancement reopened dev-feedback 2022-09-29T10:35:58Z 2023-02-07T04:15:36Z Use `WP_Query` in `get_page_by_path`, this this correctly primes caches and is cached itself. spacedmonkey 28 Needs Dev / Bug Wrangler Feedback 36652 Use meta_value in a meta query to decide type format in SQL clause ericlewis Query normal normal enhancement reviewing dev-feedback 2016-04-23T19:27:08Z 2019-06-04T20:57:29Z "The SQL clause generated for a meta query [https://github.com/WordPress/WordPress/blob/4.5/wp-includes/class-wp-meta-query.php#L628 quotes the `meta_value` in a string]. This means that if there's a post with a postmeta field for likes set to 2 and you run the query looking for posts with 10 or more likes {{{ #!php array( array( 'key' => 'likes', 'value' => 10, 'compare' => '>=' ) ) ) ); }}} the query will return the post with 2 likes. This is because the SQL is doing a string comparison, as both the column value and the compared-to value are strings. The fix for the developer is to supply a `type` parameter like `NUMERIC` in the meta query clause which coerces a numeric MySQL comparison. We could use the meta_value's type to decide the type format the value takes in the SQL clause, so that a query like this works as expected without the `type` parameter. This was [https://core.trac.wordpress.org/ticket/27272#comment:13 suggested] by @boone in #27272." ericlewis 6 Needs Dev / Bug Wrangler Feedback 42883 Use sargable queries for date-based lookups for posts Query 3.7 normal normal Future Release enhancement new dev-feedback 2017-12-12T16:17:14Z 2022-06-14T11:57:10Z "Related to #41054 but a very specific and actionable, high-impact instance is the fact that the WordPress lookup for permalinks involving dates is not sargable. For a bog-standard permalink structure %year%/%slug%/, WP generates the following query: {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND ( YEAR( wp_posts.post_date ) = 2017 ) AND wp_posts.post_name = 'tahoma-vs-verdana' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC }}} This runs (as a cold query) in ~0.075 seconds on a dedicated (and overpowered) MariaDB 10 instance on a pretty small WordPress DB. While indexes exist for all the fields matched against in the query, the use of {{{AND ( YEAR( wp_posts.post_date ) = 2017 )}}} cannot be matched against the database because MySQL/MariaDB is not intelligent enough to optimize that constraint. The ""same"" query adjusted to make the match against {{{post_date}}} sargable does the same in ~0.034 seconds (half the time): {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.post_date >= DATE(""2017-01-01"") AND wp_posts.post_date < DATE(""2018-01-01"") AND wp_posts.post_name = 'tahoma-vs-verdana' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC }}} The same would apply for permalinks that reference the month and day, of course." ComputerGuru 8 Needs Dev / Bug Wrangler Feedback 53450 [WP_Meta_Query] Add faster LIKE based 'STARTSWITH' and 'ENDSWITH' compare modes for value query Query normal trivial Future Release enhancement new needs-docs 2021-06-18T15:57:59Z 2022-09-20T14:56:48Z "Currently the ""LIKE"" compare mode for meta value compares is only usable for ''contains'' queries as it always adds wildcards around all queries {{{LIKE '%query%'}}}. This makes one use the more complex REGEXP compare mode for queries which easily could be written with {{{LIKE '%query'}}} or {{{LIKE 'query%'}}}. As LIKE is faster than REGEXP it is preferable to use LIKE. See: http://billauer.co.il/blog/2020/12/mysql-index-pattern-matching-performance/ In addition people don't have to use the much more complex regex. Which tends to introduce errors in my experience as most people just copy & paste but do not understand how regex really works (not meant as an offense). So REGEXP should be avoided if possible. I would suggest naming the new compare types {{{STARTSWITH}}} and {{{ENDSWITH}}}. Also adding their {{{NON ...}}} counter parts to match up the ''LIKE'' behaviour. **Maybe** also add an alias for ''LIKE'' named {{{CONTAINS}}} as the current naming ''LIKE'' suggests that you could pass in the wildcards yourself. Which is not the case and thus misleading. But this is just for the sake of the tickets completenes. The pull request only contains code and tests for the new modes. As an alternative I thought about reworking the current LIKE mode to allow custom wildcard passing. But this will clearly break backward compat and thus I discarded this approach." janthiel 42 Needs Dev / Bug Wrangler Feedback 18035 ignore_sticky_posts fails to remove sticky class johneckman Query 3.2 normal normal Future Release enhancement reopened dev-feedback 2011-07-08T10:03:44Z 2023-09-20T03:13:41Z "When setting the query_posts parameter: ignore_sticky_posts = 1 all sticky posts are returned as normal posts and placed accordingly in the flow. However the sticky posts keep their sticky class, which means that an additional filtering of post_class is necessary to avoid any css rules defined for the .sticky selector taking effect. is this intended, or could it be considered an enhancement if it was patched? " mikkelbreum 22 Needs Dev / Bug Wrangler Feedback 19392 Add auto-suggest support for all flat taxonomies in Bulk Edit. Quick/Bulk Edit 3.0 normal normal enhancement new dev-feedback 2011-11-29T18:37:18Z 2019-06-04T21:07:15Z "Auto-suggest in the Bulk Edit area for post_tag's was fixed in 3.3. Let's add support for all other non-hierarchy tax's in 3.4. See [http://core.trac.wordpress.org/ticket/19176#comment:11 #19176] for more info." scottbasgaard 4 Needs Dev / Bug Wrangler Feedback 56137 Excerpt in Quick Edit Quick/Bulk Edit normal normal Awaiting Review enhancement new dev-feedback 2022-07-05T00:32:54Z 2022-11-30T20:43:46Z "Pretty simple request and hoping to see it in a future version of WordPress: the ability to edit the excerpt in the Quick Edit screen on the Posts page. Seems everything else, including Tags, can be edited there, so why not the Excerpt? Thanks!" saladgoat 1 Needs Dev / Bug Wrangler Feedback 53673 Add unit tests for v5.8 widget sidebar IDs hellofromTonya REST API 5.8 normal normal Future Release enhancement assigned dev-feedback 2021-07-15T17:55:43Z 2021-08-31T16:58:05Z r51239 was included in 5.8, but was intended to have included unit tests as part of the release. See [https://core.trac.wordpress.org/ticket/53452#comment:13 parent ticket] as possible starting point for a unit test patch on this. JeffPaul 7 Needs Dev / Bug Wrangler Feedback 53603 Expose block data directly through REST API endpoints REST API 5.8 normal normal Future Release enhancement new dev-feedback 2021-07-06T10:05:57Z 2021-08-01T11:53:50Z "Part of ""PHP APIs Overview"" in Gutenberg: https://github.com/WordPress/gutenberg/issues/8352. Originally reported in https://github.com/WordPress/gutenberg/issues/4763 by @adamsilverstein. > Consider adding Gutenberg block data to the post endpoints - so when retrieving a post via the REST API you could get the block data as part of the content object. > > This provides a way to get the data/content of each block of a Gutenberg-built page from the front end. This would be very useful for building component based front ends, because the components could map one-to-one with gutenberg blocks. With these endpoints, an App could easily get the data it needs to render each component. This might also provide a patch for a standard component library matching Gutenberg blocks. > > POC PR for this: https://github.com/WordPress/gutenberg/pull/2649 Related ticket with changes proposed to `get_posts` function: #53602." gziolo 4 Needs Dev / Bug Wrangler Feedback 60131 Global styles controllers: extend classes with WP_REST_Posts_Controller and WP_REST_Revisions_Controller spacedmonkey REST API 6.3 normal normal 6.6 enhancement reopened dev-feedback 2023-12-22T03:28:13Z 2024-02-26T20:18:16Z "As part of the efforts to improve the maintainability of Global Styles REST controllers, and to remove a lot of duplicate code we can: - extend `WP_REST_Global_Styles_Controller` with `WP_REST_Posts_Controller`. - extend `WP_REST_Global_Styles_Revisions_Controller` with `WP_REST_Revisions_Controller`. The Global styles REST response has the following characteristics: - Doesn't return excerpt, content, guid fields - Does some JSON parsing when preparing the response In other words, the functionality was ""special"" enough not to warrant extending the base controller instead of using WP_REST_Posts_Controller. Also, global styles were new and evolving. For revisions especially, more code was required to override the parent class's functions, and having a stand alone class left more elbow room for subsequent tweaks and changes. Now that global styles have ""settled"" however, and shares more methods with `WP_REST_Posts_Controller` and `WP_REST_Revisions_Controller`, it makes sense to change the base classes for more consistent interface, less code and less maintenance burden. See discussion and related PRs: - [https://github.com/WordPress/gutenberg/pull/55827#discussion_r1399856581 WordPress/gutenberg#55827 (comment)] - [https://github.com/WordPress/gutenberg/pull/49974 Rest API: add /revisions endpoint for global styles] - [https://github.com/WordPress/gutenberg/pull/35801 Add a Global Styles endpoint and use it in the site editor] " ramonopoly 31 Needs Dev / Bug Wrangler Feedback 49277 Implement email sanitize in REST API spacedmonkey REST API 4.4 normal normal Future Release enhancement assigned dev-feedback 2020-01-23T15:08:18Z 2021-11-04T15:46:35Z Implement email sanitize in REST API over just using `sanitize_text_field` spacedmonkey 12 Needs Dev / Bug Wrangler Feedback 52840 Include filesize information in REST API response for all media types rachelbaker* REST API normal normal Future Release enhancement accepted needs-unit-tests 2021-03-17T21:50:29Z 2023-01-13T21:45:46Z "Requesting the `/media` REST API endpoint, only **audio** attachments include filesize information in the response data (in `media_details->filesize`). I suggest to check for each item if `filesize` is present, or else fill it in using the actual file. This would be pretty much in line with what is done in [https://github.com/WordPress/wordpress-develop/blob/fa05e5e7336a18c19fe6a94d68d30351876ee090/src/wp-includes/media.php#L3972-L3980 wp_prepare_attachment_for_js]. Making the information available locally, when creating the response data, is much more performant than having to request the file in one or more follow-up requests." tfrommen 10 Needs Dev / Bug Wrangler Feedback 48885 REST API: Support reading public settings, implement context handling spacedmonkey REST API 3.7 normal normal Future Release enhancement assigned dev-feedback 2019-12-05T17:09:25Z 2022-07-18T09:32:20Z "It would be good to make it possible to read and update individual site settings at `/wp/v2/settings/title` for example. This is needed as part of https://github.com/WordPress/gutenberg/pull/18760" scruffian 38 Needs Dev / Bug Wrangler Feedback 40748 Use REST API for Community Events REST API 4.8 normal normal Future Release enhancement new needs-unit-tests 2017-05-12T17:39:23Z 2020-10-25T03:56:50Z "#40702 introduced new Community Events to the News widget on the Dashboard screen, but it uses admin-AJAX. Converting to the REST API is a good opportunity to lay some groundwork for migration the rest of wp-admin in the future. The work for this was started in #40702, but it'll be easier to keep track of with a new ticket. I'm working on an updated version of `40702.11.diff` and will upload it soon." iandunn 14 Needs Dev / Bug Wrangler Feedback 48816 Use get_bloginfo in the REST API index REST API 4.4 normal normal Awaiting Review enhancement new dev-feedback 2019-11-27T19:35:39Z 2019-11-29T18:39:35Z "The REST API provides data in the site ""index"" when making a request to `https://example.org/wp-json`. This describes the site and the APIs available. In particular it returns the name of the website, and the tagline. These values are retrieved using `get_option` directly instead of `get_bloginfo`. Because this data would be used presentationally, it seems like it'd be more useful if it returned the ""presentation"" version of these strings. As far as I could tell, the index has more or less worked the same since the GSOC version of the REST API, so I wasn't able to find any description of why it was built that way. I opened this because of [https://github.com/WordPress/gutenberg/pull/18760 a Gutenberg PR] which would display the site title." TimothyBlynJacobs 2 Needs Dev / Bug Wrangler Feedback 39473 get_routes() called multiple times within single REST request causing the rest_endpoints() filter to also fire more than once REST API 4.4 normal normal Awaiting Review enhancement new needs-unit-tests 2017-01-04T21:59:38Z 2023-01-19T23:28:07Z "Hi all, Many thanks for creating the REST API, and also for getting it into core! :) When I had a closer look at how to integrate this in our projects I noticed something peculiar with the rest_endpoints() filter: it is called multiple times over; in some cases twice, in others three times. So I did a little digging around and found that the root cause seemed to be the use of get_routes() at multiple locations: - in the rest_pre_dispatch filter (rest_handle_options_request) - in the rest_post_dispatch filter (rest_send_allow_header) - in the dispatch() itself - in the get_index() method - in the get_namespace_index() method After looking how these locations interact with each other, I couldn't detect any code which altered the generated route map between consecutive calls to get_routes(). I will add a patch in which I propose to store the generated route map in the class, and re-use that one instead of generating yet again the same array (and also re-filtering the same array). Since the name 'endpoints' is already taken, and being used in the initialization as well, I thought it would be prune to use another variable name: $route_map, which is also being used in the current doc-block. I did not profile this patch (not really sure how to do that), so I'm not sure if storing this rather large associative array is a good thing to do. However generating it multiple times (and re-filtering it also) may also be quite 'expensive'. Thanks, Ruud " ruud@… 8 Needs Dev / Bug Wrangler Feedback 57455 respond_to_request: store matched handlers across other methods, saving a call to get_routes(). REST API normal normal Awaiting Review enhancement new dev-feedback 2023-01-12T21:35:26Z 2023-01-19T23:25:46Z "== Current Behavior Out of the box, API requests (example: GET http://localhost:8889/wp-json/wp/v2/posts) will make two calls to `WP_REST_Server::get_routes()`. **Call 1**: `WP_REST_Server::dispatch()` -> `WP_REST_Server::match_request_to_handler()` -> `WP_REST_Server::get_routes()`. This is the main path used when serving the request. It gets the routes, matches to the request, then determines which handler will be used for the request. Later, `WP_REST_Server::respond_to_request()` saves the matched route and matched handler. **Call 2**: `rest_send_allow_header()` -> `WP_REST_Server::get_routes()`. This is used to set the allow header of the response (example: ""Allow: GET, POST, HEAD""). This header shows all HTTP methods that are allowed to be sent on the same route. This information was already found in the ""Call 1"" pathway above, but it was discarded. To find the allowed headers, `rest_send_allow_header()` calls `WP_REST_Server::get_routes()` which rebuilds information for all existing routes (but we only need information for one route). == Objective To reduce the number of calls to `WP_REST_Server::get_routes()` per single request from 2 to 1. While this only saves 0.1ms on a fresh site, on sites with large custom APIs, this could save 10ms or more. == Patch When `WP_REST_Server::match_request_to_handler()` -> `WP_REST_Server::get_routes()` finds the matching route, it will now not only remembers the exact matching handler, but all other handlers matching the route with different http methods. For example, imagine an ""/a/b/c"" route exists with GET and POST handlers. Previous to the patch, `match_request_to_handler()` would find the GET /a/b/c handler and remember it, setting it on `$response->matched_handler`. After the patch, a new variable `$response->all_methods_matched_handlers` is set containing the array: [ (GET /a/b/c handler), (POST /a/b/c handler) ], `rest_send_allow_header()` now looks for `$response->all_methods_matched_handlers` and uses it to set the Allow header if possible, saving a call to `WP_REST_Server::get_routes()`. This was my way to save the information found in call 1 and to pass it along to call 2, but I definitely open to other ideas of accomplishing the same thing. == Basic Testing Add a log message when get_routes is called: {{{#!diff --- a/src/wp-includes/rest-api/class-wp-rest-server.php +++ b/src/wp-includes/rest-api/class-wp-rest-server.php @@ -862,6 +862,7 @@ class WP_REST_Server { * `'/path/regex' => array( array( $callback, $bitmask ), ...)`. */ public function get_routes( $route_namespace = '' ) { + error_log( 'calling get_routes' ); $endpoints = $this->endpoints; if ( $route_namespace ) { }}} Query an endpoint: `curl http://localhost:8889/wp-json/wp/v2/posts` Before the patch: See two calls to get_routes After the patch: See one call to get_routes == Alternative Approaches #39473 adds a per-request cache to get_routes. I'd be happy to rework this if this is a better method. " mreishus 1 Needs Dev / Bug Wrangler Feedback 22798 "Invalid URLs not giving 404 with ""Default"" permalink settings" Rewrite Rules 3.4 normal normal enhancement new dev-feedback 2012-12-06T23:39:35Z 2019-06-04T21:08:11Z "'''Steps to reproduce:''' - Set up Wordpress with the default .htaccess - Select the ""Default"" option under Permalink Settings - Enter an invalid URL eg 'http://blogroot.com/garlbeflax.abc' '''Expected Behaviour:''' - 404 page is displayed '''Observed Behaviour:''' - No 404 page is ever shown, no matter what the request string is - Instead, Wordpress behaves as if no path was requested, eg displaying the homepage/posts lists. - If requested url has any of the standard params in it, those params ARE executed, eg http://blogroot.com/foo?paged=2 would properly show the 2nd page of the posts. '''Suspected cause:''' In line 620 of wp-includes/class-wp.php (in WP->parse_request), there is a conditional which means the only time the request can be marked as a 404 error is if the array of rewrite rules is NOT empty: {{{ $rewrite = $wp_rewrite->wp_rewrite_rules(); if ( ! empty($rewrite) ) { ... }}} If the ""Default"" permalink is selected, and no other rewrite rules are set up elsewhere (for reasons I didn't investigate, adding a add_rewrite_rule to the theme didn't affect anything), then the $rewrite array IS empty and the request can not be checked to see if it's a 404. Therefore, execution of the request continues as if no path info were submitted. This prevents the showing of the theme's 404 page, and can get a website flagged as spam/exploitative in Google's index. '''Workaround:''' Define a permalink redirect (eg pick one of the options other than Default). Server info: {{{ Apache/2.2.16 (Debian) (w/ mod_rewrite) PHP Version 5.3.3-7+squeeze3 (mod_php5) }}} .htaccess contents: {{{ RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] }}}" vanchuck 7 Needs Dev / Bug Wrangler Feedback 18450 New safe action to add rewrite rules on Rewrite Rules 3.2.1 normal normal Awaiting Review enhancement new dev-feedback 2011-08-16T19:56:10Z 2018-09-21T18:07:32Z "Currently I don't believe it's possible to meet the following two criteria: * Not flush rewrite rules on every page load * Ensure that you always have your rewrite rules available The problem arises when Plugin A has not yet added it's rewrite rules, but Plugin B calls ```flush_rewrite_rules```. Plugin A is a good citizen, and doesn't call ```flush_rewrite_rules``` unless it needs to and so now it's rewrite rules are no longer present. (See http://wordpress.stackexchange.com/questions/26029/when-to-call-add-rewrite-rule-for-safety for more.) Westi suggested that hooks on delete_option and get_option of 'rewrite_rules' might work. This covers almost all situations, except the one where permalinks are off and then get turned on again when neither the delete_option or get_option actions/filters are fired. Devs could hook the new action for their ```add_rewrite_rule``` calls, and use their own methodology to determine when to call ```flush_rewrite_rules```. Two attachments: * Example plugin, showing (hopefully) the problem with the existing situation * Diff showing where the hook might be added " simonwheatley 34 Needs Dev / Bug Wrangler Feedback 46087 Short-circuit `page_on_front` check during site creation Rewrite Rules normal normal Awaiting Review enhancement new dev-feedback 2019-01-23T22:58:45Z 2019-01-23T22:58:45Z "During site initialization, `wp_installing()` is set to `true`. Among other things, this toggle disables all caching from `get_option()`. While I think that this behavior could use a general review (it's legacy behavior from MU that may have been an overly-broad fix for a narrow `alloptions` problem), there's one specific offender I'd like to consider addressing: `page_on_front`. `generate_rewrite_rules()` calls `get_option( 'page_on_front' )` several times for each rewrite rule, and each of these calls requires a database read. Since `page_on_front` is set to 0 in the default schema, I propose that we short-circuit the check during site initialization (`wp_install_defaults()`). Something like: {{{ add_filter( 'pre_option_page_on_front', '__return_empty_string' ); $wp_rewrite->init(); $wp_rewrite->flush_rules(); remove_filter( 'pre_option_page_on_front', '__return_empty_string' ); }}} Not terribly elegant, but it can reduce DB I/O by many dozens of reads." boonebgorges Needs Dev / Bug Wrangler Feedback 16830 url_to_postid() doesn't resolve attachments when rewrite rules are disabled Rewrite Rules 1.2 normal normal enhancement reopened needs-unit-tests 2011-03-11T01:09:14Z 2019-06-04T21:06:33Z "The code of {{{url_to_postid()}}} is pretty clear in the case of disabled rewrite rules: all URLs not using the {{{p=N}}}, {{{page_id=N}}} or {{{attachment_id=N}}} forms are not parsed and the function return 0. That make sense. Now there is a special case for attachments. Attachments can be saved under a the {{{/wp-content/uploads/year/month/}}} folder structure while rewrite rules are disabled at the same time. This means there is a missed opportunity for {{{url_to_postid()}}} to resolve attachment's URLs of the long-form when rewrite rules are disabled. This was tested and reproduced on WordPress 3.1." anonymized_154007 10 Needs Dev / Bug Wrangler Feedback 42589 "Add missing ""third argument"" documentation to user_can()" Role/Capability normal normal Future Release enhancement new dev-feedback 2017-11-16T20:28:54Z 2019-01-08T10:11:37Z "There is an undocumented, third argument, '''$args''', into [https://developer.wordpress.org/reference/functions/user_can/ user_can()] function as written in [https://developer.wordpress.org/plugins/users/roles-and-capabilities/#user-can Roles and Capabilities] section of Plugin Handbook. It's the same of [https://developer.wordpress.org/reference/functions/current_user_can/ current_user_can()] (already documented)." mariovalney 4 Needs Dev / Bug Wrangler Feedback 54554 Allow returning content for wp_dropdown_roles() Role/Capability normal normal Future Release enhancement new dev-feedback 2021-12-02T07:19:01Z 2022-09-19T21:29:10Z Currently wp_dropdown_roles() function is set to echo the content instead of the option to echo or return the content. Similar wp_dropdown_* functions allows to echo or not the content. nithi22 6 Needs Dev / Bug Wrangler Feedback 40320 Feature idea: Rename roles Role/Capability 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-03-30T21:16:48Z 2023-02-02T16:11:56Z "There are some help topics available online where users manipulate the role names (not the slug but the display label). Why not make a simple helper function rename_role() for this?" keraweb 1 Needs Dev / Bug Wrangler Feedback 43210 Introduce singular capabilities for managing individual options Role/Capability normal normal Awaiting Review enhancement new dev-feedback 2018-02-02T00:21:35Z 2018-04-19T21:52:52Z "We've always had `manage_options`, but it's currently impossible whether a user can manage a specific option. As part of related tickets dealing with more granular capabilities (see https://core.trac.wordpress.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&keywords=~granular-capabilities&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&col=component&order=priority), I suggest adding a meta capability `manage_option`. It should accept (or basically require) the option name as argument. By default it should fallback to the regular `manage_options`, but an `auth_callback` could be passed to `register_setting()` to tweak the permissions there (such an `auth_callback` is already known from `register_meta()`). This would also be useful for the REST API so that it can use the more granular permissions." flixos90 3 Needs Dev / Bug Wrangler Feedback 17924 Make Integrating Multiple Roles Per User Easier for Plugin Authors Role/Capability 2.0 normal major Awaiting Review enhancement new dev-feedback 2011-06-28T23:40:48Z 2021-07-20T16:41:38Z "WordPress supports multiple role per user, however to use this feature is very difficult for plugin authors to integrate well, and often requires adding plugin admin pages instead of integrating with the pre-existing user-edit.php. Due to the difficulty of this, and the fact that most plugins that allow this aren't very user-friendly, I believe users are staying away from multiple roles. This ticket aims to change how easy it is to work with the current role management system, as well as to add a couple role-based filters and actions, while still keeping the front-end of the administrative interface single-role only. (Because it seems to be the prevailing opinion the multiple roles per user is plugin territory.) In addition, I completely agree that the vast majority of sites can best function with one role per user, however in some cases (such as the site I'm working on now) you simply need to be able to choose multiple roles. = Changes = == First Patch File == attachment:Replace_Admin_Role_Dropdown.patch The first patch file moves the code for the role dropdown off of /wp-admin/user-edit.php, /wp-admin/includesclass-wp-users-list-table.php, /wp-admin/users-new.php, /wp-admin/options-general.php and into /wp-admin/includes/template.php where two new functions are created: === {{{wp_get_dropdown_roles()}}} === This function does what {{{wp_dropdown_roles}}} used to do, but it returns the value instead of echoing it. (Note that {{{wp_dropdown_roles()}}} now acts as a wrapper for {{{wp_get_dropdown_roles()}}}. (The old function is still in place for backwards compatibility.) === {{{wp_user_role_selector()}}} === This function creates the full dropdown and applies a new {{{'user_role_selector'}}} filter to the markup before echoing it out. This way the default dropdown can be overridden by something else (perhaps checkboxes). == Second Patch File == attachment:Create_Role_Update_Actions_Filters.patch The second patch file changes the functions that handle user creation and updating so they can be hooked into and a developer could make this work with multiple roles. This file affects /wp-admin/includes/users.php and /wp-includes/user.php. === {{{wp_sanitize_user_role()}}} === A new {{{sanitize_user_role}}} filter was created and sanitation of {{{$_POST['role']}}} in /wp-admin/includes/user.php when user-edit.php is submitted was moved there. The new function is called {{{wp_sanitize_user_role()}}}. (This is so that if user-edit.php is submitted and {{{$_POST['role']}}} were to contain a value other than a string (perhaps an array of roles) it can be sanitized and worked with accordingly. === {{{pre_user_role}}} === A new {{{pre_user_role}}} filter was added to {{{wp_insert_user()}}} in /wp-includes/user.php. This was mainly done because almost every other field that this function processes has a matching filter like this, and I thought maybe {{{$roles}}} felt left out as it did not. :( I supposed somebody could also use it for something useful as well. === {{{apply_user_role}}} === A new {{{apply_user_role}}} action was added to {{{wp_insert_user()}}}. The function itself no longer uses {{{$user->set_role()}}}, instead saving user role changes is now handled by this new action. A matching function {{{wp_apply_user_role()}}} was added to set the user role like {{{wp_insert_user()}}} used to do. This way however, a plugin author could simply hook into {{{apply_user_role}}} to apply multiple roles to a user. = Conclusion = All in all, this patch was designed so that the average user would never even notice that a change has been made to user management, however a plugin author looking to add an easy way for people to select multiple roles for a user can quickly hook into this and have a nice, easy, well integrated and WordPress-like plugin. I have done a few tests adding users and changing roles around with these patches applied on a fresh installation with no plugins and the only changes to WordPress being those that are in the attached patches, and everything seems to work seamlessly. By the way, I am quite new to WordPress, so I added the needs-testing tag, because it does, but I also want to make sure I've done everything the 'WordPress' way and I want to make sure I havn't missed anything that is broken because of these small changes." mobius5150 31 Needs Dev / Bug Wrangler Feedback 36939 Role groups Role/Capability normal normal enhancement new dev-feedback 2016-05-25T02:17:46Z 2019-06-04T21:23:29Z "WordPress's roles & capabilities API has support for allowing users to have multiple roles, and recent improvements to the Users list table have helped improve the administrator experience a bit by showing all roles rather than just the first one for each user. I think what makes multiple user-roles confusing (or maybe less valuable) is that WordPress by itself does not directly benefit from allowing users to have multiple roles, because the existing roles are designed to blanket all of WordPress's bundled functionality. I'd like to propose the introduction of Role Groups, as a layer that lives one layer above the main `WP_Roles` object to allow for groups of roles to be registered, enabling for users to have at least 1 role from each role group. ---- For example: * You install bbPress, and Bob cannot publish posts but can moderate the forums * You install WooCommerce, and Jane can contribute posts to the blog, and can also buy items from the store * You install BuddyPress, and while Chris can administrate posts, pages, and media, he cannot moderate the community In the above scenarios, each of these plugins would register their own role groups, and any user could easily have 1 role for each ""section"" of the same 1 WordPress site. ---- How could WordPress core use this? * Create a role group for Posts, Pages, Media, Comments, and Users * Ones ability to Edit posts should not assume they can moderate comments * Ones ability to moderate comments should not assume they can publish posts * Ones ability to upload media & attachments should not assume they can publish pages * Ones ability to edit an existing user should not assume they can upload media ---- How does this complicate things? Depending on how deeply this is implemented, potentially greatly, or not at all for vanilla WordPress installations. * If we keep WordPress's built-in roles identical to how they are today, they become 1 role group that grants access to Posts, Pages, Media, Comments, and Users; then plugins can define their own role groups, and we make sure WordPress has an adequate interface for assigning multiple roles for each user. * If we separate WordPress's roles into groups for each object type, backwards compatibility is a huge issue, as well as how confusing does it make granting access and assigning default roles for each group. * We may be able to remove the ""Default Role"" setting UI entirely, and leave it to plugins to reopen this functionality for improved support for multiple roles. ---- What do we do now? Let's talk this through, decide if it's worthwhile, and maybe work towards something viable. Much of this can happen without much (if any) modification to WordPress core. Worst case, we uncover more areas of WordPress that can be improved to support multiple roles per user, and address those in separate tickets. Best case, we make the existing roles & capabilities API more plugin-friendly." johnjamesjacoby 1 Needs Dev / Bug Wrangler Feedback 29009 "There should be a capability for ""publish private posts""" Role/Capability 3.9.1 normal normal enhancement reopened dev-feedback 2014-07-23T15:48:00Z 2019-06-04T21:12:02Z "I've been working on a simple membership site with only two membership levels: logged in and logged out, which is a situation that theoretically could be easily managed in WP without any plugins. However, logged in members should not be able o post publicly, while they are allowed to post whatever they want inside the membership walls, so the review system doesn't help in this situation either. Currently, I have to use a custom post type and force the status to private on publishing with a plugin to achieve the intended scenario. But I think the most parsimonious solution would be to include a capability that would allow people to ""publish_private_posts"" yet not ""publish_posts""." t.schwarz 3 Needs Dev / Bug Wrangler Feedback 43885 WP_Role and WP_Roles::get_role() missing Display Name Role/Capability normal normal Awaiting Review enhancement new dev-feedback 2018-04-27T21:19:41Z 2019-03-15T10:02:05Z "Hello, While working with roles I found it odd that you can add a Display Name for a role but the WP_Role class and the WP_Roles function get_role don't provide this information. Please add $display_name as a public attribute of WP_Role so it's available on that object and would be returned in the get_role function. Thank you P.S. Currently to access this information you have to use the WP_Roles as follows; {{{#!php roles[$role]['name']; }}} " garrett-eclipse 1 Needs Dev / Bug Wrangler Feedback 20558 allow wp_localize_script data to be added to existing objects Script Loader 3.3 normal normal enhancement new dev-feedback 2012-04-27T16:44:03Z 2019-06-04T21:07:31Z "Re: WP_Scripts::localize() located in wp-includes/class.wp-scripts.php Currently when `WP_Scripts::localize()` handles the printing of wp_localize_script data to JavaScript, it starts the string with a `var` declaration, like this: {{{ $script = ""var $object_name = "" . json_encode($l10n) . ';'; }}} Because this is printed in the global scope, it becomes a global variable regardless of whether it's preceded by `var`. As far as JavaScript is concerned the above string would be equivalent to: {{{ $script = $object_name . ' = ' . json_encode($l10n) . ';'; }}} or {{{ $script = 'this.' . $object_name . ' = ' . json_encode($l10n) . ';'; }}} or {{{ $script = 'window.' . $object_name . ' = ' . json_encode($l10n) . ';'; }}} But I suppose it's possible thru hooks to make it so that the localization data prints outside of the global scope, in which case you might want the `var` to be there (if it we're wrapped in a closure). So I think the '''overall best solution''' would to check if the `$object_name` contains a period `.` character. If it does, omit the `var`. In other words, make it so that: {{{ wp_localize_script('myplugin', 'myPluginData', $object ) }}} would print: {{{ var myPluginData = {...}; }}} but that: {{{ `wp_localize_script('myplugin', 'myPlugin.data', $object )` }}} would print: {{{ myPlugin.data = {...}; }}} By default the localization data runs before any enqueued scripts, in which case `myPlugin` would not yet be defined, but we should leave that for the JavaScript dev work out. My point is that the flexiblity should be there. Another route would be to apply a filter on that line but I don't think a filter is necessary if the above change is made." ryanve 6 Needs Dev / Bug Wrangler Feedback 56425 wp_localize_script assign to const and freeze instead of var to avoid reassignments Script Loader normal normal Awaiting Review enhancement new dev-feedback 2022-08-23T23:59:48Z 2022-11-08T07:36:06Z "wp_localize_script adds elements as ""var"". To avoid accidental, silent overwrites by other plugins or malicious code, it would be better if we used a const and freeze the object, to disable reassignments. " malthert 6 Needs Dev / Bug Wrangler Feedback 56160 Deprecate wp_sanitize_redirect Security 2.3 normal normal Awaiting Review enhancement new dev-feedback 2022-07-06T12:29:53Z 2024-02-07T19:42:15Z "All places that currently use it are better served with esc_url_raw and there seems to be no correct usage of it anywhere (most plugins use it where esc_url_raw should be used instead). I'm happy to provide a PR, I just need to get some heads up about how the deprecation process works in WP exactly." malthert 8 Needs Dev / Bug Wrangler Feedback 56141 Enhance installer security Security high major Future Release enhancement new dev-feedback 2022-07-05T08:37:14Z 2023-12-31T11:23:02Z "== Summary The WP installer needs to implement security features to prevent unauthorized use. If the attacker finds an unfinished installer, he can finish the installation on behalf of the user and make malicious changes. It was hard to find these unfinished installers in the past, but from 2018 Google Chrome requires all publicly trusted web certificates to be logged in Certificate Transparency Log. It is possible to parse CT log in realtime and target newly created websites. Usually, the SSL certificate is issued when a new hosting is set up. So, you can learn about most of the newly created websites from the CT log. The CT log is huge and reliable parsing should be challenging, but the methods are improving, and this attack is becoming more common. With current methods, **it can take less than a minute** for an attacker to learn of and compromise a new site. The attacker needs **only one HTTP request to compromise the site** - send valid DB credentials to /wp-admin/setup-config.php?step=2. In this case, the WP installer creates wp-config.php with these DB credentials. The user can then install WP into an external database controlled by the attacker without noticing. I analyzed a big-scale ongoing attack of this type and got access to the attacker database to further investigation. He can compromise hundreds of sites a day. I made an automated system to notify administrators of compromised sites. During three days, I sent more than 600 notifications and published the details on https://smitka.me/2022/07/01/wordpress-installer-attack-race/. Another installer issue, #52544, makes the installer publicly available too, but the possibility of exploitation is rather accidental and more noticeable. == Recommendations I see two ways how to add additional protection without significant process changes and without bothering the user too much: 1) allow only particular DB hosts 2) add an installation key feature For the first one, I made a PoC mu-plugin which controls allowed DB hosts via environment variables or configuration file. https://gist.github.com/lynt-smitka/425e4e97c61cac172e229ffc9ad090e4 Localhost + 127.0.0.1 is allowed by default, so there is no change for many users. A web host can use the env variable to define their DB servers, so the process will be smooth if they use external DB. If the user wants to use any other server, he has an option to define them via constant in the wp-dbhosts.php file (it is not possible to use wp-config because it doesn't exist). For the second one, you need to modify the installation workflow slightly. I made a modified setup-config.php as PoC: https://gist.github.com/lynt-smitka/45608ddeb8df19b0820201d066d4b42c It combines the first method - if the DB host is localhost or any server allowed by an environment variable, there is no change for users. If you want to use any other DB host, you have to fill ""install key"". The ""install key"" is generated into the install-key.php file, and the user can read it via FTP (the same way he uploaded the core files). Demo how it works: https://www.youtube.com/watch?v=A7-Sbbb-cZM " smitka 14 Needs Dev / Bug Wrangler Feedback 50510 Improve security of wp_nonce implementation Security normal normal Awaiting Review enhancement new dev-feedback 2020-06-29T15:21:47Z 2023-07-11T00:49:56Z "The current wp_nonce implementation is a little out dated and should be improved. While nonces aren't security, a strong nonce implementation can provide some security against form field manipulation. I have attached a mu-plugin I wrote to test a new nonce algorithm. I will convert it to a patch if there is interest in improving this in core. I have been running this mu-plugin on several high traffic sites I manage with no issues for over 6 months now." chaoix 5 Needs Dev / Bug Wrangler Feedback 51407 Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility adamsilverstein Security 4.8 normal normal Future Release enhancement assigned dev-feedback 2020-09-28T13:34:53Z 2023-12-26T18:36:00Z "Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripting. It is enabled by setting the Content-Security-Policy HTTP response header. An application can add a critical defense-in-depth layer against markup injection attacks by adopting a strict policy that prevents the loading of untrusted scripts or plugins. A basic policy (nonce + strict-dynamic + unsafe-eval) would block more than [https://speakerdeck.com/lweichselbaum/csp-a-successful-mess-between-hardening-and-mitigation?slide=16 40%] of the XSS sinks. To make an application compatible with strict CSP, it is necessary to make changes to HTML templates and client-side code and add the policy header: 1. Add nonces to

    Sorry… Briefly unavailable for scheduled maintenance.

    Please try again in a minute.

    Thank you for your patience.

    }}}" Paddy Landau 11 Needs Dev / Bug Wrangler Feedback 43492 Core Telemetry and Updates Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2018-03-07T20:37:53Z 2018-10-10T19:56:13Z "It has been discussed on the #gdpr-compliance and the question had made it's cycle around some other rooms with various replies as well occasionally but it's time to take a final decision. When WordPress requests updates it sends more than enough data needed to actually perform the update. We did a search a bit at some point to take a glimpse of the past and how all those got added in there and why but couldn't find anything specific. There's already a way to modify the call through https://developer.wordpress.org/reference/hooks/core_version_check_query_args/ (and may be more as well) but the concept here is to have everything off by default and add a proper UI and opt-in for the Admins to select what exactly they want to send." xkon 71 Needs Dev / Bug Wrangler Feedback 58389 Enable auto-updates for plugins installed from the Plugins Add New Screen Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2023-05-23T18:27:30Z 2023-08-23T18:49:42Z "To increase and promote auto-updates usage, we could start by enabling auto-updates by default for plugins installed from the Plugins Add New Screen, with an opt-out switch under the Activate button. A “Disable auto-updates” link could appear under the Install Now button. To make it more prominent, we could make it bold or red. There are many scenarios where this logic would help the ecosystem, for example, when a user gets their WordPress site developed by a professional and then takes complete control of it, installing plugins without enabling auto-updates. If this suggestion is too bold, we could first detect if most of the installed plugins have auto-updates enabled and calculate if this is the best logical configuration for the site before enabling auto-updates by default. For already installed plugins with auto-updates disabled, the link could read “Enable auto-updates”. This could promote auto-updates for those plugins as well. Eventually, if this works well, we could expand the same logic for themes." JosVelasco 10 Needs Dev / Bug Wrangler Feedback 57269 Get site URL from config instead of the database Upgrade/Install normal normal Awaiting Review enhancement new close 2022-12-03T18:27:22Z 2022-12-05T14:44:09Z "a big problem is facing everyone trying to move a site between two hosting or between two environments like (staging and production ) the most frequent problem is the site URL and the internal links and if you have extensive databases it will be your nightmare so it creates issues and limits our flexibility so what I suggest is to set the site and home URLs from the wp-config.php file like `define( 'SITEURL', 'https://mywebsite.com' );` I know it is not very simple, especially with multi-sites but it deserves I also tried {{{ define( 'WP_HOME', 'http://example.com' ); define( 'WP_SITEURL', 'http://example.com' ); }}} but if you don't have 'siteurl' option on your site it will give you 'Error establishing a database connection' in the front end and 'One or more database tables are unavailable. The database may need to be repaired.' which even not the clear error message die to `wp-includes/functions.php => function is_blog_installed` I can work on this point but before I spend time, I need approval from the WordPress team that they will accept such modification or that not be accepted " mhmdyassin07 4 Needs Dev / Bug Wrangler Feedback 39641 "Idea: Move ""Updates"" from ""Dashboard"" to ""Tools""" Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2017-01-19T17:15:05Z 2017-01-20T19:59:15Z "When plugin/theme/core updates are available, a new submenu gets added to `wp-admin` for ""Updates."" IIRC, this location was picked because for a few reasons: * Updates are important, so put them towards the top * There is no ""Notification Center"" so this is the next best place * This is the site communicating to the user, so ""Dashboard"" has a logical association Revisiting this, having had this show up for myself recently, ""Dashboard"" suddenly felt... off... * Updating software in other large projects is actually a bigger deal, with dedicated top-level sections for managing it all * WordPress is logically progressing towards software updates being as invisible to the user as comfortably makes sense * ""Dashboard"" shouldn't be a dumping ground for ""this has no other home"" type pages * A ""Notification Center"" for individual users exponentially complicates how this interface works. Do ""global"" notifications exist? Does clearing it for one user clear it for all users? How do we re-check, without user-transients? Obviously, all of this is premature for this idea anyways... So, this got me thinking about our other ambiguously named top-level-menu item: ""Tools"" * Upgrades and updates are technically tools being ran with a mostly-acceptable interface on top of them * The ""Available Tools"" page is a pretty lonely place to be * Plugins already have started putting their own tools in that tools menu, so why not core? I'll attach a screenshot of a relocated submenu to help visualize, and please feel free to close this issue if the notion is premature or silly or whatever." johnjamesjacoby 2 Needs Dev / Bug Wrangler Feedback 39364 Introduce a trigger to handle a custom queue job and run them Upgrade/Install 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-12-21T17:03:28Z 2023-03-23T00:11:28Z "While I was creating a plugin which imports theme demos. I have to utilize the `wp.updates` for AJAX way to import and delete the demo packs but unfortunately there are no any trigger which I can utilize to update the queue job for demo by using its action and data in `wp.updates.queueChecker`. As a fix I have introduced a trigger in a patch file :) Any procedure to the extend self-executing anynonmous function `wp.updates.queueChecker` below with only trigger `$document.trigger( 'wp-updates-queue-job', job );` is much appreciated :) {{{ ( function( $, wp ) { var $document = $( document ); wp = wp || {}; /** * The WP Updates object. * * @type {object} */ wp.updates = wp.updates || {}; /** * Sends an Ajax request to the server to delete a demo. * * @param {object} args * @param {string} args.slug Demo Pack. * @param {deleteDemoSuccess=} args.success Optional. Success callback. Default: wp.updates.deleteDemoSuccess * @param {deleteDemoError=} args.error Optional. Error callback. Default: wp.updates.deleteDemoError * @return {$.promise} A jQuery promise that represents the request, * decorated with an abort() method. */ wp.updates.deleteDemo = function( args ) { var $button = $( '.theme-actions .delete-demo' ); args = _.extend( { success: wp.updates.deleteDemoSuccess, error: wp.updates.deleteDemoError }, args ); if ( $button && $button.html() !== wp.updates.l10n.deleting ) { $button .data( 'originaltext', $button.html() ) .text( wp.updates.l10n.deleting ); } wp.a11y.speak( wp.updates.l10n.deleting, 'polite' ); // Remove previous error messages, if any. $( '.theme-info .update-message' ).remove(); $document.trigger( 'wp-demo-deleting', args ); return wp.updates.ajax( 'delete-demo', args ); }; /** * Updates the UI appropriately after a successful demo deletion. * * @typedef {object} deleteDemoSuccess * @param {object} response Response from the server. * @param {string} response.slug Slug of the demo that was deleted. */ wp.updates.deleteDemoSuccess = function( response ) { wp.a11y.speak( wp.updates.l10n.deleted, 'polite' ); $document.trigger( 'wp-demo-delete-success', response ); }; /** * Updates the UI appropriately after a failed demo deletion. * * @typedef {object} deleteDemoError * @param {object} response Response from the server. * @param {string} response.slug Slug of the demo to be deleted. * @param {string} response.errorCode Error code for the error that occurred. * @param {string} response.errorMessage The error that occurred. */ wp.updates.deleteDemoError = function( response ) { var $button = $( '.theme-actions .delete-demo' ), errorMessage = wp.updates.l10n.deleteFailed.replace( '%s', response.errorMessage ), $message = wp.updates.adminNotice( { className: 'update-message notice-error notice-alt', message: errorMessage } ); if ( wp.updates.maybeHandleCredentialError( response, 'delete-demo' ) ) { return; } $( '.theme-info .theme-description' ).before( $message ); $button.html( $button.data( 'originaltext' ) ); wp.a11y.speak( errorMessage, 'assertive' ); $document.trigger( 'wp-demo-delete-error', response ); }; /** * Pulls available jobs from the queue and runs them. */ wp.updates.queueChecker = function() { var job; if ( wp.updates.ajaxLocked || ! wp.updates.queue.length ) { return; } job = wp.updates.queue.shift(); // Handle a queue job. switch ( job.action ) { case 'install-plugin': wp.updates.installPlugin( job.data ); break; case 'update-plugin': wp.updates.updatePlugin( job.data ); break; case 'delete-plugin': wp.updates.deletePlugin( job.data ); break; case 'install-theme': wp.updates.installTheme( job.data ); break; case 'update-theme': wp.updates.updateTheme( job.data ); break; case 'delete-theme': wp.updates.deleteTheme( job.data ); break; default: break; } $document.trigger( 'wp-updates-queue-job', job ); }; })( jQuery, window.wp ); }}} " shivapoudel 4 Needs Dev / Bug Wrangler Feedback 50674 Plugin and Theme Update Hooks pbiron* Upgrade/Install normal normal Future Release enhancement accepted dev-feedback 2020-07-15T22:48:19Z 2020-10-19T18:10:59Z With plugin and theme auto-updates shipping with core in 5.5, I think it's worth considering adding some more hooks around the plugin and theme process to perhaps run prior to and after a particular update is run. Hooks like `plugin_updated` and `theme_updated`, and maybe some `pre_*` versions of those. davidbaumwald 9 Needs Dev / Bug Wrangler Feedback 60692 Plugin dependencies: Allow a mu-plugin to fulfil a dependency Upgrade/Install trunk normal normal 6.6 enhancement new dev-feedback 2024-03-05T10:59:05Z 2024-03-05T12:00:04Z "See discussion on #60504 for background. An inactive plugin that has a dependency that is fulfilled by a mu-plugin is prevented from being activated as its dependency is considered unfulfilled. It should be possible for a mu-plugin to fulfil a plugin dependency. It may be that a new filter or a default mu-plugin loader needs to be introduced so facilitate this." johnbillion 1 Needs Dev / Bug Wrangler Feedback 59182 Plugin/theme zip update screen max-width Upgrade/Install 5.5 normal minor Awaiting Review enhancement new dev-feedback 2023-08-24T09:55:54Z 2023-08-26T05:22:21Z "Hi, Can we set the max-width to 100rem instead of 40rem? Current CSS for wrap class. {{{ .update-php .wrap { max-width: 40rem; } }}} it should be {{{ .update-php .wrap { max-width: 100rem; } }}} let me know if this makes sense or not, please. For more information see mentioned screenshot below. " sumitsingh 2 Needs Dev / Bug Wrangler Feedback 47837 Proposal: Componentized Upgrades Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2019-08-05T15:58:02Z 2021-03-02T16:14:50Z "Recently there has been some talk about the cadence of updates for components of WordPress compared to the core updates. The current practice is that new functionality is added into subversions (5.1, 5.2, etc) and only bug fixes are in minor versions (5.2.1, 5.2.2, etc). However there are components that are having releases quicker then core, meaning that users may not see additional functionality until the next version release, which can be months away. This proposal, at a high level, is intended to propose a solution that allows for a user to update components outside of the core updates. === Mockup '''Important''': this is just a concept mockup for discussion purposes to highlight some of the functionality. === Accessibility Note The mockup above and the functionality described below is most likely not the ideal way to implement the functionality in a completely accessible way. Those who are more knowledgable on the subject should be consulted to modify the functionality in a way that works for all users. === Functionality The main concept is to have the ability to update components independently from core if they become available. The mockup above represents a timeline between the currently installed version of Core (v5.2.2 above) and the currently planned version (v5.3). The '''WordPress Core''' line, by default is collapsed and would not show the components below it. This would then function as the current upgrade functionality does and update all components at the same time. Expanded, this allows the user to upgrade individual components as they wish. In the mockup: * '''Black Dots''' indicate the current installed version for Core and components. * '''Green Dots''' are versions available to install. * '''Red Dots''' are unavailable to install (see more below). * '''Yellow Dots''' are next versions in development with estimated release schedule. * '''Red Line''' Current Day. * '''Dotted Line''' future. * '''Solid Line''' past. === Reading The Version State The user has the '''Wordpress Core''', '''Customizer''', '''Site Health''', and '''Passwords''' installed at v5.2.2. They have 4 newer versions of Gutenberg installed and one newer version of the Rest API installed. If the user upgraded Core to v5.2.3, it would update all components to that point, meaning that Core defines the minimum version for all components. On the Gutenberg line, for example, the user has a version installed and can, if they wish, go back up to two versions (two grey dots), however, because of an update change in the version + 2 (first grey dot), they are unable to back port the version before that (two red dots). Perhaps a DB change or something. The user can, however, upgrade an additional version (which was released the same day at v5.2.3 core) but the next newer version requires core to be at v5.2.3 so it is unavailable to update (or another reason, who knows). The '''Site Health''' component is unable to be updated because it might require the newer version of '''Rest API''' as an example. Hovering or clicking on the dots allows the user (either via popup, tool tip or another means) to see details on that release, upgrade to it if available, and link to release notes. On future releases (yellow dots), the information can show the estimated release date, etc. === Expanded Plugin Support The concept above could also be expanded to third-party plug-ins and themes. Integration with Site Health could be included as well, for example, if 5.2.4 required a newer version of PHP then is currently installed, the dot for it would go red and allow the user to see what is blocking the upgrade to it before the release of it." mdwolinski 7 Needs Dev / Bug Wrangler Feedback 58808 Proposal: track object cache type in update checks Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2023-07-14T10:54:07Z 2023-07-14T16:49:23Z "Related: #56751, #48116 I think it would be helpful to send the `wp_using_ext_object_cache()` value as part of the update requests. We already send the list of installed PHP extensions, so it's possible to know whether e.g. redis or memcached are installed, but not if they are actually used. Ideally we would also know the exact type of object cache that is being used (e.g. if it's actually redis or memcached or something else). That would be also very useful for the `wp cache type` command, [https://github.com/wp-cli/cache-command/issues/68#issuecomment-1433755427 as suggested here]. This could be done via `WP_Object_Cache::get_type()` and a `wp_cache_type()` function for example." swissspidy 3 Needs Dev / Bug Wrangler Feedback 58281 Rollback Auto-Update (Rollback part 3) afragen Upgrade/Install 6.3 normal normal 6.6 enhancement assigned dev-feedback 2023-05-10T02:31:58Z 2024-02-21T18:22:14Z "This is Rollback part 3. It began with `move_dir()` in WP 6.2 for part 1. Part 2 was completed with #51857 in WP 6.3. This brings us to part 3. Part 3 is Rollback for auto-updates. When manually updating plugins if the plugin has a fatal error on reactivation, the plugin is prevented from reactivating. Unfortunately, during an auto-update, this reactivation check doesn't occur and the the next time the site runs users will see the WSOD. Rollback Auto-Update performs a similar re-activation check and if there is a fatal error it is captured in an error handler and the previously installed plugin is restored. If this occurs an email will be sent notifying the site admin of the failed update and rollback. After the rollback, the pending auto-updating for core and theme updates are restarted. This code is currently running for everyone who has the [https://wordpress.org/plugins/rollback-update-failure/| Rollback Update Failure] feature plugin installed. I personally have been testing this using a plugin that will fatal if the update occurs. The plugin is on my test site, active, and set to auto-update. I have been running like this since the beginning of the year. The PR is slightly different than the code in the feature plugin. Please test, run the feature plugin on your site, and review the code in the PR. Mostly give us your comments and feedback. props @costdev and @pbiron for continuing code review, rubber ducking, and sanity checks." afragen 34 Needs Dev / Bug Wrangler Feedback 57280 Security automatic updates for plugins and themes Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2022-12-06T02:50:08Z 2022-12-06T17:04:31Z "The option to enable automatic security updates for plugins and themes would allow users to secure their websites without worrying too much about significant/major breaking features. This enhancement would allow more granular control of auto-updates without forcing users to update to major releases. I propose new toggles in the WordPress Updates page under the Plugins and Themes section at wp-admin/update-core.php: This site's plugins are automatically kept up to date with each new version **Switch to automatic updates for maintenance and security releases only. ** This site's plugins are automatically kept up to date with maintenance and security releases. **Enable automatic updates for all new versions. ** The same logic would be applied to themes. Defining what kind of updates apply to security would be challenging, so I propose starting with popular or problematic plugins." JosVelasco 2 Needs Dev / Bug Wrangler Feedback 49963 Security of failed update/rollback Upgrade/Install 5.5 normal major Awaiting Review enhancement new dev-feedback 2020-04-20T20:31:29Z 2020-04-20T20:44:53Z "As discussed on the [[https://make.wordpress.org/core/2020/04/16/devchat-meeting-summary-april-15-2020/|previous devchat]] in case of failed update/rollback there are email notifications. Idea is good: any errors related to Core, Plugin or Theme update should be reported to an email of admin as soon as possible. But in the real world there are too few properly configured mail servers in wordpress and servers at all. Actually there is no good documentation how to set up email: https://wordpress.org/search/mail In addition there are a lot of ''lazy'' administrators with email addresses like admin@example.com or something similar. Thus so many **really important mails** about failed update/rollback will be send to `/dev/null`. It is security issue because website will be inconsistent state indefinite amount of time (for example login plugin not updated and not rollbacked). 1. Do you know how many wordpress installs have properly configured mails? 2. How to motivate admins to use real email addresses? 3. Maybe there is sense to prepare good documentation about mailing in wordpress? 4. Should auto-updates plugin works at all wothout properly configured emergency notifications? * Original Github Issue: https://github.com/WordPress/wp-autoupdates/issues/83 * Feature Plugin: WP Auto-updates https://make.wordpress.org/core/2020/02/26/feature-plugin-wp-auto-updates/" mahnunchik 2 Needs Dev / Bug Wrangler Feedback 58380 Setting time limit for updates doesn't always work. pbiron* Upgrade/Install normal normal 6.6 enhancement accepted dev-feedback 2023-05-23T13:34:30Z 2024-02-12T09:05:39Z "Warning: set_time_limit(): Cannot set max execution time limit due to system policy in /customers/7/5/e/lucasgent.be/httpd.www/***/wp-admin/includes/class-wp-upgrader.php on line 475 I usually comment out these lines since on my host one.com I ALWAYS get this additional warning line after succesfull updates. Is there something that can be done, so I don't have to do this for each new WP site...? Maybe a sort of option where you can enable/disable this? " NekoJonez 16 Needs Dev / Bug Wrangler Feedback 17451 Unify plugin update notices and include changelog data nacin* Upgrade/Install normal normal enhancement accepted dev-feedback 2011-05-16T09:23:25Z 2019-06-04T21:07:00Z "Currently the after_plugin_row hook is only used on plugins.php which is used by the Changelogger plugin to show plugin changelogs inline. If the hook is also added to the bottom of list_plugin_updates in update_core.php then changelogs could also be displayed on that page too. It's only a single line change so not sure how/if it's worth me attaching a patch for this?" dempsey 11 Needs Dev / Bug Wrangler Feedback 15924 Add 'media_default_link_type' option to parallel 'image_default_link_type' Upload normal normal Future Release enhancement new dev-feedback 2010-12-20T21:12:12Z 2019-05-15T20:48:42Z "It is often recommended that site owners change the 'image_default_link_type' option to ""none"" if they don't plan on linking to full size images often from their posts. The problem is that this also affects the default link type for other media (uploaded zip files, pdfs, etc.) Adding an additional option for 'media_default_link_type' which behaves in the same way would get around this problem. " goldenapples 6 Needs Dev / Bug Wrangler Feedback 48477 Add a hook before creating image sub-sizes Upload 5.3 normal normal Future Release enhancement new dev-feedback 2019-10-31T22:49:49Z 2020-02-10T18:21:29Z "Since things are moving for media thumbnails lately, it could be a good time to add a hook that fires right before thumbnails are created. It would allow plugins to perform operations on the main file for example." GregLone 14 Needs Dev / Bug Wrangler Feedback 58155 Add filter to allow large image scaling of PNGs Upload 5.3.1 normal normal Awaiting Review enhancement new dev-feedback 2023-04-18T21:01:22Z 2023-04-19T15:49:31Z "Due to Issue #48736,large image downscaling of PNGs is disabled because sometimes the new images are larger in filesize than the originals (particularly with PNG-8). This is reasonable but should be filterable with the current state as the default. There are use cases where users rarely, if ever, upload PNG-8s but do upload massive PNG-24s that would benefit from downscaling. Devs should be able to turn this feature on for PNGs as needed. " pelstudio 2 Needs Dev / Bug Wrangler Feedback 6814 Async media crunching adamsilverstein Upload 2.5 normal normal Future Release enhancement assigned dev-feedback 2008-04-23T00:19:05Z 2022-08-24T14:14:22Z "The upload part of the new multi-uploader is pretty nice now, but it blocks on the ""crunching"" phase, which can sometimes take 20-60 seconds, I assume to create medium thumbnails and such. The crunching part of the upload should not block the next file beginning the upload process, it should happen asynchronously with the rest of the process." matt 18 Needs Dev / Bug Wrangler Feedback 50188 Disable Media uploader if PHP file_uploads is disabled Upload normal minor Awaiting Review enhancement new dev-feedback 2020-05-16T19:32:36Z 2024-01-24T09:26:51Z "Based on ticket #50038, if the PHP configuration is {{{file_uploads = Off}}} we should disable the Media upload. Actually, when you upload a file and the file_uploads is disabled, WordPress uploads the file with a progress bar and, at the end, it gives an error because is disabled. This should affect the Media upload, probably it should tell something like ""You can't upload a file, please check the Site Health for more information"" (or something like that) but also, in any file upload (like the Image / Video / Audio on Gutenberg) should allow to pick from the media but not show the upload button, also the plugin / theme upload." JavierCasares 10 Needs Dev / Bug Wrangler Feedback 24251 Reconsider SVG inclusion to get_allowed_mime_types Upload normal normal Awaiting Review enhancement reopened dev-feedback 2013-05-02T19:36:57Z 2023-03-27T19:24:23Z "There are some who think SVG should be included in core as an allowed mime type. Makes fine enough sense to me, since there is a good argument for it, and we have support for WordPerfect documents...so there's that. Related: #20990" JustinSainton 98 Needs Dev / Bug Wrangler Feedback 45725 Unable to use the UPLOADS constant with WordPress in a different directory Upload normal normal Awaiting Review enhancement new needs-docs 2018-12-20T13:07:46Z 2019-01-16T06:50:09Z "=== The problem === When WordPress is installed in a different directory (you can achieve that by following [[https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory|these instructions]]), the **UPLOADS** constant is unable to function correctly in some cases according to the **wp_upload_dir()**'s output. Occasionally the constant accepts a relative path what will be appended to the **ABSPATH** constant to determine the **basedir** and to the **site_url()** function to determine the **baseurl** for the uploads location. Although WordPress does let you move the CMS (it actually can be anywhere on the filesystem), however the uploads directory will always be relative to the CMS directory (**ABSPATH** constant) when using the **UPLOADS** constant. === The use case === There are multiple use cases which will be affected by this but let's consider the next few parameters: * Website URL: example.com * Website DIR: /foo/bar * WordPress URL: example.com/wordpress * WordPress DIR: /foo/bar/wordpress Our goal is to store uploads at: * Uploads URL: example.com/uploads * Uploads DIR: /foo/bar/uploads However when we defining the UPLOADS constant as 'uploads', will result in the following: * Uploads URL: example.com/wordpress/uploads * Uploads DIR: /foo/bar/wordpress/uploads You might wonder what will happen when we use an absolute value for the constant instead, in this case '/foo/bar/uploads' is used: * Uploads URL: example.com/wordpress//foo/bar/uploads * Uploads DIR: /foo/bar/wordpress//foo/bar/uploads === The solution === Possible solutions where I could came up with are, the two following: * Add another constant like **ABSPATH** to the index.php, this could be tricky for some people to update but the benefits of it are very useful. It will allow you to use one WordPress installation for all your WordPress websites. How you might wonder? [[https://stackoverflow.com/a/39195424/3157038|This is how]], I've been using this already for years! * Another solution could be to introduce a new constant specifically for the uploads directory path and only use the current **UPLOADS** constant for the url. Both of these solutions require to be implemented into the **_wp_upload_dir()** function [[https://core.trac.wordpress.org/browser/tags/5.0/src/wp-includes/functions.php#L1972|on line 1972 in wp-includes/functions.php]] Have a look at the patch attached to this ticket, with the patch WordPress will introduce both the **UPLOADS_DIR** and **INDEX_ABSPATH** constant. According to some tests I did it should also be backward compatible." Fleuv 1 Needs Dev / Bug Wrangler Feedback 38481 wp_handle_upload_prefilter not used before deriving attachment title Upload 4.6.1 normal normal Awaiting Review enhancement new dev-feedback 2016-10-25T08:30:18Z 2019-03-26T21:28:44Z "I created a module that modifies upload behavior. I use the wp_handle_upload_prefilter to alter the $_FILES data - specifically the 'name' property of the uploaded file. This works well for changing the name of the file being stored in the file system, but the title of the attachment post still accesses the $_FILES['async-upload']['name'] on line 281 of media.php. To be able to override the title, I had to hook into the 'sanitize_title' filter on line 293 of media.php - and doing that is, in my book, a hack. This sanitize_title filter should specify a context." frodeborli Needs Dev / Bug Wrangler Feedback 41544 $id_or_email parameter in get_avatar filter needs to be more concrete Users normal normal Awaiting Review enhancement new dev-feedback 2017-08-03T10:16:03Z 2017-10-14T14:06:35Z "In the {{{get_avatar}}} and {{{pre_get_avatar}}} filters there is a parameter {{{$id_or_email}}} which documented as: > The Gravatar to retrieve. Accepts a user_id, gravatar md5 hash, user email, WP_User object, WP_Post object, or WP_Comment object. There might be anything, but how to get user from it? So, in filter callback function, developer have to check all of these types to determine the actual user identifier. Like here https://core.trac.wordpress.org/browser/tags/4.8.1/src/wp-includes/link-template.php?rev=41211#L3923-L3965 Would be much more better to have more concrete value type in {{{$id_or_email}}} parameter (for example user ID) passed to {{{get_avatar}}} and {{{pre_get_avatar}}} filters. Really. " dikiy_forester 8 Needs Dev / Bug Wrangler Feedback 49639 Add a filter on wp_insert_user function regarding $user_pass Users normal normal Awaiting Review enhancement new dev-feedback 2020-03-13T06:40:12Z 2021-07-02T11:12:09Z "/5.3/src/wp-includes/user.php `function wp_insert_user ( $userdata )` 1542 line Please apply the below filter so that I can add a rule on user typed password before hashing the password. {{{ $pre_user_password = apply_filters( 'pre_user_password', $user_pass ); }}} Thank you. Best regards, Jen" stokim 4 Needs Dev / Bug Wrangler Feedback 39242 Add caching to count_user_posts() whyisjake* Users 3.0 normal normal Future Release enhancement accepted needs-unit-tests 2016-12-11T23:24:32Z 2023-01-17T18:46:29Z "The `count_user_posts()` function does not cache the results of its query. On the surface, this seems easy enough, but since it accepts multiple parameters and intersects with page/post editing, it starts to get complex quickly as authors change, posts are transitioned from public to private, and custom post types do more elaborate things. Since some themes use this directly (Twenty Fourteen, et al) and the REST API exposes this data too, there's at least a small win from not hitting the database for each and every check. Eventually, `count_many_users_posts()` may be able to check for cached counts for existing users, and only query for (and prime the caches of) users who do not already have cached counts." johnjamesjacoby 16 Needs Dev / Bug Wrangler Feedback 45359 Add checkbox to enable or disable sending out emails on password changes from backend Users 4.9.8 normal normal Awaiting Review enhancement new dev-feedback 2018-11-15T16:54:29Z 2023-01-21T13:14:12Z "Could we please add a checkbox on the user backend, that will toggle the sending of emails when something is changed in the backend, eg. and most important, the password? It is a huge mistake trigger when developing sites or debugging staging/live sites with users or customers. A little checkbox below the password field to stop WP from sending out a notification would be so great!" atz 7 Needs Dev / Bug Wrangler Feedback 49046 Add filter to send_confirmation_on_profile_email() SergeyBiryukov Users normal normal Future Release enhancement reviewing dev-feedback 2019-12-19T17:54:41Z 2020-02-10T18:47:17Z To be consistent with the other user notifications, all aspects of this email should be filterable, not just the content. jfarthing84 4 Needs Dev / Bug Wrangler Feedback 46035 Add set_display_name method to WP_Roles class Users normal normal Awaiting Review enhancement new dev-feedback 2019-01-18T13:44:45Z 2019-02-01T05:29:27Z "Currently, people are following tutorials on line on how to 'change' the display name of certain user roles in WordPress, by basically overwriting the name property every time on either `init` or `admin_init` hook. This is total overkill, and a hacky way to change the role display name (not role name which governs the capabilities stored in the database). If there was a method `set_display_name` (and a corresponding getter `get_display_name`) this cosmetic change could be done only once on plugin activation - this change would then be permanent in the database and you wouldn't need to run the 'rewrite' all the time just to change name (Editor to Blog Editor for instance, or Administrator to Operations). Only way, to do this now is to copy the entire `WP_Role` object, then remove the original one, change one property and add a 'new' role. This feels super hacky to me. Thoughts, opinions, suggestions?" dingo_d Needs Dev / Bug Wrangler Feedback 22277 Admin (not just superadmin) should be able to add user without confirmation email in multisite morganestes Users 3.4.2 normal normal enhancement assigned dev-feedback 2012-10-25T18:04:19Z 2019-06-05T06:38:51Z I don't know why admins would be restricted from adding existing users without sending them a confirmation, but they are in multisite. You have to be a superadmin to get that option. I think that is lame, and would like to see admins have that admin option. Is there is a reason why it is that way (security etc)? Since neither @markjaquith nor I could remember a reason, making this ticket and hoping we fix it. jane 12 Needs Dev / Bug Wrangler Feedback 42326 Allow for user deletion in multisite Users 3.0 normal normal Awaiting Review enhancement new needs-unit-tests 2017-10-24T18:30:56Z 2017-10-24T21:19:24Z When multisite is enabled, it is impossible to completely delete user a user. A user is only removed from a site. However, if a user is has no sites on the network, then it should be safe to remove them. spacedmonkey 2 Needs Dev / Bug Wrangler Feedback 22921 Allow get_users() to return array of values via 'fields' parameter Users 3.5 normal normal enhancement new dev-feedback 2012-12-13T17:39:24Z 2021-04-14T13:24:16Z "Currently, the `'fields'` parameter in the arguments array for `get_users()` only accepts either an array of user data fields, or the string `'all'`. Both of these options cause `get_users()` to return an array of object comprised of the specified user data. Passing any other string value to `'fields'` causes `get_users()` to return an array of user IDs. Per the Codex: > Array of objects, '''except when fields specifies a single field to be returned, then an array of values is returned'''. If fields is set to all_with_meta, it will return an array of WP_User objects. This statement appears to be untrue, but would be incredibly useful if it were true. Patch adds this functionality to `get_users()`. Potentially related: #18581" chipbennett 16 Needs Dev / Bug Wrangler Feedback 39123 Allow usernames to be changed by administrators Users normal normal Awaiting Review enhancement new needs-unit-tests 2016-12-06T21:25:53Z 2017-11-21T17:13:11Z "Usernames cannot be changed. I'd like to propose that users who have the `edit_users` capability (administrators on single site installations, and super admins on multisite installations) are given the ability to update a user's username from their profile editing screen. The historical reason for disallowing changes to usernames is not clear, but it's most likely related to the generation of the `user_nicename` field which ideally needs to remain persistent so author archives don't 404. However, this can be addressed in the same way as changes to post slugs, where a user's old usernames and nicenames are recorded in usermeta when their username is updated (and their nicename is regenerated) and a canonical redirect can kick in to redirect to the new author archive URL. Any other considerations to make if usernames are allowed to be changed by administrators?" johnbillion 19 Needs Dev / Bug Wrangler Feedback 48879 Changing Site Admin Email Assumes Username and Who Took the Action (which may be incorrect) Users 5.3 normal minor Future Release enhancement new dev-feedback 2019-12-04T20:12:16Z 2024-03-15T16:47:52Z "(Note that this is on MultiSite and I don't know exactly how it functions on a single site install.) I think the email message that is sent when someone updates a Site Admin Email Address should be modified as to NOT be addressed: Dear CURRENT_USER_NAME, and shouldn't say that ""YOU"" have recently requested to update the email. If I want to change the site admin email for a site, the confirmation email goes to the new email address (say, a client), but the email says ""Dear MadtownLems,"". We have had a few cases now where these emails alarmed users and thought they were phishing attempts or had been hacked. This is very confusing for our users, as they have received an email addressed to someone else, and it tells them that they tried to do something that they may not have tried to do. Rather, I believe the text would be much cleaner if it said something like: ""Someone ('MadtownLems') has requested to update the email address for the site..."" " MadtownLems 7 Needs Dev / Bug Wrangler Feedback 48563 Changing site admin email address is backwards Users normal normal Awaiting Review enhancement new dev-feedback 2019-11-11T16:31:28Z 2021-04-27T00:43:26Z "The current process for changing the admin email address in the General settings tab seems pretty sketchy to me. Currently: 1. Change the email address. 2. Confirmation email is sent to the NEW admin. 3. New admin confirms 4. Email sent to OLD admin to inform him or her it was done. It should be: 1. Change the email address. 2. Confirmation email sent to OLD admin to be sure it’s ok to change this very important information. 3. Old admin confirms it’s ok (or freaks out and starts changing passwords because he or she did not initiate this process). 4. Email is sent to NEW admin to accept the invite and to verify the address. 5. NEW admin confirms address and accepts new responsibility. 6. Email goes to old admin to let them know the process has been completed." maguijo 6 Needs Dev / Bug Wrangler Feedback 43748 Create new action edit_user_updated_user similar to edit_user_created_user Users normal normal Awaiting Review enhancement new dev-feedback 2018-04-12T16:11:30Z 2018-05-23T19:45:11Z I would like to see a new action `edit_user_updated_user` similar to the `edit_user_created_user` action so I can run custom actions (i.e., updating an external API with the changed data). macbookandrew Needs Dev / Bug Wrangler Feedback 26195 Deleting users asks for reassigning posts even when there is no post/comment Users 3.7.1 normal normal enhancement new dev-feedback 2013-11-24T14:35:55Z 2019-06-05T06:39:36Z "When deleting a single user or bulk deleting users, the confirmation page asks what should be done with the posts of the user. However, this question should not be displayed, if the sum of the posts of these user(s) is 0. Then, the delete button should become immediately active. This change would make deletion safer, as ""real"" users would be less likely to be deleted in error. Recommended user interface: - No posts present: ""This user/these users have no post"", followed by an active ""delete users"" button - Posts present: ""This user/theses users have a total of [number] posts"", followed by the current delete/assign query. " MarcelWaldvogel 5 Needs Dev / Bug Wrangler Feedback 58312 Display password hint on additional screens Users 4.3 normal normal 6.6 enhancement new dev-feedback 2023-05-14T20:39:22Z 2024-02-12T15:00:40Z "In WordPress 4.1.0, the function `wp_get_password_hint` was introduced. This function returns a hint to display to the user when creating a new password. Currently, it is only used when user go through the ""Forget password"" steps. This ticket and the PR with it add the password hint to three screens, WordPress install screen, new user screen and user profile screen." petitphp 13 Needs Dev / Bug Wrangler Feedback 11297 Don't email the admin when they create a user from the backend Users 2.9 low minor enhancement new dev-feedback 2009-12-01T12:05:31Z 2019-06-05T06:44:57Z "I just created the user myself. I already know I did it. I don't need to be told again. Emails should only be sent to the admin when a user registers themselves (if that is enabled). They shouldn't be sent when the admin manually creates a new user." caesarsgrunt 10 Needs Dev / Bug Wrangler Feedback 44094 Hook for WP_User data hydration to enable strong data security SergeyBiryukov Users normal normal Awaiting Review enhancement reviewing dev-feedback 2018-05-15T17:54:31Z 2019-08-27T18:30:21Z "Hi there! I'm one of the founders of Crypteron, a data-security platform for developers. I'm also active in the WordPress community, an organizer of the [San Diego Advanced WordPress Meetup](https://www.meetup.com/Advanced-WordPress), an admin of the [Advanced WordPress Facebook Group](https://www.facebook.com/groups/advancedwp) (with over 30,000 members) and a past speaker and organizer at WordCamp San Diego. For the past 8 months I've been working on a free plugin called **EncryptWP** that brings military-grade data-security to WordPress. It automatically encrypts and decrypts sensitive user data such as names, email addresses and physical addresses and even supports secure, searchable encryption. It's been a labor of love and is available for beta testing at https://github.com/crypteron/encryptwp. The reason I'm posting a ticket here is that I've had to resort to a non-ideal approach to automatic decryption of native (non-meta) user fields within WordPress. Ideally I would decrypt sensitive user data right after it's loaded from the database as it is hydrated into the `WP_User` object. Unfortunately, no hook is fired during this process. I strongly believe that one should be. Instead, I decrypt native user fields using a combination of the filters: `edit_user_{{$field}}`, `{{user_{{$field}}`, `the_author`, and `wp_dropdown_users`. This approach works but has some major downsides: * The `edit_user_{{$field}}` and `user_{{$field}}` filters are only fired when `$user->filter` is truthy (See line 308 of `class-wp-user.php`). I do my best to ensure that this value is set, but plenty of plugins interact with `WP_User` objects without setting their `filter` property. This results in some plugins outputing encrypted text for fields such as `display_name`. * The `edit_user_{{$field}}` and `user_{{$field}}` filters are fired in the `sanitize_user_field` method which, fundamentally, is not a logical place for this sort of operation. * Some native WordPress code bypasses the `sanitize_user_field` method so I've had to add additional filters for `the_author` and `wp_dropdown_users` (using a RegEx!) * Rather than decrypting all sensitive data once, I have to decrypt it every time it is fetched which is inefficient. Despite all of this, EncryptWP works very well. I think the plugin can be a game-changer for WordPress, making HIPAA compliant WordPress sites possible not to mention the new world of GDPR compliance. We have an ambitious, technical road map for the plugin including extending it to handle user-defined meta keys, encrypting `wp_post` and `wp_options` data, key management, and more. But I'd really love to get it 100% compatible and performant with all plugins and, in order to do that, we really need a `WP_User` hydration filter. Such a filter could benefit many other plugins as well and is guaranteed to be backward compatible with all other sites since it would not change existing behavior. I would envision that the filter could be added within the [WP_User->init](https://github.com/WordPress/WordPress/blob/master/wp-includes/class-wp-user.php#L170) method: {{{#!php data = apply_filters('init_user_data', $data, $site_id); $this->ID = (int) $data->ID; $this->for_site( $site_id ); } }}} Please let me know your thoughts on adding this new filter. One line of code can make all the difference! " yguez 9 Needs Dev / Bug Wrangler Feedback 49258 Improper Session Termination Users 5.1.1 normal normal Awaiting Review enhancement new dev-feedback 2020-01-21T09:45:13Z 2023-08-23T05:37:46Z After Logout into wordpress back-end when we press “Back” button of the browser an authenticated page got displayed without entering any valid credentials. vishal05 4 Needs Dev / Bug Wrangler Feedback 38109 Improvements to user deletion Users normal normal Awaiting Review enhancement new dev-feedback 2016-09-20T13:50:32Z 2019-04-01T23:06:06Z "User deletion in WordPress, at the moment, is not straightforward. When you click ""delete"" on users who have authored content, you are presented with this ultimatum: [[Image(https://i.imgur.com/11ex3hz.png)]] At my company, we build and host WP sites for clients and we almost never make decisions about content. But we do sometimes want to delete users, for instance in the situation where a person who works for a client leaves their position as they have been promoted or left for another job. In that case we would like to be able to delete the user account of that person. But without knowing how to answer the question of which user to assign their content to, we're forced to ask the client to make that decision. With a view to making it possible for sysadmins to delete users without having to consult with the client, I'd like to propose two solutions: 1. WordPress disassociates user accounts from authorship information (like in the Automattic plugin [https://wordpress.org/plugins/co-authors-plus/ co-authors-plus]) 2. WordPress allows deactivating user accounts so that the user can no longer login or reset their password, but the account still exists" tomdxw 1 Needs Dev / Bug Wrangler Feedback 33209 Inviting a new user to Multisite results in password being emailed Users normal normal Future Release enhancement new dev-feedback 2015-07-30T22:16:59Z 2019-06-11T13:07:41Z "If you add a new user from a site users page (NOT the network one, {{{/sitename/wp-admin/user-new.php}}} ) the flow results in a password being emailed in plaintext. 1) Add new user 2) New user gets email to activate 3) Activate link (ex. {{{example.com/sitename/wp-activate.php?key=5324e8cf2cef143b}}} ) shows the new password 4) The following email is sent: {{{ Howdy anotherstenu, Your new account is set up. You can log in with the following information: Username: anotherstenu Password: 78HoBi6oFSf9 http://local.multisite-pre.dev/blarg/wp-login.php Thanks! --The Team @ Multisite Naked Sites }}} Whoops. It looks like this can be fixed for new sites by updating wp-includes/ms-functions.php, however this is set in the database on Network Activation, which means even changing core doesn't update the myriad sites who are merrily emailing out passwords because this is set (wp admin -> Network settings -> Welcome User Email) {{{ Howdy USERNAME, Your new account is set up. You can log in with the following information: Username: USERNAME Password: PASSWORD LOGINLINK Thanks! --The Team @ SITE_NAME }}} The attached patch addresses new setups and doesn't break existing ones since I'm really not sure what's best here. I want to say we should edit everyone's DB and change the above block to this: {{{ Howdy USERNAME, Your new account is set up. Username: USERNAME To set your password, visit the following address: Thanks! --The Team @ SITE_NAME }}} However there are myriad people who have customized that simply because they can, and I fear the damage of breaking them." Ipstenu 23 Needs Dev / Bug Wrangler Feedback 12295 More support to customize user profile edit page nacin* Users 3.0 normal normal Awaiting Review enhancement accepted dev-feedback 2010-02-19T21:14:01Z 2022-06-23T14:29:20Z "Right now I can edit the contact methods via the user_contactmethods filter, but I can not modify or remove the Personal Options or the Name Options. I want to keep the interface as simple as possible for my users, and I don't think that they need to edit this settings at all. If wp wants to be a cms, it should give me control over this aspect as well. At least, give me custom css-ids, so I can remove it via css!" pampfelimetten 34 Needs Dev / Bug Wrangler Feedback 12682 Multiple password reset emails can be annoying Users 2.9.2 normal normal Future Release enhancement assigned dev-feedback 2010-03-23T15:51:01Z 2023-11-27T01:33:37Z "There's a security flaw mentioned in #10006: an attacker can bother users with password reset emails. The problem was reported on support forums by a user receiving hundreds of these emails. He proposed to introduce some kind of a timeout for password reset requests. Is it possible?" SergeyBiryukov 13 Needs Dev / Bug Wrangler Feedback 40348 Option to enable User Dashboard on single-site installations Users 3.0 normal normal Awaiting Review enhancement new dev-feedback 2017-04-03T19:45:58Z 2021-08-04T21:11:11Z "Since WordPress 3.0, the User Dashboard located at `/wp-admin/user/` has only been exposed to multisite installations. I would like the option to use this dashboard as a replacement for `profile.php`, even on single-site installations. ---- '''Why?''' Because `profile.php` is just 1 page, and plugins (like BuddyPress & bbPress) cannot user-centric data management without overriding the profile screen completely, which has the adverse affect of abandoning other plugins that have hooked into this screen. If we have to do that, we may as well invest more in the User Dashboard that already comes with WordPress core. My WP User Profiles plugin helps to re-imagine how the WordPress User experience might work & look, and comes with full integration into the User Dashboard. I'd like to bring that experience to single-site installations, and the core code currently explicitly prevents this behavior. ---- '''How?''' I believe, today, the User Dashboard should be off-by-default for single-site installations, and work as-is for multi-site installations. Plugins should be allowed to enable access to the User Dashboard, and plugins can then opt-into supporting that new dashboard in new & creative ways. I'm proposing that we simply enable this feature to function, and not that we completely jump head-first into supporting it in core and/or replacing `profile.php` entirely, at least not yet or my foreseeable future. ---- '''Caveats''' There are zero caveats for all existing WordPress installations, though as with any new feature, I can imagine the range of future scenarios from bad to good on how this could be used and/or abused. The one major bummer is that the Admin Settings API does not support either the Network or User dashboards, so saving options is still a completely custom affair. The theoretical Fields API could save us here, or maybe not. ---- This functionality is relatively easily achieved, and I'll be attaching a patch imminently." johnjamesjacoby 4 Needs Dev / Bug Wrangler Feedback 58152 Possible variable re-use mujuonly Users 6.3 normal normal Awaiting Review enhancement assigned dev-feedback 2023-04-18T10:22:04Z 2023-04-19T23:33:40Z The variable `$spam` is defined in the line 2228 in wp-includes/user.php and we can re-use the same variable in the line 2463 and 2646 mujuonly 2 Needs Dev / Bug Wrangler Feedback 23413 Provide query result data to custom user columns Users normal normal enhancement new dev-feedback 2013-02-07T15:22:53Z 2019-06-05T06:39:04Z "When the filter manage_users_custom_column is triggered, it sends an empty string for the value field. Since it's easy enough to extend the WP_User_Query with extra fields, it would be good to have those fields passed through if they exist to save having to requery the database with the user_id parameter to get the data. I have attached a patch to show what I mean." JohnC28 3 Needs Dev / Bug Wrangler Feedback 41672 REST create user: existing_user_login is returned before existing_user_email shooper Users 4.7 normal normal Future Release enhancement assigned dev-feedback 2017-08-19T01:37:10Z 2021-11-08T20:17:57Z "When I post to `/wp-json/wp/v2/users` to create a user: {{{ { ""email"": ""brianhenryie@gmail.com"", ""username"": ""brianhenryie"", ""password"": ""password"" } }}} and a user with that username and email address exists, the response is: {{{ { ""code"": ""existing_user_login"", ""message"": ""Sorry, that username already exists!"", ""data"": null } }}} whereas a more useful response would be the existing_user_email response: {{{ { ""code"": ""existing_user_email"", ""message"": ""Sorry, that email address is already used!"", ""data"": null } }}} which is learned once the original POST is updated with a new username. i.e. existing_user_email tells a user if they already have an account. This information could be used to attempt to log in." bbrian 13 Needs Dev / Bug Wrangler Feedback 58103 Show user roles when deleting users audrasjb Users normal normal Future Release enhancement reviewing changes-requested 2023-04-07T11:02:27Z 2024-02-12T20:50:24Z "When deleting an admin user, who has published something before, you will be asked to transfer the ownership of posts: {{{ Attribute all content to: }}} Then there's a list with ALL users of the site, having all sorts of roles and therefore it can be huge. My proposal is to somehow differenciate between user roles here so one can easily pick another admin." Presskopp 35 Needs Dev / Bug Wrangler Feedback 20459 Super admin should be able to bypass banned/limited domains when creating users Users normal minor enhancement new dev-feedback 2012-04-16T16:12:25Z 2019-06-05T06:38:31Z "The function `wpmu_validate_user_signup()` is run whenever a new user is created, either through self-registration (wp-signup.php) or through manual user creation by an admin. `wpmu_validate_user_signup()` does two different kinds of validation: (1) validation that is more or less technically required by WP, like spaces in usernames, email/login uniqueness, etc. (2) checks against some admin-set membership restrictions, namely, email domain whitelist (limited_email_domains) and blacklist (`is_email_address_unsafe()` and banned_email_domains). The second kind of validation is problematic in the following use case: An MS install might restrict open membership based on email domains, but the admin might occasionally want to make exceptions to the rule and manually create an account. Currently, there are two ways to bypass the built-in checks: to temporarily remove the domain restrictions at Network Admin > Settings, or to filter `'wpmu_validate_user_signup'` and remove the error messages. Having to manually change settings for this purpose is pretty hackish. The filter method works, but my experience (from consulting with a fairly large number of MS network admins) is that this is a pretty common use case, so it seems like it should be supported by default. So I'm proposing that the domain checks be skipped when `is_super_admin()`. Patch attached." boonebgorges 7 Needs Dev / Bug Wrangler Feedback 44358 Unable to search a user if username is an email address Users normal normal Awaiting Review enhancement new dev-feedback 2018-06-13T14:43:41Z 2019-01-16T06:50:09Z "If a user has an email address in his username, that user is not searched in admin user list page. Steps to reproduce: - Create a new user and use an email address as the username, e.g. `abc@gmail.com` - Make sure no user on the system has an email address which contains `abc@` in it - Search a user with `abc@` keyword. No user will be returned. I think since WordPress does not restrict the character `@` in username, the search should include username field even when there is `@` in search keyword. Does this make any sense? " subrataemfluence Needs Dev / Bug Wrangler Feedback 34316 User status inconsistent between single-site & multisite Users 1.5 normal normal Awaiting Review enhancement new needs-unit-tests 2015-10-15T19:00:15Z 2017-09-27T15:30:10Z "The way a user's status is defined in WordPress differs between single-site and multisite: * In single-site, the `user_status` column is used * In multisite, there are two additional columns for `spam` and `deleted` Not only this, but the `update_user_status()` function is multisite only, and the `user_status` column is an integer without an API to help announce what values equate to what results. On the plus side, user statuses aren't really ever used in core. Marking users as spammers in multisite installations is the only real benefit of this feature as it exists today. I'd like to propose the following: * Stop creating the the `spam` and `deleted` columns in `wp_users` on new installations * ALTER the `user_status` column from `INT(11)` to `VARCHAR(20)` ala `wp_posts` * A bevy of `wp_register_user_status()` like functions to introduce bonafide support for them * A database upgrade routine to move user status `0` to `active` and `1` to `spammer` * A new index on the `wp_users` table for the updated `user_status` column type. We may need a few, based on how users are commonly queried in core, BuddyPress, etc... * Update the `WP_User` and `WP_User_Query` classes to suss out any `user_status` inconsistencies A few considerations worth noting: * Large installations would need to manually perform these DB upgrades. I'm embarrassed to say I've personally frozen WordPress.org for several minutes years ago by missing a `DO_NOT_UPGRADE_GLOBAL_TABLES` check on the `wp_users` table * Several plugins use their own values in the `users_status` column, assuming their numeric ID is unique and special. The authors of these plugins would need notifying, and their code updating to support the above ideas * This work *could* parlay into the Post Status API that's on infinite back-burner. There are some really excellent ideas floating around about how `post_status` could work that would translate nicely to users, too" johnjamesjacoby 9 Needs Dev / Bug Wrangler Feedback 44690 Username should not accept space Users normal normal Awaiting Review enhancement new dev-feedback 2018-08-01T11:19:00Z 2021-02-27T16:17:02Z "The `username` field accepts `space`, not leading or trailing ones though. Space is usually not in the list of accepted characters. I am not sure if it is there in purpose. Ideally it should not accept this character. `Username` also accepts `@`, which is not an issue. But the problem starts when the username looks like an email address! When sending verification requests for Export and Erase private data the issue can be noticed. However, if `username` has to accept `@`, WordPress should first check whether it is validating email address pattern. If it does, I think that should be reported rather than allowing it to get saved. I explained the above issue in #44683." subrataemfluence 3 Needs Dev / Bug Wrangler Feedback 44347 WP allows creating username that is already used email address Users normal normal Awaiting Review enhancement new needs-unit-tests 2018-06-10T22:43:02Z 2019-03-02T02:03:26Z "As reported in Support Forum (https://wordpress.org/support/topic/wp-allows-creating-username-that-is-already-used-email-address/) it seems I can create a user with wp_create_user where the user's ""username"" is set as a value that is an existing Email Address for another user in the WordPress system. (I have not submitted a bug here before, so let me know if more info is needed on this and what to do next)." phillipburger 10 Needs Dev / Bug Wrangler Feedback 34927 user_url and user_email length too short Users normal normal Awaiting Review enhancement new dev-feedback 2015-12-09T06:26:38Z 2018-05-14T19:32:04Z "I have been adding users to my client's site with no issues, until I got to a user with a .edu email address. I add the user details as normal. Click the Add New User button and get the message ""New user created"". No error message at all. But the user has not been created. I tried 3 times, same result. I have turned off all plugins and changed to the wordpress default theme (2015). Same issue. What I expect to happen: When I add a user I expect them to be added to the Users list. What happens: when I add a user with a .edu email address, there is no error message, I get message ""New user created"", but the user is not in the user's list. These users should also appear in the Author drop down in posts (because they are added with Author role), but the new user does not appear in the Author dropdown eiither. Using Firefox 42.0 on Mac OS X Yosemite. Same issue happens with Safari 9.0.1 on Mac OS X Yosemite. " DonnaMiller 14 Needs Dev / Bug Wrangler Feedback 39787 wp_list_authors can be optimize Users 4.8 normal normal Awaiting Review enhancement new dev-feedback 2017-02-05T01:52:55Z 2024-01-26T07:47:14Z "May be i don't understand but look at this line https://core.trac.wordpress.org/browser/tags/4.7/src/wp-includes/author-template.php#L392 {{{#!php 392 $author = get_userdata( $author_id ); }}} Why we should call `get_userdata()`? At top we call `$authors = get_users( $query_args );` and can return display_name and user_nicename in next foreach section without `get_userdata()`. And will be nice add filter by role. Because wp_list_authors means authors not subscribers or editors. " alexufo 2 Needs Dev / Bug Wrangler Feedback 23008 Add a Hook To Hide Inactive Widgets Widgets 3.5 normal normal enhancement new dev-feedback 2012-12-19T19:59:12Z 2019-06-05T06:38:58Z "Hello, This is my first feature request so hopefully I'm going through the process correctly. Onto the request... Adding a hook to remove or hide the Inactive Widgets sidebar on the WordPress Admin Widgets page would be very useful for developers who don't use the area and want to be able to hide it for better UX. If this is approved I would love to submit a patch. :)" BFTrick 2 Needs Dev / Bug Wrangler Feedback 25419 Add icon support for widgets on the admin page and customize screens Widgets 3.9 low minor Future Release enhancement new dev-feedback 2013-09-25T17:05:07Z 2018-03-05T20:34:27Z With the incorporation of live widget previews (widget customizer), an available widget browser is displayed which lists all widgets along with a dashicon for each. These icons should be incorporated into the widgets admin page now, as well. westonruter 13 Needs Dev / Bug Wrangler Feedback 20596 Adding more actions to a widget Widgets normal normal enhancement new dev-feedback 2012-05-02T00:14:28Z 2019-06-05T06:38:33Z "On the Widget UI, there is a ""Close"" button, aside with the ""Delete"" button, and I that developers should have a way to add more of those. For exemple, I would see as a good use case when you have a way of previewing the widget. Because right now the only way is by JS which is kinda of lame. Thanks," webord 3 Needs Dev / Bug Wrangler Feedback 31643 Allow widget sidebars to be loaded open or closed via filtering Widgets 4.2 normal normal enhancement new dev-feedback 2015-03-14T23:44:54Z 2019-06-05T06:40:41Z This could be useful to allow certain sidebars to always load open or closed. silb3r 2 Needs Dev / Bug Wrangler Feedback 31085 CPT selector to “Recent Posts” widget Widgets 4.2 normal normal enhancement new dev-feedback 2015-01-21T11:18:12Z 2019-06-05T06:40:29Z "I think that ""Recent Posts"" widget should support selection to show all posts or only in selected CPT." sippis 4 Needs Dev / Bug Wrangler Feedback 35656 Deprecate old single (non-multi) widgets Widgets 2.8 normal normal Future Release enhancement new dev-feedback 2016-01-29T08:52:23Z 2021-08-25T01:28:32Z "Widgets were introduced to Core in 2.2. These initial widgets only allowed one instance of a given widget to be registered at a given time. In 2.8 the `WP_Widget` was introduced which allowed for multiple instances of a widget type to be added, but more importantly it introduced an object-oriented MVC-ish paradigm for representing widgets. The `WP_Widget::update()` callback allows for a given widget instance to be sanitized without having to actually save it to the database. This ability is key for previewing widgets in the Customizer. In addition to the `update` callback, the `WP_Widget` can have schema information attached which works in conjunction with `update` to sanitize and validate a given widget for the REST API, for automatically generating a widget form, and automatically providing default values for a widget instance (see #35574). All of this is not possible with the old single widgets. I believe it is time to deprecate old single widgets so that widgets can evolve. If support for old single widgets is removed in 4.5, then in 4.6 (or later) support can be removed which could clean up quite a bit of the widgets codebase, including the brittle “option transactions” functionality that was added to widgets in the Customizer. Once single widgets are removed, moving widgets from being stored in options to a custom post type will be facilitated: #35669." westonruter 12 Needs Dev / Bug Wrangler Feedback 41081 Improve Custom Menu widget, show notification if menu is empty or no menu selected mdifelice Widgets 4.9 normal normal Future Release enhancement assigned dev-feedback 2017-06-16T13:33:58Z 2022-06-08T19:34:41Z "If you choose a menu for Custom Menu widget and we remove all items in that menu OR the menu is not selected -> nothing shows on the page. Maybe we should add a text message that will inform the user that the menu is empty or is not selected?" alexvorn2 22 Needs Dev / Bug Wrangler Feedback 31020 Introduce discrete capability for managing widgets johnbillion Widgets normal normal Future Release enhancement assigned needs-unit-tests 2015-01-15T07:11:15Z 2022-01-30T16:44:08Z "As with management of nav menus (#29213), managing widgets currently requires `edit_theme_options` capability, a capability associated with administrators which grants the power to make many wide sweeping changes. There should be a discrete capability `manage_widgets` just for managing widgets, one that is inherited for anyone who has `edit_theme_options` by default. This was done for Customizer access in #28605 with the introduction of a `customize` capability. Originally brought up in #14386. The same is proposed for menus in #29213." westonruter 12 Needs Dev / Bug Wrangler Feedback 39909 Make title behaviours consistent across all widgets on first load westonruter Widgets 2.8 normal normal Future Release enhancement reopened dev-feedback 2017-02-17T19:17:20Z 2021-06-25T15:47:08Z "On first load the word 'Archives' outputs as the Widget title but it doesn't appear in the input field. If there is a default text, perhaps it should show. This could also assist by users making the connection with the words and where they can edit. For example: [[Image(https://cldup.com/EK1v0wxGX1.png, 50%)]] Another example, the Calendar widget has no title and compared to the examples above this feels weird. What I think should happen is that the same title behaviour occurs for all widgets when you first load them." karmatosed 32 Needs Dev / Bug Wrangler Feedback 35669 Store widgets in a custom post type instead of options Widgets 2.8 normal normal Awaiting Review enhancement new dev-feedback 2016-01-30T20:00:34Z 2019-01-10T05:18:15Z "Widget instances are stored in options. For a multi-widget (`WP_Widget`) the widget instances of a given type (`id_base`) are stored in a serialized array of instance arrays. A widget ID is comprised of a widget's `id_base` followed by a number which is the array index for that widget instance. For example, the third-created Text widget would have the ID `text-4` (note that multi-widget numbering starts at 2). Old single widgets do not include the numeric index after the `id_base`, and technically they could be stored anywhere (see #35656 for suggestion to deprecate old single widgets). == Issues There are several problems with how widgets are currently stored as options. '''Scalability:''' For sites with a large number of widget instances, the entire collection of widgets must be unserialized with each request to access only one widget of a given type. (Note #23909 for how all widget instances get registered with every request.) For sites that use Memcached as an external object cache where cache buckets have a 1MB limit, since all widget instances of a given type are stored in a single option, sites with a huge number of widgets will overrun this limit. What's more is that widget options get registered as autoloaded, so all widget options will get combined together in the `alloptions` key, making widgets even more liable to overrun the 1MB cache bucket limit in Memcached. '''Concurrency:''' Since all widget instances of a given type are stored in a single option, if two users attempt to update two separate widgets at the same time, it is possible that one of the updates will get lost (see #31245). Additionally, the widgets admin page and widgets in the Customizer both get loaded with the max number (array index) for each widget type. When a new widget instance is created, this maximum number is incremented in memory and used in the new widget ID which is then passed to the server for saving. If two users have loaded the UI at the same time, when they both create a widget of a given type and save their widget changes, the one who saves last will overwrite the other user's widget since the two widgets would have the same ID. (See #32183 for more about the widget ID collisions, and see [https://wordpress.org/plugins/customize-widgets-plus/ Customize Widgets Plus] for a “Widget Number Incrementing” component which uses Ajax to generate new widget IDs in a more concurrency-safe manner.) '''Addressability:''' As noted above, widget instance IDs are comprised of the widget type's `id_base` followed by the array index `number`. Two different widget instances can have the same `number`, such as `search-3` and `text-3`, since the `number` is incremented in the scope of the instances of the given type. No other objects in WordPress are identified by strings in this way, that is as of now: taxonomy terms actually used to have to be addressed by a numeric term ID and taxonomy name until term splitting happened in 4.2 (see #5809). Now, however, a term can be uniquely identified by a single integer ID. All of the above issues would be resolved by switching to store widget instances in a custom post type, where each widget instance has a single unique auto-incremented post ID. == Advantages Storing widgets in custom post type has several benefits beyond fixing the above issues, including: * widget authorship attribution * revision history * import/export * querying * widget drafts * scheduled widgets == Data Migration Migrating widgets from options to a custom post type would involve some tedious data migration to update all references to current `id_base-number` widget IDs to their new integer IDs. The old widget ID could actually be copied directly into the `post_name` field for the `widget_instance` posts. Backwards compatibility for the `sidebars_widgets` option containing the old-style IDs may be necessary. Newly created widget IDs could have `post_name` fields populated with the `id_base` followed by the post ID. This switch would also necessitate discontinuing to register all widget instances with every request (#23909). == Sidebars and Widget Groups Perhaps out of scope for this ticket, but the way that widgets get associated with sidebars should also perhaps be changed to follow the pattern of how nav menu items are associated with a nav menu via a taxonomy term. The implementing of widget groups (#19912) could be the right opportunity to do this, where a `widget_grouping` taxonomy could be introduced, and when a grouping is assigned to a sidebar, the backwards-compatible widget IDs could be copied into the existing `sidebars_widgets` option. Otherwise, backwards compatibility might entail adding `pre_option_sidebars_widgets` filter. == REST API Impacts For more on widgets and now they relate to nav menu items in the context of a harmonized interface via the REST API, see https://github.com/WP-API/wp-api-menus-widgets-endpoints/issues/10 == Feature Plugin See the [https://github.com/xwp/wp-customize-widgets-plus Customize Widgets Plus] feature plugin's “Widget Posts” module for an initial implementation of storing widgets in a `widget_instance` custom post type. This plugin depends on #32474 which facilitated plugins to store widgets in posts instead of options." westonruter 8 Needs Dev / Bug Wrangler Feedback 45054 "Widget deletion: Add an ""Are you sure you want to delete?"" popup before it gets deleted" Widgets 4.9.8 normal normal Awaiting Review enhancement new dev-feedback 2018-10-05T10:24:33Z 2020-05-25T18:16:56Z "For the widgets the ""Delete"" and ""Done"" buttons are close to each other, and if you accidentally click Delete, there is no obvious option to restore the widget. Not great if you have added lots of html code... I would have liked to see here a ""Are you sure you want to delete this widget?"". " Vibeque 6 Needs Dev / Bug Wrangler Feedback 29790 Widgets don't know the widget area context they're in Widgets normal normal enhancement new dev-feedback 2014-09-29T12:44:45Z 2019-06-05T06:40:16Z "If you have a widget in a widget area (both on the admin side and front-end side) it does not know in which widget area it is in. Use cases for this would be: - custom filtering and/or styling on the front-end of a widget based on its location. - having some editor options turned on/off based on widget-area." ruud@… 12 Needs Dev / Bug Wrangler Feedback 42455 WordPress Class methods and Single Responsibility (recent posts widgets) Widgets 4.9.8 normal normal Awaiting Review enhancement new dev-feedback 2017-11-07T13:24:34Z 2022-09-22T09:16:05Z "WordPress uses PHP Classes a lot and this is great for extending and improving. The problem is, many class methods does a lot of things at once and this doesn't help extending at all. For instance, I'm trying to extend the Recent Posts Widget (`WP_Widget_Recent_Posts`). The plugin has it's internal settings and logic, query posts and apply filters. I want to change it's render method, but just that. Don't want to mess with the plugin logic. The problem is, the render method (`widget` method) does a lot of things instead of focusing only on rendering. This forces me to copy every logical actions and reproduce them on my extending class. This could be solved by just splitting the plugin logic and rendering in separated functions (an function to get the posts and filters, separated from the `widget` function). This would improve a lot the WordPress extending by plugins and themes. If we apply the single responsibility principle on WordPress classes and functions, plugins wouldn't need to have much more code. Another point: this enhancement wouldn't impact old plugins/themes if the functions signatures keep the same." viewup 2 Needs Dev / Bug Wrangler Feedback 20070 Deprecate Blogger XML-RPC Methods XML-RPC 3.3 normal normal Future Release enhancement new dev-feedback 2012-02-18T18:32:26Z 2020-09-21T19:41:58Z "The XML-RPC API supports the legacy Blogger API methods, but these methods have apparently not been very well tested or maintained. Given that the `wp.*` XML-RPC namespace now covers everything that the Blogger API does, I suggest the blogger methods be officially deprecated with an eye towards removing them in a future version. At the very least, the MetaWeblog API should be used by clients instead, as it was explicitly designed to enhance and supersede the Blogger API." maxcutler 4 Needs Dev / Bug Wrangler Feedback 36030 Expose site icon on wp.getUsersBlogs XML-RPC normal normal Future Release enhancement new needs-unit-tests 2016-03-01T09:06:46Z 2019-06-20T14:07:35Z "WordPress 4.3 has added the ability for site owners to manage their site’s favicon, but never exposed it over the XML-RPC protocol. It's useful for XML-RPC clients to receive it back in the response of wp.getUsersBlogs, so they can show the proper icon beside the name of the site. In the patch I've provided an empty value is returned if site_icon is not set on the blog. I've avoided returning a default value, since it's better to leave this responsibility to clients. If siteIcon is empty, the client should show their default icon, or nothing." daniloercoli 1 Needs Dev / Bug Wrangler Feedback 37096 Unit tests for xmlrpc_getposttitle() and xmlrpc_getpostcategory() along with patch to trim and unique returned values SergeyBiryukov XML-RPC 0.71 low minor Future Release enhancement reviewing dev-feedback 2016-06-14T00:24:25Z 2022-01-20T13:01:43Z In tonight's Contrib 2 core we created this unit test for xmlrpc_getposttitle() function pbearne 17 Needs Dev / Bug Wrangler Feedback 35993 Unit tests: XML-RPC Request routines XML-RPC 0.71 normal normal Future Release enhancement new dev-feedback 2016-02-29T01:07:36Z 2022-01-20T13:01:43Z "I wrote unit tests for the 3 methods regards to XML-RPC request in functions.php, the aim is improve de code coverage, theses methods are: * xmlrpc_getposttitle() * xmlrpc_getpostcategory() * xmlrpc_removepostdata() This patch cover 100% of coverage related to theses methods above. Only one thing to consider, I didn't found any XML-RPC format on the WordPress doc with title and category, so I've created a simple XML format with both, following the methods the behaviour is the same." borgesbruno 11 Needs Dev / Bug Wrangler Feedback 23866 WordPress xmlrpc wp_getPosts filter for slug XML-RPC 3.4 normal normal enhancement new dev-feedback 2013-03-26T20:09:31Z 2019-06-05T06:39:12Z "When using the Wordpress xmlrpc, it is sometimes very useful to get posts based off of slugs rather than post id. A use case for this would be synchronizing or migrating two Wordpress sites with the same posts, but with different databases and post ID's. " SunWaves 2 Needs Early Attention 4328 Redirect Old Slugs feature needs to redirect slugs for pages, not just posts, and redirect old permalink structure SergeyBiryukov Canonical 2.2 normal normal Future Release enhancement reviewing needs-unit-tests 2007-05-24T01:52:44Z 2022-01-25T14:30:12Z "Create a page, browse to it, edit it, change its slug, WP redirects to the old page's slug and serves a 404. Wasn't WP 2.1 or WP 2.2 supposed to make the redirect old slug feature built-in? Along the same lines, it would be sweet if instead of simply redirect old slugs, WP would redirect old urls. When the date changes, when the page parent changes, or when the permalink structure changes, the url changes but neither of WP, the redirect old slug plugin, the permalink redirect plugin, or anything else catches this." Denis-de-Bernardy 49 Needs Early Attention 47280 SQL_CALC_FOUND_ROWS is deprecated as of MySQL 8.0.17 johnbillion Database normal normal Future Release enhancement reviewing changes-requested 2019-05-15T14:34:03Z 2024-02-22T07:49:16Z "Per https://dev.mysql.com/doc/refman/8.0/en/information-functions.html#function_found-rows > The SQL_CALC_FOUND_ROWS query modifier and accompanying FOUND_ROWS() function are deprecated as of MySQL 8.0.17 and will be removed in a future MySQL version. As a replacement, considering executing your query with LIMIT, and then a second query with COUNT(*) and without LIMIT to determine whether there are additional rows. This is not yet immediately important because most hosts are on 5.5, or 5.6, rarely 5.7, but given the speed with which trac tickets move that impact very core functionalities, I thought it best to open this ticket to get the work started. This impacts all the 6 places where it's being used, though one of them is in the WP_Query definition." javorszky 59 Needs Early Attention 42352 Support use of native MySQLi prepared queries Database normal normal Future Release enhancement new early 2017-10-27T04:15:52Z 2023-09-09T22:23:23Z "When we added `$wpdb->prepare()` back in WordPress 2.3, we were forced to roll our own MySQL Prepared queries as the MySQL extension didn't support it. While the MySQL extension still doesn't, the majority of WordPress sites are likely using the newer MySQLi engine (by default, enabled for PHP 5.5+ which accounts for 70~80% of sites). That makes now a good time to start investigating the potential implementation and usage of native prepared queries in the future. Attached is a first-draft of implementing native prepared queries into WPDB, it has no fallbacks for MySQL at present, but it would be possible to force support in for it using a ""simple"" SQL parser. Unfortunately I expect that this draft is incompatible with many DB drop-ins, which is okay, this is only a draft and proof-of-concept. I'll attach some examples of how this first draft could be used in a comment below." dd32 8 Needs Early Attention 56091 Using %i for table/field names in wpdb::prepare() craigfrancis Database 6.1 low minor Future Release enhancement assigned has-patch 2022-06-28T19:10:52Z 2024-01-29T20:10:29Z "Now `wpdb::prepare()` supports `%i` for Identifiers (e.g. table/field names), via commit [53575], and ticket #52506. Queries within WP Core should use this, to ensure variables are always quoted, and avoid static analysis tools flagging unescaped SQL input (a non-`literal-string`) for the `$query` parameter: {{{#!php prepare( ""SELECT ID FROM $wpdb->posts WHERE post_type = %s"", $post_type ); $wpdb->prepare( ""SELECT ID FROM %i WHERE post_type = %s"", $wpdb->posts, $post_type ); }}} I'll write a patch for the first set, but I suspect there will be a lot of changes, and they should be checked carefully." craigfrancis 13 Needs Early Attention 37868 Avoid default width styles in the markup of the audio player wonderboymusic Embeds 4.6 normal normal Future Release enhancement assigned has-patch 2016-08-29T18:51:47Z 2019-04-19T16:03:03Z "The markup for every audio player contains inline styles for setting its width to 100%, like below (simplified): {{{
  • 28 Comments
  • Post Statuses

    }}} At a bare minimum, the filter should allow for classes, and the ability to create multiple lists would be even better. There is a `rightnow_end` action, but it comes after the version and privacy information which feels like a ""footer"" to me. The easiest solution for allowing separate lists and wouldn't require reverting #26495 would be to simply add an action following the closing tag of the At a Glance list. Then the `dashboard_glance_items` could just be extended a bit to add unique classes for styling." mrwweb 18 Needs Docs or Unit Tests 57393 Unify checkbox handling and match wording with function on the User Profile screen Administration 4.9 normal normal Future Release enhancement new needs-unit-tests 2022-12-28T16:53:48Z 2023-02-07T06:14:36Z "[The focus of this ticket shifted from discussing a potential functional bug to an improvement of wording and a more consistent behavior of checkboxes. Using texts like ""Disable"" for toggled-on checkboxes can be confusing to users. For a better user experience, the toggled-on state should mean ""enabled"".] Original ticket description: CodeMirror highlighting, line numbers, code-folding, brace-matching and other customizations are disabled when highlighting is disabled. This is a real issue for plugins like code-snippets which rely on these features. Here is the condition in question: {{{ function wp_enqueue_code_editor( $args ) { if ( is_user_logged_in() && 'false' === wp_get_current_user()->syntax_highlighting ) { return false; } }}} I believe that the user-form-variable syntax_highlighting is probably misnamed as it should be something like disable_syntax_highlighting to reflect the choice being made. As it is, when ticked (true), highlighting should be disabled. When un-ticked (false), highlighting should be enabled. {{{ if ( ! is_user_logged_in() || 'true' === wp_get_current_user()->syntax_highlighting ) { return false; } }}}" mjdewitt 10 Needs Docs or Unit Tests 53414 Add how to run php coverage reports to readme.md hellofromTonya Build/Test Tools normal minor Future Release enhancement assigned needs-docs 2021-06-15T19:30:07Z 2021-11-10T02:03:18Z "With the@Covers getting added in #39265 we need to make it easy to run/create the coverage reports So let's add the instructions to the readme.md file" pbearne 5 Needs Docs or Unit Tests 53520 Add regression test for the wp_option data corruption bug Build/Test Tools normal normal Future Release enhancement new needs-unit-tests 2021-06-26T01:22:16Z 2021-11-10T18:50:31Z "Gutenberg v10.7.x introduced a bug that caused some `wp_option`s to get blank or corrupted data after (any) settings were updated in the `options-general.php` page. This was eventually fixed in v10.7.4, with this PR: https://github.com/WordPress/gutenberg/releases/v10.7.4. See https://github.com/Automattic/wp-calypso/issues/53447 and https://github.com/Automattic/wp-calypso/issues/53431. There's already a regression E2E test in Gutenberg that was introduced in this PR: ttps://github.com/WordPress/gutenberg/pull/32797. Ideally, though, it'd be either moved to WP core or also implemented here. It doesn't need to be an E2E test, and could be a lower-level integration test, if we can figure out how to reproduce at a lower level (there was a failed attempt to do this, though, see this comment: https://github.com/WordPress/gutenberg/pull/32797#issuecomment-865005516." fullofcaffeine 2 Needs Docs or Unit Tests 42076 Allow the external HTTP tests to run internally Build/Test Tools normal normal Awaiting Review enhancement new needs-unit-tests 2017-10-03T16:44:26Z 2020-03-22T14:07:03Z "The tests in the `external-http` group are the worst. They not only perform calls out over the internet, but they rely on a combination of wordpress.org, wordpress.com, example.org, example.com, and youtube.com. The external oEmbed tests that use youtube.com (`Tests_External_HTTP_OEmbed`) can probably be removed. They're technically fragile (YouTube could change the structure of their embed URLs and cause the tests to fail) and don't actually test anything that core has control over. It _should_ be possible to run the rest of the external-http tests against a local web server running PHP. As an example, frameworks such as Behat usually run against a server being run by PHP's built in web server. If the test files from wordpress.com and wordpress.org were downloaded and placed into the test suite data directory, they could be served by a local web server and therefore tested without a remote HTTP request. Spinning up a local web server in PHP could be made optional via a flag or an environment variable, and could be enabled on Travis by default. It may even be that the functionality that is being tested by these external HTTP tests can be abstracted and made testable without performing an HTTP request at all, or it could be that the functionality is already covered by unit tests in the Requests framework. Feedback / ideas welcome." johnbillion 11 Needs Docs or Unit Tests 57556 Configure feature branches on GitHub to trigger workflows to support development on forks Build/Test Tools normal normal Awaiting Review enhancement new needs-docs 2023-01-25T21:30:37Z 2023-02-01T03:05:14Z "When contributing to WordPress core through GitHub, the workflow is to create new branch in a fork, and open a pull request from there to WordPress core. This works reasonably well for smaller pieces of work, but when it comes to larger features it is not a great development experience having to work in a single pull request for the entire effort. A simplified workflow can be to work in individual issues and pull requests within the fork, until a fully functional version of the feature or larger enhancement is ready for an actual WordPress core pull request. This workflow is already possible today, however one caveat is that as long as the development happens on the fork, the GitHub workflows are not triggered unless the work happens against the `trunk` branch. That however is not a good idea in itself as the `trunk` branch is the main development branch and not intended for work on specific features. It would make it impossible to work on multiple features in the same fork if they had to be developed against `trunk`. This ticket therefore proposes to add a certain branch pattern to the CI configuration of WordPress core's GitHub workflows, e.g. to ensure that they run for any branches satisfying the `feature/*` pattern. Of course in theory any fork could implement that individually, but that would eventually not be a great workflow as then every PR against the main `WordPress/wordpress-develop` repository would include that change, which it should not. Since no actual development happens within the `WordPress/wordpress-develop` repository directly, I'd argue there is no harm in adding this extra branch rule. What it would help though is to support the above workflow to develop greater features iteratively in a fork." flixos90 8 Needs Docs or Unit Tests 41451 Use pretty permalinks by default in the test suite Build/Test Tools normal normal Awaiting Review enhancement new needs-unit-tests 2017-07-26T21:16:09Z 2018-10-19T11:13:58Z "There are 118 instances of `$this->set_permalink_structure( ... )` in the test suite. The majority of these calls are present simply to enable pretty permalinks, regardless of the permastructure for posts. Pretty permalinks should be enabled by default for the test suite. Let's try it and see if anything breaks." johnbillion 6 Needs Docs or Unit Tests 53651 unit test for wp_removable_query_args Build/Test Tools normal normal Future Release enhancement new needs-unit-tests 2021-07-12T23:38:51Z 2022-01-20T13:01:43Z Added missing unit test pbearne 7 Needs Docs or Unit Tests 44412 'pre_cache_alloptions' filter in wp_load_alloptions() in option.php cannot be hooked Cache API normal normal Future Release enhancement new needs-docs 2018-06-20T12:47:32Z 2021-06-15T18:40:04Z "Whenever wordpress loads, it fetches all options with the wp_load_alloptions() function in the option.php file. There is a filter in the function before sending it to the cache: {{{#!php set( 'post_type', [ 'post', 'portfolio', 'page' ] ); } add_action( 'pre_get_posts', '_debug_php_warning_on_404' ); }}} Then try a missing page slug __domain.test/missing-content__ it will show a warning: wpdb::prepare was called incorrectly. The query only expected one placeholder, but an array of multiple placeholders was sent. Please see Debugging in WordPress for more information. (This message was added in version 4.9.0.) The fix is to replace line 700 and check for array ""post_type"" query var: {{{ if ( $post_type = get_query_var( 'post_type' ) ) { if ( is_array( $post_type ) ) { $where .= "" AND post_type IN ('"" . implode( ""', '"", esc_sql( $post_type ) ) . ""')""; } else { $where .= $wpdb->prepare( ' AND post_type = %s', $post_type ); } } }}}" arl1nd Needs Docs or Unit Tests 32917 Tests_DB_Charset tests don't fully cover wpdb::strip_invalid_text_for_column() Charset 4.2 normal normal enhancement new needs-unit-tests 2015-07-08T00:20:27Z 2019-06-04T19:30:40Z "Related / previously: * #32351 * #32308 * #32127 * #21212 `Tests_DB_Charset` includes a data provider that feeds various charsets into its `wpdb::strip_invalid_text()` test, but not for its `wpdb::strip_invalid_text_for_column()` test, which means it's not being tested fully. It should be." johnbillion 1 Needs Docs or Unit Tests 20597 Allow WP_Comment_Query::query to filter by category Comments 3.4 normal normal enhancement new needs-unit-tests 2012-05-02T03:35:35Z 2019-06-04T19:23:03Z "The attached patch allows WP_Comment_Query::query to accept three additional arguments: * `cat` * `category__in` * `category__not_in` The resulting comments are then filtered by these category arguments as well as any other arguments. These arguments work the same way as their `WP_Query` counterparts. I would appreciate advice on the appropriateness of using `INNER JOIN` (as I have done here) to join in the taxonomy tables to the query." sambauers 2 Needs Docs or Unit Tests 19739 Filters to allow comments on draft & trash post_status posts Comments 3.3 normal normal Future Release enhancement new needs-unit-tests 2012-01-04T19:01:18Z 2023-03-02T15:52:31Z "I'd like to use comments on draft posts as part of an editorial workflow. Will this be as easy as adding a filter to fire before the current comment_on_draft action that can be checked before exiting? I'll try that and add a patch if it looks good. Related #13276. Not relevant to #18630, I think." cyberhobo 16 Needs Docs or Unit Tests 39084 Introduce singular capabilities for managing individual comments Comments normal normal Future Release enhancement new needs-unit-tests 2016-12-04T22:14:50Z 2017-07-14T19:41:15Z "As we did in #35614 for taxonomy terms, singular capabilities should be introduced for approving, unapproving, spamming, unspamming, editing, and deleting individual comments. This would allow fine-grained cap checks such as current_user_can( 'edit_comment', $comment_id ) and current_user_can( 'approve_comment', $comment_id )." johnbillion 1 Needs Docs or Unit Tests 17020 Some comment queries are not filterable Comments 3.1 normal normal enhancement new needs-unit-tests 2011-04-02T16:56:32Z 2019-06-04T19:22:21Z "Although WP_Comment_Query::query() is fully filterable, some supplemental comment queries are still unfilterable. The submitted patch adds the following hooks: * function get_approved_comments() - query filter 'get_approved_comments_query' * function wp_dashboard_recent_comments() - query filter 'dashboard_recent_comments_query'" kevinB 2 Needs Docs or Unit Tests 41339 WP_Comments_Query::__construct() should allow a 'status__not_in' parameter Comments 4.9 normal normal Future Release enhancement new needs-unit-tests 2017-07-15T19:47:02Z 2017-07-30T15:24:18Z "`WP_Comments_Query::__construct()` (and hence, `get_comments()`) currently allows a `status` parameter to get comments with a specific status. It would be useful to also allow `$status__not_in` to exclude comments with specific stati. Related: #41338" pbiron 4 Needs Docs or Unit Tests 21627 Filter for custom-background CSS selector peterwilsoncc Customize 3.4.1 low minor Future Release enhancement assigned needs-unit-tests 2012-08-18T11:46:55Z 2021-05-22T17:41:50Z "There should be an easier way for changing the css selector from body to html or any other then making your own callback. " Horttcore 28 Needs Docs or Unit Tests 40922 Use finer-grained capabilities with `customize_changeset` post type Customize 4.7 normal normal Future Release enhancement new needs-unit-tests 2017-06-05T04:44:01Z 2020-05-16T17:41:59Z "The `customize_changeset` post type is currently registered with all of its post type capabilities set to `customize`. As part of adding changeset endpoints in the REST API (#38900): > fine-grained capabilities should be introduced for the `customize_changeset` post `caps`, instead of mapping all to `customize`. @westonruter has compiled links to previous discussions and efforts around changeset capabilities here: https://github.com/WP-API/wp-api-customize-endpoints/pull/5#discussion_r118804994. An example of unexpected behavior caused by the current mapping is where a post ID is passed to `current_user_can()`, such as {{{ current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) }}} This is equivalent to `current_user_can( 'customize' )`, which means the post ID is ignored because `map_meta_cap()` doesn't check the `$args` when mapping the `'customize'` meta cap." dlh 30 Needs Docs or Unit Tests 31624 $wpdb->prepare() named placeholders Database 4.2 normal normal enhancement new needs-unit-tests 2015-03-13T08:36:52Z 2023-06-22T07:55:03Z "I think it would be handy to add named placeholders to $wpdb->prepare(). The functionality exists in most modern frameworks and cuts out the need for having to worry about the order of variables, (or repetition) in the current vsprint like syntax. What I'm proposing is that the second parameter of prepare() can optionally be an associative array where the $key is the named placeholder and the $value is the value associated with it. This wont affect any existing functionality of prepare() and is fully backwards compatible. If no associative array is passed it will continue to work as always. Patch with the described functionality is attached for testing." ozthegreat 3 Needs Docs or Unit Tests 35109 Add Online DDL support to dbDelta Database normal normal enhancement new needs-unit-tests 2015-12-15T22:24:20Z 2019-06-04T19:33:19Z "Since MySQL 5.1, a bunch of table level operations can be done in an asynchronous manner. We can add support for this by adding `ALGORITHM=INPLACE` to the `ALTER TABLE` query, but the fun part is that this algorithm isn't supported for all types of operations. So, we have a couple of options: * Keep an array of what operations can be done online in each MySQL and MariaDB version, which will need to be updated for each new version of MySQL. * Try all `ALTER` queries with the algorithm flag, then catch any SQL errors and fall back to the old style if needed. This will need careful testing with old versions of MySQL, particularly. https://dev.mysql.com/doc/refman/5.7/en/innodb-create-index-overview.html" pento 3 Needs Docs or Unit Tests 28625 Enhancement: Add constants to support SSL connections for mysqli Database 4.0 normal normal Future Release enhancement assigned needs-unit-tests 2014-06-24T22:39:12Z 2023-06-24T12:22:46Z "In order to support SSL'ed MySQL connections with the `mysqli_*` functions introduced in WordPress 3.9 / PHP 5.5 `mysqli_ssl_set()` must be called to set the path to the SSL certs and keys to be used by the MySQL client before `mysqli_real_connect()` is called. We should add the following optional constants to allow for users to configure secure connections to the database. * `MYSQL_SSL_KEY` * `MYSQL_SSL_CERT` * `MYSQL_SSL_CA` * `MYSQL_SSL_CA_PATH` * `MYSQL_SSL_CIPHER` In addition this should only be set if the feature flag `MYSQLI_CLIENT_SSL` is set for the existing `MYSQL_CLIENT_FLAGS` constant." hypertextranch 18 Needs Docs or Unit Tests 31018 Persistent database connections with mysqli Database 4.2 normal normal enhancement reopened needs-unit-tests 2015-01-14T22:37:39Z 2022-08-01T03:57:30Z "WordPress currently does not allow support for persistent database connections. This can be accomplished by prepending ""p:"" to the hostname with mysqli however with its current configuration WordPress will be confused by the "":"" and think the hostname is actually a port if specified in the wp-config.php file. This patch add support for a constant that allows persistent connections to be turned on or off. Why should this be added to core? Because persistent connections are useful :P. But really, we have seen requests for this in other tickets such as #27933. Additionally I am involved in a project where 10,000+ sites are requiring persistent db connection, not an insignificant number. Persistent db connections are also needed to ensure proper performance on IIS and Azure installations. In short a couple lines of code is all it takes to ensure WordPress continues to work well across other platforms and project requirements. Props to awoods and bradparbs for helping identify the issue and solution." blobaugh 15 Needs Docs or Unit Tests 54669 Remove ONLY_FULL_GROUP_BY from incompatible wpdb modes Database 3.9 normal normal Awaiting Review enhancement new needs-unit-tests 2021-12-20T12:56:22Z 2022-06-15T20:52:56Z "as GROUP BY is non-deterministic otherwise, ONLY_FULL_GROUP_BY ensures this is not the case. which is why this is enabled by default since MySQL 8 I guess it was disabled originally, as some queries would have to be updated in WP core. I think however, this should be done now, as otherwise we're accumulating more and more technical debt." malthert 2 Needs Docs or Unit Tests 41424 "Use a better error message than ""Error establishing a database connection"" when site isn't found" Database 4.9 normal normal Future Release enhancement new needs-unit-tests 2017-07-24T14:24:44Z 2017-11-22T08:58:59Z "In multisite, if this query returns no results, the database connection error is triggered: SELECT blog_id FROM wp_blogs WHERE domain IN ( 'example.com' ) AND path IN ( '/' ) ORDER BY blog_id ASC LIMIT 1 I think the error should not mention database connection but allude to the fact that the site was not found. For my use case, I had migrated a production database into QA and didn't update the domain to be qa.example.com so the connection failed. I hope this is helpful. I'm not sure I know what the exact solution is but I thought the connection attempt had failed, when in fact the connection had been made but the data was not as expected. Also, the failure was not found in debug.log." tthorp 4 Needs Docs or Unit Tests 40357 dbDelta can't change primary keys, create AUTO_INCREMENT columns and doesn't make significant index changes Database 4.8 normal normal Awaiting Review enhancement new needs-unit-tests 2017-04-04T17:20:04Z 2017-04-04T18:21:02Z "dbDelta has three inter-related issues which center around changing indexes. 1) It isn't possible to change which column is the primary key 2) It isn't possible to add a new AUTO_INCREMENT column 2b) It isn't possible to modify an existing AUTO_INCREMENT to no longer be AUTO_INCREMENT 3) Indices with the same name are not dropped/re-created, even when the index definition is changed significantly. == Use case == A client had been tracking inventory in a custom table where the product ID was the primary key. When he opened a new location, we added a location column, and wanted to be able to track how many of each product was in each location. 1. A table's purpose is being expanded, or otherwise doesn't meet the needs of the data. Since the primary key is unique, we needed to add a new key column and change which column was designated as the primary key. 2. A table was originally defined without an AUTO_INCREMENT column and the need for such a column arises. The new column we wanted to add and use for the key was simply an AUTO_INCREMENT integer column. In testing we defined the new column and also defined a new UNIQUE index (so, not changing the primary key yet). Since dbDelta adds new columns before adding the new indices, and in separate ALTER TABLE statements, MySQL refuses to add a new AUTO_INCREMENT column without an index. The solution is to add the new column without the AUTO_INCREMENT designation, then add the UNIQUE index, then alter the table to use AUTO_INCREMENT. 3. A primary (or other key) could be significantly and intentionally altered, significantly changing how queries are run. I understand that WP doesn't want to drop and recreate indices when changing the sub-part of an index (see: https://core.trac.wordpress.org/ticket/34870#comment:21) However I think that it should change the index, if the definition is significantly altered. In the use case above, we could've changed the primary key to be `PRIMARY KEY(productId,location)` instead of adding a new column and switching the index to that column. In other use cases, changing from a BTREE to FULLTEXT index would change which types of queries need to a full table scan. == This Patch == This patch does the following: 1. You can now add a new AUTO_INCREMENT column to an existing table When a new AUTO_INCREMENT column is added to an existing table, the column creation is done in two parts. First the column is created as a non-AUTO_INCREMENT column, and a separate `ALTER TABLE` statement is set to run after index creation to enable AUTO_INCREMENT. Note: The CREATE TABLE statement given to dbDelta must provide the required indexes that MySQL expects. 2. You can now modify a column with AUTO_INCREMENT to no longer use AUTO_INCREMENT 3. You can change which column is the primary key 4. Significant index definitions cause an index to be dropped and re-created The cases that cause an index to be dropped and re-created are: * An index which wasn't UNIQUE, but now is or vice-versa * An index which changes index type (eg. FULLTEXT => BTREE) * An index which contains a different number of columns * An index which contains a different column order * An index which contains different columns Note: Changing the index sub-part or no longer defining the index in the table does not cause it to be dropped. == Other notes == 1. I've tried to use WP coding standards and comment my code well. I'd love feedback if there are things I can do better. 2. I've included a file, test.php which takes 13 table definitions, takes them two at a time, and converts between each possible combination. To run it, put it in the root WordPress directory and run `php ./test.php`. 3. Also, the dbDelta phpunit tests still pass." stuporglue 1 Needs Docs or Unit Tests 29938 mysqli_query and multiple resultsets Database 3.9 normal normal enhancement new needs-unit-tests 2014-10-12T10:24:20Z 2019-06-04T19:26:52Z "The WordPress Database API does not expose a way to work with multiple resultsets. Multiple resultsets are returned by queries that have several sets of results available and this is often the case with stored procedures and the usual way is to call {{{next_result}}} and {{{use/store_result}}} on the mysqli connection, however the connection is abstracted away behind the undocumented {{{$wpdb->dbh}}} field. {{{ -- Test procedure for out of sync mysqli commands DROP PROCEDURE IF EXISTS `mysqli_procedure_test`; DELIMITER ;; CREATE PROCEDURE `mysqli_procedure_test`() BEGIN SELECT * FROM `wp_posts` LIMIT 1; SELECT * FROM `wp_posts` LIMIT 1; END;; DELIMITER ; }}} When calling this procedure (apart from the issues outlined in ticket #28155) you can only access the first resultset using the documented APIs. To fetch the second one one would have to use the mysqli API directly. Need to come up with additional public methods to work with these via the Database API instead. There must be a way for a user to fetch the next resultset if there's one, or make this transparent somehow, perhaps using a {{{$wpdb->call( $procedure, $arguments )}}} invocation in the case of procedures? And something like {{{$wpdb->next_results}}} for everything else? Needs brainstorming." soulseekah 2 Needs Docs or Unit Tests 48935 Need to Remove strtotime() usage from core Date/Time 6.2 normal normal Awaiting Review enhancement new needs-unit-tests 2019-12-11T12:58:07Z 2023-04-06T10:38:43Z "`strtotime()` is routinely used in core for processing timezone-ambiguous input. Since it is affected by default PHP time zone setting (set by core to UTC on boot) it is also vulnerable to this setting being changed by third party code. Related change of `date()` to `gmdate()` in 5.3 release caused some new issues, because in some places while changing default time zone broke things combination of `strtotime()` and `date()` meant things got broken ''by the same amount'' and outputs were ""correct"" (ignoring the fact they would be implied in absolutely different time zone from intended). Dropping use of `strtotime()` in favor of date parsing with explicit time zone handling (such as `DateTimeImmutable` objects) is logical next step to make core insensitive to PHP time zone context." Rarst 3 Needs Docs or Unit Tests 48936 Remove mysql2date() usage from core Date/Time normal normal Awaiting Review enhancement new needs-unit-tests 2019-12-11T13:04:27Z 2023-02-24T15:20:34Z "`mysql2date()` was originally meant from processing times as stored by WP in database. Unfortunately its design is very limited because both time zone of input and output is ambiguous. It is interchangeably used for local and UTC times. As implementation detail that meant that it would produce incorrect output for formats including time zones for local time inputs. Time zone would happen be UTC from WP core setting PHP time zone to UTC on load. In 5.3 release this behavior was flipped to produce correct local time output for local time input, as considerably more common. Accordingly now ''UTC'' input produces incorrect output for formats with time zone. While the function is common and familiar, it is hardly irreplaceable and its design is so limited it seems to be unsalvageable. I propose we move towards eliminating its use in core and eventually formally deprecating it." Rarst 1 Needs Docs or Unit Tests 27048 Export: Allow multiple post types to be selected Export 3.8 normal normal enhancement new needs-unit-tests 2014-02-07T09:39:39Z 2022-05-18T16:49:01Z The export tool currently only allows for all post types to be exported, or for only one to be exported. I propose fixing this so that the selection is made via checkboxes and any number of post types can be exported. This will be beneficial in many use cases. hlashbrooke 34 Needs Docs or Unit Tests 46227 Add Rel-Feed Link to Header Feeds low trivial Future Release enhancement reviewing needs-unit-tests 2019-02-10T17:35:29Z 2021-05-13T20:03:29Z "When the front page is not the posts page, proposing that Core add a link in the header to the actual posts page, using the rel=feed designator. https://blog.whatwg.org/feed-autodiscovery Example This would allow a system to figure out where the posts page is." dshanske 35 Needs Docs or Unit Tests 43225 feed_links and feed_links_extra should have filters Feeds normal normal Awaiting Review enhancement new needs-docs 2018-02-04T20:34:25Z 2019-01-16T06:50:09Z There ought to be a way to modify the way feed links are displayed by the `feed_links` function. Currently there is, for instance, no way to change the separator from `»` to something else. topdownjimmy 2 Needs Docs or Unit Tests 43010 Attribute Name Escape Formatting normal normal Awaiting Review enhancement new needs-unit-tests 2018-01-02T17:03:09Z 2022-01-18T14:34:00Z "The HTML5 spec allows us to arbitrarily named attributes for tags, e.g. '''''data-my-arb-attr-name'''=""attr value""''. This allows for generated attribute names and thus, a need to escape to avoid potential security implications. I have seen several occasions of developers using `esc_attr` to resolve this case, however this is far from correct - the requirements of the name of an attribute are very different to that of the value, the best example of this simply being whitespace. The requirements of an attribute name can be found here: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 There is a need for an `esc_attr_name` function to avoid compromises in html. I have provided a simple addition patch to wp-includes/formatting.php which should resolve this issue." joe_bopper 7 Needs Docs or Unit Tests 24225 Improve regular expressions when matching attributes miqrogroove Formatting 3.6 normal normal enhancement assigned needs-unit-tests 2013-04-29T15:37:56Z 2019-06-04T19:44:41Z "When working with HTML attributes in various functions we use something like `[\'""](.+?)[\'""]` to match the attribute value. Although not used much in attribute values, such an approach breaks when a single or double quote is intentionally part of the value: * `attr=""val'ue""` * `attr='val""ue'` Some of these are new 3.6 functions, mostly around media." kovshenin 19 Needs Docs or Unit Tests 22330 Optimize regexes to remove protocol from URL Formatting 3.4.2 normal normal enhancement new needs-unit-tests 2012-10-31T09:30:48Z 2019-06-04T19:44:10Z "Regexes used to chop off the protocol of a URL should be anchored to the start of the string. 1. The regex fails faster and thus avoid useless work. No need to look further down the URL for strings like `""http://""`. 2. The regex should not alter any URLs that might be contained in the query string." GeertDD 1 Needs Docs or Unit Tests 47557 Sanitize Email Suggestion Formatting 5.2.1 normal minor Awaiting Review enhancement new needs-unit-tests 2019-06-18T15:19:58Z 2023-03-23T16:11:52Z "I am using WooCommerce and I've noticed several customer emails come through like... {{{ example@example.com1234 example@example.com1234567812345678 }}} It's mostly due to the email input being the last one before the credit card step, but these emails are passing the validation and sanitization that exists: is_email and sanitize_email. I am doing something like the following to fix... {{{#!php '.$text.'' ); return $matches[1] . $html; } }}} Thank you." tlexcellent 16 Needs Docs or Unit Tests 60355 Can't save object to metadata with `readonly` properties General normal minor Future Release enhancement new needs-docs 2024-01-26T15:45:41Z 2024-02-12T21:52:11Z "If I have class with `readonly` property {{{#!php $property_value ) { $value->$property_name = map_deep( $property_value, $callback ); // <--------- } }}} " Cawa-93 5 Needs Docs or Unit Tests 42897 Hard deprecate functions deprecated before WP 3.7.0 General normal normal Future Release enhancement new needs-unit-tests 2017-12-13T21:11:36Z 2020-04-20T09:13:22Z "There are several of soft deprecated functions in `wp-includes/deprecated.php`. It's safe to hard deprecate those listed as deprecated prior to the introduction of automatic updates in version 3.7. Several tests will need to be removed, others will need to be modified to use the non-deprecated equivalent when using pre-3.7 deprecated functions to test functions deprecated in 3.7 or later. The initial patch removes the functions but needs a refresh to modify the tests." peterwilsoncc 7 Needs Docs or Unit Tests 24284 is_multi_author() should query by specific post type and status General normal normal enhancement new needs-unit-tests 2013-05-08T08:18:58Z 2019-06-04T19:44:43Z "Current is_multi_author() function only checks by the 'post' post-type and 'publish' post-status.. I think the function should be able to query by custom-post-type and custom-post-status" alex-ye 2 Needs Docs or Unit Tests 39695 Add preload headers in redirects HTTP API normal normal Awaiting Review enhancement new needs-unit-tests 2017-01-25T22:09:45Z 2017-02-27T09:32:49Z "http2 push enabled servers can immediately push linked assets or documents for the client. This saves clients from one round-trip. At the moment at least Cloudflare and h2o web server can http2 server push assets defined in Link headers: https://www.w3.org/TR/preload/#server-push-http-2. I believe more will follow in the next few years. WordPress powers so much of the web that it's our responsibility to try to make it as fast as we can. This is usually quite hard topic because we have no idea what is stored in the client browser cache. We can start implementing the Link preload headers in internal redirects because in that situation it's quite obvious that the client wants to make that request as their next one. This is what I want to achieve {{{ $ curl --http2 -i https://wordpress.test/wp-admin/ HTTP/2 302 ... Location: https://laextra.test/wp-login.php?redirect_to=https%3A%2F%2Flaextra.test%2Fwp-admin%2F&reauth=1 Link: ; rel=preload; as=document }}} I created a patch which adds these headers automatically in '''wp_redirect()''' function. Links about http2 server push: https://blog.cloudflare.com/announcing-support-for-http-2-server-push-2/ https://h2o.examp1e.net/configure/http2_directives.html" onnimonni 4 Needs Docs or Unit Tests 40142 WP Remote Remaining Methods HTTP API 2.7 normal normal Awaiting Review enhancement new needs-unit-tests 2017-03-13T16:46:43Z 2023-04-19T19:43:33Z "While we have `wp_remote_post()` and `wp_remote_get` I would like to see helper functions for the remaining HTTP Methods. These can be very useful working with third-party APIs, and as the Rest API becomes more important. '''Requested Functions:''' `wp_remote_delete()` `wp_remote_put()` `wp_remote_trace()` `wp_remote_get_head()` `wp_remote_get_options()` `wp_remote_connect()` Further Reading: https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html" bhubbard 13 Needs Docs or Unit Tests 54797 Allow languages path in register_block_type gziolo I18N 5.5 normal normal Future Release enhancement assigned needs-unit-tests 2022-01-12T11:48:11Z 2023-09-17T15:51:16Z "Hello, On `register_block_type` and block.json right now the languages folder path is not handled. This calls the `register_block_script_handle` function that just do : {{{#!php parse_search_terms() function, which is fine for many languages but Arabic need more than that to provide a really smart search! There are some chars need to removed before the string comparison, like: Hamza http://en.wikipedia.org/wiki/Hamza Diacritics http://en.wikipedia.org/wiki/Arabic_diacritics Tāʼ marbūṭah http://en.wikipedia.org/wiki/Taw If this cannot be in core, Could you at least add some filters to do it ?!" alex-ye 16 Needs Docs or Unit Tests 34507 New action `before_login_form` Login and Registration normal normal Awaiting Review enhancement new needs-docs 2015-10-30T07:33:57Z 2017-01-10T12:21:39Z "I can add new fields before default fields form. For example I can add social login : https://food52.com/users/sign_in?next_url=%2F" sebastian.pisula 5 Needs Docs or Unit Tests 30128 Allow to use associative arrays beside indexed arrays in wp_mail $headers Mail 2.3 normal normal Future Release enhancement new needs-unit-tests 2014-10-27T21:15:12Z 2020-09-16T18:57:17Z "eg: {{{ $headers = [ 'From' => 'Me Myself ', 'Cc' => 'John Q Codex ', ]; }}} beside: {{{ $headers = [ 'From: Me Myself ', 'Cc: John Q Codex ', ]; }}} and also (because why not): {{{ $headers = [ 'From' => 'Me Myself ', 'Cc' => [ 'John Q Codex ', 'iluvwp@wordpress.org', ], ]; }}}" marsjaninzmarsa 4 Needs Docs or Unit Tests 28059 Inline image attachments with wp_mail() Mail normal normal enhancement new needs-unit-tests 2014-04-29T13:28:10Z 2019-06-04T20:07:27Z "To insert inline images in an email the `phpmailer_init` action hook has to be used like this. {{{ add_action( 'phpmailer_init', 'embed_images' ); function embed_images( &$phpmailer ) { $phpmailer->AddEmbeddedImage( '/path/to/image1.png', 'image1.png' ); $phpmailer->AddEmbeddedImage( '/path/to/image2.png', 'image2.png' ); $phpmailer->AddEmbeddedImage( '/path/to/image3.png', 'image3.png' ); } }}} Why not implement this in `wp_mail()` itself?" jesin 3 Needs Docs or Unit Tests 42487 Avoid redundant crops for all Customizer media controls. Media normal normal Future Release enhancement new needs-unit-tests 2017-11-09T17:09:17Z 2019-02-07T21:45:56Z "In WordPress 4.9, we made use of context metadata to keep from producing redundant crops in the media library for custom headers (see #21819). We should extend this behavior to all other media controls in the Customizer (e.g., custom logos, site icon, etc.). There are a few parts to the implementation to keep in mind: 1. We should only create one cropped attachment per context for a given site/theme option. So for instance, if a custom logo has already been cropped from an attachment for the theme being customized, we should replace that attachment instead of creating a new one. However, we ''should'' create a new attachment if the crop was created for a different theme (this may not apply to site-level settings). 2. The context of an attachment should be included in the JSON model returned by `wp_prepare_attachment_for_js()` and used to filter contextual crops out of the main media attachment library. However, it would be great if those were ''not'' filtered when you've opened the media library from the context which those attachments are created/selected." joemcgill 2 Needs Docs or Unit Tests 57003 Compress original image upload to avoid uncompressed images Media normal normal Future Release enhancement new needs-unit-tests 2022-11-04T20:01:53Z 2023-03-15T15:12:46Z "When an image is uploaded to WordPress today, WordPress will generate the sub-sized versions using compression with the default quality (e.g. 82 for JPEG). The point of this is to offer smaller versions to achieve better performance with different viewport sizes. The compression here is a significant part of it, as we would not want those smaller sized images to be badly compressed and thus overly large in file size. A problem (and I would argue oversight) in that approach is that the originally uploaded image is still used as is in many cases, even in the frontend. #47873 introduced the feature to compress ""big"" images in a smaller version, which makes sense, however that is only part of the potential problem here: It can also happen that the original image upload is simply an overly large file, even if the dimensions of the image are smaller than what makes it qualify for a ""big"" image. This ticket proposes the following: * Always generate a new image from the originally uploaded image, even when it is not a ""big"" image (potential exception could be PNGs as currently the case, see #48736). * Once the image has been generated, compare the file size of the new image with the original image: * If the new image is smaller, use that one going forward, backing up the original image in the same way it already happens as part of the ""big"" image feature. * If the new image is larger (i.e. the original was already well compressed), delete the new image again and simply keep the original as is. Given that we already generate an additional image file for ""big"" image uploads, this enhancement would not introduce any concerning overhead. It also does not make any assumptions on the original image quality, it simply compares the results to make a decision which image to keep. In any case, the original image will be kept so it would not be a destructive action either." flixos90 7 Needs Docs or Unit Tests 55443 Create WebP sub-sizes and use for output adamsilverstein Media 6.0 normal normal Future Release enhancement reopened needs-docs 2022-03-22T23:15:33Z 2023-03-02T18:51:15Z "=== Summary This ticket introduces core support for generating and using additional mime types for sub-sized image uploads, with a focus on the WebP format. In addition, it filters frontend content to use the modern format when available for an image. After this change, WordPress will generate and use WebP sub sizes by default when available. Currently, when users upload images in a supported mime type like JPEG or WebP, WordPress creates sub-sized images of the same type for use on the front end. In WordPress 5.8 we introduced the `image_editor_output_format` filter to enable filtering the mime type used to save images. This ticket introduces the capability to generate more than a single mime type. For example, when users upload JPEG images, WordPress can automatically generate both WebP and JPEG sub-sized images. Then WordPress can use the WebP images when serving up the front end. JPEG images are still being generated by default, to support other use-cases outside of common web browsers (e.g. email newsletters) where WebP may not be supported yet. The above is only the default though - the behavior of which image formats are generated and used can be customized via filters. === New Filters This patch introduces two new filters, one to control the mime types WordPress generates when you upload an image and one to control which image mime type is used for displaying images on the front end of the website. ==== Mime type image generation filter This patch adds a new filter named `wp_upload_image_mime_transforms` (and similarly named function) that maps the upload image mime type to an array of one or more output mime types: By default, the mapping is: {{{ array( 'image/jpeg' => array( 'image/jpeg', 'image/webp' ), 'image/webp' => array( 'image/webp', 'image/jpeg' ), ); }}} The attachment id is also passed to the filter for context. ==== Mime type front end output filter This patch adds a new filter `wp_content_image_mimes` for the front end that specifies the preferred format(s) to use for content output (as long as the image file is available). When outputting images in the content, the first mime type available will be used. The attachment id and context are also passed to the filter. === WebP as a default output format for images On the front end, sites will benefit from using WebP in place of JPEG for their images. Research on https://github.com/WordPress/performance/issues/7 indicates images will average around a 30% overall file size reduction. This work also includes verifying the visual image quality of the output using [https://github.com/kornelski/dssim dssim]. === Developers Note The function `make_subsize` in both of core’s bundled WP_Image_Editor implementations (WP_Image_Editor_Imagick and WP_Image_Editor_GD) has been updated to accept a `$mime_type` parameter which in turn passed the mime type to the `_save` function (which already supports a `$mime_type` parameter). If your code implements `​​WP_Image_Editor::make_subsize()` make sure you update your function to support the `$mime_type` parameter. Plugins that modify image use (CDN, S3) or already create alternate mime types should test integrating with the code on this ticket and consider supporting the new sources meta data. === How to Test Test with this patch or the Performance Lab [https://wordpress.org/plugins/performance-lab/ plugin] Create a post and upload a jpeg image, placing in the post Publish the post and view it’s source code, the image URLs should be “.webp” images === Technical Details * In src/wp-admin/includes/image.php::wp_create_image_subsizes: loop through all of the mime types returned from the `​​wp_upload_image_mime_transforms` filter, generating sub-sized images for every mime format supported by the system. Default when a type isn’t mapped in the array is outputting in the mime type of the uploaded image. * `_wp_get_primary_and_additional_mime_types` extracts the primary and additional mime types * “Full” sized images are created for each mime type supported by the system with a `-{mime extension}` appended to the file name * When images over `big_image_size_threshold` are uploaded, the primary image gets a `-scaled` suffix (unchanged), alternate types get a `-{mime extension}-scaled` suffix * Similarly, alternate mime rotated images get a `-{mime extension}-rotated` suffix * New image meta `sources` array stores each mime type created for each full sized image and for each sub-sized image - both the file name (`file`) and size (`filesize`) are stored. * In src/wp-admin/includes/image.php::_wp_make_subsizes: * Using a mapping (from the input file mime type) provided by `wp_upload_image_mime_transforms`, output sub sized images in one or more output mime types * In src/wp-admin/includes/image.php * Add a new function `wp_upload_image_mime_transforms` as well as a matching filter named `wp_upload_image_mime_transforms` . Returns an array with the list of valid mime types that a specific mime type should be converted into. * In src/wp-includes/class-wp-image-editor-gd.php and src/wp-includes/class-wp-image-editor-imagick.php: * Update `make_subsize` to accept a new `mime_type` parameter that gets passed to the `_save` function when set (which already has a mime_type parameter). Add the new parameter to internal function calls as well. * In src/wp-includes/media.php: Adds new function `wp_image_use_alternate_mime_types` that is called for every image in `wp_filter_content_tags`. This function: * Adds a new filter `wp_content_image_mimes` that returns the mime type(s) to try to use for output, in the order they should be tried. The default order to try is array( 'image/webp', 'image/jpeg' ), meaning if a WebP version of the image exists, WordPress will use that image for the image tag output * Replaces all image components (including urls in the `src` and `srcset` attributes) when the same image is available in the preferred mime type * Returning an empty array will skip any image mime type substitution ( ie. `add_filter( ‘wp_content_image_mimes’, ‘__return_empty_array’ );` * In src/wp-includes/post.php::wp_delete_attachment_files: * Delete additional mime type images referenced in the image meta root ‘sources’ array as well as each sizes->sources array when present. This ensures that additional mime images are cleaned up if the original image is deleted. * In src/js/_enqueues/vendor/plupload/wp-plupload.js and src/js/_enqueues/vendor/plupload/handlers.js retry count is raised from 4 to 8. (Should this be filterable)? This change is to accommodate the larger potential number of images that need to be created. Note: needs to be changed in Gutenberg as well, see https://github.com/WordPress/gutenberg/blob/23f11a18726bf69717595451ab3250cb67b426f6/packages/api-fetch/src/middlewares/media-upload.js#L38 === PHPUnit test changes New sources data added to expected results in ` test_wp_generate_attachment_metadata_pdf`, `test_crop_setting_for_pdf` Remove new `wp_content_image_mimes` filter for tests in tests/phpunit/tests/media.php === Todo items remain for this patch: - Add tests for new filters `wp_content_image_mimes` and `wp_upload_image_mime_transforms` - Add full sized alternate mime creation for PDF upload special handling, see https://github.com/WordPress/wordpress-develop/pull/2393/files#r832651580 - Add REST support from https://github.com/WordPress/performance/pull/224 (or in follow up ticket) - Improve naming of rotated/cropped alternate mime images " adamsilverstein 200 Needs Docs or Unit Tests 54648 Improve filter to enable setting quality for each subsize image adamsilverstein* Media normal normal Awaiting Review enhancement accepted needs-unit-tests 2021-12-17T16:19:39Z 2024-02-23T11:07:57Z "Talking with https://profiles.wordpress.org/codekraft/ we was wondering if it is possible to get a filter to specify the quality of subsized images. Right now the `wp_update_image_subsizes` https://github.com/WordPress/wordpress-develop/blob/cdd5e43a04930bac390537944eb6f4256d364bd4/src/wp-admin/includes/image.php#L153 doesn't have that filter. So on `wp_create_image_subsizes` https://github.com/WordPress/wordpress-develop/blob/cdd5e43a04930bac390537944eb6f4256d364bd4/src/wp-admin/includes/image.php#L228 calls `_wp_make_subsizes` https://github.com/WordPress/wordpress-develop/blob/cdd5e43a04930bac390537944eb6f4256d364bd4/src/wp-admin/includes/image.php#L386 But doesn't specify the quality. Probably the best solution is to use `set_quality` of the Image Editor ImageMagick/GD classes in the last function. This can help, in our thoughts, on generate smallest images (like under 200x200) with a different compression that can be more strong, compared to the others, as they have a different usage and the quality of those can be different. This can save space and speed up the page. Some examples? In the woocommerce gallery where there are the preview as tiny squares (150x150). Maybe this idea can interest the new Performance team?" Mte90 23 Needs Docs or Unit Tests 33959 Improve wp_get_attachment_thumb_file Media 4.4 normal normal enhancement new needs-unit-tests 2015-09-22T08:28:27Z 2019-06-04T20:16:19Z "Since we can retrieve an image thumbnail url it will be nice if we can get the path of this thumbnail too. Here is a patch allowing this. And improvements for the first parameter allowing it to be a WP_Post object. " Rahe 6 Needs Docs or Unit Tests 33768 Include image_meta in wp_prepare_attachment_for_js response for images Media 4.4 normal normal enhancement new needs-unit-tests 2015-09-07T16:35:22Z 2019-06-04T20:15:56Z "Currently seems odd that the image_meta array isn't returned in the response from wp_prepare_attachment_for_js for an image. The function already calls get_attachment_metadata so the image_meta array is readily available. The meta key is already declared in the response array. All other mime types populate the meta value in the response array in a similar fashion as my proposal. I can't see any downside or overhead, and the function becomes much more powerful, particulaly for gallery implenmenations, as a result. The addition is just three lines (in wp-includes/media.php #L2835 of current version)." SteveHoneyNZ 4 Needs Docs or Unit Tests 58416 Media Title field should soft wrap in Media Modal: For better readability/editing of long titles. Media 3.5 normal normal Awaiting Review enhancement new needs-unit-tests 2023-05-26T20:48:37Z 2023-06-13T11:08:12Z "**Usability Issue:** - In the **Media Modal** the **Title** field currently is an `` and as such is single line only. - Scrolling a ~50 character long title within a ~20 char text field sucks. - Soft wrapping would really benefit longer media titles in terms of instant readability and easy editing. **Solution Approaches:** 1. Leaving it a `` and tweak it to soft wrapping with CSS only. - I found the [https://stackoverflow.com/questions/5286663/wrapping-text-inside-input-type-text-element-html-css exact same request on StackOverflow] for HTML in general (CMS agnostic) - Pure [https://stackoverflow.com/a/31814539/199400 CSS solutions for this] which once worked, became unsupported around 2016 in major browsers. - Bottom line: `` is single line only and always, user agents allow no circumventions. 2. Alternative approach: Use a `'; echo wpautop( $text ); }}} " takayukister 9 Needs Patch 33840 wpautop damages inline script Formatting 4.3 normal normal defect (bug) new 2015-09-12T10:54:20Z 2019-06-04T19:51:27Z "This code: {{{ $str = ' '; echo $str; echo '
    '; echo wpautop($str); }}} results in this output as seen in the page source: {{{

    }}} The wpautop filter adds {{{

    }}} twice and {{{

    }}} once; adds linebreaks and hence a js error: SyntaxError: unterminated string literal To my opinion, wpautop should NEVER change a byte between {{{}}}; neither should the script tag be wrapped in a p tag. Wrapping the code in a {{{[CDATA[ ]]}}} block makes no difference. This behaviour is noticed for years and is still present at version 4.4-alpha-34061" opajaap 1 Needs Patch 49492 wpautop inserted p tags inconsistently alter visual space Formatting 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-22T17:09:49Z 2020-02-22T17:12:21Z "I wrote a custom shortcode to insert a
    in my posts. wpautop inserts an empty

    before the
    . If I place the shortcode before the first paragraph after a subheading, the inserted

    increases the visual space between the subheading and the paragraph. But if I place the shortcode before the second paragraph, the extra

    doesn't affect the visual spacing between paragraphs. I can work around the inconsistency by changing wpautop's priority. But that scrambles other things on the web site. {{{ remove_filter( 'the_content', 'wpautop' ); add_filter('the_content', 'wpautop', 12); add_shortcode('hd_product', 'display_product'); function display_product($args){ extract(shortcode_atts(array( 'id' => null, 'cat' => null, 'tag' => null, 'orderby' => 'rand', 'limit' => 1, ), $args)); $product = wc_get_product( $id ); $image = $product->get_image($size = 'product-slider', [""class"" => ""product-callout-image"",""alt""=>""mp3 for sale""] ); $term = get_term_by( 'id', $product->category_ids[0], 'product_cat' ); $output = '

    '; $output .= '' . $image ; $output .= '
    ' . $term->name . '
    ' . '$' . $product->price . '
    '; $output .= '
    '; return $output; } }}} " mesmer7 Needs Patch 43394 wpautop inserts extraneous line breaks if hard return around commented content Formatting 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-23T20:02:19Z 2020-06-15T00:19:38Z "Problem: If one has code comments before content in a WordPress post/page and there are hard returns before and after the code comment, WordPress will insert an extraneous line break. Further, if there are hard returns between multiple comments an extraneous line break will be added. This problem can be reproduced by doing the following: 1. Edit a WordPress post or page. 2. Add a code comment with hard returns before and after it such as: {{{ }}} 3. Publish/preview the page. 4. Use Inspect to examine the area where you placed the above comment and you'll notice an extra line break. This may seem like a very edge case and a minor annoyance, but we ran into this issue recently when we had multiple code comments following each other like so: {{{

    Some regular content here.

    Some regular content here.

    }}} An extraneous line break now becomes four line breaks. This becomes quite confusing for editors as when they look at the post the extra returns are not apparent yet inserted when the page is actually posted. I'm thinking that resolving this issue might also resolve many other cases of wpautop gone rogue. My suggestion would be that wpautop be changed so that: 1. If there is a code comment with a hard return before and after the comment, it does not automatically add wpautop. (one can argue that this is behaving as expected, but I doubt many are thinking when they add a code comment that it will add a nice line break for them...and in any case, this can be much more obviously/easily remedied by inserting a
    in the editor if one truly did want a line break caused in this manner, whereas it can be quite time consuming to discover why extra line breaks are mysteriously appearing) 2. Similarly, with shortcodes, if the shortcode is tested valid then don't add line breaks with wpautop around the shortcode. " davidshq 1 Needs Patch 58872 wpautop not disabled when blocks are inserted dynamically Formatting 6.1.1 normal minor Awaiting Review defect (bug) new 2023-07-21T18:17:09Z 2023-07-21T18:17:09Z "**WP Version** Tested on 6.1.1, but seems to still be present on the trunk. **Context** Our theme has multiple page-header styles. Users can insert any one of those as the first block of a page, or leave it out. If it's left out, we inject a default header block as the first block of the page using a customer WP_Block_Parser. We've also imported a large number of pages from a previous pre-Gutenberg WP system, so not all posts have block content. **The Problem** On legacy posts that do not have block content, wpautop is enabled, ''even for the injected header block'', resulting in extraneous
    and

    tags. If there's even a single block in the post content, the block renders normally. The source of the issue is that do_blocks (https://core.trac.wordpress.org/browser/trunk/src/wp-includes/blocks.php#L1166) renders the blocks based on the results of the parser, but disables `wpautop` based on a call to has_blocks(), which uses the unparsed content to determine if there are any blocks in the post. I recognize this is an edge case, as we're dealing with both legacy content and an (ab?)use of a custom block parser to inject blocks into blockless content, so it's not likely to be a high priority. But if the ""block_parser_class"" hook is going to allow us to override the parser, do_blocks should respect the blocks that are returned regardless of the original content string, and override wpautop accordingly. **Test Cases** Attached are: * A single.php page template file that succinctly captures the problem * The contents of two pages. One has no blocks and shows the wpautop problem. The other contains a single block and shows wpautop being disabled correctly. Use the Code Editor to enter this content into a page or post." jbeninger Needs Patch 15918 wpautop() breaks inline tags on the same line as block tags dunno Formatting 3.0.3 normal normal defect (bug) new 2010-12-20T16:01:31Z 2019-06-04T19:43:17Z "Hi guys! I've got latest WP installation (3.0.3) and found strange bug in posts parser. Create article with following HTML: {{{

    }}} Browser will get: {{{ }}} All seems to be fine! Now get rid of unnecessary div. Create article with following HTML: {{{ WP IZ ASSUM }}} Browser will get: {{{

    WP IZ ASSUM

    }}} Dunno why there is extra

    but who cares. All seems to be OK. Create article with following HTML: {{{

    WP IZ ASSUM
    }}} Browser will get: {{{
    WP IZ ASSUM
    }}} Now isn't that cool? But check what is even cooler! Create article with following HTML: {{{
    WP IZ ASSUM
    NO IT'S BUGGY AS HELL
    }}} Browser will get: {{{
    WP IZ ASSUM

    NO IT’S BUGGY AS HELL
    }}} Wow! Say hello to invalid markup and rendering problems! Auto-closing of tags turned off. No matter of the settings I still get this nice messed up html. WYSIWYG turned off also." retrib 12 Needs Patch 43313 wptexturise uses the wrong curly quote after a closing link tag Formatting normal normal Awaiting Review defect (bug) new 2018-02-14T10:29:02Z 2018-04-15T18:05:13Z "When an English possessive 's comes immediately after a closing link tag, wptexturise changes it to the wrong kind of curly quote mark. '''To reproduce:''' * Enter some text with a link followed by an 's in your post content, for example {{{ BBC's approach }}} * View the post in the front end. '''What I expect''' The filter replaces the straight single quote mark with a right curly apostrophe ’ '''What I see instead''' The filter replaces the quote mark with a left curly apostrophe ‘ " andfinally 2 Needs Patch 54721 wptexturize caches the result of run_wptexturize preventing themes from using this if a plugin has already called get_plugin_data Formatting 5.8.2 normal normal Awaiting Review defect (bug) new 2022-01-03T11:45:01Z 2022-01-03T11:45:01Z "One of the plugins I use is simple_sitemap. This plugin (quite reasonably) uses get_plugin_data during its initialization. get_plugin_data makes calls to wptexturize as part of its operation. The plugin's initialization runs before the theme's functions.php is executed. Since wptexturize caches the result of the run_wptexturize filter, the theme is no longer able to disable wptexturize's function and hence gets unwanted smart quotes. There is a workaround for the theme whereby it makes a dummy call to wptexturize with reset set to true. This makes the wptexturize implementation reinitialize and hence re-execute the call to the run_wptexturize filter. However the documentation states that this flag is designed for unit testing and hence this seems to be less than ideal. (In passing I'll note that this caching of the result also prevents plugins from using it to temporarily disable the function by adding and then removing the filter should it be required.) I've left the ticket type as 'defect' but it would be reasonable to argue that this is actually a request for a minor enhancement - if so please change the type field. " tremlas Needs Patch 43785 wptexturize fails to skip JavaScript if code contains < Formatting normal normal Awaiting Review defect (bug) new 2018-04-17T07:51:58Z 2018-04-17T07:51:58Z "As the [https://codex.wordpress.org/Function_Reference/wptexturize documentation] states: Text enclosed in the tags
    , , , \r\n""
    		. ""\r\n""
    		. ""\r\n""
    		. ""

    This is a red paragraph

    \r\n"" . ""\r\n"" . ""\r\n"" . ""--$multipart_boundary--""; wp_mail( 'whoever@example.com', 'Multipart email test', $body, $headers ); }}} The email sent by this code should show either the text part or the html part, depending on the email client. I use Thunderbird and it shows no content at all. The source of the problem is in the Wordpress file /includes/pluggable.php, function wp_mail(). The function argument $headers array/string supplied by the user is assigned to a variable $tempheaders and then $headers is set to an empty array. $tempheaders is then processed in a switch statement block starting at line 251 to extract the header fields From, Content_Type, Cc, Bcc and Reply-To. Any other header fields are considered 'custom headers' and are added back into the $headers array by the default case of the switch block. At the end of processing $tempheaders, if there are no 'custom header' fields present, then the $headers variable remains an empty array. At line 441, the $headers variable is tested to see if any 'custom headers' need setting. {{{#!php $content ) { $phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); } if ( false !== stripos( $content_type, 'multipart' ) && ! empty($boundary) ) $phpmailer->AddCustomHeader( sprintf( ""Content-Type: %s;\n\t boundary=\""%s\"""", $content_type, $boundary ) ); } }}} Strangely, not only does this if statement block set the 'custom headers' ($headers) when they exist, it also sets the Content-Type: multipart/...; boundary=... Hence, if $headers is empty, as is the case for my example above, the multipart boundary is not set. The question is: why is setting the multipart boundary dependent on there being these so called 'custom headers'? I have only noticed this problem since Wordpress 4.6+. Since version 4.6, the header field Reply-To was added to Wordpress' list of 'non-custom headers'. Prior to version 4.6, Reply-To was considered a 'custom header' and so, $headers was not empty and my code worked. As a work-around, if I add Return-Path: ... to my headers, then everything works and my emails are readable again. However, I shouldn't need to do this. I think this problem needs some serious attention. Tony " drtonyb Needs Patch 57698 Image not showing in iOS and Mac email clients Mail 6.1.1 normal major Awaiting Review defect (bug) new 2023-02-11T22:29:55Z 2023-03-15T01:49:22Z "Potentiel conflict between WordPress Core and Apple mail client. There has been a problem with iOS ad MAC email clients for the last year or so. The problem appeared with a new realease of Apple email client. As far has I remember the problem started with the release of iOS 15 (more than a year ago) and has not been resolved yet. Since that time, when sending email with embedded image using any WordPress plugin, the embedded images do not appear anymore in Apple email clients. This is ONLY the case for Apple email. It does work fine in ALL others email clients (Outlook, Gmail, etc…. even Outlook app on iOS is OK). Also it has nothing to do with the way the Privacy settings are set on the iPhone.The images were displayed fine before iOS 15 release. Just do a research on the support forum for “email image not showing in ios mail” and see for yourself. It is all over the place in plugin forums (Mailpoet, Mailchip, ec.) It looks like every plugin has the problem, so it is not a plugin problem. IT MUST BE A CONFLICT BETWEEN WORDPRESS CORE and APPLE MAIL CLIENT. Most likely the problem is on Apple side. Many of us have tried contacting Apple support to no success. Someone in WordPress developper team should be able to reproduce that behavior and SORT IT OUT WITH APPLE SUPPORT as who (Apple or WordPress) has to make a modification. Thanks in advance!" ldeschenes 1 Needs Patch 50374 Improve PHPMailer usage Mail normal normal Awaiting Review defect (bug) new 2020-06-12T15:59:55Z 2020-06-12T18:56:39Z "Related to the ticket #41750 We finally have PHPMailer 6 in WordPress core. The PHPMailer author noticed that there are some improvements in the way we use PHPMailer. if you're setting content-type headers and boundaries via addCustomHeader, you're using PHPMailer wrong! (https://core.trac.wordpress.org/ticket/41750#comment:41) I would like to request comments and thoughts on taking a good look at how we use PHPMailer. I suspect these outdated patterns were used when WordPress had PHPMailer 5.x series. Now that we use PHPMailer 6, we can review and improve how we use it. PHPMailer 6 upgrade milestone is WordPress 5.5. It would be great if we ship these changes with same version. " ayeshrajans Needs Patch 53393 Latest version of PHPMailer no longer attaches files to emails Mail 5.7.2 normal normal Future Release defect (bug) new 2021-06-14T01:18:07Z 2021-11-01T17:35:53Z "I've been trying to track down why my s3 bucket files are no longer being attached to automated emails being sent out by WordPress (using the Gravity Forms Entry Automation plugin). I've been able to identify the latest version of PHPMailer being the reason why the attachments no longer get added. From the author: ---- ''This is due to a bug fix that also closed a major security hole. PHPMailer deliberately avoids being a client for HTTP or other protocols for file attachments because it is far too risky. The solution is to take on responsibility for fetching remote files yourself. Instead of :'' {{{ $mail->addAttachment('s3://file.txt', 'file.txt'); }}} ''Do this:'' {{{ $mail->addStringAttachment(file_get_contents('s3://file.txt'), 'file.txt'); }}} https://github.com/PHPMailer/PHPMailer/issues/2355#issuecomment-858373284 ---- I reached out to the Gravity Forms authors as well as the Entry Automation authors and they both have said their plugins just generate raw notification objects and then use wp_mail() to pass the generated mail object off to the rest of my server to actually handle the sending. Is there a way to get this working again without having to roll my WP version back? Or do y'all know how others are handling this issue? " threeatetwo 8 Needs Patch 47855 PHPMailer::validateAddress() fails on PHP 7.3 with libpcre2 < 10.32 Mail 5.2.2 normal minor Awaiting Review defect (bug) new 2019-08-08T20:27:05Z 2019-09-21T01:43:11Z "Due to a bug in libpcre2 < 10.32-RC1 https://bugs.exim.org/show_bug.cgi?id=2300, this email regex validation fails in PHP 7.3 with PCRE_VERSION < 10.32. One consequence of this is being unable to send a password reset link from the login page - the user sees the error ""The email could not be sent. Possible reason: your host may have disabled the mail() function."" A simple test script https://gist.github.com/yolabingo/68b4f037661e702742c5abb324a3d992 PHP < 7.3 uses libpcre 8.x PHP 7.3 uses libpcre2 10.x" yolabingo 1 Needs Patch 56115 Prevent default from email to use a subdomain when the siteurl is a subdomain Mail 2.1 normal normal Awaiting Review defect (bug) new 2022-06-30T15:28:24Z 2022-07-01T22:18:46Z "When the site url uses a top-level domain or the www subdomain, the default from email is `wordpress@mydomain.com` When the site url uses a sub-domain (not www), then the default from email is `wordpress@mysubdomain.mydomain.com`. In this case, the email will be tagged as spam because the from header domain doesn't the top-level domain. Would it be possible de force (rewrite) the siteurl variable to remove the subdomain, in order to reduce the chance to have emails marked as spam? Related: #5007" benoitchantre Needs Patch 40081 Remove wp-admin links from all Core emails Mail normal normal Awaiting Review defect (bug) new 2017-03-09T14:56:40Z 2017-03-09T18:32:07Z "SpamAssassin has an undocumented rule called `URI_WPADMIN`, which is triggered when it sees a wp-admin URL in a message. If the rule is triggered, the message's spam score is bumped by `2.6` points (by default), which gets the message `50%` of the way to being flagged as spam. This can be reproduced easily with [http://spamcheck.postmarkapp.com/ Postmark's spam-checker API]. SpamAssassin also has a `PHP_ORIG_SCRIPT` rule that is assigned to all messages that are sent with the default PHP `mail()` agent. It has a score of `1.5`, which brings the vast majority of Core emails sent by WordPress installations up to a score of `4.1`, which is `80%` of the way to being flagged. That's not counting any other rules that may be triggered based on message content, server configuration, etc. From a UX perspective, it's very helpful to include links in messages that take the user directly to any actions that we can reasonably assume they'll want to perform on a message. However, from a security perspective, I think the best practice is to not include those links, because doing so trains users to expect and trust them, which makes them vulnerable to phishing attacks. So, I think we should consider removing all links to wp-admin, and replace them with a message asking users to log in to their site instead. We can give them navigation breadcrumbs like, `To disable these notifications, log in to WordPress at example.org and navigate to: My Sites > Network Admin > Settings.` Related #39709" iandunn 3 Needs Patch 54416 Some WordPress generated emails escape special chars in the email address while other emails do not. Mail 5.8 normal normal Awaiting Review defect (bug) new 2021-11-10T22:28:51Z 2021-11-10T22:28:51Z "When a user's email address contains an apostrophe, WordPress will escape the apostrophe in the email address for some WordPress generated emails, while it will not for other WordPress generated emails. For example o'connor@domain.com will be escaped to o\'connor@domain.com for the 'Email Changed' and 'Password Changed' emails that are sent to the user. For other emails, such as the 'User Lost Password' email, the email address is not escaped and is sent properly. " ltuspe Needs Patch 43425 WP_Mail BCC and CC - RCPT TO Errors Mail 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-26T22:15:08Z 2018-02-26T22:15:08Z "Adding BCC and CC Fields are having inconsistent results. Undeliverable emails, incorrect ""RCPT TO"" Addresses in SMTP Communication etc. ""RCPT TO"" is being set to ""Message-ID"". See Tests Below - I tested with standard PHP Mail and wp_mail If anyone has any pointers that would be great. Windows Server 2012R2 IIS: 8.5 PHP: 7.0.9 WP: 4.9.4 No special plugins or code. Test 1: Standard PHP Mail with CC Field {{{ $headers = 'From: Test ' . ""\r\n"" . 'cc: myotheremail@myname.com'; $to = ""myemail@gmail.com""; $subject = ""TEST SUBJECT""; $body = ""Test""; if (mail($to, $subject, $body, $headers)) { echo(""Message successfully sent""); } else { echo(""Message sending failed""); } }}} Results Both emails received. Content looks ok ---- Test 2: Standard PHP Mail with BCC Field {{{ $headers = 'From: Test ' . ""\r\n"" . 'bcc: myotheremail@myname.com'; $to = ""myemail@gmail.com""; $subject = ""TEST SUBJECT""; $body = ""Test""; if (mail($to, $subject, $body, $headers)) { echo(""Message successfully sent""); } else { echo(""Message sending failed""); } }}} Results: Both emails were received However. The body of each email now has the letter ""b"" appended to the content. Body Content {{{ b Test }}} Is something in WP causing this or is this an issue in Windows PHP?? ---- Test 3: WordPress wp_mail with CC Field {{{ $headers = 'From: Test ' . ""\r\n"" . 'cc: myotheremail@myname.com'; $to = ""myemail@gmail.com""; $subject = ""TEST SUBJECT""; $body = ""Test""; if (wp_mail($to, $subject, $body, $headers)) { echo(""Message successfully sent""); } else { echo(""Message sending failed""); } }}} Results CC never received - SMTP Log file shows: [2018.02.26] 16:46:04 [55583] CMD: RCPT TO:<945dc26bed6e74aeec984fc4ae828e32@myname.com> Why did the CC field get changed? It looks like the ""CC"" Field is now the ""Message-ID"" as they are the same now. Gmail received the copy as expected. ---- Test 4: WordPress wp_mail with BCC Field {{{ $headers = 'From: Test ' . ""\r\n"" . 'bcc: myotheremail@myname.com'; $to = ""myemail@gmail.com""; $subject = ""TEST SUBJECT""; $body = ""Test""; if (wp_mail($to, $subject, $body, $headers)) { echo(""Message successfully sent""); } else { echo(""Message sending failed""); } }}} Results Same as Test 3 -- The BCC Field ""RCPT TO"" command became the ""Message-ID""?? Gmail received the copy but still had the letter ""b"" appended into the message body. Any ideas, pointers etc? Suspecting Bug in WordPress or Windows PHP. " JWGarber1725 Needs Patch 40390 Wrong time (and date) in mail header send by phpmailer Mail 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-07T12:47:41Z 2017-05-02T11:59:04Z "I noticed that some mail clients show wrong time and sometimes date (around midnight) while forwarding or otherwise dealing with emails. For ex. MS Outlook gets it wrong. The offset is the same as my local timeoffset to UTC. Tracking it down this is because the {{{rfcDate()}}} within ''wp-includes/class-phpmailer.php'' uses {{{date_default_timezone_get()}}} to add the date and time into the mail header. This value is forced by WP to be UTC. Debugging rfcDate() with: {{{ error_log( var_export( date_default_timezone_get(), true ) ); error_log( var_export( date('D, j M Y H:i:s O'), true ) ); error_log( var_export( current_time( 'D, j M Y H:i:s O' ), true ) ); }}} I get: {{{ [07-Apr-2017 12:01:02 UTC] 'UTC' [07-Apr-2017 12:01:02 UTC] 'Fri, 7 Apr 2017 12:01:02 +0000' [07-Apr-2017 12:01:02 UTC] 'Fri, 7 Apr 2017 14:01:02 +0000' }}} I read this ticket #39595 and I guess it will not be changed. The ticket also says there is no WP function using the native timezone getter. This shows there is. Or at least a lib within core. Can we modify the phpmailer class to use {{{current_time()}}} or do we need to set and reset the timezone before and after every phpmailer call? " Drivingralle 1 Needs Patch 33972 static use of PHPMailer class results in stale state between calls to wp_mail() Mail 4.3 normal normal defect (bug) new 2015-09-23T09:57:09Z 2019-06-04T20:16:28Z "I've just been chasing down a problem since upgrading to WordPress 4.3 with mails sent via wp_mail() being sent with: Content-Transfer-Encoding: quoted-printable Auto switching to quoted-printable was added in the PHPMailer class which was upgraded in 4.3. The issue is that the internal state in $phpmailer is not properly cleared between calls to wp_mail(). There is an attempt to do this via: // Empty out the values that may be set $phpmailer->ClearAllRecipients(); $phpmailer->ClearAttachments(); $phpmailer->ClearCustomHeaders(); $phpmailer->ClearReplyTos(); But non of these methods reset the value of $this->Encoding. So if I make two calls to wp_mail() and the first one gets switched to quoted-printable the second one will be sent as quoted-printable even if it doesn't need to be. Would it not be better to just create a new instance of PHPMailer for each invocation of wp_mail() and let the constructor take care of it? " codebuddy 3 Needs Patch 59763 unverified emails from buyers Mail 6.3.2 normal major Awaiting Review defect (bug) new 2023-10-29T09:31:16Z 2023-10-29T09:31:16Z "Hello, Since the last update we have had trouble with emails. Orders marked as unverified and going to junk files Mail Chimp is broken and not sending our deals Cart Abandonment emails are broken. couplemate.com.au is from a Microsoft Server. We checked extensively with Microsoft and our host server. We changed the email address in WooCOmmerce with emails still going to junk. We have some 20 email addresses outside Woocommerce and all are acting normally. Could you check your end please. " couplemate Needs Patch 39775 wp_mail miss send Content-Type with boundary when array header does not have other custom headers Mail normal normal Awaiting Review defect (bug) new 2017-02-03T07:42:43Z 2017-04-14T09:46:47Z "It's a PR send in github. https://github.com/WordPress/WordPress/pull/273 Fix empty charset in line 436. Before: `Content-Type: multipart/alternative; charset=` After: `Content-Type: multipart/alternative; charset=UTF-8` ------------- fix `$headers[] = ""Content-Type: multipart/alternative; boundary=\""$boundary\"""";` not send when not other headers. Test Code: {{{#!php ""; $headers[] = ""Content-Type: multipart/alternative; boundary=\""$boundary\""""; $body = ""--$boundary\r\n"" . ""Content-Type: text/plain; charset=UTF-8\r\n""; $body .= 'test'; $body .= ""--$boundary\r\n"" . ""Content-Type: text/html; charset=UTF-8\r\n""; $body .= '
    test
    '; wp_mail( $to, $subject, $body, $headers ); }}} Before: [[Image(https://cloud.githubusercontent.com/assets/6196903/22583305/a84c5f1c-ea26-11e6-8718-2bde99d20484.png)]] After: [[Image(https://cloud.githubusercontent.com/assets/6196903/22583326/c4055362-ea26-11e6-8890-1da8fac8552e.png)]] I could search some issue for this, like http://wordpress.stackexchange.com/questions/191923/sending-multipart-text-html-emails-via-wp-mail-will-likely-get-your-domain-b https://wordpress.org/support/topic/using-wp_mail-with-php-generated-attachments/ but still have same problem here." kn007 Needs Patch 52504 wp_mail() not able to send/deliver emails to domain with hyphens in it? Mail 5.7 normal normal defect (bug) reopened 2021-02-12T01:40:30Z 2021-02-12T01:54:03Z "I tested many plugins and all of them, who uses wp_mail(), are not sending/delivering emails to domain with hyphens in it. I tested on 3 different hosts, with 4 different domain names. When an email is sent to a domain with hyphens in it, it's not delivered. Seems like the ""sanitizing"" process is causing an issue maybe?" verya.ca 2 Needs Patch 23243 "wp_mail() not working with ""Name "" format in buggy PHP versions on Windows" Mail 3.5 normal minor defect (bug) new 2013-01-20T15:59:30Z 2019-06-04T20:04:42Z "As a result of ticket #17305, wp_mail() accepts the $to parameter in the format ""Name "". There exists a PHP bug in versions below 5.2.11 and in 5.3, on Windows. This bug occurs when addresses are passed to the PHP mail() function in the ""Name "" format and prevents e-mails from being sent. I believe this bug in fixed in 5.3.1 and above. (see https://bugs.php.net/bug.php?id=28038) I don't believe this affects any core functionality, but may affect some plugins which pass $to in the above format. I tested in PHP 5.2.4 on Windows with the following code: {{{ wp_mail(""email@ext.com"", ""Test"", ""Test""); wp_mail(""Name "", ""Test 2"", ""Test 2""); }}} The first email is received; the second isn't. When removing error suppression from the mail() calls in class-phpmailer.php, the following warning is outputted: Warning: mail() [function.mail]: SMTP server response: 501 >: ""@"" or ""."" expected after ""Name"" in C:\xampplite\htdocs\wp-includes\class-phpmailer.php on line 771" bbosh 3 Needs Patch 47827 wp_notify_moderator email error when Site Language is fr_CA Mail normal normal Awaiting Review defect (bug) new 2019-08-04T02:31:38Z 2019-10-03T16:32:18Z "WordPress version: 5.2.2 PHP version: 5.6.27 Hosting: GoDaddy ""Please moderate:"" email is sent without issue when Site Language is en_US. However, when Site Language is fr_CA, the following error occurs: {{{ [04-Aug-2019 01:51:40 UTC] WP_Error Object ( [errors] => Array ( [wp_mail_failed] => Array ( [0] => Could not instantiate mail function. ) ) [error_data] => Array ( [wp_mail_failed] => Array ( [to] => Array ( [0] => wpadmin@example.com ) [subject] => [WPSite] Demande de modération pour « Foo » [message] => Un nouveau commentaire sur l’article « Foo » attend votre approbation http://blog.example.com/foo/ Auteur : JoeUser (adresse IP : xx.xx.xxx.xxx, joe.example.com) Adresse courriel : joe_user@example.com Adresse web : Commentaire : Commentaire en français L’approuver : http://blog.example.com/wp-admin/comment.php?action=approve&c=12#wpbody-content Le mettre dans la corbeille : http://blog.example.com/wp-admin/comment.php?action=trash&c=12#wpbody-content Le marquer comme indésirable : http://blog.example.com/wp-admin/comment.php?action=spam&c=12#wpbody-content En ce moment, 4 commentaires attendent vos approbations. Veuillez vous rendre sur le panneau de modération : http://blog.example.com/wp-admin/edit-comments.php?comment_status=moderated#wpbody-content [headers] => Array ( ) [attachments] => Array ( ) [phpmailer_exception_code] => 2 ) ) ) }}} " zzzz4 1 Needs Patch 60082 """Copied"" tooltip should be hidden when another attachment URL is copied (in list mode)" Media 6.0 normal normal Awaiting Review defect (bug) new 2023-12-15T13:05:00Z 2024-03-12T15:39:27Z "In the media list view, clicking the ""Copy URL"" action link displays previously clicked ""Copy URL"". The previously clicked row showing ""Copied!"" when hover the media again. === Environment - WordPress: 6.4.2 - PHP: 8.2.0 - Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2u PHP/8.2.0 mod_wsgi/3.5 Python/2.7.18 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.39 / Client: 8.2.0) - Browser: Firefox 119.0 (macOS) - Theme: Twenty Twenty-Four 1.0 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.5 === Steps to Reproduce 1. Go to media library 2. Click ""Copy URL"" of one of the media. 3. Click ""Copy URL"" of another media. 4. The previously clicked row showing ""Copied!"" when hover the media again. === Expected Results 1. The previously ""Copied!"" tooltip should be close after clicking the next one. === Actual Results 1. The previously clicked row showing ""Copied!"" when hover the media again." jayadevankbh 3 Needs Patch 58287 """The server cannot process the image"" error, set_imagick_time_limit() and WP 6.2" Media 6.2 normal major Awaiting Review defect (bug) new 2023-05-10T15:51:53Z 2023-05-10T19:54:45Z "On many of our sites, managed on different machines and with different configurations, with version 6.2 of WordPress, when uploading images we often get this error: ""The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels."" Nothing appears in the `debug.log`, but analyzing the issue -which had never occurred before WordPress 6.2- we realized that it seems to be due to the new `set_imagick_time_limit()` method of the `WP_Image_Editor_Imagick` class. Maybe the value `0.8 * $php_timeout` is that a bit too conservative? Maybe it could be made hookable?" delitestudio 1 Needs Patch 43531 $content_width and Add Media (+ twentyseverteen?) Media 4.9.4 normal normal Awaiting Review defect (bug) new 2018-03-12T20:07:38Z 2019-01-21T22:04:59Z "I apologize in advance if this isn't a bug. However, I couldn't seem to find any documentation on the expected behavior (e.g., there's nothing on the codex page for the image_size_names_choose filter). None the less, it certainly feels odd / awkward. When adding an image (to a post / page), the size setting select (Add Media > Attachment Display Setting > Size) doesn't feel quite right. I understand the relationship between (global) $content_width and this setting. That is, the tag's width= is forced / maxed to the $content_width (if the image is wider than the $content_width). I see this happening for the size = large images, as well as any image sizes I've added via add_image_size() that are too wide. However, it (i.e., the forced max width=) doesn't happen to the size Medium when the Medium width is set wider than the content width. Perhaps this is intentional? Theme was twentyseventeen. Unfortunately, I've haven't had time to try to reproduce this on another theme. The size Medium was set to 800 x 800. I'd like to suggest the Settings > Media page display the current $content_width, as well as explain a bit, as well as link to a deeper explanation. As it is, a user can select a theme, blindly set the image sizes (not realizing who they actually map to the theme), and then be hit with the experience (?) described above, AND have no idea why. Truth be told, it took me too long to figure this out. Somehow I've managed to avoid $content_width. Too many custom themes maybe? :) Or am I just missing something about the intent of what otherwise feels like a sloppy experience? I hope this helps. TIA " ChiefAlchemist 3 Needs Patch 59684 'filesize' metadata not updated after resizing media Media 6.3.3 normal minor Awaiting Review defect (bug) new 2023-10-19T16:28:17Z 2023-10-31T17:01:30Z "It seems like WordPress does not update the 'filesize' metadata after an image is modified through the media library. The details panel in the media library displays the original file size instead of the 'new' file size. === Environment - WordPress: 6.3.3-alpha-56924 - PHP: 8.2.10 - Server: Apache - Database: mysqli (Server: 5.7.31 / Client: mysqlnd 8.2.10) - Browser: Chrome 118.0.0.0 (Windows 10/11) - MU-Plugins: None activated - Plugins: - WordPress Beta Tester 3.5.4 The following optional modules are not currently installed on our server: - exif - fileinfo - imagick === Steps to Reproduce 1. Upload a new image in the media library 2. Note the file size (ie. 22 KB) 3. Resize the image by clicking on 'Edit Image', then 'Scale Image' (in my test case, I resized the image from 1920x1080 to 200x113) 4. Click 'Update' 5. The 'Dimensions' field is correctly updated, but 'File size' remains the same (22 KB) === Expected Results The 'File size' should display the new file size (ie. 3.3 KB) === Actual Results The 'File size' field displays the size of the original image, before it was resized. Here is the value of the '_wp_attachment_metadata' field in the database after the media is resized: {{{ a:6:{s:5:""width"";i:200;s:6:""height"";i:113;s:4:""file"";s:31:""2023/10/Test-e1697729884174.png"";s:8:""filesize"";i:22990;s:5:""sizes"";a:5:{s:6:""medium"";a:5:{s:4:""file"";s:16:""Test-300x169.png"";s:5:""width"";i:300;s:6:""height"";i:169;s:9:""mime-type"";s:9:""image/png"";s:8:""filesize"";i:4852;}s:5:""large"";a:5:{s:4:""file"";s:17:""Test-1024x576.png"";s:5:""width"";i:1024;s:6:""height"";i:576;s:9:""mime-type"";s:9:""image/png"";s:8:""filesize"";i:18748;}s:9:""thumbnail"";a:5:{s:4:""file"";s:16:""Test-150x150.png"";s:5:""width"";i:150;s:6:""height"";i:150;s:9:""mime-type"";s:9:""image/png"";s:8:""filesize"";i:3006;}s:12:""medium_large"";a:5:{s:4:""file"";s:16:""Test-768x432.png"";s:5:""width"";i:768;s:6:""height"";i:432;s:9:""mime-type"";s:9:""image/png"";s:8:""filesize"";i:13044;}s:9:""1536x1536"";a:5:{s:4:""file"";s:17:""Test-1536x864.png"";s:5:""width"";i:1536;s:6:""height"";i:864;s:9:""mime-type"";s:9:""image/png"";s:8:""filesize"";i:30857;}}s:10:""image_meta"";a:12:{s:8:""aperture"";s:1:""0"";s:6:""credit"";s:0:"""";s:6:""camera"";s:0:"""";s:7:""caption"";s:0:"""";s:17:""created_timestamp"";s:1:""0"";s:9:""copyright"";s:0:"""";s:12:""focal_length"";s:1:""0"";s:3:""iso"";s:1:""0"";s:13:""shutter_speed"";s:1:""0"";s:5:""title"";s:0:"""";s:11:""orientation"";s:1:""0"";s:8:""keywords"";a:0:{}}} }}} The ""filesize"" metadata has the value '22990' instead of '3033'." vertisoft 1 Needs Patch 48974 -1 being added to image uploads since version 5.3.1 Media 5.3.1 normal normal defect (bug) reopened 2019-12-14T19:52:09Z 2020-10-01T18:12:06Z "Hi, as of the Friday update my image uploads are geting '-1' added to each image e.g., 19-1216-iskysoft-christmas19-696x522-1.jpg 19-1216-jla-special-needs-696x522-1.jpg" neotrope 18 Needs Patch 28989 AJAX in the media library sometimes fails to load data Media 3.5 normal normal defect (bug) new 2014-07-22T20:23:57Z 2019-06-04T20:08:35Z "I added video and want to replace it now and since AJAX failed (only on this single page, there are no errors when I hit F12 and go to ""Console"" though) I have no other option then to refresh entire page: [[Image(http://i.gyazo.com/6379480b489e206bfe0b06b06288579b.png)]] I'm using 4.0-beta2-20140722. I think it wasn't happening that often in 3.9.1 but I may be wrong." Looimaster 2 Needs Patch 54433 ALLOW_UNFILTERED_UPLOADS does not work anymore Media 5.8.2 normal normal Awaiting Review defect (bug) assigned 2021-11-13T01:02:25Z 2022-11-30T20:15:35Z "I previously added define( 'ALLOW_UNFILTERED_UPLOADS', true ); to wp-config.php so that I could upload binary executable into the media library. These executable files are installers for the software my lab develops and which is used by thousands of users around the world. As I am trying to release a new version I tried to upload the new installers and no matter what I do I get ""Sorry, this file type is not permitted for security reasons"". I really see no reason why the site admin should be prevented to upload something into his own site. I am using version 5.8.2 of wordpress which does not appear in the Version pull down below, and Avada and a multisite installation. " mssd19 2 Needs Patch 30052 Add New Media Drag and Drop Hangs on Crunching Media 4.0 low normal defect (bug) reopened 2014-10-20T19:28:52Z 2019-06-04T20:27:30Z "When using the drag-and-drop feature of ""Media -> Add New"" the upload hangs at ""Crunching..."". After extensive testing, I have determined this occurs when the auto_increment primary key (ID field) on the ""wp_posts"" table reaches 1000. If I delete content and reset the key to 999 or below ""Add New"" works but, when the key hits 1000 ""Add New"" get stuck at ""Crunching..."". I can find no errors in any logs or by using the ""backtrace-errors.php"" debugging file. I have been able to duplicate this issue on multiple WordPress servers. Note - Images do get uploaded and processed and the entries are placed correctly in the database. The problem is that the upload screen gets stuck displaying ""Crunching..."" along side the primary key number." Gregory_Lang 13 Needs Patch 45406 Add additional default image sizes for srcset to accommodate wider viewports joemcgill Media 5.0 normal major Future Release defect (bug) assigned 2018-11-23T22:56:02Z 2020-02-24T18:50:10Z "Related Gutenberg issues: - 6177 https://github.com/WordPress/gutenberg/issues/6177 - 6131 https://github.com/WordPress/gutenberg/issues/6131 - 11973 (PR) https://github.com/WordPress/gutenberg/pull/11973 Duplicate of Gutenberg issue 11821 https://github.com/WordPress/gutenberg/issues/11821. == Problem Images aligned to `alignwide` and `alignfull` need proper size options from the `srcset` attribute. Currently the sizes generated for a large image (eg 4000px wide) by core are: - original - 300px - 768px - 1024px (Themes and plugins can generate additional sizes.) This means for image displays wider than 1024px, the original size image file will be used which imposes a significant performance hit on the end-user. These sizes should be closely tied to real-world data about viewport widths. Currently the only readily available data is screen sizes. One source is StatCounter's worldwide screen resolution stats http://gs.statcounter.com/screen-resolution-stats. They break down as follows (October 2018): ||= Screen size =||= Usage percentage =|| || 360x640 || 20.04% || || 1366x768 || 11.84% || || 1920x1080 || 9.4% || || 375x667 || 5.07% || || 1440x900 || 3.26% || || 768x1024 || 2.61% || == Proposal Align automatically generated image sizes to browser stats taking into account 2x and 3x displays. Proposed new sizing array: - 375px (covers <=375px widths) - 768px (covers 768px and 375x2 widths) - 1125px (covers <=1125px and 375x3 widths) - 1440px (covers <=1440 widths) - 1920px - 2304px (covers <=2304px and 768x3 widths) - 2880px (covers <=2880px and 1440x2 widths) - 3840px (covers 1920x2 widths) This might seem like a lot, but for most images only the smaller sizes will be generated. For larger images, providing these additional sizes available for the `srcset` attribute will ensure the browser pulls down the smallest possible image for wide images displayed in wider viewports. == Note This permanently disassociates the physical image sizes from the classic display widths defined by WordPress. Which makes sense because the old modality of pixel widths defining small/medium/large image sizes no longer applies anyway." mor10 17 Needs Patch 49587 Add error handling for the media manager Ajax response Media 3.5 normal normal Future Release defect (bug) new 2020-03-06T11:00:27Z 2021-03-02T21:47:47Z "When the media manager modal performs an Ajax request to query attachments, if the Ajax call responds with an error then the user is presented with an eternal loading spinner and no indication there has been a problem. I think there are two places which need a `fail()` handler for the Ajax promise: * `wp.media.model.Attachments.more()` * `wp.media.model.Query.more()` I haven't done any testing yet though to confirm this. Needs a decision around how best to present an error to a user. Probably needs UI work; maybe one of the UI pieces such as the upload failure message can be reused." johnbillion 16 Needs Patch 35887 Adding multiple media to post - selecting image size Media 4.4.2 normal normal Awaiting Review defect (bug) new 2016-02-20T12:03:10Z 2023-10-25T04:35:24Z "When clicking ""Add Media"" to add images to a post, you can select multiple images. With all images selected, logic follows that if you change the ""ATTACHMENT DISPLAY SETTINGS"" size from default ""Medium"" to ""Full Size"", that all selected images would have the same setting changed, but when you add them, only the one image that was highlighted is actually ""Full Size"" and the rest which were selected, but not highlighted, are still ""Medium"". I think when adding multiple media, all should be changed to size that is selected in ""ATTACHMENT DISPLAY SETTINGS""." myburgh.bernard@… 9 Needs Patch 22940 Adding term checklist to Media modal has undesired results Media 3.5 normal normal defect (bug) new 2012-12-14T14:59:27Z 2019-06-04T20:04:30Z If you use '''attachment_fields_to_edit''' to add a term checklist to the media modal, there is no way to know when a term is unchecked. I propose that when a checkbox is clicked in the compat section, all the checked boxes of the same name are passed in the POST request. jfarthing84 2 Needs Patch 48026 Always show selected image even if it doesn't match search string Media normal normal Awaiting Review defect (bug) new 2019-09-12T06:35:43Z 2019-11-04T01:25:45Z "When embedding an image in a post, if there is a pattern in the search box and an image is uploaded that doesn't match it, the new image details are not shown until the search pattern is cleared. Steps: 1. Click ""Add Media"" 2. Enter search pattern, e.g. ""abc"" 3. Switch to ""Upload Files"" tab and upload a file, e.g. ""xyz"" 4. Once the file is uploaded, you see the ""Media Library"" tab again, but no details are showing in the ""Attachment Details"" area, although the newly-uploaded file is selected 5. Clear the search pattern 6. Selected image details appear The correct behavior is to always show the details of the selected file, even if it doesn't match the search pattern, at least immediately after it's been uploaded." galbaras 2 Needs Patch 58051 Attachment custom fields not rendered after upload antpb Media 6.2 normal normal 6.6 defect (bug) assigned 2023-04-02T02:23:40Z 2024-03-06T16:20:39Z "This is a follow-up to #40909. Attachment custom fields added via `attachment_fields_to_edit` are no longer rendered just after an image is uploaded. Clicking away and back will restore the custom field markup, but is quite inconvenient." trepmal 41 Needs Patch 59308 Attachment custom fields not rendered in some cases Media 6.3.1 normal normal Future Release defect (bug) new 2023-09-07T09:50:21Z 2024-02-14T17:05:47Z "This is a follow-up to #58051. I've noticed that in some cases custom fields added via `attachment_fields_to_edit` do not show up when the ""Featured Image"" modal is opened after clicking a ""featured image"". I then need to first click on another attachment and then back to have the custom fields show up. It seems that this bug only happens when you have a lot of images (more than 1 page) and the featured image you're looking at is not on the first page. It's easy to reproduce. If absolutely necessary I can set up a clean WordPress and make a screen recording of this bug, as I rather not share the images and data in our WordPress installation." SeBsZ 9 Needs Patch 43736 Audio continues to play in Media Modal after close Media 4.9.5 normal normal Awaiting Review defect (bug) new 2018-04-11T03:21:00Z 2021-04-01T15:24:25Z "When previewing an audio file in the Media Library modal, if you click Close or Escape, the audio continues to play. I haven't tested with Video, but I am assuming audio continues as well." bahia0019 3 Needs Patch 36680 "Audio player with preload=""metadata"" shows incorrect duration for audio files 1 hour or longer" Media 4.5.1 normal normal Awaiting Review defect (bug) new 2016-04-27T04:29:12Z 2017-09-20T21:29:57Z "For an audio file that's longer than one hour, using the audio player shortcode with preload=""metadata"" shows an incorrect duration for the audio when the page loads. The hours are chopped off. So an audio that is 1:07:45 in duration will erroneously display 07:45 upon loading. Then when the audio file is played, the correct duration pops in, but this causes the volume control to disappear, so the volume can no longer be adjusted while the clip is playing. Many podcasts are longer than an hour in duration. For a demonstration of the bug, see audio 16 on this page, which is 1:07:45 in duration: http://www.stevepavlina.com/audio/" Dexterity 5 Needs Patch 42978 Automatically clear file upload error messages Media normal normal Future Release defect (bug) new 2017-12-25T15:50:20Z 2020-08-31T10:09:33Z "When an error occurs on file upload in the media uploader while drafting a post, the error message persists after both a) another file is successfully uploaded, b) the media manager is closed and re-opened. In both of these cases, it is my opinion that the user is best served by having the error message automatically dismissed, as 1. Its positioning is not typical of a ""historic/cumulative"" error log, 2. It may be assumed that by successfully uploading another file the error first encountered is no longer relevant, and 3. An indefinite amount of time may have passed since the error was first encountered and the media manager subsequently closed and the next time the media manager/upload div was re-opened such that the user may have completely forgotten about the error and may be confused to see a red error box and mistakenly think it is associated with some action he/she just took, 4. As a dialog, nothing about the media manager suggests that its state should persist after being closed and re-opened. (see attachment as an example of an error)" ComputerGuru 3 Needs Patch 34296 Autoplay for more than one self-hosted video fails Media 4.3.1 normal normal Awaiting Review defect (bug) reopened 2015-10-14T10:05:48Z 2017-07-05T20:12:26Z "Hi, When adding more than one self-hosted video to a page (using the [video] shortcode or media browser to insert), if you set more than one to autoplay, then none of them autoplay. This might be a mediaelementjs problem. Stock 4.3.1 install with TwentyFifteen: http://test.10degrees.uk/one-video-autoplay/ - one video set to autplay, works fine. http://test.10degrees.uk/two-videos-autoplay/ - both videos set to autoplay, neither plays. These are both mp4 files. Jonny" jonnyvaughan 3 Needs Patch 29931 "Broken attachment page links for files attached to ""Auto Draft"" posts" Media 3.4.2 normal normal defect (bug) new 2014-10-11T18:06:08Z 2019-06-04T20:09:34Z "'''Steps to Replicate''' 1. Create a new post without a title. 2. Use the Add Media button within the post editor to upload files, but do not insert the files into the post. 3. Close the post editor without saving the draft. 4. Go to the Media Library 5. Notice the files show as being uploaded to a post called Auto Draft. 6. Try to view the attachment page, but get a “404 Page Not Found” error. '''Recommended fix:''' Do not attach files to a post that has a blank title and body. Leave the files unattached until text has been entered into the title or body of the post." dcoleonline 1 Needs Patch 51992 Bug in Media Thumbnail for DWG file Media 5.6 normal major Future Release defect (bug) new 2020-12-09T14:56:40Z 2021-02-17T00:22:27Z "Hi, since today's update the file name of DWG files are not shown anymore unlike the PDF files. I have allowed DWG to be uploaded. Can you help? Thanks " mschuessler 8 Needs Patch 25076 CSS issue with native video player and flash fallback on full screen wonderboymusic Media 3.6 normal minor defect (bug) assigned 2013-08-18T21:02:34Z 2019-06-04T20:05:52Z "Hi, I noticed there's a bug with the CSS and the new native video player introduced in v3.6. This is how it looks when not using full screen: [[Image(http://img11.imageshack.us/img11/1374/g0n.png)]] And this is how it looks when using full screen: [[Image(http://img823.imageshack.us/img823/7278/qna.png)]] It automatically changes the color of the bar. This is the shortcode I'm using to show the video: {{{ [video src=""video.mp4"" width=""640"" height=""360"" autoplay=""true"" loop=""true""] }}} I tested this on a fresh WP 3.6 installation with Twenty Thirteen theme. This is the CSS: {{{ .mejs-container, .mejs-embed, .mejs-embed body { background: #464646; } .mejs-controls .mejs-time-rail .mejs-time-loaded { background: #21759b; } .mejs-controls .mejs-time-rail .mejs-time-current { background: #d54e21; } .me-cannotplay { width: auto !important; } }}} I also tested it on a post and on a page, happens the same on both." leandroprz 10 Needs Patch 42751 Can we please enqueue media-views independently ? Media 4.9 normal normal Awaiting Review defect (bug) new 2017-11-29T22:14:11Z 2023-10-18T16:16:58Z "Many of theme developers are styling mediaelement to their preference and this is a first step when they do so; {{{ /* * use theme mediaelement CSS */ wp_deregister_style('mediaelement'); wp_deregister_style('wp-mediaelement'); }}} that disables the default CSS and lets us use our own. Issue with this is that buttons, imgareaselect and media-views CSS files depend on these and if anyone is using a frontend page builder or anything that needs media library in frontend, these 3 CSS files are not present. My first tought was {{{ /* * since we have deregistered medialement style * make sure media dependencies are loaded * in case of frontend editros */ if( is_user_logged_in() ){ wp_enqueue_style( 'buttons' ); wp_enqueue_style( 'imgareaselect' ); wp_enqueue_style( 'media-views' ) ; } }}} but to my surprise media-views which is a key CSS file for media library is not loading since it is a dependent. I know that I can do the direct enque but since we have a handle we should be able to use it independently from other styles. While we are at it, why are we loading mediaelement CSS files at the bottom of body http://prntscr.com/hh0808 ? CSS files should always be in head. " Themezly 2 Needs Patch 18275 Can't get perfect thumbnail sizes with image editor Media 3.2.1 normal normal Future Release defect (bug) new 2011-07-28T02:37:16Z 2017-06-27T16:14:27Z "In the media settings, I have the thumbnail set to a fixed size (218x145), and set to crop to these exact dimensions. Sometimes the automatic thumbnail crops off people's heads, etc, so I use the Image Editor to manually adjust the thumbnail. I select a rectangle, set the aspect ratio to 218x145, click crop, apply to thumbnail only, and save. However, sometimes that results in an image slightly off in dimensions - for example, 215x145. I expect this is a rounding error. However, it happens even if I select an area much bigger than this when cropping in the Image Editor - eg 300x200. After I click crop and see the 300x200 image, I would expect the thumbnail to be automatically be created at 218x145 like it does normally based on this adjusted image - however, it appears the checkbox for using exact dimensions doesn't apply here. (In fact, if I select, say 300x300, it will make my thumbnail 145x145). This feels like a bug to me, and makes it very hard to generate thumbnails at the size I want." smerriman 4 Needs Patch 55200 Cannot add caption to images on mobile Media 5.9 normal normal Awaiting Review defect (bug) new 2022-02-19T01:05:50Z 2023-06-14T11:45:43Z On the mobile view of the admin section you cannot add ally text, captions, or descriptions to media uploads vincepettit 4 Needs Patch 31177 Captions video not saved with the post and are lost on attachment page postphotos Media 4.1 normal normal Future Release defect (bug) assigned 2015-01-29T16:13:09Z 2024-01-24T17:36:59Z "At the moment you can add srt-captions and a poster image to a video, entering them while embedding a video in a post. When you add a video via Add Media in a post the output will be something like: {{{[video poster=""url-here/image.jpg"" width=""400"" height=""224"" mp4=""url-here/video.mp4""][/video]}}} This means that the poster and the captions are not stored with the attachment itself, so on attachment this data is lost pages and it is impossible to add a caption or a poster image via the image library. It would be useful to save srt-captions and the poster with the attachment data itself, like the description and the caption now are. " rianrietveld 14 Needs Patch 53800 Color of WebP image thumbnail changes on media library list and grid view Media 5.8 normal normal Awaiting Review defect (bug) new 2021-07-27T15:40:23Z 2022-11-04T12:20:55Z "Hello friends, Probably this issue is already being tracked. If so please close the ticket. WordPress 5.8 supports WebP image upload, which works well. But in media library the original color of the image changes completely to a yellow hue. Please see attached screenshots. **Development Environment** OS: Ubuntu 16.04 WordPress version: 5.8 Installed and Active Plugins: Akismet Anti Spam Installed and Active Themes: 2021" subrataemfluence 7 Needs Patch 59339 Conversion to webp causes fatal error when original image is a palette image (as opposed to truecolor) Media 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-13T13:41:52Z 2023-09-13T13:41:52Z "I am working on an image conversion plugin. I've run into a bug when the original image is a ""paletter image""[https://www.thecoderscamp.com/paletter-image-not-supported-by-webp/]"", or in other words, an image that has an indexed palette rather than being truecolor. I believe it's a png. The error I get is: {{{ Fatal error: Paletter image not supported by webp in /home/username/public_html/wp-includes/class-wp-image-editor.php on line 584 }}} And how I'm using it: {{{#!php image_path ); $new_file_info = $this->get_editor()->save( $this->image_path, 'image/webp' ); }}} This method worked fine on hundreds of images of png, jpg, and tiff until I ran into this one that has a ""palette"". In `wp-includes/class-wp-image-editor-gd.php:487`, if the image loaded into WP_Image_Editor is a png, we check for a palette and convert to true color before saving. I believe that we need to also check in the webp conditional and, just like for png, convert to truecolor first. " jakeparis Needs Patch 42953 Created images have a larger filesize than the original Media normal normal Awaiting Review defect (bug) new 2017-12-21T12:34:42Z 2020-11-30T03:14:16Z "Images uploaded in the media library get resized to the defined sizes. However, if the image has been optimized beforehand the result can be that the generated images have a filesize larger than the originally uploaded image. It can happen due to a very high `jpeg_quality` value for example.. This should not happen under any circumstances. Uploading optimized images is something a lot of people do for SEO purposes, and larger generated images affect that negatively. Sometimes even if the image-size is smaller, the generated file's filesize is bigger. One solution would be to save the image in a temp location and have its filesize checked against the original image. If the image is smaller than the original one then move to its final location. If not, then some other solution has to be found." aristath 4 Needs Patch 32012 Crunching doesn't work on some grayscale images Media 4.1.1 normal normal defect (bug) new 2015-04-18T13:46:09Z 2019-06-04T20:12:44Z "No error message, just no thumbnail/smaller sizes crunched on upload of a grayscale image. Some images work, others not. All are similar sizes, 32-bit grayscale, under 2MB with varying dimensions. I have followed the relevant steps at: https://wordpress.org/support/topic/25-imagemedia-uploader-problems?replies=1" nifwlseirff 2 Needs Patch 33713 Customizer: allowing to set files other than image for Header background and background image Media 4.3 normal major Future Release defect (bug) new 2015-09-03T18:11:48Z 2021-05-23T18:04:08Z "When we set header background image or background image from customizer settings, media upload should not allow to upload files other than image. We can set files other than image, and it shows broken in preview " umesh.nevase 7 Needs Patch 53895 Default Audio Player Bug, mejs-container wp-audio-shortcode mejs-audio Media normal normal Awaiting Review defect (bug) new 2021-08-08T22:33:28Z 2021-08-08T22:38:59Z The default code has a problem in this zone mejs-container wp-audio-shortcode mejs-audio. The width is set and this causes viewing problems after changing browser window size. The width is hard coded and should not be set. To reproduce the bug add a audio file with wp customizer, in a theme with a header, save. View code and the width is set. This would be fine if the width is a percentage or not set at all. I personally think the width should be removed. akissz Needs Patch 51038 Default height when using add_theme_support( 'custom-header') in GD. Media normal normal Awaiting Review defect (bug) new 2020-08-17T06:17:21Z 2021-06-01T03:21:54Z "`add_theme_support( 'custom-header')` defaults to 0 for width and height. if you are using GD, the height will be set to 0 and the cropping will fail and you will get the error message “There has been an error cropping your image.“. If the height is set to 0 in GD, how about getting and using the height of the source file?" munyagu 2 Needs Patch 25748 Delay when sending many images to the editor Media 3.7 normal normal defect (bug) new 2013-10-28T17:04:23Z 2019-06-04T20:06:13Z "Clicking the ""insert into post"" button after uploading many images can result in a really long delay before the image markup is added to the editor. Here is an example on my local installation: http://screencast.com/t/ja8cqXyHSw So you can imagine that the same issue on a remote server could result in a painfully long delay (I've seen it take 30+ seconds). It looks like the cause of the delay is in the individual post request that happens for each image when sending them to the editor. What is the purpose of these requests? Isn't all the data needed to send the image markup to the editor available to the javascript when the button is clicked? If not, and those requests have to happen in their current form, there should be some sort of ""loading..."" indicator on the editor screen letting the user know something is happening, because currently the assumption would be that the insertion failed. And regarding the likelihood of someone inserting that number of images into a single post, photographers will regularly upload 30, 40, 50 or more images to a post after a shoot." matthewdietsche 2 Needs Patch 49161 Disabling big_image_size_threshold via filters does NOT work Media normal major Awaiting Review defect (bug) new 2020-01-09T18:50:29Z 2021-11-06T02:27:00Z "Trying to disable the new image sizes in WordPress but this has no effect! I'm still seeing the new large sizes being saved on my server even after using this code. {{{ add_filter( 'big_image_size_threshold', '__return_false' ); }}} This is a very serious issue for me. My site accepts user uploads but I've been overwriting the full size images with the thumbnail not just to save space on server but also so that I don't have large images stored on my server in case of possible copyright abuse. This should have been a feature you need to turn on, not something that automatically happened after a site is auto upgraded. I absolutely need this disabled but the ability to disable this is NOT working. " bbtodd 5 Needs Patch 47130 Drop files to upload is also available except Upload Media tab Media 5.1.1 normal normal Future Release defect (bug) reopened 2019-05-06T10:31:46Z 2021-08-12T14:38:08Z "Howdy Developers, As per my understanding, `Drop files to upload` feature should be enabled during `Upload media` only. Instead of that, I have noticed that whenever Crop Image or any other popup for media is open, then `Drop files to upload` is still there. " malavvasita 15 Needs Patch 50011 Edge case in image lazy-loading Media 5.5 normal normal Awaiting Review defect (bug) new 2020-04-25T20:40:32Z 2020-05-20T21:42:52Z "In #44427 the feature to lazy load images by default was added. The code uses regex and hence there are some edge cases which can complicate. One such case is adding {{{ loading=lazy }}} with space before 'loading' in the alt value. This can be done in the block-editor by selecting the image and adding the above in: Image settings > Alt text (alternative text) box This is allowed in HTML. When this is done, the regex thinks that the image tag has a lazy loading attribute and doesn't add it. " superpoincare 2 Needs Patch 27427 Edit Gallery view does not display images in original aspect ratio Media 3.5 normal normal defect (bug) new 2014-03-15T18:38:26Z 2019-06-04T20:07:06Z "Тhe new gallery preview does display thumbnails in their original aspect ratios, although the modal for creating and editing the gallery does not. The goal is to show the thumbnails in their original ratio which happens when the thumbnails are not square. This happens, for example, if the thumbnail size in Media Settings is 200 (W) x 400 (H), ""Crop thumbnail to exact dimensions"" is not checked. Placement of a certain thumbnail within the gallery often depends on the orientation, and it is very difficult if we show a square shape instead of the real shape. More details: https://core.trac.wordpress.org/ticket/26959 http://wordpress.org/support/topic/edit-gallery-square-thumbnails-vs-portrait-and-lanscape?replies=2" Greybox 2 Needs Patch 58794 Edit Image UX needs improvement Media 6.3 normal major Awaiting Review defect (bug) new 2023-07-12T12:25:30Z 2023-07-15T20:38:10Z "== Bug Report === Description When **editing**(scale and crop) an image via ""**Attachment details**"". The **settings** for the selected feature are shown at the **end of the popup**. This would be fine in the case of smaller images. But for **larger images**, especially ones in the **portrait orientation**, these settings are not visible on the screen unless one scrolls down. There seems to be room for UX improvement here. I think we can keep the settings on the **right-hand side** of the popup, which would remove the need to scroll down to use them, no matter what the image size is. Also, I felt this must have been done as such since not all features need a settings section. But can't that be handled by maybe toggling the section altogether? ( if placed on the right that is ) Attaching videos for reference. The video names describe the test cases. === Environment - WordPress: 6.3-beta4 - PHP: 7.4.12 - Server: Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.12 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.32 / Client: mysqlnd 7.4.12) - Browser: Chrome 114.0.0.0 (macOS) - Theme: Twenty Twenty-Three 1.1 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.1 === Steps to Reproduce 1. Navigate to Media Library 2. Select a large Image to edit(preferably Portrait orientation) 3. Edit Image 4. Click on the ""Scale"" button 5. Nothing happens 6. Settings are shown at the end of the popup which can only be seen if scrolled. === Expected Results 1. On clicking the ""Scale"" button, the settings to edit the scale should be visible to the user. === Actual Results 1. Right now ""Scale & Crop"" settings are only visible if scrolled down(for bigger images)." deepakvijayan Needs Patch 43816 Editing Image Can Lead to Mixed Metadata Media 4.9.5 normal normal Future Release defect (bug) new 2018-04-20T00:04:30Z 2022-11-23T16:09:37Z "== Summary If an image is uploaded at a size allowing the creation of a defined image size (ie, ""large"", ""twentyseventeen-featured-image"", etc.) and the image is then edited to a size which doesn't allow that defined size to be created, the non-supported size can still be placed and will display the original image. == Steps to Reproduce 1. Upload an image which is slightly larger than a defined image size in a particular theme (for example, if using the WordPress default definition for ""large"" images, 1,024 pixels, upload an image 1,100 pixels wide) 1. Edit the image, and scale or crop it to be 1,000 pixels wide 1. Save edit 1. Within the post editor, ""add media"", select the ""large"" image size, and place within body of post === Expected Behavior * //Developer//: The ""large"" image should not be able to be selected within the ""Place Media"" dialog * //Regular user//: The ""large"" image placed should reflect the image edit === Result The ""large"" size is selectable and the **original** image is placed within the page. === Other Effects In this particular example, if the Media Library is in ""grid"" view, and our edited image is selected, the dialog which opens will display the incorrect original image, as the dialog preferentially uses the ""large"" image size. == Source of Behavior I believe the problem stems from line 880 of https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-admin/includes/image-edit.php : {{{ $meta['sizes'] = array_merge( $meta['sizes'], $img->multi_resize( $_sizes ) ); }}} * `$meta['sizes']` contains all of the sizes which were able to be created when the image was uploaded * The return from `$img->multi_resize()` only has keys set for those sizes that can be created from the edited image * Using `array_merge` keeps the original values not returned by `$img->multi_resize()`, despite the fact they are no longer valid for this edit == Fix I believe the fix may be as simple as simply returning the result of `$img->multi_resize()` without merging it into the existing `$meta['sizes']`, which are mainly used in this context to create the `_wp_attachment_backup_sizes` array. {{{ $meta['sizes'] = $img->multi_resize( $_sizes ); }}}" rogerlos 4 Needs Patch 52509 Error generating Thumbnails of PDF-Files Media 5.6.1 normal normal Awaiting Review defect (bug) new 2021-02-12T12:46:26Z 2023-07-02T13:37:05Z "This is a follow-up to #48853. This issue seems to be still present in Version 5.6.1 Some PDF-Files cause an internal server error, some do not. (The server's error log tells something about missing headers) Here's what i did to isolate the error: - I examined the PDF-Files. The affected files had a PDF-Version 1.7 an were created with non-Adobe-Tools (e.g. Office365). PDFs with Version 1.4 and 1.5 (created with Acrobat) worked well. - tried it with a local copy of the site on XAMPP: No Problems - used a little code-snippet to prevent thumbnail-generation in general: Upload works This is the snippet: {{{#!php -1 ) { 77 data[ pair.name ] = new Array( pair.value ); 78 } else { 79 data[ pair.name ] = pair.value; 80 } 81 } 82 }); 83 84 this.controller.trigger( 'attachment:compat:waiting', ['waiting'] ); 85 this.model.saveCompat( data ).always( _.bind( this.postSave, this ) ); 86 }, }}} By doing this, it would return the following data object: [[Image(https://actycrea.com/img/wordpress/finally.png)]] I explained? I'm very sorry for my English ... Fernando. " fobiaxx 1 Needs Patch 52535 Excess text read with errors in Media Library joedolson Media normal normal Future Release defect (bug) assigned 2021-02-16T04:13:15Z 2021-02-26T15:59:45Z "When an error is generated in the media library, the error is read only after reading two separate versions of the page title and the upload media button text. This is most immediately caused by executing the error message in a `._delay` call, but this is actually a symptom; the delay is necessary. This is most likely due to an extra Backbone model refresh that occurs after the error. Resolving this issue may only be possible by refactoring the media library to avoid the additional refresh. Delaying the execution of the message ensures that the message is read without being interrupted by the extra Backbone refresh; it would be preferable, however, if the extra refresh didn't happen, or happened prior to the error. This ticket follows #47120, resolving the lack of accessible messages on upload errors. " joedolson 3 Needs Patch 43114 FLV video - NetworkError: Exception ProgressEvent error Media 4.9.2 normal normal Awaiting Review defect (bug) new 2018-01-17T18:13:19Z 2021-04-01T14:56:40Z "Hello, FLV doesn't work any more since last versions of Wordpress. I have this error : NetworkError: Exception ProgressEvent error when I use this code in articles : [video width=""640"" height=""480"" flv=""http://mydomaine.org/wp-content/uploads/2012/02/DSC_0011.flv""][/video] and sometimes this error : ""Aucune vidéo dont le format ou le type MINE est géré n'a été trouvée"" Thank you for your help" Fred001 8 Needs Patch 58743 Featured image Edit : When clicking on the undo option, the save edits option is disabled. joedolson* Media 6.3 normal normal Awaiting Review defect (bug) accepted 2023-07-07T04:56:35Z 2023-08-07T16:11:57Z "Description When editing the featured image multiple times and clicking on the undo option, the save edits option is disabled. === Environment - WordPress: 6.3-beta3-56143 - PHP: 7.4.33 - Server: TasteWP-S1 Official/3.0.0 - Database: mysqli (Server: 8.0.32-0ubuntu0.20.04.2 / Client: mysqlnd 7.4.33) - Browser: Chrome 114.0.0.0 (Windows 10/11) - Theme: Twenty Twenty-Three 1.1 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.0 Steps to Reproduce * Upload a featured image * Edit the image from rotation options for multiple times * Click on the undo option * '' Save edit '' option showing as disabled Expected Results The 'save edit 'option should be enabled when clicking on the undo option after the image editing is done. Actual Results The 'save edit' was disabled when clicked on the undo option, When multiple editing was done. " vivekawsm 3 Needs Patch 47121 Featured image modal: content disappears when changing device orientation Media 5.0 normal normal Awaiting Review defect (bug) new 2019-05-04T09:27:12Z 2019-08-29T13:51:28Z "To reproduce: - emulate a mobile device via the Chrome dev tools - edit a post in Gutenberg - click Featured Image > Set featured image in the sidebar - the ""Featured Image"" media modal opens - depending if your initial device orientation is landscape or portrait, click once or twice on the Chrome dev tool ""Rotate"" button to change device orientation - once the orientation is ""portrait"", the whole content of the modal disappears - ie: the content container becomes totally empty: `
    ` - change orientation again: still empty See attached screenshots." afercia 1 Needs Patch 32302 Filename policy of IMAGE_EDIT_OVERWRITE==true seems to create CDN and browser cache issues Media 2.9 normal normal defect (bug) new 2015-05-08T03:22:59Z 2019-06-04T20:13:12Z "Just something to check, as discussed over at https://deliciousbrains.com/undefined-define-image_edit_overwrite/ It states the behaviour: ""When you add define( 'IMAGE_EDIT_OVERWRITE', true ); to your wp-config.php the behaviour changes. When you edit an image, it still creates a new image and leaves the original image alone. '''But when you edit again, it overwrites the first set of images rather than create a new set.'''"" My comment: ""what about CDN and browser caching? If the ""unique appendage"" didn't change, then readers won't see the updated image until the cache expires, which for our site at least is 'forever'. If the first edit were to be deleted, wouldn't it be more sensible to still generate a new ""unique appendage"", rather than using the same one? But then again, that could break existing references to the first edit... oh my it becomes messy quickly!"" Brad's reply: ""Excellent point! I think you're right. When IMAGE_EDIT_OVERWRITE is set to true, it should create a new unique appendage instead of reusing the old one. You should open up a Trac ticket for this to be looked at and discussed."" Are you able to provide any clarification? Many thanks, Aidan" aidanlane 7 Needs Patch 48712 For large images, wp_generate_attachment_metadata is breaking WordPress Media 5.3 normal normal Awaiting Review defect (bug) new 2019-11-18T21:33:48Z 2020-01-16T15:19:46Z "I have this code in a custom plugin of mine: {{{ $screens_attach_id = wp_insert_attachment( $attachment, $file ); require_once( ABSPATH . 'wp-admin/includes/image.php' ); $attach_data = wp_generate_attachment_metadata( $screens_attach_id, $file ); wp_update_attachment_metadata( $screens_attach_id, $attach_data ); }}} It worked until now, however, in the current version, wp_generate_attachment_metadata is breaking execution without any error in any log, when called for some (large?) images. Example image: https://i.ibb.co/k1FVrCh/apex-jpg5dd30be89f32b-1024x603.jpg " coderevolution 1 Needs Patch 33896 Gallery linking to Attachment page Media normal normal defect (bug) new 2015-09-16T13:52:16Z 2019-06-04T20:16:05Z "I have received some user reports recently, that they are using internal WordPress gallery (which was improved) and there is some strange problem. - Create new post - Create new gallery with existing images from Media library (do not upload new images). - Link gallery to Attachment page. - See post on website, click on first image in gallery. - You will see links to next/previous image, but not related to user created gallery. Instead of created gallery you can see all images attached (uploaded) to some other post. Users do not understand that this is how it works (gallery shortcode x attachments uploaded to post), they are only asking what is wrong. Maybe we should disable possibility to link to Attachment page when all images from gallery are not uploaded to current post?" pavelevap 2 Needs Patch 43310 "Generic ""HTTP Error"" when uploading PDFs via Media area" Media 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-14T01:58:49Z 2018-08-19T11:13:16Z "This might be tied in with Ticket #41973. This may also be [https://make.wordpress.org/core/2016/11/15/enhanced-pdf-support-4-7/ tied into this issue], which was previously fixed for 4.7x. Currently using the following code to handle image processing: {{{ // Fix image processing add_filter( 'wp_image_editors', 'change_graphic_lib' ); function change_graphic_lib($array) { return array( 'WP_Image_Editor_GD', 'WP_Image_Editor_Imagick' ); } }}} I've done all the digging around I can. File upload max size is 140 megs (the test PDF I used is only 13 megs). I've done the .htaccess and php.ini tweaks needed to allow plenty of upload time. Images no longer return the arbitrary ""HTTP Error"" after adding the above function. PHP 7.0.27-0+deb9u1 (cli) - This is the latest stable release, [https://packages.debian.org/search?keywords=php7.0 per Debian]. This is what I passed along to our customer: ""You’ll have to “tough your way” into the PDF uploads… after you upload a PDF, give it a few minutes… then do a power refresh on the media gallery (I would recommend you upload it through the media gallery first, rather than using the “Add Media” feature on posts and pages).""" BearlyDoug 11 Needs Patch 47531 Handling WP embed (native) Audioplayer's Volume Slider with keyboard defective Media 5.2.1 normal normal Future Release defect (bug) new 2019-06-12T12:05:25Z 2019-08-29T14:35:16Z " As I underestand, handling audioplayers with Tab/Arrows/Enter should be universal with all browsers. I have built a test-webpage from my main web page, consisting some audio-books for children. There are several single WP embed (native) players: https://midripai.ee/s3/pai/pai-kuulata-yksiti-wpn/. Moving with Tab-key onto volume slider, it should be increasing volume by Right Arrow, and decrease by Left Arrow (at least Screenreader Orca in Linux tells to do so). Instead of that, the Down Arrow decreases volume, and ''the Up Arrow does nothing''. Of course, the volume can be handled by Up/Down arrow, being either on Time Slider; or on Mute Button (it seems not to depend of web browser: at least Chrome and Firefox do work similarly.) Yet bringing volume down, being on Volume Slider by Down Arrow could be annoying for visually impaired, as one needs to move back onto Mute Button or Time Slider of the same player to increase volume again. Being on the Play/Pause button, the Down Arrow also decreases volume; and Up Arrow does nothing. The same problem occurs also with WP embed (native) Playlist Player. Tested: Win7-64 bit: Both Chrome (74; 75.0.3770.80 = the latest) and Firefox (67.02); and Linux Mint Mate 18.3 64 bit: Chromium 73.0.3683.86 and Firefox (67.0) Laptops: Fujitsu E8420 and Lenovo w500 internal keyboards and also external ps2 and USB-keyboard. Both with Blocks and blocks switched off (with plugin Classic editor); and also disabled all plugins for test). I did not use special Audio-blocks though." Juhan108 2 Needs Patch 52495 Hard cropped images do not crop specified dimension, causing lack of adaptive images joedolson* Media 5.6.1 normal normal Future Release defect (bug) accepted 2021-02-11T05:30:26Z 2022-06-08T15:51:48Z "If an image is less than the size of a specified image size, it will be cropped only on the dimension that is greater than the specified dimension. The result is an image that is not the same aspect ratio as other images with specified image sizes that have the same aspect ratio. So it won't output those other images in an srcset and your site may be loading much larger images than needed for mobile. For example, I might have defined image sizes of 1000x500, 750x375 and 500x250 and use those images in my theme. Normally, I'd insert that largest image and then the other two would be in an srcset. But, if I were to upload and 960x600 image, I'll get a 960x500 image, as well as the normal 750x375 and 500x250. Because these aren't the same aspect ratio, when I insert the larger image, there is no srcset. Now visitors are stuck loading the largest image. It would make sense to me for hard crop to scale the image up to meet the minimum size for both dimensions, then crop." larssg 4 Needs Patch 30759 If Featured Image is selected, but not saved, editing the image will drop the selection after a save Media 4.0.1 normal normal defect (bug) new 2014-12-18T07:56:17Z 2019-06-04T20:10:14Z "To reproduce: Create a new post. Click on an image to select it. Click on Edit Image link, edit image, and save. Image selection menu has changed dimensions, and the selection state has returned to its prior state. If a featured image has already been assigned to the article, selecting another image, and editing it will return the user to an image selection screen with the prior featured image selected." DavidTheMachine 4 Needs Patch 35489 Im having an issue with WP_Image_Editor_Imagick Media 4.4.1 normal normal defect (bug) new 2016-01-16T20:39:07Z 2019-06-04T20:21:12Z "Im using this following to set up an editor to create thumbs for an image I am uploading: $editor = wp_get_image_editor( $file ); Some images are crashing my script causing a 500 error. I tracked the issue down to the WP_Image_Editor_Imagick class specifically within the crop_image function. From what I could tell this is the line causing my 500 error at line 349 of class-wp-image-editor-imagick.php $this->image->cropImage( $src_w, $src_h, $src_x, $src_y ); I fixed the issue in a band-aid class I am temporarily using removing the WP class and using my own with the wp_image_editors filter within my added class I am using I added the following line $this->image->setResourceLimit(6, 1); // set max threads to 1 I added it just before $this->image->cropImage( $src_w, $src_h, $src_x, $src_y ); " stoi2m1 1 Needs Patch 59378 Image Aspect Ratio Not Staying Fixed In Mobile View Media 6.3.1 normal major Awaiting Review defect (bug) new 2023-09-17T15:59:42Z 2023-10-06T05:28:27Z "When an image size is adjusted within the post/page editor, by clicking on the image and dragging it, the aspect ratio of that image does not stay fixed when looking at it in mobile. The image width looks squished. See this example page. (Ignore the date created. This was just created this morning.) https://www.insidewaters.com/mobile-aspect-ratio-bug-test-page/ This problem is affecting hundreds of existing post/pages, not just newly created post/pages, and it would require an immense amount of work to fix manually on each image across multiple websites of ours. You can see the problem on the page linked to below that was created awhile ago. The top camera picture gets squished in mobile. https://www.tropicalsnorkeling.com/waterproof-snorkel-cameras/ All plugins and themes were turned off to test for conflicts. " gpwebnut 1 Needs Patch 42922 Image Scaling using get_the_post_thumbnail issue in WordPress Media 4.9.1 normal normal Awaiting Review defect (bug) new 2017-12-17T08:22:37Z 2020-11-19T15:56:40Z "Issue URL - http://www.creativescripters.com/clients/testwp/uncategorized/image-resized/ I am using wordpress (self hosted) latest version, The problem is I am looking to get a thumbnail from the resized/scaled image, and when I do that wordpress returns the test-150x150.jpg i.e. Thumbnail from the original image and not the resized image which should have been test-e1513229707262-150x150.jpg Step to reproduce the issue 1. Upload an image , Scale it (click edit on uploaded image and change width and click scale). Wordpress will rename the image and add an Suffix Id to the name so you can confirm the image have been scaled. for eg if you uploaded test.jpg after scaling image name will become test-randomstring.jpg [![enter image description here][1]][1] 2. When I call get_the_post_thumbnail($post, 'full') I get the correct image The resized one i.e. test-randomstring.jpg [![enter image description here][2]][2] 3. When I try to get a different size of the scaled image for eg I need thumbnail generated from the image size and I call function get_the_post_thumbnail($post, 'thumbnail') wordpress return the THUMBNAIL from actual image (the one I uploaded initially test.jpg and not the resized one test-randomstring.jpg) Screenshot - https://i.imgur.com/sQKoZcF.png [1]: https://i.stack.imgur.com/TTIaG.png [2]: https://i.stack.imgur.com/T3vPE.png" rigids.php 2 Needs Patch 40785 Image caption in WYSIWYG is not displaying in post page Media 4.7.5 normal normal Awaiting Review defect (bug) new 2017-05-17T13:53:07Z 2017-05-19T11:15:53Z "I have uploaded an image to my post via Media upload utility of WYSIWYG editor and added a caption to it. When I go the post page, the image is there but the caption is not showing up anywhere, which ideally should be underneath the image. In wp_posts table the content was saved as: {{{
    Nestled among ski slopes in the Garhwal Himalayas, this secluded hotel is 23 km from Panch Prayag temple and 25 km from Nanda Devi National Park. In winter, the property is only accessible by cable car.
    Ranging from studios to 2-bedroom suites, the cosy lodgings come with cable TV and kitchenettes with minifridges, microwaves and stoves. Suites add living rooms and dining areas.
    Breakfast is free. There's also a relaxed restaurant, a game room and a bonfire area with regular entertainment. Ski equipment rentals and lessons are available, as are guided hikes and in-room massages. The property has a generator.
    [caption id=""attachment_713"" align=""alignnone"" width=""1600""] Cliff Top Restaurant at 10000ft[/caption]
    }}}" subrataemfluence 1 Needs Patch 35085 "Image editor not cropping correctly when image size is the same as ""Large Size"" in media settings" Media 4.4 normal normal defect (bug) new 2015-12-14T22:49:02Z 2019-06-04T20:19:52Z "This issue was reported as an issue for the plugin Imsanity here: https://wordpress.org/support/topic/imsanity-breaks-the-image-editor?replies=10 However, after research, it appears this behavior happens regardless of the plugin. A video demonstrating the error is at: https://www.youtube.com/watch?v=3a6UbuPrlmU&feature=youtu.be To reproduce: 1. Ensure media settings for ""Large Size"" are set to 1024px 2. Upload a landscape image with a width of exactly 1024px to the media library 3. Click the ""Edit"" button to edit the image, and use the crop tool to make an obvious change. The image will appear to have been cropped at this point 4. Click the ""Save"" button and now the image will no longer appear to be cropped The image now seems to be in an unknown state where the preview shows the un-cropped version, but in the editor the crop shows correctly. " verysimple 3 Needs Patch 60548 Image editor: improve the browsePopup function joedolson* Media 6.3 normal normal 6.6 defect (bug) accepted 2024-02-15T14:10:11Z 2024-03-06T16:59:58Z "While auditing all the remaining jQuery deprecations still to address in core, I noticed a couple things that offer room for improvements in the `browsePopup` function of the core image editor. 1. The `browsePopup` function uses the `window.event` property, which is deprecated and should not be used. This is the `global` event. Instead, the event should be passed as a function parameter. Aside: instead of using inline events, it could have been better to consider a more modern approach. 2. When using the keyboard to navigate the items in the 'Image rotation' dropdown menu, the page scrolls. See attached animated GIF. There's some code in place to prevent page scrolling you may need to reduce your viewport height. See [55919] / #50523 " afercia 5 Needs Patch 60354 Image filter functions strip query string from image src joemcgill Media normal normal Awaiting Review defect (bug) reviewing 2024-01-26T15:14:35Z 2024-01-27T00:07:47Z "The following 2 functions strip the query string from the image src found in the content but it's not clear why this is done. - wp_image_add_srcset_and_sizes: https://github.com/WordPress/WordPress/blob/master/wp-includes/media.php#L1708-L1715 - wp_img_tag_add_width_and_height_attr: https://github.com/WordPress/WordPress/blob/master/wp-includes/media.php#L2092-L2094 When using an external image service like Photon, Tachyon, or some other integration that provides resizing via a query string this breaks the generated srcset & sizes calculation, and can make the width and height attributes use the original image dimensions when the same image file name is used up to the start of the query string. Take the following 2 image URL examples: - https://example.com/images/kitten.jpg - https://example.com/images/kitten.jpg?resize=300,200 The query string means these are 2 different images but those functions will treat them both as the original." sanchothefat 2 Needs Patch 32215 Image hard crop no longer working as expected Media 4.2.1 normal normal defect (bug) new 2015-04-30T20:37:21Z 2019-06-04T20:12:58Z "Since I upgraded to 4.2.1, hard cropping of images no longer seems to work (resizing always occurs using soft-crop mode, resizing the larger dimension first, then cropping the smaller to size). I am regenerating them using the regenerate thumbnails plugin (which works fine), and am looking at the images directly on the server (FTP) to eliminate the possibility that any CSS might be producing strange results. It is a custom theme that I built, but I switched the site over to Twenty Fourteen to rule out my code and got the same results. I also tried disabling plugins, to no avail. I am running my production site on the same server (which is running 3.8.7) and the crop works fine." WorldWideWebb 1 Needs Patch 59331 Image optimizations fail to apply when using Timber Media 6.3 normal normal Future Release defect (bug) new 2023-09-12T17:46:01Z 2023-09-12T21:45:19Z "A user [https://mastodon.social/@grigs@front-end.social/111052735378137214 reported] hero images were getting `loading=lazy` on their site. After inquiring, I found they were using Timber for templating. It makes sense that the logic in `wp_get_loading_optimization_attributes()` wouldn't work properly in this case since it is tightly bound to WordPress's templating system(s). This may actually be an issue better fixed in Timber itself, but ideally WordPress core should be able to do the right thing with alternate templating systems (or even complex templates written in the WordPress way). Ultimately, this may require the use of output buffering and HTML Tag Processor as [https://github.com/WordPress/performance/issues/805 proposed] for a module in the Performance Lab plugin. See #59331 for adding output buffering for template renders with a filter for post-processing. Here's how to reproduce the issue with Timber: 1. Install and activate the [https://wordpress.org/plugins/timber-library/ Timber plugin] from WordPress.org. 2. Install and activate the [https://github.com/timber/starter-theme Timber Starter Theme] from GitHub (i.e. download the ZIP). 3. Add a new post with an initial large image or a featured image. 4. See the image has `loading=lazy` and is missing `fetchpriority=high` on the frontend. Initial image block: {{{
    }}} Featured image markup: {{{ }}}" westonruter 1 Needs Patch 43152 Image remains in page after deleting from Media Library Media 4.9.2 normal normal Future Release defect (bug) new 2018-01-24T00:31:39Z 2019-04-15T15:21:13Z "Whilst editing your page, if you open the Media Library (using the Add Media button), and then delete an image that is currently added to the page, the image remains on the page after closing the pop-up window. To Reproduce: - Insert Image on Page - Click Add Media button to display the Media Library popup Window - Select the image that you previously inserted on the page and delete the image - Close the media pop-up window - Image that was deleted remains on page Here's a gif to show an example - https://cl.ly/1I2r3q3H301J I originally raised this as an [https://github.com/WordPress/gutenberg/issues/4610 issue with Gutenberg], but it was suggested to raise it here since it's also an issue with the classic editor." ahortin 1 Needs Patch 59740 Image scaling being applied inconsistently Media normal normal Awaiting Review defect (bug) new 2023-10-26T00:31:09Z 2023-10-26T16:33:56Z "My understanding was that images over 2560px would be scaled and a ""-scaled"" named version created. This doesn't happen every time, though. What exactly are the criteria? It doesn't happen for me on some larger images over 8000px wide. But does then happen on smaller 5000px images. I have created many test images of different sizes, and I cannot figure out what is causing this discrepancy. Some get scaled, and some do not. And it doesn't appear to be related to pixel dimension. If there is something more than the pixel dimension being used to determine whether a scaled version is created, where is the documentation to explain this?" whistlerdan Needs Patch 46470 Image srcset and sizes not output in classic block. Image attachment removed Media 5.1 normal normal Awaiting Review defect (bug) new 2019-03-12T03:16:28Z 2019-04-04T13:56:29Z "I installed the Gutenberg plugin on one of my sites, which was eventually updated to WP 5.0.3 and then WP 5.1. In all that time, most of the content remained unchanged. Looking at it now, most of the images in the library are unattached and embedded images produce the old/simple ""IMG"" tag, with no ""srcset"" or ""sizes"" attributes. I've tried attaching images in the media library. No change. I've tried setting $content_width. No change. Than only thing that makes any difference is editing the post/page, removing the embedded image and simply embedding it again. In the editor's HTML view, the respective ""IMG"" tag looks almost identical, except possibly the order of attributes. When converting tinyMCE content to blocks, WordPress should convert all of the required metadata, but seems like it doesn't." galbaras 2 Needs Patch 26848 Image thumbnail on large images with ratio of 4:1 markoheijnen Media 3.8 normal minor defect (bug) assigned 2014-01-16T16:12:43Z 2019-06-04T20:06:26Z "I have been running into this issue on WordPress 3.7.1 and 3.8. I haven't tested it in older versions. I'm uploading an image that's 2000px x 500px. The theme uses add_image_size for a variety of different thumbnail sizes but the only one that's an issue is 480px. The URL to the thumbnail is being retrieved with wp_get_attachment_image_src( $thumbnail_id, 'mobile' ) for use with some CSS. Chrome is recognising it as a 1px x 1px image with a MIME type of image/png. When you open the image URL it appears correctly. '''Steps to reproduce:''' add_image_size( 'mobile', 480, 0, true ); in functions.php Upload a blank image at 2000px x 500px I also found in Chrome that when going to my uploads folder and selecting the image that's 480px x 120px I can't save the image with CMD SHIFT S yet I can with any of the other images. I have tried removing all plugins and using the default theme. The only modification I made was to add the image size. I changed the image library from libgd to imagemagick. Changing the image size from 480px to 479px works." nathan_dawson 4 Needs Patch 54839 Image upload after dirty filter requires filter change before it can be inserted to page Media normal normal Future Release defect (bug) new 2022-01-17T08:15:54Z 2024-02-05T20:14:53Z "Steps: 1. Open media library popup. 2. Change date filter. 3. Upload new image. 4. See uploaded image is not visible in list nor selectable. (Select button is disabled) 5. Change filter to match the new image uploaded, See image is visible. Expected behavior: 1. Uploaded image should be selectable if it matches filter (or should reset filter on tab change). Current behavior: 1. Uploaded image after dirty filter is not selectable." utkarshpatel 24 Needs Patch 46309 Image upload failures when using Gutenberg gallery block. Media 5.1 normal major Awaiting Review defect (bug) reopened 2019-02-22T10:11:29Z 2019-04-10T17:54:51Z "Transferring a Gutenberg issue from Github over to trac: https://github.com/WordPress/gutenberg/issues/8935 Many users are experiencing a ""The response is not a valid JSON response"" error when uploading images, usually caused by a timeout on the server. In response to this, there was a change to the client side code in Gutenberg to upload images serially rather that in parallel. This improved things, but the error still seems to be happening for some users. In my own testing I had to use multiple huge images to reproduce an error. Errors happened much more frequently uploading directly to the gallery block than when using the standard media uploader—I'm not sure if there's a chance the REST endpoint might be somehow less optimised than the async-upload endpoint that the media library uses. Some details of the timeouts I received are here: https://github.com/WordPress/gutenberg/issues/8935#issuecomment-466306820" talldanwp 10 Needs Patch 59577 Images in block templates or patterns do not have loading optimization attributes flixos90 Media normal normal 6.6 defect (bug) assigned 2023-10-09T19:12:23Z 2024-03-13T15:41:15Z "This ticket is created as a break out from #59464: While that ticket was also initially pointing out the lack of loading optimization attributes in TT4, it has been primarily focused on the lack of the dimension attributes `width` and `height` from images that are hard-coded in the theme (e.g. in a `core/image` block within the theme's block templates, template parts, or patterns). As noted in https://core.trac.wordpress.org/ticket/59464#comment:16 however, there is another arguably more severe problem: Even if that bug was fixed for TT4, most of those images ''still'' wouldn't receive the loading optimization attributes. That is because TT4 includes most of its images directly in block templates, or in patterns, outside of template parts, post content, or widget content. Currently, any images that aren't covered by more specific contexts than `template` (which is for the overall block template) are not handled at all by `wp_filter_content_tags()`, impacting TT4 and likely several other block themes. This ticket is focused on that problem, trying to identify a solution to also consider images in the overall block template, while avoiding duplicate processing of images that were already processed with a more specific context." flixos90 10 Needs Patch 59764 Imagick squashes image for cropped size Media 6.3.3 normal normal Awaiting Review defect (bug) new 2023-10-29T12:02:00Z 2023-10-29T12:02:00Z "I have an image sub-size that uses crop instead of scale, and when the resulting image should upscale, GD does it OK-ish, Imagick is squashing the content. In both cases, the resulting image has the expected width and height, but the content in the image generated with Imagick is not squashed. This happens for a portrait ratio of the original image. How I replicate this: - sub-size: 1440x760 px + crop - original file: 1152x2048 px - using the `image_resize_dimensions` filter that returns the upscaled computation - upload file using GD - upload the same file using Imagick GD result - OK https://imgur.com/EQTesQT Imagick result - not OK https://imgur.com/G0hjmo0 " Iulia Cazan Needs Patch 39980 Improve handling of image previews for non-image files joemcgill Media 4.7 normal critical Future Release defect (bug) assigned 2017-02-28T02:57:40Z 2017-05-20T20:16:18Z "Follow up from #31050. The changes to the `image_downsize()` and `image_get_intermediate_size()` functions introduced in [38949] added regressions to the `'image_downsize'` and `'image_get_intermediate_size'` filters, running them for non-image attachments. Best option to fix this seems to be to introduce new function(s) with new filter(s) specifically for handling this case: adding image preview to non-image attachment. This will fix the regressions, and will make it possible for plugins to hook into this functionality." azaozz 7 Needs Patch 55302 Improve media library upload progress indicator Media normal normal Awaiting Review defect (bug) new 2022-03-03T04:56:51Z 2022-07-06T16:47:18Z "When uploading in the media library, the progress bar shows the ''upload progress'' of the image. Once the image is fully uploaded WordPress creates the sub-sized images used to serve images on the front end. Depending on your configuration (theme, plugins, server), and the upload size this can take quite a while to complete. During sub-sized image creation, the progress bar for the image shows as ""full"". Finally, when the image sub size generation completes, the image changes from a gray box to the thumbnail of the uploaded image and if multiple images have been uploaded, the uploader moves on to the next image. Screencast attached. The problem here is that no progress is shown for the image regeneration phase. Uploading in the block editor works a bit differently: as soon as the image is dropped onto the editor to upload, a grayed out version of the image is shown with a spinner. The spinner spins during the upload and continues spinning during sub-size creation. Finally, when all sub sizes are created, the image becomes fully saturated and the spinner goes away. **Looks like this is changing to a progress bar though**, see https://github.com/WordPress/gutenberg/issues/13984 & https://github.com/WordPress/gutenberg/tree/trunk/packages/block-editor/src/components/media-upload-progress Two potential improvements we could make in the media library: 1. immediately show the thumbnail of the dropped image instead of the gray box 2. switch to a spinner entirely, or for the image regeneration phase or try to show actual progress. The challenge with showing progress is we don't know how long the request will take on the server." adamsilverstein 2 Needs Patch 47456 Improve the user interface to ensure correct usage of the image alt text joedolson* Media high normal Future Release defect (bug) accepted 2019-06-01T11:15:23Z 2024-03-12T11:15:33Z "Splitting this out from the [https://github.com/WordPress/gutenberg/issues/created_by/karlgroves WPCampus accessibility report issues on the Gutenberg GitHub], see https://github.com/WordPress/gutenberg/issues/15309 as part of the reported issue applies to the Media Views in core. Related: #41467 == Problem A common misconception is that the image alt text should always be a ""description of the image"". In most of the cases, this is misleading. Actually, the image alt text needs to describe the purpose of the image in its specific context. For more details, see the W3C Alt Text Decision Tree tutorial (https://www.w3.org/WAI/tutorials/images/decision-tree/). WordPress stores a ""default"" alt text in the media object. While storing a default value may help users when they build their content, it also promotes a misunderstanding of the purpose of the alt text. In the accessibility team, we think this is more an user interface problem rather than a data model problem. The user interface should ensure users clearly understand that alt attributes are context sensitive and that the ""default"" alt value needs to be changed (or even removed) based on the specific usage. == Data model problem: The alt text is not constant: it needs to describe the image purpose on a case by case basis. == User interface problem: The alt text from the media library is automatically assigned as the alt text within the post: this is not always correct. Actually, in most of the cases it produces wrong alt text. == Improvements to evaluate Credits: Some of the following points come from @carlseibert and @joedolson comments on #41467, and from the Gutenberg GitHub issue. 1. allow saving multiple alt attributes for a given media object: a default attribute and a set of alternates users can select from 2. have something in the editor UI that would let users know whether the alt text was filled, and what it says 3. modifications on the Media views side to differentiate between the alt text describing the image and the alt text for a specific usage, which might override the normal alt text without changing it 4. all linked images must have alternative text if the image is the sole content of the link, and the action should be blocked if this is not true 5. any guidance given should inform users that the text provided needs to inform the user of the link action 6. include a warning about linking directly to the image file: linking directly to images is inadvisable, because the resulting image view in the browser does not include alternate text 7. when the image is linked to the image file itself, the alt text can remain the normal alternative text for that image, with an appended indicator that the link is to view the image 8. worth considering plugins that add ""lightbox"" modals, sliders and the like often use the alt text value to add contextual text within their UI 9. images used to link to other resources should offer a field to add dedicated link text separate from the image's own description; in this case the alt text should be empty. Example markup (simplified):" afercia 47 Needs Patch 50250 In WordPress 5x, Image uploads frequently fail, and do so with a spurious error message Media 5.4.2 normal major Awaiting Review defect (bug) new 2020-05-26T00:19:33Z 2020-06-12T02:25:30Z "I run my own dedicated server, a dual processor Xeon with 128GB of ram. When uploading batches of images for sites I'm working on I frequently find one or two images fail with the message 'Post-processing of the image likely failed because the server is busy or does not have enough resources. Uploading a smaller image may help. Suggested maximum size is 2500 pixels.' I have numerous reports from my userbase of the same issue. - The images that fail are far smaller than the error message suggests would cause an issue. For example my currently problematic image is 1621 x 1000 and a svelte 292kb. - Imagick 3.3.4 is installed - Rebooting the server does not make the issue go away. - There is no issue with resources on the server or resources available to the wordpresses, they all have 512 MB assigned, which should be more than enough. - Occasionally reuploading the image solves the problem, but this is rare - I've currently been stuck for an hour trying to get one single image into a slider. - Saving the image as a different kind of JPEG i.e. baseline optimized rather than progressive sometimes seems to work (I suspect this isn't meaningful or indicative of the issue though). The wider point is this is preposterous, I'm currently trying to upload 15 identically sized, identically produced, images and one single file keeps failing for no fathomable reason. There is another bug report discussing the content of the message being inaccurate, which it clearly is, but as a wordpress dev/admin I'm encountering this issue multiple times a day and there does not appear to be a rational reason for its occurrence or any reasonable steps a user can take to solve it on their own. Frankly wordpress 5x seems to dislike certain images for no reason at all. For the avoidance of doubt this ticket is not about the language of the error message (useless and wrong as it clearly is) it's about the problem that causes it to occur. " toomanyairmiles 3 Needs Patch 24888 In image editor, cropping scale gets applied off by 0.4% Media 3.5 normal normal defect (bug) new 2013-07-30T13:55:51Z 2019-06-04T20:05:48Z "When you scale the crop preview, the editor does not keep the right ratio. To reproduce this error: - Upload an image with 4608 x 3072 - On the crop feature, create an selection with 1680 x 560 - Hold shift and scale to fit all image width (4608px) - The height result was 1544px, that is wrong, the correct is 1536px. " diegomarangoni 4 Needs Patch 43930 Inaccurate width and height returned when using wp_get_attachment_image_src on the backend. Media 4.9.5 normal normal Awaiting Review defect (bug) new 2018-05-02T14:56:44Z 2018-05-08T18:30:23Z "I'm using wp_get_attachment_image_src on the backend to do image validation for a custom image selector meta box. When the image is large enough for the requested image size the source of the original image is returned but the dimensions are smaller. This is my call: {{{#!php string(70) ""http://localhost:8888/wp-content/uploads/2018/05/image.jpg"" [1]=> int(400) [2]=> int(400) [3]=> bool(false) } }}} The actual image dimensions are 1200x1200. The image_constrain_size_for_editor call in the image_downsize function seems to be where the problem lies. I can comment out that line and it works as expected." jwoolsch 2 Needs Patch 36285 Inconsistency between the filters that can be used to override the default shortcode output for images/videos/audio Media normal normal Future Release defect (bug) new 2016-03-21T18:15:59Z 2017-07-27T16:13:03Z "Currently, in order to override the default output of the {{{caption}}}, {{{video}}} and {{{audio}}} shortcodes, you have to use the following respectively: {{{ apply_filters( 'img_caption_shortcode', '', $attr, $content ); apply_filters( 'wp_audio_shortcode_override', '', $attr, $content, $instance ); apply_filters( 'wp_video_shortcode_override', '', $attr, $content, $instance ); }}} Imho, there should be some consistency between these regarding the following: * hook name. * arguments passed to the filtering function. Also, it would be very useful if the attachment ID was also passed to the filtering function. Right now, the attachment ID of images can be obtained from {{{$attr['id']}}}, which gives {{{attachment_IDNUMBER}}}, while the ID of video and audio attachments can only be obtained by using the media file URL found in the {{{$attr}}} array and directly querying the database in order to get the post ID based on the {{{guid}}} field. " gnotaras 4 Needs Patch 37632 Incorrect Image Previews for SVG Media normal normal Awaiting Review defect (bug) new 2016-08-11T01:52:35Z 2021-06-03T15:02:06Z "Hi guys, When using the `upload_mimes` filter to add new mime types for the media uploader, it handles SVG uploads strangely. Here is my code to add SVG support {{{#!php ...
    • ...
    ...

    Attachment Details ...

    ...
    ...
    1820 × 1213
    Edit Image
    ...
    }}} **Remediation Guidance** Turn the form into an actual `
    ` element. Wrap `
    ` tags (with accompanying `` elements) around groups of controls explaining what they are. Use the id on the `` element with the form attribute on the ""Select"" button to designate this as the form's submit button. Add text to the ""Edit"" link that opens in a new window or tab, informing users that this will happen. When the form in the new tab/window is submitted, users should be brought back to the original form. **Recommended Code** {{{
    ...
    Filter media options
    Media options result
    • ...
    ...
    Attachment Details ...
    ...
    ...
    1820 × 1213
    Edit Image Opens in a new window
    ...
    }}} **Relevant standards** * 1.3.1 Info and Relationships (Level A) https://www.w3.org/TR/WCAG20/#content-structure-separation-programmatic * 1.3.3 Sensory Characteristics (Level A) https://www.w3.org/TR/WCAG20/#content-structure-separation-understanding * 3.3.2 Labels or Instructions (Level A) https://www.w3.org/TR/WCAG20/#minimize-error-cues * 4.1.2 Name, Role, Value (Level A) https://www.w3.org/TR/WCAG20/#ensure-compat-rsv **Note**: This issue may be a duplicate with other existing accessibility-related bugs in this project. This issue comes from the Gutenberg accessibility audit, performed by Tenon and funded by WP Campus. This issue is GUT-50 in Tenon's report" anevins 35 Needs Patch 47148 Insufficient labelling and inappropriate nesting of form controls joedolson* Media normal minor Future Release defect (bug) accepted 2019-05-06T15:16:18Z 2024-02-05T20:03:21Z "Moved from the WPCampus accessibility report issues on GitHub, see: https://github.com/WordPress/gutenberg/issues/15288 * **Severity**: * Low * **Affected Populations**: * Blind * Low-Vision * Cognitively Impaired * **Platform(s)**: * Windows - Screen Reader * Windows - ZoomText * Mac - VoiceOver * Android - TalkBack * iOS - VoiceOver * **Components affected**: * Media Dialog **Issue description** In the ""Featured Image"" modal dialog's ""Media Library"" tab, users can choose an image to be the featured image; this is presented as a series of checkbox elements which, once checked, show a button to uncheck inside the custom checkbox element. This button is in the Tab order, however its only name is ""Deselect"", it doesn't tell the user what is being deselected. Users must infer what this button does from context, and may wonder why it's next to seemingly-ordinary checkboxes which themselves are natively unselectable. The button role of these buttons does not convey that the user is checking or unchecking an item, and their placement inside the checkbox elements is semantically confusing, and may be functionally confusing since one focusable element is nested inside another. Screen reader users hear that a list is present, yet find that they cannot navigate by list-items. **Issue Code** {{{
    • ...
    }}} **Remediation Guidance** Allow the list semantics to remain available by not overriding the `
  • ` elements' native list-item roles. Remove the ` }}} **Remediation Guidance** When users have performed an action, such as clicking another block (or whatever action causes ""No block selected"" to appear in the Block panel), clear the live region so that users who encounter it while manually reading do not hear it. Refill the live region when users change color modes. The hidden file selection button should be hidden from all users with display: none whenever it is not visible nor meant to be used. **Recommended Code** {{{
    }}} **Note**: This issue may be a duplicate with other existing accessibility-related bugs in this project. This issue comes from the Gutenberg accessibility audit, performed by Tenon and funded by WP Campus. This issue is GUT-41 in Tenon's report ''**Note**: The a11y-speak live regions are used in core as well. In several places. Thus, clearing the live regions shouldn't depend on a specific user action or scenario. It would require a more generic solution, preferably avoiding setTimeout() which seems to me a very fragile solution by its own nature.''" anevins 32 Needs Patch 58733 The load more button appears even when there is only one image in the feature image selection window. joedolson* Media 6.3 normal normal Awaiting Review defect (bug) accepted 2023-07-06T13:22:35Z 2023-07-21T15:20:00Z "Load more button appears in the popup window for replacing the feature image, even when there is only one image available. Steps to reproduce the issue: 1. Go to the post editor in WordPress. 2. Locate the section where you can edit the feature image for the post. 3. Click on the ""Replace"" button to select a new image. 4. The popup window will open, showing the available images. Despite there being only one image in the selection, the ""Load More"" button is present in the popup window. Video Link: https://www.loom.com/share/c0e9faa4cc86455eb30bdaf2149b5a60 === Environment - WordPress: 6.3-beta3-56143 - PHP: 7.4.21 - Server: Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.21 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.34 / Client: mysqlnd 7.4.21) - Browser: Chrome 114.0.0.0 (macOS) - Theme: Twenty Twenty-Three 1.1 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.0" aparnajl 1 Needs Patch 54320 There are no more thumbnails for uploaded PDFs Media 5.8.1 normal normal Awaiting Review defect (bug) new 2021-10-25T19:05:09Z 2022-08-24T14:45:09Z "My current WP configuration • PHP / MySQL version: 7.4 • Theme used: Camp Maine of TAM’S TRADING POST (no longer maintained) • Extensions in place: activated: Akismet - BackWPup - contact Form 7 - Cookie Notice - Honeypot for Contact Form 7 - Ithemes Security - Post Type Switcher - SF Move Login - TablePress - WP Image Zoom - WP Maintenance Mode. Name of the host: OVH Site address: https://amapdlacrau.fr Problems encountered: The latest .PDF files uploaded to the media library have a generic file icon and no longer display the small thumbnail unlike older files. Clicking on the icon no longer opens the image of the 1st page of the file. Everything I did that didn't work to fix the problem: * Create PDFs with different tools; Microsoft, Do PDF, ApowerPDF ... * Install WordPress version 5.8.1 * Downgrading the PHP version from PHP 8 to PHP 7.4 This fixed the problem with the imagik module, declared absent by the site health check in version 8, but not the thumbnail problem. * Use an upload plugin: File Manager * Use thumbnail regeneration plugins: Regenerate Thumbnails and Force Regenerate Thumbnails. I have not tested: use a media management plugin instead of the media library I note that the function for generating the thumbnails of the PDF files has stopped working when the theme is no longer maintained and the PHP version is the same. Only the version of WordPress has changed " 10rjulienk21 3 Needs Patch 34571 Thumbnails and featured images broken if the filename contains utf8 characters (e.g. üäö) Media 4.3.1 normal normal defect (bug) new 2015-11-04T01:56:03Z 2019-06-04T20:17:29Z "I did an upgrade to 4.3.1 from 3.6.1 and I have a whole bunch of media assets (more than 4000 images) where a substantial portion of these images have filenames containing utf8 characters like apostrophes, umlauts etc. While these images work just fine in posts, neither the ""feature image"" nor the thumbnail in the media library will work for that image (broken image icon, rename plugins won't work, feature image shows broken image icon). Both functionalities worked fine in 3.6.1 I would be grateful if the media library and the featured image functionally could be fixed so that the media library will work for these files again as well as the feature image." smuts 3 Needs Patch 58483 UI issue in uploasd multiple media in mobile Media 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-08T07:40:16Z 2023-06-08T07:40:16Z "Hi, We need to add padding on the right side for maintaining alignment on the right side in uploading multiple media on mobile. The more informed nation you can see mentioned screenshot. " sumitsingh Needs Patch 48194 "Unregistered image sizes used for IMG tag ""srcset""" Media normal normal Awaiting Review defect (bug) new 2019-10-02T02:16:24Z 2020-07-21T06:25:14Z "Following design changes, previously-generated thumbnails remain on the site, along with matching post meta entries linked to the respective attachment. WordPress then uses those to produce IMG tags. In fact, these thumbnails are referenced even when the files don't exist on the site anymore, following a cleanup. I think WordPress should only use thumbnail URLs for registered image sizes. For bonus points, there can be a way to remove unregistered size references from attachment meta, perhaps in a Media > Audit admin page, which lets the user decide what to remove and what to keep. For context, I've just cleaned images on a site and found a lot of legacy references to thumbnails of previously registered sizes in IMG tags. Media management and cleanup plugins I used could only detect the redundant meta data when I re-registered the old sizes temporarily." galbaras 5 Needs Patch 60666 Unwanted section appears as a sidebar in 'Create gallery' section joedolson* Media 5.0 normal normal 6.6 defect (bug) accepted 2024-03-01T09:04:35Z 2024-03-06T16:46:30Z "Unwanted section with 'Actions' and 'Create gallery' texts appear in the sidebar of Media Library and nothing happens on selection or click of the texts. To find the issue, please go through the below steps. 1.From the 'File' block add the block 'Gallery', then select Media Library. 2.Unwanted sidebar section with the specified texts appears." ukdrahul 3 Needs Patch 48111 Update usage of `multi_resize` to utilize new `wp_create_image_subsizes()` function kirasong Media 5.3 normal normal Future Release defect (bug) assigned 2019-09-23T17:48:40Z 2020-02-21T09:41:15Z "As mentioned in https://core.trac.wordpress.org/ticket/40439#comment:61 There are two uses of `multi_resize()` that will need to be updated to use the new `wp_create_image_subsizes()` function introduced in #40439. - In the [https://github.com/WordPress/WordPress-develop/blob/master/src/wp-admin/includes/image-edit.php#L947 image editor] (`src/wp-admin/includes/image-edit.php`). - In [https://github.com/WordPress/WordPress-develop/blob/master/src/wp-admin/includes/image.php#L583 PDF Thumbnails/Fallback Thumbnail Support] (`src/wp-admin/includes/image.php`). " antpb 15 Needs Patch 32443 Upload iframe renders pictures in reverse order Media 4.2.2 normal normal defect (bug) new 2015-05-19T18:49:56Z 2019-06-04T20:13:54Z "Attachments are in reverse order when they have menu_order attributes. It is because this code in get_media_items function: {{{ $attachments = get_children( array( 'post_parent' => $post_id, 'post_type' => 'attachment', 'orderby' => 'menu_order ASC, ID', 'order' => 'DESC') ); }}} Generates this query: {{{ …wp_posts.menu_order DESC, wp_posts.ID DESC… }}} It should be: {{{ $attachments = get_children( array( 'post_parent' => $post_id, 'post_type' => 'attachment', 'orderby' => array( 'menu_order' => 'ASC', 'ID' => 'DESC') ) ); }}} Which will generate: {{{ …wp_posts.menu_order ASC, wp_posts.ID DESC… }}} " sapegin 1 Needs Patch 34465 Uploader in Media Modal Not Working When Certain Library Arguments Present Media 4.0 normal normal Awaiting Review defect (bug) new 2015-10-27T13:32:55Z 2017-09-18T00:16:15Z "I noticed this bug while working on a plugin that deals with the media modal. I'm using the following code to create a media modal on a button view: {{{ function frame(){ // Destroy the previous collection frame. if ( this._frame ) { this.stopListening( this._frame ); this._frame.dispose(); } this._frame = wp.media( { className: 'media-frame rwmb-media-frame', multiple : true, title : 'Select Media', library : { type : 'image', }, frame: 'select', } ); //Event stuff goes here this._frame.open(); }, }}} The issue is when uploading a file using the upload tab in the media modal. The file uploads but it never appears in the Media Library tab like it does in the core media modal used by the editor. The side Attachment Details panel shows the file information but the file itself doesn't appear on the grid. Attached is a screen cap from a user of the plugin. " Funkatronic 14 Needs Patch 40289 Uploading 2 files with the same name but different casing, overwrites existing files Media 4.7.3 normal normal Awaiting Review defect (bug) reopened 2017-03-28T22:23:44Z 2017-06-08T09:36:11Z "Problem: Under normal circumstances, if I upload a file to the media library but a file with a similar name was previously uploaded, wordpress would change the name of the new file (by adding a dash and a number). However, If I upload 2 files with the same name, BUT WITH DIFFERENT CAPITALIZATION, wordpress won't rename the second file and will just reference the older one. So if for example, I already had the file cover.jpg in my library and I've created a new post and uploaded the file COVER.JPG, it will show in the post the older image of (cover.jpg)." quickim 8 Needs Patch 46793 Uploading files that the filename contains LTR and RTL characters cause filename change Media 4.9.1 normal major Awaiting Review defect (bug) new 2019-04-04T11:03:32Z 2019-04-11T13:32:52Z I have uploaded some pdf files in the Media. The process goes well but when I am trying to access them the files are not found. I reviewed the uploads with ftp and I saw that the file names changed. For example a file that was uploaded with filename אילן-גל-פאר-english.pdf is changing to english.pdf-גל-פאר- with result to get 404 error. VSotiris 2 Needs Patch 59307 Urgent, Uncaught TypeError: this.activateMode is not a function Media 6.3.1 normal critical Awaiting Review defect (bug) new 2023-09-07T08:06:16Z 2023-09-07T08:06:16Z "It's very urgent. There is no response when clicking the media button on the add/edit article page. Showing an error every click on the media button: Uncaught TypeError: this.activateMode is not a function at media-views.min.js?ver=6.3.1:2:59604 at It (provider.js:2:586804) at Function.ma (provider.js:2:621991) at n._createModes (media-views.min.js?ver=6.3.1:2:59564) at n.initialize (media-views.min.js?ver=6.3.1:2:58973) at n.initialize (media-views.min.js?ver=6.3.1:2:79857) at n.initialize (media-views.min.js?ver=6.3.1:2:73432) at n.initialize (media-views.min.js?ver=6.3.1:2:63143) at h.View (load-scripts.php?c=1&load%5Bchunk_0%5D=wp-polyfill-inert,regenerator-runtime,wp-polyfill,wp-hooks,jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-mouse,jquer&load%5Bchunk_1%5D=y-ui-sortable,underscore,backbone,wp-util,wp-backbone,media-models,moxiejs,plupload&ver=6.3.1:151:14648) at n.constructor (load-scripts.php?c=1&load%5Bchunk_0%5D=wp-polyfill-inert,regenerator-runtime,wp-polyfill,wp-hooks,jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-mouse,jquer&load%5Bchunk_1%5D=y-ui-sortable,underscore,backbone,wp-util,wp-backbone,media-models,moxiejs,plupload&ver=6.3.1:155:2602)" jjproitech Needs Patch 43839 Video Player Mobile Media normal normal Future Release defect (bug) new 2018-04-23T23:51:04Z 2019-04-15T19:51:39Z "I usually use the video player with autoplay on. \\ But I noticed that on the mobile (I know the autoplay does not work on the mobile), the video player does not display the big play button in the middle of the player. \\ And the only way to run a video is to press the play button from the control bar at the bottom of the player. \\ Print screen: \\ That's how it should look (So it was up to wp 4.8.3)[https://i.imgur.com/PkHjszD.jpg] \\ That's what it looks like now [https://i.imgur.com/l8Zp94G.jpg] \\ Does anyone know how to solve this issue? Thank you!" studiosx 1 Needs Patch 42484 WP ajax call fail when executing long time 'ERR_SPDY_PROTOCOL_ERROR'. Media 4.8.3 normal normal Awaiting Review defect (bug) new 2017-11-09T12:18:18Z 2017-11-09T12:38:47Z "Hello, I have one ajax script that is uploading 25MB video on server and convert on server. This core process doing by only WordPress ajax file. This process is run successfully but after uploading and conversion ajax automatically fail and give me this error ""ERR_SPDY_PROTOCOL_ERROR"". This error i am facing from last update(4.8.3). so i think there is issue regarding ajax call in WordPress 4.8.3 version. I am WordPress Developer with 6+ years of experience and i have found this bug. Please review this bug. There is attach one image related to error. [[Image(http://webidroid.com/WP_ajax_err.png)]] " gaurangsondagar 1 Needs Patch 54876 WP fails to recognize and use Imagick PHP 8 module on OpenLiteSpeed / Litespeed Web Server Media 5.8.3 normal normal Awaiting Review defect (bug) new 2022-01-21T16:23:13Z 2022-02-03T15:39:00Z "Hi, I've made a ticket with the LiteSpeed people but they insist that their version of PHP (LSPHP) is a like-for-like copy of the PHP binaries, only hosted in their own repos. So it seems this error may be on the WordPress side. I'll first refer you to this support thread to show I'm not the only one with this problem: https://wordpress.org/support/topic/imagick-module-recognized-but-not-used/ In short, WordPress does not recognize the Imagick module in LSPHP 8, so it will not use it and defaults to WP_Image_Editor_GD as its image editor. It has no problems detecting and using it in an Apache environment where I used PHP 8 from the CentOS repos. It also has no problem using the LSPHP 7.4 version either. Here's a breakdown of the results: **Apache 2.4.37 with PHP 8.0.14** Custom Image Processing with WP_Image_Editor_Imagick = **Success** ImageMagick version number = 1692 ImageMagick version string = ImageMagick 6.9.12-34 Q16 x86_64 2021-12-22 Imagick version = 3.7.0 **OpenLiteSpeed 1.7.14 with LSPHP 7.4.26** Custom Image Processing with WP_Image_Editor_Imagick = **Success** ImageMagick version number = 1690 ImageMagick version string = ImageMagick 6.9.10-86 Q16 x86_64 2020-01-13 Imagick version = 3.4.4 **OpenLiteSpeed 1.7.14 with LSPHP 8.0.12** Custom Image Processing with WP_Image_Editor_Imagick = **Error** (see notes*) ImageMagick version number = 1690 ImageMagick version string = ImageMagick 6.9.10-86 Q16 x86_64 2020-01-13 Imagick version = **@PACKAGE_VERSION@** ***Notes:** Active editor is listed as WP_Image_Editor_GD. WordPress fails to recognize and use the Imagick extension. Custom image processing fails as it tries to run Imagick methods through the GD class. All environments are running on Rocky Linux release 8.5. " luboslives 8 Needs Patch 54605 WP_Image_Editor_Imagick::resize is not behaving according to spec Media 3.5 normal major Awaiting Review defect (bug) new 2021-12-09T14:17:46Z 2021-12-14T00:32:23Z "According to docs, you should be able to pass int|null as either $max_w or $max_h {{{#!php WP_Image_Editor_Imagick::resize( int|null $max_w, int|null $max_h, bool $crop = false ) }}} Inside the function, $max_w and $max_h are directly passed to image_resize_dimensions {{{#!php image_resize_dimensions( int $orig_w, int $orig_h, int $dest_w, int $dest_h, bool|array $crop = false ) }}} This function does not accept int|null for either $dest_w or $dest_h and will return false, which causes WP_Image_Editor_Imagick::resize to return a WP_Error. For example: {{{#!php $editor->resize(1000,null); }}} will return a WP_Error while according to the documentation it should resize based on $max_w alone." chillhoptom Needs Patch 55057 WebP EXIF data missing and images are not rotated in the same way JPEG images are rotated. adamsilverstein Media 5.8 normal normal Future Release defect (bug) assigned 2022-02-03T01:25:58Z 2022-07-07T18:29:05Z "When a WebP image is uploaded with the rotated exif this exif is ignored and the image is uploaded as it is instead of rotating the image when a JPEG version is uploaded the rotation happens as it should creating a `-rotated.jpeg` version of the original image. **Result when uploading a JPEG version** [[Image(https://user-images.githubusercontent.com/3921289/152251451-201251d2-409f-42d6-a302-a93bfe3aec3c.png)]] **Result when uploading a WebP version** [[Image(https://user-images.githubusercontent.com/3921289/152251458-1f3d98ac-5b40-4728-97a9-a3c05aa7cbb7.png)]] Steps to replicate the problem: - Create a WebP version of the original JPEG image (you can use imagemagick to do this) - Upload the WebP version of the image and observe the image is not rotated the same way it happens with the JPEG version. Original JPEG image used to test this behavior can be found at (and attached as part of this report): - https://www.flickr.com/photos/brevity/6221434141/in/photostream/ Related with the performance ticket: - https://github.com/WordPress/performance/issues/146 **Media handling information from the installation where this is happening: ** Active editor WP_Image_Editor_Imagick ImageMagick version number 1691 ImageMagick version string ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org Imagick version 3.7.0 File uploads Enabled Max size of post data allowed 100M Max size of an uploaded file 100M Max effective file size 100 MB Max number of files allowed 20 Imagick Resource Limits area: 122 MBdisk: 1073741824file: 786432map: 512 MBmemory: 256 MBthread: 1 ImageMagick supported file formats 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVIF, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DJVU, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, H, HALD, HDR, HEIC, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV GD version bundled (2.1.0 compatible) GD supported file formats GIF, JPEG, PNG, WebP, BMP Ghostscript version 9.53.3" mitogh 7 Needs Patch 55323 When an image is edited the URL of the image is not updated Media 5.9.1 normal normal Awaiting Review defect (bug) new 2022-03-06T01:31:01Z 2022-03-07T19:34:24Z "When an image is edited from the image editor, after an edit has been applied, the URL of the image is not updated due it always references back to the original image instead of referencing the image to the updated image (when the edit has been applied to all images sizes). == Steps to replicate the problem. 1. Upload an image into the media library 2. After the image is uploaded into the media library click on Edit image 3. Apply an edit to the image, either rotate, flip or crop, 4. Make sure that the option is applied to all images sizes. 5. Click on Save 6. Observe how the URL of the image (see attached image), by clicking on Copy URL to the clipboard 7. Open the copied URL into a new tab the copied URL still references to the original image, and not the edited image instead. " mitogh 2 Needs Patch 53941 When converting images after uploading the original image may not be converted Media 5.8 normal normal Future Release defect (bug) new 2021-08-17T03:12:58Z 2021-11-16T18:57:42Z "This is less noticeable when the original image is larger than the ""big image threshold"" (and not a PNG) as the scaled image is converted. To reproduce: - Set image conversion, for example GIF to JPEG. - Upload image.gif that is smaller than 2560x2560px. - Note that image.gif is listed in the Gallery and present in the uploads directory but it's sub-sizes have been converted to JPEGs like image-150x150.jpg, etc. Expected behavior: the original image should be converted." azaozz 4 Needs Patch 40250 When cropping a image right after scaling, the crop selection will show incorrect dimensions adamsilverstein Media 4.7.3 normal normal Future Release defect (bug) reviewing 2017-03-24T11:04:59Z 2021-01-28T19:53:54Z "Steps to reproduce: - Upload any image to the media library. - Press ""Edit Image"" on the uploaded image. - Scale the image up or down by any dimension. - Try to crop the image afterwards with the drag selection on the image. On the screenshot provided you will notice the crop dimensions are actually larger then the image size. The bug only seems to appear when the page is not being refreshed, indicating the correct values are probably not being passed to the javascript handling the cropping after a scaling operation. [[Image(source:http://imgur.com/fEj6uDP)]] (Screenshot: http://imgur.com/fEj6uDP) " level level 1 Needs Patch 55345 When uploading image through featured image section, the image item count is wrong. Media normal normal Awaiting Review defect (bug) new 2022-03-08T17:45:56Z 2022-06-08T14:17:41Z "When uploading image through featured image section, the image item count is wrong. === Env * 5.9.1 * Brave, Chromium * Win 10 * Theme : TT2 * Plugins: None === Test Instruction * Open Post Editor and click on 'Set featured image' option. * Notice the total number of existing images * Upload a new image into the featured image section. * Now notice the number of images (+2) * Reload the page, and now the count corrects itself. When uploading image directly to the featured image section of the post editor, the media item count works correctly. " alanjacobmathew 1 Needs Patch 49183 Width alignment issue in Edit attachment page Media normal normal Awaiting Review defect (bug) new 2020-01-13T09:55:56Z 2020-01-13T20:11:52Z "Hello, There is an issue with the width in the edit attachment page. First, go to the media page and open any image and edit that image and click on the button that says ""Edit Image"" and you can see the issue. I am using a laptop having size of 1366 x 768. https://youtu.be/A440xIRrUJU Please see this video for the issue I am talking about. " rnitinb 1 Needs Patch 45980 WordPress 5.0.3 PDF is opening empty page in Chrome and not showing content Media 5.0.3 normal normal Awaiting Review defect (bug) reopened 2019-01-14T10:34:54Z 2019-01-30T07:38:23Z "Hi, I have some links that open pdf. On firefox or safari, when I clic on the link, the pdf is opend on another page. I can see the pdf. On Chrome, when I clic, anoter page is open but the page is empty. I can see on the url that the pdf is open https://www.....de/wp-content/uploads/2018/07/TEST.pdf but it is empty. And it worked before (not with WordPress 5.0.1) And it doesn't work with new pdf too. MAny thanks for you help" Timama 7 Needs Patch 49995 WordPress creates unnecessary thumbnails Media 5.4 normal normal Awaiting Review defect (bug) new 2020-04-24T11:44:23Z 2020-04-26T12:09:32Z "Hello, I think I found a bug in WordPress 5.3 onwards, when **imagick is installed and activated** on the server (PHP 7.3, phpinfo attached). To reproduce the problem: 1 - in /wp-admin/options-media.php check what sizes are set (defaults are: 1024x1024, 300x300x 150x150) 2 - upload an image with the same size as one of the three, let's say I upload this image https://via.placeholder.com/1024x1024 3 - WordPress uploads the image and generates the following files 1024x1024.png -> original image 1024x1024-1024x1024.png -> SHOULD NOT BE CREATED 1024x1024-768x768.png -> medium_large 1024x1024-300x300.png -> medium 1024x1024-150x150.png -> thumbnail 1024x1024-1024x1024.png should not be generated, it's also bigger than the original (3.5kB vs 6.3kB). The same thing happens with the other sizes as long as the image size is the same as one of the sizes set in the options. It doesn't happen on Wordpress 5.2.x and downwards. To solve the problem imagick must be deactivated, using GD the problem doesn't happen." XXVII 2 Needs Patch 30402 WordPress does not respect the bit-depth of the original image when resizing Media 3.9.2 normal normal Awaiting Review defect (bug) new 2014-11-19T08:15:02Z 2021-03-04T15:09:12Z "i have uploaded 8 bit depth indexed color png, near 1400x1800 size image in wordpress and inserted it into post , and original image was near 500 kB and the smaller width-height version made by wp is near 1400 kB, because it is 24 or 32 bits per pixel png. (this is useless. i have edited html code to use full version because it is smaller by weight and it is scaled by size so it is ok)." qdinar 19 Needs Patch 57158 bug for image 2/3 ratio size when max height is 480px Media normal normal Awaiting Review defect (bug) new 2022-11-21T00:13:46Z 2022-11-21T00:13:46Z "When I upload a 2/3 size image (example: 700/1050px, 1000/1500px, etc.) and in the media settings (/options-media.php) I set the maximum height and maximum width to 480px, the medium size image (which measures 320px x 480px) is never displayed on wordpress. this problem exists only for images resized in medium size. everything seems OK for small and large size. I think this bug exists since several versions. * screenshot settings : https://drive.google.com/file/d/1LAKzw2RHVDb3MskmQ4V86FX_eGw_XBEC/view?usp=sharing * screenshot 320x480px medium size not displayed : https://drive.google.com/file/d/1EDcCVpwW4Cd21qn9JQldL2Q9EpwvF701/view?usp=sharing" tshak93 Needs Patch 53193 chmod(): Operation not permitted in class-wp-image-editor-imagick.php Media 5.7.1 normal normal Awaiting Review defect (bug) new 2021-05-12T05:49:17Z 2021-05-12T13:15:24Z "Hi **Current install:** Using the LATEST version of WordPress, the line numbers in this bug report relate to that version number. The system is running on CENTOS with APACHE as the server. **Problem Discription:** PHP Warning: chmod(): Operation not permitted in ""wp-includes/class-wp-image-editor-imagick.php"" on line 710 **Explanation why this is a problem** Every security conscious system administrator will have the following settings: On directories e.g. drwxr-x---. 10 editor apache 4096 Feb 19 2019 wp-content drwxr-x---. 25 editor apache 12288 Mar 29 13:26 wp-includes drwxr-x---. 4 editor apache 4096 Dec 11 17:10 themes drwsrws---. 2 editor apache 4096 May 12 15:09 upgrade drwsrws---. 20 editor apache 4096 Jan 1 00:00 uploads On files e.g. -rw-r-----. 1 editor apache 31328 Mar 29 13:25 wp-signup.php -rw-r-----. 1 editor apache 4747 Dec 11 15:27 wp-trackback.php While the apache server can READ every file, it cannot WRITE every file abd that is good! I have NEVER had a problem with these settings, ever. Where the apache server NEEDS to write, it can (e.g. uploads/upgrade/cache) I can happily update core/plugins/themes using FS_METHOD ssh2 with ssh keys set for the editor. Also it is nearly IMPOSSIBLE to have the system being taken over as the apache server cannot write core files. **Does the problem occur even when you deactivate plugins, use default theme?** N/A File system permission issue **In case it's relevant to the ticket, what is the expected output or result?** There needs to be an additional check whether the line SHOULD/CAN be executed. On my system the editor is NOT the same as the user running the http server. The server user is MOSTLY (and should) restricted to reading (other that the upload/upgrade/cache/etc directories). This will lead to errors on Linux based systems. " jobst Needs Patch 45562 drag and drop file upload fails with empty files when dragging from macOS Preview into WP on Safari 12 Media 5.0 normal normal Awaiting Review defect (bug) new 2018-12-10T00:27:48Z 2020-11-19T15:39:30Z "Part of my workflow involves opening multiple files in Preview (on macOS), and then adding them to WordPress by dragging and dropping them to the Add Media page in WordPress (running in Safari). That used to work fine, but when I upgraded to Safari 12.0, I get the error: ""File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your php.ini or by post_max_size being defined as smaller than upload_max_filesize in php.ini."" I'm using self-hosted WordPress (on both Ubuntu 11.04 or 11.10, with Apache 2.4 as the web server); I don't think I made any server-side configuration changes when this started happening, though it's possible I upgraded Apache versions at about the same time? This occurs in WordPress 5.0, and also occurred in WP 4.x versions; again, I don't think it was caused by a WP change, though I can't rule out a WP upgrade at about the same time. This works fine when dragging and dropping from Finder, it's only when dragging and dropping from Preview. To reproduce: * Select multiple images and open them up in Preview. * Go to Add Media in WordPress in Safari 12. * Drag one of the images from the Preview sidebar to Wordpress. I get the above file upload error when I do this." dbcarlton 2 Needs Patch 44127 editing an image can result in intermediate sized images left over after the image is deleted Media 4.9.5 normal normal Awaiting Review defect (bug) new 2018-05-17T19:51:02Z 2023-08-09T17:19:13Z "Steps to reproduce: 1. set thumbnail_size to `150x150` 1. upload a `300x300` image, e.g., `foo.jpg` * will result in `/wp-content/uploads/foo-150x150.jpg` being generated 1. edit the image and scale to `200x200` * will result in something like `/wp-content/uploads/foo-e1526583456941.jpg` being generated * `/wp-content/uploads/foo-150x150.jpg` will still be present, since it is still a valid thumbnail for the scaled image 1. regenerate intermediate sized images (e.g., by calling [[https://developer.wordpress.org/reference/functions/wp_get_attachment_metadata/|wp_get_attachment_metadata()]] followed by [[https://developer.wordpress.org/reference/functions/wp_update_attachment_metadata/|wp_update_attachment_metadata()]], which the [[https://wordpress.org/plugins/regenerate-thumbnails/|Regenerate Thumbnails]] plugin does) * will result in something like `/wp-content/uploads/foo-e1526583456941-150x150.jpg` being generated 1. ""Delete Permanently"" the image Check `/wp-content/uploads` and you will see that `foo-150x150.jpg` is still there. " pbiron 10 Needs Patch 29634 gallery bulk upload Media 4.0 normal normal defect (bug) new 2014-09-11T22:38:24Z 2019-06-04T20:09:10Z when i am uploading alot 500 images, and then some error happens... i don't have any way to retry uploads on queue , showing a list with numbers would help to verify how many elements are loaded and if are the same that we have selected. joxxxe 1 Needs Patch 36308 get_attached_file() destroys file paths on Windows Media 4.4.2 normal normal Future Release defect (bug) assigned 2016-03-23T15:45:03Z 2023-05-31T15:30:19Z "While working on ticket #36273 I noticed that ''get_attached_file()'' from ''wp-includes/post.php'' will destroy paths normalized by ''wp_normalize_path()'' on Windows: For example the function starts with {{{#!php $file = get_post_meta( $attachment_id, '_wp_attached_file', true ); // $file = 'C:/WWW/Sites/demo/htdocs/wordpress/wp-content/uploads/2016/03/example.jpg' }}} However this will become {{{#!php $file = 'C:\WWW\Sites\demo\htdocs\wordpress/wp-content/uploads/C:/WWW/Sites/demo/htdocs/wordpress/wp-content/uploads/2016/03/example.jpg' }}} due to {{{#!php if ( $file && 0 !== strpos($file, '/') && !preg_match('|^.:\\\|', $file) && ( ($uploads = wp_upload_dir()) && false === $uploads['error'] ) ) $file = $uploads['basedir'] . ""/$file""; }}} This is similar to ticket #24824 however we are dealing will full qualified paths here, not URLs (well, both are URIs...). PS: Yes, `$uploads['basedir']` contains mixed directory separators. That's another thing." Whissi 61 Needs Patch 31252 grid view in media library malfunctioning in Simplified Chinese install Media 4.1 normal normal defect (bug) new 2015-02-06T21:22:33Z 2019-06-04T20:11:07Z "Media library grid breaks in Simplified Chinese install. https://wordpress.org/support/topic/the-grid-view-of-media-gallery-is-malfunctioning-in-simplified-chinese-install?replies=1" kidsguide 10 Needs Patch 47619 i got error in /wp-includes/media.php Media normal normal Awaiting Review defect (bug) new 2019-06-28T06:17:58Z 2019-06-28T12:38:30Z in media php at line 3633 in $strings array you use objects without to check if this objects is exist... thanks! Asaf Azoulay 1 Needs Patch 53200 image quality reduction in smaller images Media 5.7.2 normal normal Awaiting Review defect (bug) new 2021-05-13T13:01:43Z 2021-05-13T13:01:43Z "So what happens is you upload a full size image to wordpress in my case project53.co.uk and I am using a goodlayers theme but I have repeated the same process on a stoc install on a different site and have the same issue. On this site for example the easiest one to see it on is the woman and look at the cheeks as full size looks ok and has colour and smaller images looks toned down and grey and it is wordpress changing the image quality with the smaller images. this is the details send from our dev guy For now - I have removed the thumbnails that the site was trying to use (I had set it to 'full', which should have been used, but the theme didn't want to co-operate) and then regenerated the thumbnails - pretty much forcing the site to use the full-size image. It may occur elsewhere in the site - hard to say until I've seen every possible variation of an image on the theme - but as long as we repeat the same steps to remove the thumbnail size and regenerate, it will be fine. You could just remove all regenerated sizes and ensure that sizes are set by the container the image is in; that would definitely stop it. So if you see another image (or multiple images) having the same problem: Inspect that image and see what thumbnail size it is using. (You can generally tell by the suffix on the end of the image name, e.g. blahblah-800x600.jpg) Go into Goodlayers Options > Miscellaneous > Thumbnail sizing Remove the thumbnail size that it's using Go into Tools > Regenerate Thumbnails Ensure that the thumbnail size that you remove is not there Click Advanced Options, and check the box which says ""Delete unselected thumbnails"" - this will remove that size from the server and tell WordPress it doesn't exist If it was me - I'd unregister all of the thumbnails and just limit the size of images which are being uploaded - and use that size globally throughout the theme (if the size doesn't exist it should fallback to the full size image as default). That doesn't necessarily have to be the case - but you just don't want 5MB images on a page - because then you'll have all the page speed problems to deal with! " digitalmountain Needs Patch 35870 image_default_link_type does not work for galleries Media 4.4.2 normal normal defect (bug) new 2016-02-19T10:25:33Z 2019-06-04T20:22:54Z "After some updated I've noticed all galleries started to point the URL to attachment post instead of image. After some digging it seems that attachment post will appear if no settings were found in the code. I've tried to override this without any luck I found this and it describes the problem: https://core.trac.wordpress.org/ticket/35101 Now I find out that this fix does not work for galleries. Even if I have image_default_link_type i the data table the attachment appears as default. And the front generates galleries with attachment post url when the setting is missing in the gallery code from content." jayse83 1 Needs Patch 46390 image_default_link_type is not seen by Gutenberg Media 5.1.1 normal normal Awaiting Review defect (bug) reopened 2019-03-01T12:34:42Z 2022-04-05T02:26:53Z "I have in option.php the image_default_link_type set to file so that by default the ""link to "" for all media files is by default set to media. Since upgrading to Gutenberg 5.1, this feature appears to be deactive." brianjcameron 7 Needs Patch 49640 image_get_intermediate_size returns wrong Media normal normal Awaiting Review defect (bug) new 2020-03-13T10:25:35Z 2020-03-13T17:20:32Z "The function `image_get_intermediate_size` isn't working as expected. If I upload a `1200px x 900px` image as the original. In WordPress theme I use `wp_get_attachment_image( $post_id, array( '1x1-large', '1x1-medium' ) );` `1x1-large` is setup using `add_image_size( '1x1-large', 1024, 1024, true );` It will fail as, it cannot create this image size as the the original is smaller. However, the function in question is clever enough to look for other aspect ratios that match. This is good. So if I had another name images called `1x1-medium` (setup using `add_image_size( '1x1-medium', 768, 768, true );` ) This will exist as the original image is large enough to be sized down to this. The function however uses this this code-block to short-circuit it: https://github.com/WordPress/WordPress/blob/46674e2367b8ca0c15b859bd578bc2119bfa0150/wp-includes/media.php#L780 {{{ // If there's an exact match to an existing image size, short circuit. if ( intval( $data['width'] ) === intval( $size[0] ) && intval( $data['height'] ) === intval( $size[1] ) ) { $candidates[ $data['width'] * $data['height'] ] = $data; break; } }}} So `$data['width'] =` each image sizes width and `$size[0] = '1x1-large'` This will never match!!! $size should in theory be a string, not an integer." CHEWX 1 Needs Patch 54714 images deleted from media library still exist in upload directory Media normal normal Awaiting Review defect (bug) new 2021-12-31T01:20:28Z 2021-12-31T13:39:45Z "Currently its so easy to make storage full of all wp site which allow user to upload image. Just upload big image all the time. Eventhough the admin of the website delete it permanently from media gallery. This files still exist in 'uploads' directory. When media is deleted permanently from media library, all files for this images should also be deleted including the size variations." erikdemarco Needs Patch 54205 jqxhr is undefined inside of deferred.done() when using wp.media to add a custom image upload Media 5.8.1 normal major Awaiting Review defect (bug) new 2021-09-30T20:55:42Z 2022-05-31T14:33:33Z "I have done all the usual trouble shooting and found this is being cause by a new block of code added to wp-util.js in 5.8.1. Specifically lines 121-134. The jqXHR property does not exist inside of the done() object and therefor always errors out. This is removing a key functionality of a clients admin that makes it where no new products can be added without a horrible workaround." metawebdevelopment 5 Needs Patch 59641 manually setting fetchpriority on image should prevent core from adding fetchpriority attribute Media 6.3 normal normal 6.6 defect (bug) new 2023-10-16T20:44:56Z 2024-02-17T13:44:33Z "When working on testing the automated fetchpriorty attribute core now adds for images, I discovered this bug: If users manually set fetchpriority=""high"" on an image either programmatically or using a plugin, core will not change that setting, however it unexpectedly sets fetchpriority=""high"" on another image. === Steps to reproduce 1. install this plugin to add a manual fetchpriority dropdown: https://github.com/adamsilverstein/wp-fetchpriority-control 2. create a post with several large images 3. select the first image and apply fetchpriority=""high"" (under advanced) 3. publish the post and view its source **Expected results:** Only the first image should have the `fetchpriority=""high""` attribute, setting high fetchpriority on more than one image reduces the effect of adding the attribute. **Actual result:** Core applies `fetchpriority=""high""` to the second image so the first two images contain the attribute. " adamsilverstein 14 Needs Patch 39521 media_handle_sideload does not initialize the caption/excerpt value Media 2.6 normal normal Awaiting Review defect (bug) new 2017-01-09T02:58:05Z 2019-05-16T02:37:04Z "In /wp-admin/includes/media.php changes have been made in the media_handle_upload() function to initialize the caption/excerpt value after an upload. Here's the code: {{{#!php $type, 'guid' => $url, 'post_parent' => $post_id, 'post_title' => $title, 'post_content' => $content, 'post_excerpt' => $excerpt, ), $post_data ); }}} Corresponding changes should be made in the media_handle_sideload() function, which still has: {{{#!php $type, 'guid' => $url, 'post_parent' => $post_id, 'post_title' => $title, 'post_content' => $content, ), $post_data ) }}} " dglingren 3 Needs Patch 17061 media_sideload_image() allows upload of 301-redirected non-images chriscct7* Media 3.1.1 normal normal defect (bug) accepted 2011-04-06T14:39:09Z 2019-06-04T20:02:39Z "When you give {{{media_sideload_image()}}} URLs that are not images, an error is raised. If for example I do: {{{ media_sideload_image(""http://google.com"", $post_id, $img_desc); }}} then I get this error: {{{ Sorry, this file type is not permitted for security reasons. }}} And this is absolutely normal and expected. But there is a case when {{{media_sideload_image()}}} do not detect non-images. This case is when the URL given to the function looks like an image but is redirected by Apache to another place. For example, on my server, this URL: {{{ http://coolcavemen.com/e107_plugins/autogallery/Gallery/default.jpg }}} redirects to: {{{ http://coolcavemen.com/photos/ }}} Now if in some PHP code I do: {{{ media_sideload_image(""http://coolcavemen.com/e107_plugins/autogallery/Gallery/default.jpg"", $post_id, $img_desc); }}} then no error is raised and I end up with the HTML served at {{{http://coolcavemen.com/photos/}}} being uploaded to my WordPress site as-is: {{{ kevin@kev-laptop$ file ./wp-content/uploads/2011/04/default.jpg ./wp-content/uploads/2011/04/default.jpg: HTML document text }}} Of course this upload appears broken in the media manager, as you can see in this screenshot: http://twitpic.com/4hlyks" anonymized_154007 2 Needs Patch 45802 media_upload_tabs not supported in 5.0? Media normal normal WordPress.org defect (bug) reopened 2019-01-01T04:37:22Z 2019-06-04T19:16:22Z "I noticed the instructions here are incorrect at least for the latest WordPress 5.0 https://codex.wordpress.org/Inserting_Media_into_Posts_and_Pages At least, I can't seem to find the add media and it appears to be replaced by Gallery and Image, which shows upload/media-library/insert-from-url. Unfortunately it looks like there is no longer a way to get to this dialog and use extra upload-tabs to the left on the dialog shown in the tutorial linked above. In other words [https://developer.wordpress.org/reference/hooks/media_upload_tabs/ media_upload_tabs] doesn't do anything? If so, it should probably note this on that filter page and on the codex page. " programmin 3 Needs Patch 46209 mediaelement CSS loading at bottom of body Media 4.9 normal normal Future Release defect (bug) new 2019-02-07T21:55:20Z 2023-01-31T13:55:35Z "The question was asked in #42751 why we are loading mediaelement css in the body. It was agreed in the recent Media meeting that this is better fit for it's own ticket for discussion. ---- Mentioned by @themezly : While we are at it, why are we loading mediaelement CSS files at the bottom of body http://prntscr.com/hh0808 ? CSS files should always be in head. " antpb 7 Needs Patch 45212 mediaelement.js WordPress .mp4 videos not playing/working on certain browsers/devices Media normal normal Awaiting Review defect (bug) reopened 2018-10-28T04:46:14Z 2020-04-10T18:11:46Z "Instead of the normal embedded Media Element video player working properly, on Safari Desktop and Safari/Chrome/Firefox on iPhone, the video player does not work. It's black and provides the actual video download beginning with mejs.download-file: https://cdn.elitesportsny.com etc. ... Please help. Thanks. " robsabo10 2 Needs Patch 46544 mp3 file with different file mime type and content type when uploading should not be rejected Media 5.1 normal major Awaiting Review defect (bug) new 2019-03-17T02:51:33Z 2023-01-27T02:33:41Z "{{{#!php archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1' ) { status_header( 404 ); die( '404 — File not found.' ); } }}} You see that ms-files.php checks, if the blog is archived (or spam or deleted) and than throws out a 404. Shouldn't this include a check for network admin users to see the files? Or, if that's not desirable, couldn't we make this check accessible for filters? Thanks for the good work! Christian " antwortzeit 2 Needs Patch 53408 png images bit depth is modified in resized images Media 5.7.2 normal normal Awaiting Review defect (bug) new 2021-06-15T11:27:39Z 2023-08-02T16:10:42Z "Hi, When I upload a 8 bit png image graphic, WordPress resizes as usual but modifies the bit depth to 24 or 32 bit, depending if their is a alpha channel. Without Alpha channel it is 24bit, with it's 32bit. The problem with that is that the file sizes end up being multiple times bigger than the original image. I opened a ticket with ImageMagick https://github.com/ImageMagick/ImageMagick/discussions/3825 Some of the replies included these solutions: **Setting bit-depth to 8 in the way done in the script may not be adequate for PNG. I think the only way to ensure that is to preface the output name with PNG8:filename.png. But I am not sure if it will preserve you transparency if the input has transparency. But the best thing to resolve that would be simply to try it.** **Scaling the image, depending upon the scaling method, most likely will add more colors than the 256 limit for 8-bit color. So the image has to be forced to quantize colors to the 256 limit in order to save as 8-bits. Otherwise, it is saved as 24 or 32-bits. So specifying PNG8:filename.png will save as 8-bits.** PNG00: Inherit PNG color and bit depth from input image(https://legacy.imagemagick.org/Usage/formats/#png_formats) Also here are related tickets I was able to find: https://core.trac.wordpress.org/ticket/36477 https://core.trac.wordpress.org/ticket/30402 https://core.trac.wordpress.org/ticket/48736 Thanks!" wpfed 6 Needs Patch 45589 resized images does not delete after delete main image in media library Media 5.0 normal normal Awaiting Review defect (bug) new 2018-12-11T20:18:31Z 2018-12-23T21:25:00Z "1) upload image 2) check the uploading folder - image-100x100.jpg image-540x750.jpeg and etc 3) delete image.jpg in media library 4) image-100x100.jpg image-540x750.jpeg and all other are still exist Looks like 10 years old bug #8309 " alexufo 3 Needs Patch 58261 "set_post_thumbnail_size interferes with ""Cover Image Block""" Media 6.2 normal normal Awaiting Review defect (bug) new close 2023-05-05T15:42:51Z 2023-06-28T19:23:01Z "adding a post thumbnail size on the theme level interferes with the Cover Image Block which will use the ""new thumbnail"" as its image, resulting in blurry image displays: add_theme_support( 'post-thumbnails' ); set_post_thumbnail_size( xxx, 9999 );" RichWP - Felix 3 Needs Patch 43070 srcset attribute can be overridden but not prevented Media 4.4 normal normal Awaiting Review defect (bug) new 2018-01-11T19:07:48Z 2019-04-11T13:48:00Z In `wp_get_attachment_image()`, a `srcset` attribute can be passed to the fourth parameter to override the attribute's contents. There is no way to prevent this attribute from showing, though. An empty `srcset` attribute throws a validation error. desrosj 2 Needs Patch 44456 srcset max-width set to image width Media 4.9.6 normal normal Awaiting Review defect (bug) new 2018-06-25T14:53:48Z 2020-04-07T03:05:48Z "My understanding is the max-width value in the image srcset should be limited to 1600px, however it is actually always set to the width of the original image. Also, max_srcset_image_width does not appear to be properly setting the max-width value either. Thanks, Mike" mikedunn 1 Needs Patch 43540 srcset not added when the original image size doesn't exist in the database after regeneration Media normal normal Awaiting Review defect (bug) new 2018-03-14T02:54:09Z 2024-02-27T18:54:22Z "Suppose you have a post where you've inserted a 'large' image size. Any other image sizes of the same proportion are added to the srcset on the front end. Now, change the 'large' image size to something else, and regenerate thumbnails (using the plugin, CLI, etc). The image in the post continues to work (since plugins / CLI tend not to delete non-existing sizes from the file system precisely because they may be embedded in posts). However, it no longer receives any srcset - because the src_matched variable never gets set to true in `wp_calculate_image_srcset`. Can the src_matched logic be adjusted to cover this case?" smerriman 5 Needs Patch 32609 tinymce gallery preview uses full resolution images Media 4.2.2 normal normal defect (bug) new 2015-06-10T23:59:15Z 2019-06-04T20:14:12Z If a user uploads a batch of ''very'' high-res images, and inserts them as a gallery, the browser will become unresponsive as these giant images are rendered in the TinyMCE gallery preview. The gallery preview should use a thumbnail instead of the original image. leedo 1 Needs Patch 39331 unsharpMaskImage in Imagick's thumbnail_image is not compatible with CMYK jpegs. Media 4.5 normal normal Awaiting Review defect (bug) new 2016-12-19T15:31:11Z 2017-05-11T14:40:11Z "This has been split off from #39216. The use of `Imagick::unsharpMaskImage()` in `WP_Image_Editor_Imagick::thumbnail_image()` on jpegs with CMYK color spaces results in mangled images, eg black text becomes fuzzy and over-black, and colors change. The attached patch just doesn't call it if the image has a CMYK color space. The unit test requires the attached ""test_cmyk.jpg"" to be uploaded to the test data images directory (which is actually the ""full"" jpeg produced by `WP_Image_Editor_Imagick` when processing the ""test_cmyk.pdf"" PDF uploaded to #39216). " gitlost 3 Needs Patch 39492 upload_post_params and plupload_init filters are not being executed on wp_print_media_templates() Media 4.7 normal normal Awaiting Review defect (bug) new 2017-01-05T20:17:11Z 2018-01-04T18:38:02Z upload_post_params and plupload_init filters are not being executed on the new media upload form located in wp-includes/media-template.php => wp_print_media_templates(). llvasconcellos 1 Needs Patch 36293 video/audio object passed to wp_video_shortcode/wp_audio_shortcode is always null Media normal normal defect (bug) new 2016-03-22T06:47:41Z 2020-03-12T05:16:51Z "Hi, The following: {{{ apply_filters( 'wp_video_shortcode', $output, $atts, $video, $post_id, $library ); apply_filters( 'wp_audio_shortcode', $html, $atts, $audio, $post_id, $library ); }}} send the {{{$video}}} and {{{$audio}}} objects respectively to the filtering function. However, these objects seem to be always {{{null}}}. By checking the relevant code I notice that these objects are only set when the {{{$primary}}} variable is set to {{{false}}}. The code does not clarify why the audio/video object is bound to that variable. Perhaps someone more familiar with the logic behind these functions should check this please." gnotaras 2 Needs Patch 59573 warning: trying to access array offset on value of type bool in wp-includes/media.php Media 6.3.1 normal normal Awaiting Review defect (bug) new 2023-10-09T16:14:04Z 2023-10-26T17:04:39Z "{{{ function image_get_intermediate_size($post_id, $size = 'thumbnail') { $imagedata = wp_get_attachment_metadata($post_id); // Checking whether $imagedata and $imagedata['sizes'] are real arrays. if (!is_array($imagedata) || empty($imagedata['sizes']) || !is_array($imagedata['sizes'])) { return false; } // Checking whether $size has a valid structure. if (!is_array($size) || count($size) < 2) { return false; } $data = []; }}} ....." androidforlife Patch Needs Refresh 41372 when no any media. at that time this section is not usable. so Please hide when no any media. Media normal major Awaiting Review defect (bug) reopened 2017-07-20T07:57:16Z 2017-11-06T06:02:03Z When no any media at that time this section is not usable. So please hide when no any media. rushabh4486 1 Needs Patch 56071 wordpress images too large Media 6.0 normal normal Awaiting Review defect (bug) new 2022-06-25T13:51:58Z 2022-10-26T15:45:15Z "How is it that an optimzed .png of 1081x753 with file size 61.5KB is converted to 1024x713.png and occupies 527.31KB. Overall WP increased the environmental impact of that one image ten fold, and as I publish about 100 or so of such images weekly server space is also occupied unnecessary. The WP generated file of 527.31K optimises to 106K. Also if I upload the optimised 1024x713.png of 106K, then WP generates a duplicate of 527.31K instead of just copying it. I read it is no longer permissible, as was in the earlier releases of WP, to disable the auto generation of of 'large', 'medium-large' etc. files. Also google degrades sites that serve unoptimized content. I consider this as defect and thus report it as a bug, if yo do not think so, please reassign to enhancements. " antonv 1 Needs Patch 45075 wp_delete_attachment() has unreliable return and wrong process order Media normal normal Future Release defect (bug) new 2018-10-11T04:48:13Z 2019-04-15T22:36:10Z "When doing permanent deletion, this function should also remove the files of the target attachment. However successful return of this function does **not** guarantee this even though it still can delete the attachment object and its relations. Problems when permanent deletion is in process: 1. {{{wp_delete_attachment()}}} must check for {{{wp_delete_attachment_files()}}}'s return and should fail too when {{{wp_delete_attachment_files()}}} fails 2. {{{wp_delete_attachment_files()}}} should be called first - what is the point of deleting object and it's relations when physical data could not be removed... " jave.web 2 Needs Patch 45913 wp_enqueue_media() - slow query Media 5.0.3 normal normal Awaiting Review defect (bug) new 2019-01-10T17:11:32Z 2020-04-01T09:25:14Z "I have sites with very large databases and I've noticed some slow queries since 5.0.3 on new/edit post screens: {{{ SELECT DISTINCT YEAR( post_date ) AS year, MONTH( post_date ) AS month FROM wp_posts WHERE post_type = 'attachment' ORDER BY post_date DESC }}} This query is coming from wp_enqueue_media() I am using php 7.2.1, MySQL 5.7.24" lubimow 2 Needs Patch 53187 wp_filter_content_tags added too early Media 5.5 normal normal Awaiting Review defect (bug) new 2021-05-11T19:15:40Z 2021-07-26T16:31:46Z "Currently wp_filter_content_tags filter is added to the_content filters with default priority, this means that if the iframe is outputted by shortcode it will not get the lazy loading attribute. I think that it should be added after do_shortcode has run with priority of 12." maciejmackowiak 2 Needs Patch 58647 wp_generate_attachment_metadata generates scaled images Media 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-27T21:34:17Z 2023-06-27T21:34:17Z "When using wp_generate_attachment_metadata() it seems to ignore the filter to turn off ""big_image_size_threshold"". add_filter( 'big_image_size_threshold', '__return_false' ); $generateThumbs = wp_generate_attachment_metadata( $attachmentId, $file ); This results in a scaled version of the media being created and _wp_attached_file meta being replaced with the scaled versions path. " picard102 Needs Patch 29370 wp_get_attachment_image() returning unexpected image size Media 3.9.2 normal normal defect (bug) new 2014-08-25T18:40:16Z 2019-06-04T20:08:49Z "I have a 'thumbnail' size image of 150x150 px and a 'thumb-250' size image of 166x250 px. {{{ add_image_size('thumb-250', 0, 250, false); }}} I am using wp_get_attachment_image() to get the best image fit for a 133x200 format. {{{ wp_get_attachment_image( $id, array(133,200) ); }}} this returns the 'thumbnail' size which has an area that's smaller than the requested size, as well as a different aspect ratio. I would expect the 'thumb-250' size image to be returned, which has a bigger area and the exact aspect ratio that was requested. I tracked this down to the first condition in the following line: https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/media.php#L599 Why is the 'thumbnail' image size preferred in the selection process? This means the thumbnail is always returned if it's next in row even if it's area is smaller and the aspect ratio is off." martinleopold 2 Needs Patch 32117 wp_get_attachment_metadata sizes array file misses path if using year/month organizing Media 4.2 normal normal Awaiting Review defect (bug) new 2015-04-24T15:58:51Z 2017-08-14T13:15:29Z "wp_get_attachment_metadata returns array like this: {{{ [""metadata""]=> array(5) { [""width""]=> int(3072) [""height""]=> int(2304) [""file""]=> string(25) ""2015/03/GC702D01_high.jpg"" [""sizes""]=> array(4) { [""thumbnail""]=> array(4) { [""file""]=> string(25) ""GC702D01_high-200x150.jpg"" [""width""]=> int(200) [""height""]=> int(150) [""mime-type""]=> string(10) ""image/jpeg"" } }}} as you can see, ""file"" in the first level of the array contains year and month (as i do have turned on organizing in year/month structure for uploads), but ""file"" in the second level for (e.g. in this case) the thumbnail size is only the file name, without the path. This is at least confusing, make it difficult to get the URL of the file - each size need to be then requested separately by wp_get_attachment_image_src function. IMO optimal solution would be to use full path in both `$metadata['file']` and `$metadata['sizes'][$size]['file']` so the same name would have the same structure. But i do not know if it wouldn't have some compatibility issues. Less optimal imo would be to add there also the path - it can be there only once in the top level, as all sizes are currently always in the same folder, but i think this could lock us from possible changes / plugin modifications etc. E.g. I think that it would be great, if it would be possible (and even default) to have size name, as a folder, so that we would have thumbnails in uploads/thumbnail, medium size in uploads/medium ... - this would highly reduce the number of images in one folder in default settings and would reduce the problems with displaying them on most systems. And also if we would want to delete some defined size, we could simply delete one folder and save space. So the second optimal would be to show the path in `sizes[$size]` subarray, e.g. {{{ [""metadata""]=> array(5) { [""sizes""]=> array(4) { [""thumbnail""]=> array(4) { [""file""]=> string(25) ""GC702D01_high-200x150.jpg"" [""path""]=> string(25) ""2015/03/"" } }}}" thomask 5 Needs Patch 53121 wp_get_image_mime() - something weird going on Media 4.8 normal minor Awaiting Review defect (bug) new 2021-04-30T17:29:42Z 2021-05-01T01:58:35Z "Okay, eh... help... so this is a weird one to write up. In the context of #53009, @hellofromTonya and me are looking at all calls to `markTestSkipped()` in the test suite. One of the ones I was looking at is this test in `tests/phpunit/tests/functions.php`: {{{#!php markTestSkipped( 'The exif PHP extension is not loaded.' ); } $this->assertSame( $expected, wp_get_image_mime( $file ) ); } }}} for the [https://developer.wordpress.org/reference/functions/wp_get_image_mime/ `wp_get_image_mime()`] function. Now, there are two questions I have: 1. Why is `is_callable()` used for `exif_imagetype` and `function_exists()` for `getimagesize` ? This is the same in the actual function as well as the test, but strikes me as odd. Why not use `function_exists()` (or `is_callable()`) for both ? 2. I've been trying to verify the conditions by running the test with the Exif and GD extensions in various states - both enabled, GD disabled - Exif enabled, GD enabled - Exif disabled, both disabled - and I can only seem to make the test hit the skip condition with Exif disabled. Tested on both PHP 5.6 as well as PHP 7.4. I've checked the PHP docs and the [https://www.php.net/manual/en/function.getimagesize.php `getimagesize()`] function is listed as part of the GD extension and the manual doesn't say anything explicitly about it being available independently of the extension, so the condition ''seems'' justified, but the fact that I can't seem to get the test to fail is making me want to dig deeper. Related to #11946 and #40017. The original function was introduced in [39831], the tests in [40397]. Pinging @joemcgill - would you happen to be able to give me some insight into what's happening here ?" jrf 10 Needs Patch 58611 wp_get_missing_image_subsizes can return incorrect subsizes for a rotated image antpb Media 6.2.2 normal normal Future Release defect (bug) assigned 2023-06-23T12:33:44Z 2024-02-05T20:27:49Z "During the upload of a rotated image to the Media Library, the `wp_get_missing_image_subsizes()` function often returns missing subsizes for the non-rotated original image that will never be generated for the rotated image. This means for example, if a plugin is filtering `wp_update_attachment_metadata` and waiting for all thumbnails to have been generated before performing some action, it may be told that there are missing thumbnails for a rotated image, that will not be generated. Therefore it will not be able to perform that action as not all the thumbnails are deemed to be available." ianmjones 13 Needs Patch 51421 wp_get_missing_image_subsizes returns thumbnail sizes for animated GIFs Media 5.5.1 normal normal Awaiting Review defect (bug) new 2020-09-30T14:27:32Z 2020-10-01T14:36:20Z "While thumbnails are not created for animated GIFs to avoid the problem of users picking a thumbnail size to insert into their content and unexpectedly getting a static image instead of an animated GIF, they are generated for static GIFs. The `wp_get_missing_image_subsizes` function however recognizes animated GIFs as an image format that can have subsizes generated, and so returns a list of missing thumbnail sizes that will never be created. This causes problems for various plugins when checking whether all required thumbnails exist before commencing processing the GIF etc." ianmjones 1 Needs Patch 55872 wp_image_add_srcset_and_sizes trys to parse images from external pages, fails with error Media 6.0 normal normal Awaiting Review defect (bug) reopened 2022-05-30T08:08:17Z 2023-02-16T19:31:44Z "If a user embeds image content from another domain by copy pasting and includes a tag like {{{ }}} it seems like wordpress trys to parse the file as it were hosted in its own instance. This won't work of course, because it cannot access the file in the filesystem. It then fails with the following warning: {{{ PHP Warning: Undefined array key ""file"" in /wp-includes/media.php on line 1676"" }}} " pampfelimetten 3 Needs Patch 43413 wp_prepare_attachment_for_js missing image size medium_large Media 4.9.4 normal normal Future Release defect (bug) new 2018-02-25T18:54:29Z 2019-04-15T18:12:50Z "I have a function that creates a media size in case the size is called but is missing in meta. https://gist.github.com/danyj/2edb3d83bae4c363bf839f0dd5f1343f usage {{{ thz_create_missing_attachment_size(13031,'medium_large'); }}} every missing file size is recreated and exists in by wp_prepare_attachment_for_js size key except the media_large because it is missing here. https://github.com/WordPress/WordPress/blob/dfa68397063daf90a8758896693f137f9b981856/wp-includes/media.php#L3297-L3304 Basically if meta has been updated the wp_prepare_attachment_for_js is not checking for sizes but manually goes by that array . Not sure if the missing size key is left out on purpose but when you compare the wp_prepare_attachment_for_js to wp_get_attachment_metadata the data is not same " Themezly 1 Needs Patch 58240 wp_read_image_metadata() doesn't handle Exif array values joedolson* Media normal normal Future Release defect (bug) accepted 2023-05-03T06:02:01Z 2024-02-05T20:25:50Z "Some images appear to have multiple values for some headers, which causes `wp_read_image_metadata()` to return `'Array'` for some fields. A real-life example are these images: - https://wordpress.org/photos/photo/3056444e62/ - https://wordpress.org/photos/photo/7716444e53/ - https://wordpress.org/photos/photo/5376444e57/ Looking at the return value from `exif_read_data()` for one of these, you'll see arrays below. However `wp_read_image_metadata()` includes lines like `(string) $exif['FocalLength'];`. It looks like `iPhone 13 mini` might be common between the above examples {{{ [...] 'SectionsFound' => string(19) ""ANY_TAG, IFD0, EXIF"" 'COMPUTED' => array(6) { [...] 'ApertureFNumber' => string(5) ""f/1.6"" } [...] 'Make' => string(5) ""Apple"" 'Model' => string(48) ""iPhone 13 mini back dual wide camera 5.1mm f/1.6"" 'Exif_IFD_Pointer' => int(106) 'ApertureValue' => array(2) { [0] => string(9) ""1356/1000"" [1] => string(9) ""8803/1000"" } [...] 'FocalLength' => array(2) { [0] => string(9) ""5100/1000"" [1] => string(10) ""10884/1000"" } 'ShutterSpeedValue' => array(2) { [0] => string(10) ""10884/1000"" [1] => string(19) ""1124129791/84149760"" } }}} As a result on the above Photo pages you'll see something like this: {{{ Focal Length: Arraymm Shutter Speed: 1/0 }}} This could be related to the image processing application being used, or the sections found in the image. I'd be tempted to just select the first array key in those cases." dd32 13 Needs Patch 60178 wp_video_shortcode() outputs invalid HTML Media normal normal Awaiting Review defect (bug) new 2024-01-02T22:09:17Z 2024-02-15T07:25:42Z "Did an audit of a website and found several invalid HTML for video tags that were output with `wp_video_shortcode()`. The errors: * Bad value `1` for attribute `loop` on element `video` * Bad value `1` for attribute `autoplay` on element `video` * Bad value `1` for attribute `muted` on element `video` Based on documentation from Mozilla, all 3 are boolean attributes. Here is an example of function usage that produced the HTML validation errors: {{{#!php wp_get_attachment_url(9999), 'class' => 'my-custom-video', 'poster' => '', 'loop' => 'true', 'autoplay' => 'true', 'muted' => 'true', 'height' => 1080, 'width' => 1920 ] ); }}} This part in `wp_video_shortcode()` is the culprit: {{{#!php $v ) { $attr_strings[] = $k . '=""' . esc_attr( $v ) . '""'; } }}} Currently, we are using the filter to clean up these attributes like this: {{{#!php missing?" Menus 6.4 normal normal Awaiting Review defect (bug) new 2023-12-04T20:43:38Z 2024-02-15T16:21:03Z "I'm wondering if there is a reason why the text of menu items **without** children is wrapped with a as follows.. {{{ Menu Item Text }}} ..but if an item has a child, then this span is ""missing"". Wouldn't it be more consistent to wrap the text of menu items equally?" ekesto Needs Patch 49331 'output' Taxonomy Slug Crashes Menu Menus 5.3.2 normal normal Awaiting Review defect (bug) new 2020-01-30T16:52:58Z 2020-01-30T22:42:13Z "If I create a custom taxonomy with its slug as 'output' the Menus in the admin area disappear as well as on the frontend. The 'output' is not listed as a reserved term here: https://codex.wordpress.org/Reserved_Terms" nekokun 1 Needs Patch 52616 Admin Taxonomy Search returns only 10 results max and no pagination Menus normal normal Awaiting Review defect (bug) new 2021-02-23T00:51:16Z 2021-02-23T10:37:57Z "In Admin : /wordpress/wp-admin/nav-menus.php In the 'Add menu items' section. When you search for products or categories or other taxonomies, it returns maximum of ten 10 results and with no option of pagination. Looked for a solution but found nothing. Can this be fixed somehow?" aristotelisj Needs Patch 57546 Appearance>Menus Disappear (actual menu items) When Updating to WP 6+ Menus 6.1.1 normal normal Awaiting Review defect (bug) new 2023-01-24T14:12:03Z 2023-02-17T13:43:52Z "Hi folks, This has been an ongoing issue for many months. It only affects select single sites or select subsites on a multisite for unknown reasons even after using the default WP theme and disabling all plugins. See page 2 here https://wordpress.org/support/topic/appearancemenus-disappear-when-updating/page/2/#post-16399937 for the most recent info but also look at the beginning too on page 1. On a staging site for multisite I just recently did this to continue testing: Current is 5.9.5 and everything is fine. Shows what menus are prior to updating to WordPress 6 plus: https://app.screencast.com/IeeYd9srBeKVl (this is on a full network staging site to test) Keep in mind this issue can be on single WP installs or multisite installs. See the WordPress forum post It can not be replicable because it seems to only affect certain websites for unknown reasons even after putting sites on the default WP theme and deactivating all plugins (on both single sites WP installs and multisite). After updating: I was showing some subsites are fine but about 6 or 7 of my 70 subsites have menus that disappear https://app.screencast.com/OXcdWgR4D3jE1 initially on updating WordPress 6 plus. I have found other people with single WP site installs that have the same problem like the WordPress forum post here for example. See: https://app.screencast.com/OXcdWgR4D3jE1 See how I resolved on staging: https://app.screencast.com/X60RG8l61sVsG (keep in mind when I tried this a couple months ago on my live network, the menus came back initially, but then they disappeared after a day or so again...I had to revert back to WP 5.9.5 to get the menus to stay on those 7 sites). For this testing site, so far, on staging, I disabled a couple of menu-related plugins before updating and then fixed the menus and reenabled (like Max Menu just as a hunch), but there is also a newer version of WP now too so that is different too. I then made a backup of the menus using the Duplicate Menu plugin on each of the 7 sites for all menus just in case they disappeared after a few days I would try the backup menus made with the new version of WP. I have not had to use them yet. It has been a week on staging and menus are still so far there. I tried this before on another staging a few months ago, and the menus stayed on staging but continued to disappear when trying on the live site after af few hours in my case or day or so. Excerpt from page 2 recently talking to another person who has a single WP site doing the same thing: "" #1 I disabled Max Menu plugin first only cause I suspect (guessing since it is a menu based plugin) that may be part of this. You could disable only any menu related plugins or all plugins. But if you menus are driven by your theme just try also changing your theme before updating WP core too. #2 I updated to the latest WP core. #3 Menus items are gone but… #4 I go to the Menus titles that I had active and added a new random page to the menus that should have menu items but shows none at that moment. I then SAVE the menus. All menu items that were gone then reappear. Don’t just try to resale without adding a new random page to the menu. You have to add a new page first for it to work. You can remove it after all your menu items come back and resale again afterwards. #5 Optional…I then used the top plugin in WP repository to duplicate the menus as a quick backup (it has about 80k active installs). Search duplicate menu in WP repository. #6 Then enable all plugins I had disabled (or enable your theme too if you changed that). #7 All menus are now restored with the latest WP. #8 I have left the staging going for about a week to monitor to be sure the menus stayed up. So far so good. I made duplicate backups of the menus while on the new version of WP just in case the originals disappeared again (i.e. #5 above). So far the original menus have not disappeared. "" It would probably be best for you to get a staging site on a single WP site that is doing it vs an entire multisite staging to see the replication of the issue. I am asking the other person ( @marpan ) to post here to and provide you access to a fresh single WP site staging site so you can see it for yourself too as this only seems to happen on a smaller percentage of single sites. For my multisite, I have 70 subsites and only 6 or so are doing this too FYI. The other subsites seem fine. " truebird 2 Needs Patch 60176 BLOCK NAME input data not saving Menus 6.4.2 normal normal Awaiting Review defect (bug) new 2024-01-02T07:02:40Z 2024-02-15T09:24:27Z "Hello, I've encountered an issue with the default Navigation block on block-based sites. The ""BLOCK NAME"" input fields do not retain any entered data. Upon reloading, the information disappeared, and I couldn't locate it in the database. I'm hopeful that this is just an unused field. Thank you." heymehedi Needs Patch 43494 Can't change/delete menu items in Customizer on mobile audrasjb* Menus normal normal Future Release defect (bug) accepted 2018-03-07T23:30:18Z 2023-01-06T12:25:28Z "On mobile/tablet browser (only Android, Chrome browser tested), menu items can be added and reorganized, but the drop-down toggle for further options doesn't work. As a result menu items cannot be removed. To reproduce: 1. Log in to admin in mobile / tablet browser 2. Go to Customizer -> Menus 3. Add menu item to a menu 4. Attempt to edit / delete menu item Originally reported by community user Sue Jenkins on Twitter: https://twitter.com/LuckychairNews/status/969682449176211456" mor10 8 Needs Patch 35330 Categories Format & Search Bug Menus 4.4 normal normal defect (bug) new 2016-01-06T16:27:32Z 2019-06-04T20:20:20Z "Hello, I have been advised by WooCommerce to submit this to Wordpress as they deduced it was a Core problem and not related to WooCommerce. I have been able to re-produce this 3x, Once on SiteGround, another on Hostgator and also locally. This is on Wordpress 4.4. Issue #1: After adding categories if I go to Appearance > Menu and search for a category no results are returned. Furthermore, if I was to go to second page of categories and then try and search for something then only placeholder text is written. Issue #2: The problem occurred when I tried adding a lot of nested categories onto my WooCommerce categories. The format which I had was 9x Parent Categories, 5x Second Level Categories and under one of the Second Level Category are 11x Third Level Categories. If you were to view the categories via Appearance > Menu then the format is all broken. The WooCommerce support mentions as soon as pagination is involved then the format breaks. He also said ""It looks like the way WordPress is handling the Taxonomy is incorrect"". Please confirm if you can reproduce or need further details. Many Thanks, Jawad" jawad96 4 Needs Patch 53449 Child Walker classes change the $args parameter data type and default value signatures for start_el and end_el Menus normal normal Awaiting Review defect (bug) new 2021-06-18T15:54:35Z 2023-08-03T21:38:00Z "The following Walker classes have code smells for changing the data type of the `$args` parameter when extending from the `Walker::start_el` and `end_el`: - `Walker_Nav_Menu` - `Walker_Nav_Menu_Checklist` - `Walker_Nav_Menu_Edit` What is the code smell? The parent defines the `$args` parameter as an `array` data type with a default value of an empty array. The child classes change the parameter's data type to `stdClass` with a default value of `null`. These changes need investigation to determine if these changes are needed and why." hellofromTonya 3 Needs Patch 14142 Custom Walker class for navigation menus Menus 3.0 normal normal Future Release defect (bug) reopened 2010-06-29T14:16:18Z 2019-04-19T18:31:41Z "I have tried to extend the Walker_Nav_Menu class, I just needed to overwrite the start_el method. So i added ""walker""=>""My_Walker"" to wp_nav_menu, I've got an error message, that the method ""walk"" could not be accessed statically. After a short look at the code in ""nav-menu-template"", I realized that in the method ""walk_nav_menu_tree"" the object initializer ""new"" is missing. My solution can be found in the attached file. As you can see, I've just added a ""new"" in front of $r->walker And it works" dennis.winter 11 Needs Patch 51623 Does WordPress run a clean-up cron-job for menu items having the draft status? Menus 5.5.1 normal normal Awaiting Review defect (bug) new 2020-10-24T22:15:13Z 2020-10-24T22:15:13Z "On the menu admin screen, after dragging new menu items to the selected menu, whenever I discard the option to save the menu settings before reloading the page I noticed that the added menu items (not-saved) is still in my post database table with status ""draft"". Now if I discard 100 menu items, my post table is filled with 100 rows of redundant data. Why? " zenithcity Needs Patch 54585 Issue in the menu editor Menus normal normal Awaiting Review defect (bug) new 2021-12-06T10:04:32Z 2021-12-06T10:16:17Z "In the WP menu editor (in apparence), when im searching a category with a ' (quote) inside the category's name, WP don't find it. The category will only be found if i'm testing with a word rather than the exact expression. Actualité sur l'outillage -> not found outillage -> the category ""Actualité sur l'outillage"" is found The same probleme exists for the product category's name when Woocommerce is installed." fiotty0 Changes Requested 18282 Issue with admin page hierarchy in Menu admin Menus 3.2.1 normal critical Awaiting Review defect (bug) reopened changes-requested 2011-07-28T14:38:17Z 2023-08-12T10:15:28Z "Under Appearance > Menus in the left column under Pages, if I have more than 50 pages, the hierarchy view gets messed up. The issue seems to be related to paginate. If I change the ""50"" on lines 589 and 809 of wp-admin/includes/nav_menu.php to ""955"" the hierarchal admin menu works with 50+ pages. Attached are two XML files. One contains 50 pages and the other contains 53 pages. I've loaded them into fresh installs of 3.2.1 using the twenty eleven theme and no plugins. Paginate is great if it works right, if it won't work, just increase the number per page to something very high and people can scroll. I'd rather scroll than not have hierarchy work right. Link to 50 page XML -- http://cloud.hcc.me/0g3X3O310s3l3i2N363n Link to 53 page XML -- http://cloud.hcc.me/302e0c391A14193m2V2e Pastebin of wp-admin/includes/nav_menu.php -- http://pastebin.com/0FRAmMkS" hcceast 75 Needs Patch 58044 Issue with wp_setup_nav_menu_item Menus 6.2 normal normal Awaiting Review defect (bug) new 2023-04-01T16:20:53Z 2023-04-08T14:55:59Z "`/wp-includes/nav-menu.php` has an issue handling bad `$menu_item`. The problem is with trying to call `get_post_status()`. If a post with type `nav_menu_item` has a problem (I think not having a correct parent or something), the call to `get_post($menu_item->object_id)` returns NULL which then causes an error message from `get_post_states()`. I had to search the site database to find the offending menu item on my theme development site and deleted the bad menu. I think I likely deleted a page or post that had been include in a menu definition, or perhaps it was because I typically use the Parent Page to define the default menu, which is still supported but seldom used. This error only seems to appear when using the Customizer, I'm guessing while it is generating the ''Menus'' option. Didn't get error from Dashboard Menu, nor have I tried this on a block theme. The problem is found around line 833 in `nav-menu.php`. Here's a possible fix which worked with my bad menu definition, but the problem might be deeper. {{{#!php type_label = $object->labels->singular_name; // Denote post states for special pages (only in the admin). if ( function_exists( 'get_post_states' ) ) { $menu_post = get_post( $menu_item->object_id ); /* * Suggested fix for bad nav_menu_item post - likely caused by now missing parent * which can result in $menu_post being NULL at this point * */ if ($menu_post != NULL) { //*** add a NULL check $post_states = get_post_states($menu_post); if ($post_states) { $menu_item->type_label = wp_strip_all_tags(implode(', ', $post_states)); } } // end of added NULL check } } else { $menu_item->type_label = $menu_item->object; $menu_item->_invalid = true; } }}} " wpweaver 4 Needs Patch 18271 Item hierarchy should be maintained when adding to menu Menus 3.2.1 normal minor Future Release defect (bug) new 2011-07-27T20:13:35Z 2023-11-17T10:54:16Z "Situation: Create a hierarchy of categories or pages and go to create a custom menu. In the meta boxes on the left hand side, the categories and pages are shown in hierarchical arrangement. Select all categories (for example) and add to menu. Expected behaviour: All links are added to custom menu and the hierarchy is maintained appropriately Actual behaviour: Hierarchy is lost and all menu items are top-level This was originally raised by Jane in #17029 however the changeset in the ticket only applies to showing hierarchy in the meta boxes and doesn't cover maintaining hierarchy when adding to menu." JohnONolan 21 Needs Patch 21669 "Make ""Home"" option persistent in Pages box on Menus screen" Menus 3.4 normal normal defect (bug) new 2012-08-23T16:57:08Z 2019-06-04T20:03:36Z "If you have some pages, or even a page, then on nav-menus.php in the Pages box, View All, it will display Home as an option. However, if you do not have any pages at all (mostly Blog on front page scenarios), then it just says ""No items."" in the Pages box. It should always be populated with at least the Home option. Oversight on our part that we didn't uncover this behavior before. " jane 1 Needs Patch 42992 Menu Customizer - Inconsistent use of Tags and Format Menu Items Menus normal normal Awaiting Review defect (bug) new close 2017-12-28T15:03:50Z 2019-01-17T01:28:07Z "When using the standard menu administration it does not display ""Tags"" and ""Format"" to add into menu items. When using the menu controls in the customizer, it display ""Tags"" and ""Format"" options to appear as menu-items." monikarao 4 Needs Patch 47436 Menu depth doesn't affect menu-item-has-children Menus 5.2.1 normal trivial Awaiting Review defect (bug) new 2019-05-30T17:19:32Z 2021-08-21T22:47:18Z "Hi, When you add a depth of 1 to wp_nav_menu it removes all the sub menus, but it leaves menu-item-has-children class on the original menu li tags, which means it is styled like it has a dropdown." mikeybinns 2 Needs Patch 20325 Menu item parent classes for page_for_posts (home.php) not properly set on single.php Menus normal normal defect (bug) new 2012-03-29T12:50:06Z 2019-06-04T20:03:21Z If one has set page_for_posts (Settings => Read), on single.php wp_nav_menu() will set current_page_parent for the accordant menu item, but it will not set any parent or ancestor classes for its parent menu items as expected. [tested with 3.3.1] ptietz 3 Needs Patch 39355 Menu title doesn't get updated if I change the page title Menus 4.7 normal normal Awaiting Review defect (bug) assigned 2016-12-21T01:38:03Z 2020-01-08T00:23:49Z "It seems like WordPress converts the hyphen character to the dash character automatically. I created a new page with the following page title: '''Foo - Bar''' However, when I checked the menu title (Appearance > Menus), I found the title was displayed as: '''Foo – Bar''' The page gets stored in the database with a customized menu title (page title with a hyphen and menu title with a dash) and that's why the menu title doesn't get updated if I change the page title." maaarsl 4 Needs Patch 55863 Menus broken after upgrade to 6.0 Menus 6.0 normal major Awaiting Review defect (bug) new 2022-05-28T12:00:30Z 2022-05-28T12:00:30Z "After upgrading WordPress to 6.0, some of the menus on our site broke. It didn't happen to all, but to some. We had to restore to the previous version of WordPress. When going into Appearance - Menus and looking for the menu, the menu appears blank in WordPress. However, when I added something back to the menu and pressed save all the original menu items reappeared, so there may be some kind of database linking error? We are nervous to upgrade back to 6.0 as a result." darrenburn Needs Patch 37971 Menus screen: improve the responsive view Menus normal normal Awaiting Review defect (bug) new 2016-09-07T17:30:27Z 2019-04-05T19:01:01Z "Noticed while working on #37969, the responsive view of the Menus screen needs some improvements. Not sure if there's already a specific ticket (haven't found one). Some CSS rules used in this screen work just in the ""Desktop"" view: 100% widths+margins, some floats, the `13em` spacing between menu item titles and controls and probably more stuff need to be reset/adjusted. Not sure it nesting the menu items can work on very small displays, probably needs a different approach. Any thoughts welcome! [[Image(https://cldup.com/qvBPJULT7f.png)]]" afercia 3 Needs Patch 31360 Missing active state classes for parent menu items Menus 4.1 normal normal defect (bug) new 2015-02-17T13:59:09Z 2019-06-04T20:11:21Z "wp_nav_menu() currently dont set current_post_parent(or other active state css classes) for all parent pages, when it has a category menu item with current_post_parent state. Steps to reproduce: You have following menu (theme menu): - Level 1.1 (Page) - Level 2.1 (Page) - Level 3.1 (Category: ""Allgemein"") - Level 2.2 (Page) - Level 2.3 (Page) - Level 1.2 (Page) On ""Level 3.1"" you will see blog posts from the category ""Allgemein"". Each blog post is linked to a detail page. (full blog post). When you visit the full blog post page, Level 3.1 will get the class ""current_post_parent"". But Level 2.1 and Level 1.1 dont get any active states. Its missing. i currently use following to fix it in my theme: {{{ function me_fix_category( $menu ) { //parse output of wp_nav_menu $xml = new DOMDocument(); $xml->loadXML( $menu ); do { $fixed = false; //search for li tags $elems = $xml->getElementsByTagName( 'li' ); foreach ( $elems as $el ) { //check if li has a active state if ( strstr( $el->getAttribute( 'class' ), 'current-post-parent' ) ) { //check parent li tag $parent = $el->parentNode->parentNode; $class = $parent->getAttribute( 'class' ); if ( !strstr( $class, 'current-post-parent' ) ) { //no active state for the parent? append class $parent->setAttribute( 'class', $class ? $class . ' current-post-parent' : 'current-post-parent' ); $fixed = true; } } } //do this, till nothing was fixed } while ( $fixed ); return $xml->saveHTML(); } }}} " donkelduffi 1 Needs Patch 36411 Missing admin menu for custom taxonomy Menus normal normal defect (bug) new 2016-04-04T16:38:00Z 2019-06-04T20:23:47Z "I found an edge case that can cause that a user with the right capabilities becomes unable to manage terms on a custom taxonomy. The scenario includes: * A user with an editor role. * A custom post type with a set of custom capabilities that the current editor can not match. * A custom taxonomy assigned to that custom post types with default capabilities, so editors can manage it. Under those premises, the admin menu for the taxonomy is not generated. Note that you can access the admin page to manage terms on that custom taxonomy if you access the URL manually. If you then register a second custom taxonomy, also assigned to the same custom post type and with default capabilities (so an editor can manage it), then a custom admin menu is generated, wit the custom post type label, and granting access to admin pages to manage both taxonomies terms. I am attaching a minimum test case that does register the three objects, and includes comments as to how to test it." jadpm 4 Needs Patch 58640 Navigation Block renders wrong menu Menus 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-27T07:15:00Z 2023-06-27T07:25:32Z I have been experiencing a problem with block editor in the theme block theme that I am developing. The core/navigation block does not renders the manu I select in editor. However, in editor, the menu that gets rendered is one selected. mechaartistix 1 Needs Patch 60162 Navigation block rending content from post with shared ID Menus 6.4.2 normal normal Awaiting Review defect (bug) new 2023-12-28T14:05:36Z 2023-12-28T14:05:36Z "Hello, I believe I've found a somewhat niche issue. I have a wordpress multisite with four sites housed within it. I recently came across an issue where on one of my archive pages for an event content type, on one of the sites only, the header (leveraging a template part with a navigation block inside) is rendering content from one of the pages within the result list. This archive is leveraging cross site indexing powered by elasticpress to search and return content from this content type from all four sites in one archive page. After some investigation, I found that the ID of the navigation matched that of one of the events published on a separate site and that the post_content for that event is being rendered in place of the post_content of the wp_navigation object which has the matching ID. This seems to be a very rare condition however it might be beneficial to have some kind of post_type check before render since this is a possible issue." dsteersf1 Needs Patch 35640 No API to set a nav menu location Menus normal normal defect (bug) new 2016-01-28T05:21:19Z 2019-06-04T20:21:30Z "We've got an API to retrieve the nav menu locations - `get_nav_menu_locations()` however, there's nothing (as far as I can tell) to set a theme location, either singularly or for all menu's. We should probably have a method that can be used to set a single theme locations menu, and one to bulk-set. For reference, the admin pages currently all call `set_theme_mod( 'nav_menu_locations', $locations );` directly." dd32 4 Needs Patch 55893 Not able to save navigation menus and not able to retrieve menus using wp_get_nav_menu_items Menus 6.0 normal normal Awaiting Review defect (bug) new 2022-06-01T11:40:00Z 2022-06-01T21:10:27Z "Hey, i'm having some issues with navigation menus since upgrading WordPress from 5.9.3 to 6.0.0. In two custom themes i've built i notice the following behaviour: * Using {{{wp_get_nav_menu_items}}} does not return anything when trying to fetch the menu items for a given id. * When using the 'Menus' option in the Appearance menu items added to the menu don't show up. I can add new menus, and even add items to it. But when i press 'Save Menu' and reload the page they dissappear. I've bumped my head around this for two hours but i can't find anything that i'm doing wrong. A couple of things i noticed: * This has definitely something to do with the 6.0 upgrade. When going back to 5.9.3 the problem doesn't occur. * The items do seem to be added to the database, they just don't display anymore on the site. * I've got a hunch this might be related to #54905, which i've also run into. * When switching to the twentytwenty and twentytwentyone themes things work as normal. I can also see the menu items i've added in my custom theme that don't appear there. * I'm not using any activated plugins." huskyr 1 Needs Patch 51948 Override fallback nav menu item label Menus normal normal Awaiting Review defect (bug) new 2020-12-06T15:57:28Z 2020-12-06T15:57:28Z "While looking into some advanced concepts for improving navigation menus, I noticed if I create completely custom Nav Menu items, WordPress falls back to using ""Custom Link"" no matter what. I think this needs a filter adding in the fallback method, https://github.com/WordPress/wordpress-develop/blob/ac71fffac0045511a990ce02210300421d8b3b0e/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php#L322 whereby I can add in a more correct message to display for my custom Nav Menu items." invisibledragonltd Needs Patch 17077 Page parent li elements in nav menus not always given current-page-parent class Menus 3.1 normal minor defect (bug) assigned 2011-04-07T09:53:45Z 2019-06-04T20:02:40Z "Using a fresh WP3.1.1, 2010 theme, Theme Unit Test data, adding a navigation menu with Parent Page as an item without any child items and then navigating in the browser to Child Page 1. The
  • for the parent menu item doesn't get assigned the current-page-parent class. It does get the current-page-ancestor class, and none of my themes demand the current-page-parent class specifically so I've tagged this as trivial." andymacb 8 Needs Patch 53214 Register Menu Item Custom Field Menus normal normal Awaiting Review defect (bug) new 2021-05-15T11:53:35Z 2021-05-15T12:00:58Z "Hello, I got problem with adding custom field in menu. I set $depth == 0 for one custom field and it's work perfectly when i saved. But when user drag the menu item and make it 2nd depth, The custom field still show. It should to be hide because i just make it to show in 1nd depth not 2nd depth. I think this issue need to work or there is one solution that i don't know! This is code {{{ function custom_field( $item_id, $item, $depth ) { if ( $depth == 0 ) { ?>

    Hello World

    Menus on a mobile browser, dragging it to the desired position becomes an almost impossible task because the screen keeps scrolling to the bottom. Steps to reproduce: 1. Access wp-admin in a mobile browser 2. Go to Appearance > Menus 3. Create a menu and add four or more menu items 4. Tap and hold on a menu item and drag it to a desired position Expected: Screen remains in current position and I'm able to move menu items around smoothly Actual: Screen scrolls to the bottom and I'm unable to see where to position the menu item Issue happens on both mobile Safari and Chrome. However, this does not occur in the Menus section of the Customizer where I had a much better experience managing menus. " druesome 3 Needs Patch 53500 Searching for Pages & Posts when adding Menu items isn't working correctly Menus 5.7.2 normal major Awaiting Review defect (bug) new 2021-06-24T13:02:38Z 2021-08-21T15:43:53Z "I'm completely amazed that this hasn't been raised enough times or has more of an online presence because it's causing a huge issue for me right now. I have over 120 pages for one site, and I want to find one of these pages and add it as a menu item. I know the title of the page, but when I type this into the search field for adding a page to a menu, loads of other pages are displayed, but none relating to what I've typed, and not the one I've typed it (I've typed in the title EXACTLY as it is named on the page). How on earth is the search algorithm for the menu page search working exactly? I would expect this page to be shown here... but for some reason it's not, and neither are a few other pages I type. I have no idea why it's showing the pages that are showing up because there are no keywords that I've typed in, nor are they relevant at all. If I go to the Pages screen and search there, it finds it fine. I am completely unable to add pages to my menu because of this, please can someone look into this and confirm there is something wrong here (I cannot see how I'm not doing this right, or how this could be expected to perform any other way). " leecollings 2 Patch Needs Refresh 41351 Searching for a category returns nothing if category is empty Menus normal normal Awaiting Review defect (bug) new 2017-07-17T21:53:56Z 2019-11-22T21:53:08Z "Hi, In the navigation menu creation page, when you are trying to add a category to the menu, if the category is empty, it won't show up in the search results. However, if the category itself is empty but has a child that is not empty, it will still be shown. I have a blog with over 500 categories, and I'm trying to add some of them to the menu but they have no posts yet. Navigating through category list is going to take time, and is also frustrating. Now I've tracked down the issue to `/wp-admin/includes/nav-menu.php`, ( starting at line 588 ) but can't find a filter or hook to do so. This line (109) seems to be responsible for doing the search: {{{ $terms = get_terms( $matches[2], array( 'name__like' => $query, 'number' => 10, )); }}} According to the documentations, this function accepts an argument for showing empty terms 'hide_empty' => false, but I can't see such option in this part of core's code. I've added this option to the core (temporarily) to see if it solves the issue, and it does. The other `get_term()` functions withing this template file mostly use `'hide_empty' => false` so I'm not sure either this one was overlooked or not, I tagged this as a bug though." jackjohansson 6 Needs Patch 57519 Sundry Menu Bugs Menus 6.1.1 normal major Awaiting Review defect (bug) new 2023-01-21T06:05:19Z 2023-01-21T16:36:36Z "My ""TEST MENU (don't use)"" has a submenu. Bugs: 1. For ages the color of that menu text was black, it is now white (nothing was changed by me). 2. It is a custom link with the ""disable link"" option set, yet clicking it still goes to the URL (which I had to enter as it wouldn't save otherwise. OK I see the issue now, even though it is below the URL you have to click it first. The checkbox is a UI only option and no check is performed for the URL being empty. 3. The menu is impossible to open as it displayed off the right of the screen, I can only display it by reducing the width of the window such that the next level up menu displayed on a new line (plenty of room to open a submenu). All menus I have seen handle this problem by opening to the left in this scenario. 4. If used on the footer it doesn't even display submenus correctly. It displays them at the same level. [No image attached after all as I haven't got a clue how to do so] ANOTHER BUG: GOT ""You've not yet selected a component. Please check the ""Component"" option above or select from one of the following"" even though ""Menus"" was selected " dbareis 1 Needs Patch 38801 Terms with the same name indistinguishable in Menu section Menus normal normal Future Release defect (bug) new 2016-11-15T19:10:08Z 2017-08-18T12:52:07Z "== Problem == Let's say we have a WooCommerce site (although likely all taxonomies/terms are liable to this problem) with the following categories: Men, Women. Each of the categories has a subcategory called Shoes. When in Appearance -> Menu and trying to add a link to Shoes (whichever), there's no way to distinguish the 2 Shoes categories, as the parents are not displayed and no indenting is applied. No matter if we use the Latest, All or Search filter. == Solution == Keep in mind that ""All"" uses pagination, so indenting might not be the best solution. An idea is a hover with the parents listed, but this would be tricky on mobile. Maybe just make a ""Show parents"" switch above the field (or in the Screen Options) and if it's checked, show the parents after the taxonomy/term's name? Like: Shoes (Women -> Shoes). Just getting rid of pagination in the ""All"" view could cause problems with a lot of values and would not help the Search function within the menu creator." eclare 5 Needs Patch 23023 Touch UI Menu Code doesn't address flyout menus two-levels deep. Menus 3.5 normal normal defect (bug) new 2012-12-20T15:21:17Z 2019-06-04T20:04:37Z "The code we did in #20614 only addressed the single dropdowns you normally see in a single site install. A multisite install will have flyouts coming out of the dropdowns that we need to account for as well. Related: http://wordpress.org/support/topic/wp-admin-bar-doesnt-play-well-with-touch-device-in-wp-35" georgestephanis 3 Needs Patch 39056 Twenty Seventeen: No Default Menu option creates extra work Menus 4.7 normal normal Awaiting Review defect (bug) reopened 2016-12-04T17:28:41Z 2018-03-05T13:42:50Z "A new WordPress site is created with a sample post, and sample page. In previous themes, there was a menu with Home and Sample Page listed, which was nice to see where the menu lives, and preview what a page looks like. On Twenty Seventeen there is no default menu. This prevents me from both identifying where those links would be, as well as not allowing me to view the Sample Page." ElfIRL 4 Needs Patch 57173 Unable to edit Main Menu Menus 6.1.1 normal normal Awaiting Review defect (bug) new 2022-11-22T04:09:06Z 2022-11-22T16:06:02Z "Steps to reproduce the issue: 1. Edit a website with a main menu. 2. Select the navigation block in the block editor and click on ""Manage menu"" 3. Step 2 takes you to the page where you can edit menus. 4. Expected: hitting ""edit"" on the Menu entry should allow adding Pages/Posts to the navigation menu Actual: Seeing a blank page with no ability to modify the contents of the navigation menu" vpalepu 1 Needs Patch 48015 Unexpected results from wp_nav_menu() Menus 5.2.3 normal major Awaiting Review defect (bug) new 2019-09-11T13:01:16Z 2019-10-03T08:44:11Z "I'm using wp_nav_menu() in a shortcode. That is, I'm creating / placing a menu within a page (or post) and using a shortcode to that (as opposed to hardcoding it into the theme in a specific place). Specifically, I'm placing that shortcode via the core Gutenberg block for such things, but I don't believe that matters. - If I pass in an empty array - wp_nav_menu([]) - it **echos** (?) a random menu, and return null. - If I start with the default args for the function and unset both 'theme_location' and 'menu' and then pass that array in - wp_nav_menu([$args]) - , a random menu (same as the one echo'ed) is returned. How can it return an menu when none were specified. - If I specify an invalid menu name / location (i.e., it's not registered), it returns a random array. - For the menu it is returning, Admin > Appearance > Menus, I've unchecked all the Display Locations. That is, the menu does exit, but it's not associated with any locations. Still, wp_nav_menu() returns this menu. I've done some other variations on the above trying to get empty or null back and I get a menu. Long to short, I'm getting results when - afaik - I shouldn't be getting anything at all. I'm going to add a check against the global $_wp_registered_nav_menus before I do anything with wp_nav_menu(), perhaps wp_nav_menu() should do similar? I assigned a Severity = major mainly because this is a common function that gets used A LOT. I would think / hope it should, at this point, work flawlessly. " ChiefAlchemist 3 Needs Patch 43033 User can not see updated Icon in editing Menu with live preview Menus 4.9.1 normal normal Awaiting Review defect (bug) new 2018-01-06T06:48:54Z 2018-02-05T14:06:38Z "Bug: User can not see updated Icon in editing Menu with live preview Attachment for steps: https://www.screencast.com/t/jOBHlmVeUTdO Steps: 1. Navigate to Appearance->Menus from left rail 2. Select ""Menu with Live preview"" 3. Select Menu and click on 'Add Items"" 4. Sect ""Pages"" and add some page, User can see that ""+"" icon is changed to Tickmark sign 5. User will remove it from menu,Now User can not see previous symbol again to add Thanks" nilamacharya 2 Needs Patch 42288 Validation of custom menu link Menus 4.8.2 normal normal Awaiting Review defect (bug) new 2017-10-20T05:38:04Z 2018-06-14T13:40:20Z "1. go to menus page 2. try to add custom menu link with label only. without a URL. expected and actual result: validation failed and link cannot be added. 1. go to menus page 2. add custom menu link with label and URL: '#' 3. save menu 4. edit the custom link from the menu and remove the URL. 5. click save expected result: validation failed and menu won't be saved. actual result: menu saved. no validation." dvirhazout 4 Needs Patch 40090 Walker::display_element does not populate $args[0]->has_children when it is cast as an Object Menus 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-09T23:39:09Z 2017-03-10T00:38:08Z "When using the various hooks in {{{Walker_Nav_Menu}}}, the {{{$args}}} argument is expected to have a {{{has_children}}} object property. Walker::display_element only creates and populates this property if {{{$args[0]}}} exists and is an array. {{{#!php has_children = ! empty( $children_elements[ $id ] ); if ( isset( $args[0] ) && is_array( $args[0] ) ) { $args[0]['has_children'] = $this->has_children; // Back-compat. } }}} But {{{wp_nav_menu()}}} casts $args as an object ensuring that this assignment will always fail. = Suggested Fix = Add an additional check for object type and assign appropriately. {{{#!php has_children = ! empty( $children_elements[ $id ] ); if ( isset( $args[0] ) && is_array( $args[0] ) ) { $args[0]['has_children'] = $this->has_children; // Back-compat. } else if ( isset( $args[0] ) && is_object( $args[0] ) ) { $args[0]->has_children = $this->has_children; } }}} " JoelStransky 3 Needs Patch 57428 Walker_Nav_Menu::start_el() $data_object is not a WP_Post Menus 6.1.1 normal minor Awaiting Review defect (bug) new 2023-01-06T11:26:26Z 2023-01-06T11:26:26Z "The inline docs for `Walker_Nav_menu::start_el()` state that the `$data_object` parameter is a WP_Post object. This isn't accurate as the object that comes in has various properties such as `$title` and `$url` which do not exist on a standard `WP_Post` object. The docs were changed from `object` to `WP_Post` here https://core.trac.wordpress.org/changeset/38559, but it's not clear why. Proposed solutions would be to revert this to an `object` parameter, leaving it to the developer to find out what type of object is being passed in, or an improvement would be to define an object type for a `Walker_Nav_Menu_Data_Object` (likely extending WP_Post) that documents all possible/acceptable properties that would be expected to be able to be used in a walker. " jdamner Needs Patch 42566 When I use wp_nav_menu I get a huge update_meta_cache query regardless of theme Menus 4.8.3 normal normal Awaiting Review defect (bug) reopened 2017-11-15T23:53:36Z 2021-01-26T02:32:23Z "Hi there, I've got a wordpress site that's been up and running for a couple of years now. I always keep core+plugins up to date, and although I use a custom theme, I'm pretty happy with how it's working. Recently however it started to crash regularly - and the server guys notified me that it was mysql that was causing it. So I installed Query Monitor and took a look - there was a massive query which looked like this: {{{ SELECT post_id, meta_key, meta_value FROM ajs_postmeta WHERE post_id IN (11178,9677,9060,7417,7354, ) ORDER BY meta_id ASC }}} This was returning 20,000 rows each time the page was loading. This obviously overloaded the server during peak times and it needed rebooting. This is the code that was causing the problem (I know this because I replaced it and the offending query disappeared) {{{#!php 'header-menu', 'container' => 'nav', 'container_class' => 'nav-menu-holder nav-menu-landing nav-new', 'menu_class' => 'nav-menu', 'walker' => new themeslug_walker_nav_menu)); }}} So I replaced wp_nav_menu with static HTML and the query size reduced as it was no longer calling wp_nav_menu. I thought it might have been something I'd done in my theme - so I removed the custom walker, which didn't have any effect, and played about with some settings. I tried using the recommendation here: [https://hitchhackerguide.com/2011/11/01/reducing-postmeta-queries-with-update_meta_cache]/ but that had no effect. So the next step was to try a different menu. So I deleted my menu (which had 70/80 items in it) and added 5 new items to a new menu. That then gave the following query: {{{ SELECT post_id, meta_key, meta_value FROM ajs_postmeta WHERE post_id IN (11178,9677,9060,7417,7354) ORDER BY meta_id ASC }}} which is the same query as above but without the lots of additional ids - as this menu only had 5 items. This returned around 450 rows - so it's not hard to see that a menu with 70/80 items would get up to 20,000. The last thing I tried was to change to the default theme and disable all plugins (bar Query Monitor) and tried again. I associated my test menu (with the 5 items) with the 2017 theme top menu and checked query monitor - it still showed this query: {{{ SELECT post_id, meta_key, meta_value FROM ajs_postmeta WHERE post_id IN (11178,9677,9060,7417,7354) ORDER BY meta_id ASC }}} with the same number of rows. So my question is this - is this something that is a problem in core wordpress, seeing as this update_meta_cache() method seems to be creating massive queries if you have a larger than average menu - even 15/20 items would create a fairly large result set each time. I've been googling like crazy as I really want to get this sorted - but I can't seem to find a solution, and I'm wondering if it's something in the latest release. There's no difference between browser or OS that I can see - its just something wrong (I think) with the update_meta_cache method as it relates to the wp_nav_menu function. Anyway, happy for you to take a look at my config etc - let me know what you need. Best email to get me on is andy@weboptimize.co.uk or you can call my UK mobile on 07791-107755 Thanks Andy" andyseaton83 3 Needs Patch 51963 WordPress Multisite: Menu Editor Does Not Work In Subsites Menus 5.5.3 normal blocker Awaiting Review defect (bug) new 2020-12-08T06:45:05Z 2021-03-02T22:18:58Z "Hello If you install a fresh WordPress multisite without any plugins, and you create a subsite like mysite.com/site1 and you go to Appearance > Menus in the dashboard of the subsite, you come across the following problems although you do not have such problems with the main site's menu editor: (I tested with various browsers, various PCs, various OS's, on the latest Wordpress version 5.5.3, a fresh install without any plugins) 1- We cannot add new items: We can add new pages to the menu, but we cannot add new custom links, posts, categories, etc. to the menu. We can add them easily to the menu of the main site, but not the subsite. 2- We cannot move / rearrange the menu items: When we click ""edit"" beside a menu item, we do not see the arrangement options such as Move Up / Move Down / Move Under / etc. Those options are available in the main site. 3- Screen Options Button Does not Work: When we click on Screen Options, the button does not work. It works well on the main site. " javad2000 1 Needs Patch 58538 Wrong menu is shown after adding new Header Template parts Menus 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-14T18:51:11Z 2023-06-14T18:51:11Z "I believe I have found a repeatable bug, and workaround, pertaining to adding new Header Template Parts in WordPress 6.2.2, using multiple FSE themes. The goal: To have (at least) three custom Page templates, each with a different Nav block in its header. The current site has a working header, containing a Nav block with ""menu 1"" selected from the Classic menu list, in the Front Page, Page (and other) Templates - so it's necessary to add two more Template Parts for Headers, and two new Custom Page Templates, using each new Header. Steps: - Add second Header Template Part, with a second menu selected from existing Classic menus. - Add third Header Template Part, with a third menu selected from existing Classic menus. - Add Custom Page Template 2, using Header Template Part 2, including Nav 2. - Add Custom Page Template 3, using Header Template Part 3, including Nav 3. **- Note that both new page Templates and Header Template Parts show the correct Nav menu in the editor. ** - Assign one or more pages to Custom Page Template 2 - Assign one or more pages to Custom Page Template 3 - **BUG: All pages assigned to BOTH Custom Page Templates 2 and 3 will show only Nav menu 3**. **In other words, creating the third Header Template Part seems to to overwrite the Nav menu selected in the second Header Template Part. ** THE WORKAROUND: For each of the two new Header Template Parts (2 and 3) - Modify the menu of each Header Template Part in some way, such as: - Add an item to the menu at the end (anything - just an empty item is fine). - Save the Header Template Part, and test it. You will see the correct menu with the new item. - Return to the Header Template Part, remove the extraneous item from the menu, and save it again. - After doing this for both of Header Template Parts 2 and 3, they should then function correctly throughout the site. " littleen Needs Patch 60211 [BUG] Custom Links in Menus with #targets FAIL TO WORK (just scroll to target) Menus 6.4.2 normal major Awaiting Review defect (bug) new 2024-01-09T04:39:19Z 2024-01-09T04:39:19Z "Here is an example of a custom link in a menu: {{{ /search-plants?category%5B%5D=Bird+Attracting#ShowMatchingPlants }}} Lets say I'm on the page: {{{ /search-plants?category%5B%5D=Popular+%28home%29#ShowMatchingPlants }}} If I click the ""Bird Attracting"" link, it will not go to the page, it will ignore all parameters and simply scroll the current (""popular"") page to the hash target ""#ShowMatchingPlants"". If I click on the same menu item on any other page it will work." dbareis Needs Patch 54135 `nav_menu_meta_box_object` filter doesn't work on taxonomies Menus normal normal Awaiting Review defect (bug) new 2021-09-16T19:16:45Z 2021-09-16T19:44:03Z "I am trying to remove the pagination on main category taxonomy but it doesn't work {{{#!php name ) { $post_type->_default_query['number'] = -1; } return $post_type; } add_filter( 'nav_menu_meta_box_object', 'disable_pagination_in_category_meta_box', 9 ); }}} Think it's bug but not sure " papazetis Needs Patch 44329 current-menu-item class not applied to home link with starter content audrasjb Menus low normal Future Release defect (bug) reviewing 2018-06-08T03:12:20Z 2019-07-09T05:43:31Z "When viewing starter content in the customizer the home link does not get the current-menu-item class applied when you view the home page. The menu-item-object-{$type} class is also missing $type, so it just has the class menu-item-object- applied. When viewing a customizer changeset of the starter content before actually publishing - the home link is not given the current-menu-item class as well. The menu-item-object-{$type} class is still missing $type in this class too. After publishing the starter content the front end appears to have .current-menu-item correctly applied to the menu when navigating. However, when viewing the site in the customizer - the home link now always has the current-menu-item class applied regardless of which page you visit. This results in two links having current-menu-item applied ( the home link and the currently viewed link ). At this point the menu-item-object-{$type} class now has $type === 'custom', so the class menu-item-object-custom is properly applied. Additional notes: - I was only testing with fresh wp installs. - I was using default permalink structure. - I noticed this issue with other themes that provide starter content, but it also happens with twentyseventeen - #43401 does not seem to fix the issues outlined in the steps below. Expected results: I expected for menu items to have the current-menu-item classes properly applied when viewing changesets, the customizer preview would accurately reflect the frontend display, and that current-menu-item would not be applied to two different links when previewing pages in the customizer. Steps to replicate: 1. Use latest trunk (this does also occur on 4.9.6). 2. Have fresh_site option set to 1 to get starter_content. 3. Activate twentyseventeen theme. 4. Go to customizer. 5. Starter content should be populated - inspect the ""Home"" link which doesn't appear to have current-menu-item added, and has the incomplete class menu-item-object- as well. 6. Click on one of the other pages - the link properly reflects the current-menu-item class. 7. Save draft and open the changeset url provided. 8. Click on one of the other pages other than home, and the same issue occurs. 9. Go back into customizer, publish the changeset, and view the site now on the frontend. The home page link is now properly given current-menu-item, and menu-item-object-custom is correct. 10. Click on one of the other links, and the home link no longer has current-menu-item applied, and is applied correctly to the new page you're on. 11. Click on customize - once the customizer loads, the home link AND the link your were looking at both have current-menu-item applied, only the previewed page should have this class." timph Needs Patch 49332 method Walker_Nav_Menu::start_el should not call filter the_title on non post menu items Menus 5.3.2 normal normal Awaiting Review defect (bug) new 2020-01-30T17:16:29Z 2020-01-30T22:39:24Z "I am working on a site with a.o: - WP 5.3.2 - WPML 4.3.6 - Estatik-pro 3.8.1 - Divi 3.29.1 And am seeing the following notices in the debug log: PHP Notice: Trying to get property 'post_type' of non-object in .\wp-content\plugins\estatik-pro_3.8.1\functions.php on line 386 PHP Stack trace: PHP 1. {main}() .\index.php:0 PHP 2. require() .\index.php:17 PHP 3. require_once() .\wp-blog-header.php:19 PHP 4. include() .\wp-includes\template-loader.php:98 PHP 5. get_header() .\wp-content\themes\Divi\single.php:3 PHP 6. locate_template() .\wp-includes\general-template.php:41 PHP 7. load_template() .\wp-includes\template.php:671 PHP 8. require_once() .\wp-includes\template.php:722 PHP 9. wp_nav_menu() .\wp-content\themes\Divi\header.php:263 PHP 10. walk_nav_menu_tree() .\wp-includes\nav-menu-template.php:217 PHP 11. Walker_Nav_Menu->walk() .\wp-includes\nav-menu-template.php:583 PHP 12. Walker_Nav_Menu->display_element() .\wp-includes\class-wp-walker.php:244 PHP 13. Walker_Nav_Menu->display_element() .\wp-includes\class-wp-walker.php:156 PHP 14. Walker_Nav_Menu->start_el() .\wp-includes\class-wp-walker.php:144 PHP 15. apply_filters() .\wp-includes\class-walker-nav-menu.php:213 PHP 16. WP_Hook->apply_filters() .\wp-includes\plugin.php:206 PHP 17. es_the_title_filter() .\wp-includes\class-wp-hook.php:288 (If you want, I can post a stack trace with variable info.) Diving into this problem I noticed that: - The main nav menu does not only contain items that are a post, but also the language switcher flags (added by WPML) - On line 213 of file wp-includes/class-walker-nav-menu.php, Walker_Nav_Menu->start_el() calls {{{ apply_filters( 'the_title', $item->title, $item->ID ); }}} for all items in the menu, be it posts or other items. - Estatik-pro hooks into this filter and calls get_post() on the given ID which is not a post ID: {{{#!php post_type == Es_Property::get_post_type_name() ) { ... } return $title; } add_filter( 'the_title', 'es_the_title_filter', 10, 2 ); }}} Who is wrong? - WPML: by adding non-posts to menu's. - Estatik-pro for not checking that the filter is called for non-posts? - Walker_Nav_Menu->start_el() for unconditionally calling the filter 'the_title' on all menu-items? IMO: - Menu-items can be other things than posts, and WPML shows that this is indeed possible. - The filter 'the_title' seems to be explicitly for altering a post title, not titles of images, non-post menu-items, or whatever. So Estatik-pro should not have to check that the given ID is indeed from a post. - Walker_Nav_Menu->start_el() calls its own filter 'nav_menu_item_title' directly after calling the 'the_title' filter (though still documenting $item as a WP_Post). Based on the above, my conclusion is: Walker_Nav_Menu->start_el() should check if the item is a WP_Post before calling the 'the_title' filter. If you agree, solving this should be easy, surround line 213 with {{{ if ( $item instanceof WP_Post ) { ... } }}} However, in a lot of places it is documented that a menu-item is a WP_Post and changing that may take considerably more work. " erwinbr Needs Patch 40649 parent_file filter seems to be overwritten by get_admin_page_parent call Menus 4.7.4 normal normal Awaiting Review defect (bug) new 2017-05-03T13:37:51Z 2019-06-10T22:21:53Z "In wp-admin/menu-header.php the filter `parent_file` seems to have little to no impact most of the time. This is because the global `$parent_file` variable often gets immediately overwritten by the `get_admin_page_parent` function call. {{{#!php walk` expects an object but `walk_page_tree` passes an array. https://github.com/WordPress/WordPress/pull/679" lazardanlucian Needs Patch 58270 wp-admin left menu icon not showing in safari 16.1 Menus 6.2 normal minor Awaiting Review defect (bug) new 2023-05-08T19:39:10Z 2023-05-08T20:08:08Z wp-admin left menu icon not showing in safari 16.1, showing a empty square indeed. uniquegrouplimited 1 Needs Patch 46042 wp_nav_menu always returns a container Menus normal normal Awaiting Review defect (bug) new 2019-01-19T16:03:15Z 2019-01-19T20:20:35Z "wp_nav_menu('container' => false) is returning an empty div when there is no menu items. This should return either false or an empty string. You can change the div to a different element, but you cannot remove the container. This makes it difficult to test whether the menu is empty or not. Checking !empty($menu) no longer works like it used to." thememason 3 Needs Patch 18842 wp_nav_menu confuses new developers when it falls through to page listing Menus 3.2 normal normal Awaiting Review defect (bug) reopened 2011-10-02T10:54:12Z 2017-09-20T19:42:00Z "It appears that when wp_nav_menu() falls through to a page listing, many menu-specific args are not passed to the page listing, which ultimately confuses new developers. I seem to answer this at least weekly in #wordpress One example is the 'container_class' arg, if it falls through to the fallback_cb, the container_class is not applied. Ideally, template-related arguements should be passed to the fallback (And with pages as the default callback, it should handle these) or wp_nav_menu() should output any extra wrapping divs if appropriate." dd32 4 Needs Patch 33832 Add admin email column to list table on wp-admin/network/sites.php Networks and Sites 4.3 normal normal defect (bug) new 2015-09-11T15:56:31Z 2019-06-04T20:51:32Z "The list table on `wp-admin/network/sites.php` currently shows for every site * the site's URL * the date when the site was last updated * the date when the site was created * the number of users. It would be nice to have another column which contains the email address of the administrator which is stored in the `admin_email` option. That way, the network administrator(s) could see at a glance the email addresses of the people responsible for the single websites." thomaswm 2 Needs Patch 27832 All sites automatically marked as archived after upgrade Networks and Sites 3.7 normal normal Awaiting Review defect (bug) new 2014-04-16T10:47:37Z 2018-12-08T15:08:06Z "Strange thing, all sites were automatically marked as archived after automatic upgrade to 3.8.3. Maybe it is not related, but it was the last thing which is time-related to this problem. I checked database tables and all sites had archived = 1 in wp_blogs, but last_update column was not changed. So, it suggests, that it was not done by administrator. Administrator can archive primary site? Then it is not possible to access administration... I repaired it by setting 0 for all sites, but I am not sure, how could it happen? Do you have any ideas? There are no plugins which could cause it. I searched code and did not find any clue. Also hosting company is used for many other Multisite installations without problems. There are also some posts from different forums (usually somehow related to WordPress upgrade), but they are only talking about fixing problem and not about finding why... http://wordpress.org/support/topic/site-automagically-archived-or-suspended-on-multisite http://wordpress.org/support/topic/after-install-site-has-been-suspended-or-archived http://wpgarage.com/tips/unarchive-archived-suspended-site-wordpress-multisite/ Not sure, if it is some kind of bug, incompatibility or security hole..." pavelevap 9 Needs Patch 43653 Allow to filter the final message of signup user notification email Networks and Sites 4.9.5 normal normal Awaiting Review defect (bug) new 2018-03-28T14:18:11Z 2023-06-08T08:56:08Z "When a signup user notification is sent, we cannot filter the final message contained in $message. We can only filter one part of the message. This prevent us to send nice formatted emails using HTML (to send a formatted email, we need add include the message inside an HTML template)." benoitchantre 2 Needs Patch 55663 CSS theme and features themes is buggy Networks and Sites 5.9.3 normal normal Awaiting Review defect (bug) new 2022-05-03T09:19:07Z 2022-05-03T09:19:07Z "Hello, To explain my problem, I created a multi-site network and I want to use a theme, or even divi, the WordPress CSS is buggy. Then I installed Divi (the theme) and when I go to validate my license (in the options), there is no divi css, but this: https://prnt.sc/ElUkmp_zXBPW But even with the default theme ""Twenty Twenty-Two"", I have this same problem: https://prnt.sc/j1BRIO8yU85I While on the main site, there are no CSS bugs. Is this normal, is it still recommended to use the network? Thank you for your reply" valentindu62 Needs Patch 39495 Can't navigate to subsite without logging in again. Networks and Sites 4.7 normal normal Awaiting Review defect (bug) new 2017-01-05T23:50:39Z 2017-05-02T04:05:13Z "In a multi-site configuration, as a Super Admin user, log in to the root site. Then navigate to the dashboard of a subsite. Expected result: navigate to the subsite unhindered. Actual result: prompted to log in before navigating to the subsite. Problem occurs when we use WP Core 4.7. Problem does not occur on WP Core 4.6. Problem occurs when all plugins are deactivated and uninstalled. Problem occurs on more than one theme." davidmlentz 3 Needs Patch 54290 Domain mapping: Text displayed on wp-signup.php asserts site doesn't exist when it does actually exist Networks and Sites normal normal Awaiting Review defect (bug) new 2021-10-19T09:22:59Z 2021-10-26T18:11:21Z "In a network install, when domain mapping is active for a custom domain, the following message appears on the wp-signup.php page when the network sub-domain is visited: > The site you were looking for, https://foo.example.com/, does not exist, but you can create it now! **Steps to reproduce** 1. Map a network site ""foo.example.com"" to a custom domain ""foo.com"" using this guide: https://wordpress.org/support/article/wordpress-multisite-domain-mapping/ 2. Visit the network sub-domain ""foo.example.com"" in a browser 3. Observe the text on wp-signup.php which notes ""foo.example.com"" doesn't exist The network sub-domain ""foo.example.com"" does exist so this text shouldn't be displayed." henry.wright 2 Needs Patch 50694 Impossible to add user to network site when username / email are both emails and different values Networks and Sites normal normal Awaiting Review defect (bug) new 2020-07-18T16:03:14Z 2020-07-18T16:03:14Z "If you have a network site and create a user where the username is an email address (myemail@example.com) and your email address is different (otheremail@differentdomain.com) you cannot add a user to the network site. Under the Add Existing User section it will find the user you're trying to add and autofill it, but when you try to actually add it, it tells you it's not a valid user. Steps to reproduce: - Create a network site - Add a new user where their username is one email address and the email address is a different one - Add a new network site under your main one - Try to add your user to that newly created main one I ran into this issue because I created some users initially using their email address as a username, and then their email address changed. We can't change username so the only thing I could do was update their email on their account which I did. Then this bug popped up." elrae Needs Patch 46610 In Multisite The Edit Page Is Missing From Toolbar And Root of Multisite Gets Displayed Networks and Sites 5.1 normal normal Awaiting Review defect (bug) new 2019-03-22T17:11:07Z 2019-06-14T22:06:21Z "I reported an issue here: https://github.com/WordPress/gutenberg/issues/14562 A contributor there referred me to post this here because it might not be a Gutenberg issue. In a multisite network, the Toolbar site displayed after My Sites is changed to the root of the site when the admin User adds the Toolbar to the URL so they can edit the page. The Edit Page is also not displayed in the Toolbar. Steps to reproduce the behavior: login to WordPress -- in a multisite network select one of your multisites verify the correct site is loaded after My Sites create a simple test page publish the test page copy the link for the page and open the link in a new tab paste ?bar=yes to the url and press return on the url to display the toolbar notice that the multisite display after My Sites shows the main root site now instead of the multisite you are in based on the url you selected notice that the Edit Page does not show either Expected behavior: The selected site should display properly after My Sites and the Edit Page should display to the User. used WordPress 5.1.1 and the Gutenberg release installed with this version OS: Windows 7 Enterprise Browser chrome Version 73.0.3683.75 It could possibly relate to Gutenberg because a test of 4.9.10 with Gutenberg plugin not installed and Gutenberg not a part of WordPress core in that release doesn't have that problem. " wordpressdevtester 1 Needs Patch 43899 Move the view mode switcher into screen options for multisite users and sites Networks and Sites 4.4 normal normal Awaiting Review defect (bug) new 2018-04-29T15:37:00Z 2018-04-29T22:05:59Z "In the Posts screen, WordPress used to have two links to ""switch mode"" from the normal list view to the ""excerpt"" view. In WordPress 4.4 these links were moved to the Screen Options panel, see [35357]. However, on multisite the ""Sites"" and ""Users"" screens still show the switch mode links at the top right of the main table. For consistency, and for the design / UI reasons explained in #22222, they should be moved to the Screen Options as well. " afercia 3 Needs Patch 42187 Multisite - Wordpress Importer Unavailable Networks and Sites 4.8.2 normal normal Awaiting Review defect (bug) new 2017-10-11T18:57:31Z 2017-10-11T18:57:31Z "I have a multisite installation for wordpress, and I have two users: * admin - Multisite Administrator * commonAdm - An administrator of only one of the sites in the network. Steps to reproduce: 1. When the commonAdm tries to access the Wordpress Importer via Tools -> Importer, no options are shown to him. 2. Then I, as ""admin"", open the same page, click on Wordpress Importer (just opening the url ""/wp-admin/import.php?import=wordpress"" 3. After the ""admin"" access this page, the commonAdm can see and use the Wordpress importer. It seems that it requires this first access on EVERY single site for it to work, somehow it must be setting a flag, but I couldn't find any documentations regarding this behaviour. Other information: * I'm running a Bitnami Wordpress Multisite on AWS EC2, up to date to 4.8.2; * I'm not sure if the bug is related to Network and Sites or the Importer itself (so I chose the first one)" dtiziani Needs Patch 58795 Multisite Network Admin Sites - Search doesn't work well Networks and Sites normal normal Awaiting Review defect (bug) new 2023-07-12T20:36:32Z 2023-07-24T19:45:39Z The built-in Search functionality in the Multisite Network Admin area has not been working well. Whenever I update a Site Name on a Subsite to be the unique Subdomain, the Search box does not seem to index or cache the new Site Name (even after I clear the cache on the network). So the only way to find sites on my multisite network is to browse through hundreds of site domains until I find the one I am looking for. If I know the Site ID, I can input it into the Search box and the site comes right up. For some reason, text from the subdomain in the Site Name field do not seem to get searched through. paulpleasant 2 Needs Patch 40465 Multisite fails to rewrite upload path on main site Networks and Sites 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-16T13:33:33Z 2017-04-17T18:12:13Z "This is a follow-up to #12002. After removing the /blog/ slug On options-permalink.php, the media filed display the wordpress subdirectory on the urls. '''Steps''': Install wordpress in its own directory Activate multisite with subsites Switch one of thd subsite into becoming main site Everything works smoothly including images However, image urls contain wordpress directory. {{{ Domain.com/wordpress/wp-content/uploads/image-title.jpg }}} Instead of {{{ Domain.com/wp-content/uploads/image-title.jpg }}} Is this the way it is designed to work? Or a bug? Thanks." daniel berhane 5 Needs Patch 31664 Multisite network setup for .htaccess Networks and Sites 4.1.1 normal normal defect (bug) new 2015-03-17T09:06:42Z 2019-06-04T20:12:06Z "Hi there, Sorry if this is not the correct place to post it. But I donot know where then..... I have 2 multisite installations that were not working. Dashboard for the Primary site was working. Trying to go to the dashboard for the other sites gave an error code or a loop message. And the other sites where not shown under ""My sites"" (hover function). I was able to have a look at the child site but it had no theme it was just a ""sitemap"" list. What did I wrong? I thougt.... Here what I did: ================ 1st installation (localhost using XAMPP) - install wp 4.1.1 - change config.php to multisite - Copy andPaste ""Network setup"" from Dashboard. Here is the ""problem"", the .htaccess here shows: {{{ RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) D:/Programs/xampp/htdocs/H4Net/$2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ D:/Programs/xampp/htdocs/H4Net/$2 [L] }}} After a long researching, I have found an advice from a long time ago and applied. The advise where to change these 2 lines to: {{{ RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) /H4Net/$2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ /H4Net/$2 [L] }}} After this change it works. ================ 2nd installation web based hosting - install wp 4.1.1 - change config.php to multisite - Copy andPaste ""Network setup"" from Dashboard. Here is ""again"" the ""problem"", the .htaccess here shows: {{{ RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) sites/MYURL/$2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ sites/MYURL/$2 [L] }}} The solution I found is to change it to: {{{ RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] }}} ================================================ My request is: Althought I have seen it was already asked some time ago, Network setup still doesnot come up with the correct .htaccess information. When installing I do follow instructions given. This was the issue..... I am not a technical person, far from that. I am good in copy and paste :-) I have seen / read a lot of people are the same as I am, or have the same issue as I had. So if you could please change it in the next update it would help a lot! BTW Thanks a lot for making wordpress available!!!!! Cheers, Helena PS: sure I can give screenshots of more info if needed. " wph4 4 Needs Patch 47630 Multisite: Admin dashboard links are malfunctioning on mapped domain Networks and Sites 5.2.2 normal blocker Awaiting Review defect (bug) new 2019-06-30T07:03:31Z 2019-07-10T03:49:37Z "I realize this may not qualify as a Trac issue. However, I have already tried the wp support forums, and read multiple pages of the wp forums, codex, stack exchange, etc. No one has an explanation for what I'm seeing, nor even do I find a similar description of it anywhere. Bottom line: Domain mapping on admin dashboard is not working as expected. The default (un-mapped) dashboard link for any mapped domain takes me to the primary site's dashboard. The mapped domain dashboard link takes me to a login screen. Background: About 10 days ago, out of the blue, “something” failed miserably on my production site. The primary symptom was that sites with a mapped domain were in a redirect loop on the front end. I had not done any updates or made any changes to the site. There were other symptoms at first, seemed causative. In retrospect, they may have been resultant or coincidental. I can explain if it is of interest, but I am trying to keep this brief. I was using the WPMUDEV Domain Mapping plugin, and it had been in place since the development of the site 3 years ago. I got the site working again by reverting to standard built-in WP domain mapping. However, the admin toolbar was missing (not the issue I am reporting today) and links to the mapped domain dashboards were malfunctioning. In my research, I have learned that some people who were using the MU Domain Mapping plugin (a different domain mapping plugin than I was using) experienced very similar issues around the same time. They also reported missing toolbars and redirect loops. For troubleshooting purposes, I created an exact duplicate of my production site with a primary domain of dev.xxxxxxxxxx.org and a mapped domain of dev.yyyy.org I assumed that I could work through a plugin conflict test and find out the cause. But after stripping the site down to bare bones, I still have the same problem. I cannot say for sure that it is a bug -- it may very well be something with my site. But I simply do not know where else to turn at this point. I need advice from those who know domain mapping best and might be able to identify what the root cause of this problem is. You can see a screencast demonstrating the problem here: https://cl.ly/7eee36f3aa13 You can see screenshots of my folder structure and database entries here: http://bit.ly/2Jbm2fT Here are my site specs: - Multisite - WP 5.2.2 ( was on 5.1 with several out of date plugins when the original ""out of the blue"" problem happened and updated to 5.2.2 during troubleshooting) - AWS hosting - Apache/2.4.18 (Ubuntu) - PHP 7.0.33-0ubuntu0.16.04.5 - multisite is in the webroot - subdirectory multisite setup - All plugins, mu-plugins, and drop-in plugins are moved into temp folders. - All sites are set to Twenty-Nineteen theme. - Domain mapping (using wp in-built options) for two domains, mapped to two of the subsites - On the frontend, domain mapping works as expected. - In the dashboard, domain mapping is NOT working correctly. – it was originally set up with the WPMUDEV Domain Mapping plugin (which is now legacy b/c of domain mapping since wp 4.5) – auto updates disabled I expect: My Sites >> [Mapped Site] >> Dashboard - should take me to the dashboard for that site (not any other) - I should not need to login because I am already logged in as superadmin What happens: My Sites >> [Mapped Site] >> Dashboard - I am taken to a login screen and my superadmin login returns a ""wrong email or password"" error - If I manually change the URL to the non-mapped URL for the dashboard (primarydomain.com/zzzzz/wp-admin), I am immediately taken to the primary site's dashboard instead. There is no 301/302 redirect. There are no errors in the apache error log. There are no errors in the WP debug log. The browser console shows no errors. I have tested this by creating a new sub-site and mapping the domain there instead. When I do this, the newly created test site's dashboard is inaccessible, and I am taken to the primary domain's dashboard. Now I can get to the previously mapped domain's dashboard easily, via the My Sites menu. This is demonstrated in the screencast above. Relevant portions of wp-config: {{{ /* Multisite */ define( 'WP_ALLOW_MULTISITE', true ); define('MULTISITE', true); define('SUBDOMAIN_INSTALL', false); define('DOMAIN_CURRENT_SITE', 'dev.xxxxxxxxxx.org'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); // define('COOKIE_DOMAIN', ''); // define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']); // define('DOMAINMAPPING_ALLOWMULTI', true); // define('FORCE_SSL_ADMIN', true); /* these were recommended for fixing a redirect loop, but they are not helping now */ // define('ADMIN_COOKIE_PATH', '/'); // define('COOKIE_DOMAIN', ''); // define('COOKIEPATH', ''); // define('SITECOOKIEPATH', ''); /* baseline home and siteurl */ define( 'WP_HOME', 'https://dev.xxxxxxxxxx.org' ); define( 'WP_SITEURL', 'https://dev.xxxxxxxxxx.org' ); }}} Relevant portions of .htaccess: (Keep in mind this is a copy of my production site, which does not have dev. in front of the domain name. Since the problem exists in both places identically, and given the use of the domain in these functions, I do not think it is relevant. Please correct me if I am wrong.) {{{ # BEGIN HTTPS Redirection Plugin RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # END HTTPS Redirection Plugin # Stop spam attack logins and comments RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .*/(wp-comments-post|wp-login)\.php.* [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?log-in(.*)$ RewriteCond %{HTTP_REFERER} !.*xxxxxxxxxx.org.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ #RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L] RewriteRule ^(.*)$ - [F] #RewriteRule ^(.*)$ http://xxxxxxxxxx.org/misc/block.html [R=301,L] # BEGIN WordPress RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule . index.php [L] # END WordPress }}} I will be very grateful for any assistance you can provide in determining if there is something wrong with my site, or if this is a bug in WP. Thank you in advance! " kalico 1 Needs Patch 39808 My Sites broken in 4.7.2 Networks and Sites 4.7.2 normal normal Awaiting Review defect (bug) new 2017-02-07T21:56:33Z 2017-11-14T18:24:33Z "After upgrading to 4.7.2, My Sites shows an error: You must be a member of at least one site to use this page. This happens for both regular users and administrators. I've fixed it for now by changing one line of code: diff wp-admin/my-sites.php.orig wp-admin/my-sites.php 20c20 < $blogs = get_blogs_of_user( $current_user->ID ); --- > $blogs = get_blogs_of_user( $current_user->ID, 1 ); " earl.fogel 15 Needs Patch 52378 Network admin site action confirmation leads to expired link screen when referer not available Networks and Sites normal normal Awaiting Review defect (bug) new 2021-01-26T17:30:39Z 2021-01-29T15:20:50Z "Sorry for the wordy summary. In the network admin on a multisite installation the sites list shows links for actions like ""Archive"", ""Deactivate"" etc. that take you to an interstitial page to confirm the action. This interstitial page outputs a simple form with the action being confirmed, nonce values and so on filled in, including a field for `_wp_http_referer` which is then used in the `check_admin_referer()` call. The referrer field is built using the following code: {{{#!php "" /> }}} In infrastructure where WordPress is behind a load balancer and for caching reasons the referer header is not passed to the web server this breaks because the output from `wp_get_referer()` is empty. Clicking confirm will result in a `wp_die()` screen from `wp_nonce_ays()` saying the link has expired. This can be worked around by filtering `network_admin_url` where the link contains `action=confirm` to add `_wp_http_referer` as a query parameter but ideally the referer should be passed in the query string by default. Given there is a workaround this is low priority, and I can't see anywhere else in WP affected by this currently either. " sanchothefat 1 Needs Patch 38312 Network setup step 2 throws warning in certain server setups Networks and Sites 3.5 normal normal Awaiting Review defect (bug) new 2016-10-14T14:31:02Z 2019-04-01T13:47:23Z "Hi, I got this error on my local server: ''Warning: Strpos(): Empty delimiter in wp-admin\includes\network.php line 344'' I tracked this down to line: $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path(); After some more digging, it seems to me that it's possible that this line is causing the initial problem: $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) ); Since realpath() can be false in some server setups, $document_root_fix can be empty as well (hence the error) From http://stackoverflow.com/questions/7906513/realpath-returns-empty-string: ''Note: The running script must have executable permissions on all directories in the hierarchy, otherwise realpath() will return FALSE. So your web server should have access also to pre-webroot directories.'' Leaving us with perhaps unexpected behavior of the lines following. I'm not quite sure what to do next, since the next couple of lines are quite hard to grasp. Thanks, Ruud " ruud@… 1 Needs Patch 46662 "Networked WP ""Deactivate"" a blog site then later ""Activate"" it loses posts and comments" Networks and Sites 4.9.8 normal normal Awaiting Review defect (bug) new 2019-03-26T20:47:38Z 2020-02-20T00:26:55Z "Site dashboard shows WP version as 4.9.10 (does that equal 5.0?). Using network administration, the list of sites shows the following when hovering over a given site: Edit | Dashboard | Deactivate | Archive |Spam | Delete | Visit Selecting ""Deactivate"" appears to work. The blog site is **not** deleted (confirmed) and none of the posts appear to be retrieved. Attempting to access the blog site provides an appropriate message (versus a 404 not found or similar). However, a day or two later, when the site is ""Activated"", all the recent posts and comments appear to have been deleted (i.e. no longer visible). This involved the years 2016 - 2019. Previous posts and comments going back several years were retained and can be displayed. The only vaguely similar issue I could find is #44515; but clearly I used ""Deactivate"" or I would not have been able to re""Activate"" the blog site. Note 1: The networked setup uses sub-domains. Note 2: Using phpMyAdmin to view the records in wp_13_posts (the particular blog site involved has the Id 13), there are rows for the years 2018 and 2019 -- 8 for 2018 and 7 for 2019. The ""post_content"" column for these records appears blank. The ""post_title"" column appears to indicate these are entries associated with a post, but not the ""main"" post. Those with a post_title like ""Rev-9-MAR-2019-Sectional.jpg"" have a post_type of ""attachment"" and post_title ""Auto Draft"" have a post_type of ""post"". " johngoold Needs Patch 57453 Newly created sub-site in multisite not appearing immediately in My Sites list Networks and Sites 6.1.1 normal normal Future Release defect (bug) new 2023-01-12T13:53:20Z 2023-01-19T20:47:48Z "Hello: **Issue** When, as a super-admin, a sub-site is created while in a multisite environment, the newly created sub-site does not appear immediately in the toolbar's site list dropdown. **Expected Behavior** The expected result of adding a new sub-site is that while logged in as a super-admin, the super-admin would immediately see all sub-sites on the multisite. **Findings** New sub-sites will not appear to even a super-admin until the super-admin is manually added to the new site as a user. **Question-Request** Should WordPress require a super-admin to manually add themselves to a sub-site to include that sub-site in the super-admin's toolbar list of sites dropdown? " richardkrone 6 Needs Patch 58983 Old error message from 5.1 reappeared in 6.2.2 Networks and Sites 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-04T16:33:41Z 2023-08-08T16:29:04Z "The following error message appears in multisite installations after upgrade to 6.2.2 Performing the network upgrade doesnt seem to get rid of the message `Notice: Function wp_check_site_meta_support_prefilter was called incorrectly. The wp_blogmeta table is not installed. Please run the network database upgrade. Please see Debugging in WordPress for more information. (This message was added in version 5.1.0.) in .../wp-includes/functions.php on line 5865` The table itself doesnt seem to exist in the database nor is it being created. Its no affecting any multi site functionality though. The hosting is Wp-Engine if that matters." namith.jawahar 5 Needs Patch 49335 On Multisite, wp_get_attachment_image_url returns URL with current site path even though switch_to_blog() is on another Networks and Sites 5.3.2 normal normal Awaiting Review defect (bug) new 2020-01-31T21:39:44Z 2024-01-13T13:31:56Z "Also see https://github.com/aubreypwd/WordPress/issues/6 ---- So in my example, I have a sub-dir site with three sites: 1) The root site (ID: `1`) 2) site-2 (ID: `2`) 3) site-3 (ID: `3`) Then I load up site `2` wp-admin/ and let the following code run in an `mu-plugin/`: {{{ add_action( 'plugins_loaded', function() { switch_to_blog( 3 ); error_log( print_r( (object) [ __FILE__ => __LINE__, wp_get_attachment_image_url( 4, 'full' ), get_site( get_current_blog_id() ), ], true ) ); restore_current_blog(); } ); }}} This switches to site `3` and gets an attachment URL using `wp_get_attachment_image_url` and outputs the WP_Site of site `3`, but in the output: {{{ ( [/app/public/wp-content/mu-plugins/debug.php] => 9 [0] => http://wordpress-subdir.test/site-2/wp-content/uploads/sites/3/2020/01/Database.png [1] => WP_Site Object ( [blog_id] => 3 [domain] => wordpress-subdir.test [path] => /site-3/ [site_id] => 1 [registered] => 2020-01-31 20:43:10 [last_updated] => 2020-01-31 20:43:10 [public] => 1 [archived] => 0 [mature] => 0 [spam] => 0 [deleted] => 0 [lang_id] => 0 ) ) }}} Notice that the URL `[0] => http://wordpress-subdir.test/site-2/wp-content/uploads/sites/3/2020/01/Database.png` contains the site slug `site-2` of site `2` (of the Dashboard I ran this from) even though we are actively on site `3` via `switch_to_blog()`. Oddly, on sub-domain I get: {{{ ( [/app/public/wp-content/mu-plugins/debug.php] => 9 [0] => http://site2.wordpress-subdomain.test/wp-content/uploads/sites/3/2020/01/terminal-gnome.ong_.png [1] => WP_Site Object ( [blog_id] => 3 [domain] => site3.wordpress-subdomain.test [path] => / [site_id] => 1 [registered] => 2020-01-31 21:28:57 [last_updated] => 2020-01-31 21:28:57 [public] => 1 [archived] => 0 [mature] => 0 [spam] => 0 [deleted] => 0 [lang_id] => 0 ) ) }}} Which does NOT contain the site slug of the admin dashboard." aubreypwd Needs Patch 53244 PHP Warning on non-existent multisite wp-cron.php Networks and Sites normal normal Awaiting Review defect (bug) new 2021-05-21T04:33:52Z 2021-05-21T04:33:52Z "A PHP warning can be triggered when a HTTP request is made to `wp-cron.php` on a non-existent multisite site. For example: {{{ GET https://foobar.example.org/wp-cron.php PHP Warning: Cannot modify header information - headers already sent in wp-includes/ms-settings.php on line 79 PHP Stack trace: PHP 1. {main}() wp-cron.php:0 PHP 2. require_once() wp-cron.php:44 PHP 3. require_once() wp-load.php:55 PHP 4. require_once() wp-config.php:125 PHP 5. require() wp-settings.php:141 PHP 6. header($header = 'Location: https://example.org/wp-signup.php?new=foobar') wp-includes/ms-settings.php:79 }}} While the error doesn't define why it's being triggered, but it's because [44488] ends the request when `wp-cron.php` is requested prior to the multisite bootstrap. Initial thoughts say that this is probably a ""good enough"" fix: {{{ #!diff Index: wp-includes/ms-settings.php =================================================================== --- wp-includes/ms-settings.php (revision 50552) +++ wp-includes/ms-settings.php (working copy) @@ -73,7 +73,7 @@ if ( true === $bootstrap_result ) { // `$current_blog` and `$current_site are now populated. - } elseif ( false === $bootstrap_result ) { + } elseif ( false === $bootstrap_result || headers_sent() ) { ms_not_installed( $domain, $path ); } else { header( 'Location: ' . $bootstrap_result ); }}} While this warning will never be seen by users, it can end up in the PHP logs, especially when a vulnerability scanner is trying every subdomain under the sun." dd32 Needs Patch 50228 Plugins can inadvertently trigger `wp_die()` infinite loop during site creation Networks and Sites normal normal Awaiting Review defect (bug) new 2020-05-22T21:00:39Z 2020-05-22T21:11:04Z "==== Problem This is one example of an execution path that leads to an infinite loop, but there are probably several others. It can happen to any callback that tries to query a new site's tables after the `wp_insert_site` action, and before the `make_db_current_silent()` call inside `wp_initialize_site()`. 1. Creating a new site in a Multisite network will eventually call `wp_initialize_site()` 1. That calls `switch_to_blog()` 1. A plugin could hook into the `switch_blog()` action, and call `get_locale()`. 1. That calls `get_option()`, which will trigger a MySQL error, because the tables don't exist. 1. `wpdb->print_error( )` calls `_default_wp_die_handler()` 1. That calls `get_language_attributes()`, which calls `get_option()` 1. The process repeats until PHP gives up. > ( ! ) Fatal error: Uncaught Error: Maximum function nesting level of '256' reached, aborting! in wp-includes/class-wp-hook.php on line 196 It's not obvious to plugin developers that this kind of thing can happen, so I think Core should handle it gracefully. Related: #49263 ==== Potential solutions 1. `wp_die()` coule call a new `_installing_wp_die_handler()` when `is_installing()` is `true`. This could be a minimal version of `_default_wp_die_handler()`, where no database queries are made.[[br]][[br]] 1. `_default_wp_die_handler()` could avoid calling `get_language_attributes()` when `is_installing()` is `true`.[[br]][[br]] 1. Something else?" iandunn Needs Patch 57233 Send password reset action link not working on multisite Networks and Sites 6.1.1 normal normal Awaiting Review defect (bug) new 2022-11-30T08:08:46Z 2022-11-30T08:08:46Z "In a multisite installation while the quick action link ""Send password reset"" shows up when accessing users list (wp-admin/network/site-users.php), it doesn't send the email neither any admin notice appear when clicked. It simply redirects to the main multisite users screen (wp-admin/network/users.php)." christopherplus Needs Patch 47083 "Site Info Update Not Adjusting ""Last Updated"" Value" Networks and Sites 5.1.1 normal normal Awaiting Review defect (bug) new 2019-04-30T14:30:27Z 2019-05-09T17:14:48Z " + Navigate to `/wp-admin/network/site-info.php?id=XXX` where XXX is a valid Site ID. + Checkmark: Spam + Click: Save Changes Expected: ""Last Updated"" changed to current time. Actual: ""Last Updated"" not changed. --- This is in contrast to `/wp-admin/network/sites.php` -> Bulk action -> Mark as Spam. Doing it bulk updates the Last Updated field to current time. --- In fact, behaviour is broken since 5.1.0 `update_blog_details` function used to do: {{{ $details = array_merge($current_details, $details); $details['last_updated'] = current_time('mysql', true); }}} https://github.com/WordPress/wordpress-develop/blob/5.0/src/wp-includes/ms-blogs.php#L297 --- This is a problem because we use ""Last Updated"" field to purge spam. It gives users X days from the ""Last Updated"" value to dispute the spam. " conner_bw 3 Needs Patch 19724 Sites with IDN domains can't be created (bug #15554 continuation) Networks and Sites 3.3 normal normal defect (bug) new 2012-01-03T17:44:08Z 2019-06-04T20:03:05Z "registration of new site with idn domain by unknown/new users themselves is not possible. (though creation of new site in wp-admin/network/site-new.php page is possible, by patch given in bug #15554 , i have just now tested it.) also let i mention that site domain is written (and would be requested to enter, if would be fixed without punycode to unicode conversion) in punicode form in wp-signup.php page, that is not acceptable for wordpress. i have attached differences i made to wp 3.0.4 to make idn domains working and also to show and accept them in human readable format in wp-signup.php page . link to the differences file i attached to/in previous bug report on/to this topic: http://core.trac.wordpress.org/attachment/ticket/15554/diff304-blogo.txt ." qdinar 9 Needs Patch 42284 Stop invalid query generation in WP_Site_Query Networks and Sites 4.6 normal normal Awaiting Review defect (bug) new 2017-10-19T20:09:44Z 2019-02-05T17:20:30Z "In WP_Site_Query, developers have the ability to query by a single value or by multiple using a `__in` param. An example of which is which is `domain` and `domain__in`. Take for example the following query. ` get_sites(['domain' => 'test.local', 'domain__in' => ['lebowski.local', 'start.test.local']]); ` This query will only results for test.local, completely ignoring the `domain__in`. This is because of the query it generates. That looks like this ` domain = 'test.local' AND domain IN ('lebowski.local', 'start.test.local')` Improved error checking must be implemented on this code to stop invalid queries. " spacedmonkey 4 Patch Needs Refresh 37822 Text area misaligned on network setting.php Networks and Sites 4.6 normal normal Future Release defect (bug) new 2016-08-25T10:46:27Z 2018-03-05T16:42:51Z "On Network setting page, all text area looks misaligned. Looks zig zag Refer attached screenshots for better view. " Ankit K Gupta 12 Needs Patch 46361 WPMU - HTTP Request at root path with special character in query key name causes endless loop Networks and Sites 5.1 normal critical Awaiting Review defect (bug) new 2019-02-27T15:38:41Z 2020-12-15T18:46:45Z "Dear WP Team, I observe the following erroneous behavior running WPMU at the latest Version (5.1), but this behavior regards at least version 4.98. If I call a site from a WPMU instance without a context path but with a query key containing a sepcial character, the http-request ends in an endless loop. Affected are at least german umlaut and special characters like [öäüÖÄÜß], but charachters like [§] as well. **For instance www.pleaseuseyourdemowpmuinstance.com?äöüfoo** I'm quite sure that this is a WordPress bug, cause the http response has following header. **""x-redirect-by WordPress""** So the redirect doesnt seem to be from any loadbalancer, cache server or webserver. I hope to have contributed a bit to your great work, thank your very much! Best Regards, Reza Anwar " ranwar 1 Needs Patch 59556 WordPress Multisite issue - Media files presenting on Google with wrong domain Networks and Sites 6.3.1 normal normal Awaiting Review defect (bug) new 2023-10-06T07:32:22Z 2023-10-09T07:52:26Z "Hi WordPress Team, I have a WordPress Multisite set up with 6 sites. Each site has its own domain name. I discovered on a google search, that an uploaded media file is incorrectly referenced and basically ""shared"" between domains. I have google showing a link to a file on site ''#''17, but it is referencing the domain name for site ''#''20. Google shows: {{{ https://site20domain/wp-content/uploads/sites/17/filename.pdf }}} But it should be showing: {{{ https://site17domain/wp-content/uploads/sites/17/filename.pdf }}} See also attached screenshots. Thanks Kind regards, Regine " nutsonshells 1 Needs Patch 42557 Wrong Behaviour on get_site_url for multiple sites with different protocol Networks and Sites 4.9 normal normal Awaiting Review defect (bug) new 2017-11-15T14:41:28Z 2017-12-21T23:18:17Z "Hi guys, i think i found something that imho isn't working at all as expected. Let's go with some explaination: * I have a multisite network which has 4 sites * 1 site, the main one, is under HTTPS protocol, the rest are under normal HTTP * I've made a unique theme, customized for all 4 sites * '''I don't want to pass the scheme to get_site_url()''' , this should be created dinamically In theme footer, i'm calling the function {{{ get_site_url() }}} for pointing each site to other ones. Something really bad happens here: * The first site (the https:// one) show all the links with https on top, and it's totally wrong as the remaining sites are all under http * Instead, the remaining sites show all the link with http on top, included the first https one So, after inspecting a while, it seems you're doing something i cannot really explain... * function get_site_url (link-template.php, row 3063) get the siteurl option from database using get_option('siteurl') and then you call set_url_scheme * function set_url_scheme will be blocked from first condition check {{{ if(! $scheme) }}}, so we're going to is_ssl() * and here we are with something misunderstood... function is_ssl() checks if $_SERVER[ 'HTTPS' ] global var is set and return true or false for the current server configuration, not bothering of other sites configuration (!?!?!?!?!?) * so when i interrogate a HTTPS site, all links will be ssl, when i interrogate a HTTP site, all links won't have ahead that protocol. I don't think this is an optimal way to check this thing honestly... Could we discuss about it?" matteowebsolution 1 Needs Patch 55454 clean_site_details_cache() doesn't clean all site caches Networks and Sites 4.7 low minor Awaiting Review defect (bug) new 2022-03-24T03:42:33Z 2022-07-20T07:39:54Z "clean_site_details_cache() clear's two caches: {{{ wp_cache_delete( $site_id, 'site-details' ); wp_cache_delete( $site_id, 'blog-details' ); }}} https://github.com/WordPress/wordpress-develop/blob/0b800e21c311e302824e4a025946a6fdb4f6c794/src/wp-includes/ms-blogs.php#L322-L337 But there's a third used within `get_blog_details()` that's closely related to those two caches: {{{ if ( $get_all ) { $details = wp_cache_get( $blog_id . 'short', 'blog-details' ); } else { $details = wp_cache_get( $blog_id, 'blog-details' ); }}} One could argue that the `blog-details` caches are not related to the `site-details` caches, but one would expect that if it clears some of them, that it'll clear all of them. `clean_blog_cache()` is a [https://developer.wordpress.org/reference/functions/clean_blog_cache/ much more comprehensive function] though: {{{ wp_cache_delete( $blog_id, 'sites' ); wp_cache_delete( $blog_id, 'site-details' ); wp_cache_delete( $blog_id, 'blog-details' ); wp_cache_delete( $blog_id . 'short', 'blog-details' ); wp_cache_delete( $domain_path_key, 'blog-lookup' ); wp_cache_delete( $domain_path_key, 'blog-id-cache' ); wp_cache_delete( $blog_id, 'blog_meta' ); }}}" dd32 1 Needs Patch 48442 "deleting a site leaves ""orphaned"" user options" Networks and Sites normal normal Awaiting Review defect (bug) new 2019-10-27T20:15:02Z 2019-10-27T20:15:02Z "When a site/blog is deleted, whether from the Network > Sites screen or via `wp_delete_site()`, most ""per site"" user options (i.e., those added with `update_user_option()` where `$global == false`) remain in the `usermeta` table. The `capabilities` and `user_level` ones are deleted, but all others remain. Core adds at least the following such user options: * `dashboard_quick_press_last_post_id` * `media_library_mode` * `user-settings` * `user-settings-time` and plugins often add others (e.g., classic editor adds `classic-editor-settings`). In a large network (with many users and many sites that have been deleted) this can result in significant bloat to the `usermeta` table. To reproduce: 1. create a network and add at least 1 site in addition to the main site (e.g., with `blog_id == 2`) * can be either sub-domain or sub-directory network 2. visit the dashboard of the site with `blog_id == 2` * this will create the `wp_2_dashboard_quick_press_last_post_id` user meta 3. delete the site with `blog_id == 2` 4. see that `wp_2_capabilities` and `wp_2_user_level` user metas have been deleted from the `usermeta` table but that `wp_2_dashboard_quick_press_last_post_id` remains" pbiron Needs Patch 43251 editable_roles filter doesn't exclude role on multisite Networks and Sites 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-07T19:15:54Z 2019-12-06T16:48:21Z "On a multisite installation I am trying to exclude a role using editable_roles filter. The role is removed from the dropdown but if I change the role value in the DOM using the inspector I can successfully add the excluded role. This happens only on multisite installations. On single installations if I try to add an excluded role I get the message “Sorry, you are not allowed to give users that role.” '''How to reproduce the issue:''' 1. Unset a role using editable_roles filter. 2. Login with any role that has the capability create_user. 3. Add a new user changing any role value with the excluded role (using inspector)." eArtboard 1 Needs Patch 40682 get_current_blog_id() and get_current_network_id() are loaded before absint() Networks and Sites 3.5 normal normal Awaiting Review defect (bug) new 2017-05-06T06:41:04Z 2019-02-23T15:35:39Z In r21484, these functions were moved to `wp-includes/load.php`. Regardless of when they are *supposed* to be called, they are available to be called by cache plugins before `absint()` exists in the ether. If caching plugins are indeed accessing `global $blog_id` this early, seems like a race condition somewhere. wonderboymusic 3 Needs Patch 60659 get_subdirectory_reserved_name bypass on mutlisite Networks and Sites 6.4.3 normal normal Awaiting Review defect (bug) new 2024-02-29T12:07:13Z 2024-02-29T12:07:13Z "By default on Multisite installation, you cannot have subsite(subdirectory) with name /blog/ due to: https://developer.wordpress.org/reference/functions/get_subdirectory_reserved_names/ as this tigger an error when you try to create such subsite: {{{ The following words are reserved for use by WordPress functions and cannot be used as site names: page, comments, blog, files, feed, wp-admin, wp-content, wp-includes, wp-json, embed }}} But you can bypass that by creating subsite /aaa/ and edit name later on in network. I wonder is that a bug, and if so will it cause any issues using such subsites slug? The only one I have found so far is that if on main site you will have /blog/ page slug, after re-save slug will get the number at the end. Also, if you can bypass that, maybe it should be removed from reserved list? Apart from /blog/ slug I was able to replicate that for /comments/ using same bypass. I could not find any information in that matter. Thank you " knightrider123 Needs Patch 51779 wpdb->get_blog_prefix() doesn't allow wp_1_tablename structures Networks and Sites normal normal Awaiting Review defect (bug) new 2020-11-15T15:42:46Z 2023-06-08T18:32:59Z "Context: We have some OLD networks (10+ years, started as WPMU, etc) In the process of dropping our Domain Mapping plugin for WordPress's native support, I encountered the following problem. Some (probably very few) old networks have the root site's tables as wp_1_options (instead of wp_options). {{{ if ( defined( 'MULTISITE' ) && ( 0 === $blog_id || 1 === $blog_id ) ) { return $this->base_prefix; } }}} This logic explicitly prevents wp_1_options and friends as being queried, with requests to the root/base site going to wp_options (which doesn't exist). Perhaps there could be some kind of sanity check that checks for the existence of tables with the prefix in this kind of situation?" MadtownLems 1 Needs Patch 52651 $option_group argument in settings_fields() function is misdescribed Options, Meta APIs 2.7 normal normal Awaiting Review defect (bug) new 2021-02-25T10:59:49Z 2021-02-28T10:52:51Z "The settings_fields() function in plugin.php takes a single argument described as $option_group. However this argument is then used to populate the 'option_page' hidden element. The docBlock param description says ""This should match the group name used in register_setting()"" but if you follow this advice, your option group will not be included in $allowed_settings and you will get an error. {{{#!php /** * Output nonce, action, and option_page fields for a settings page. * * @since 2.7.0 * * @param string $option_group A settings group name. This should match the group name * used in register_setting(). */ function settings_fields( $option_group ) { echo """"; echo ''; wp_nonce_field( ""$option_group-options"" ); } }}} It seems a common fix for this on the internet is to pass the 'option_page' value instead. https://wordpress.stackexchange.com/questions/376785/wordpress-error-options-page-setting-not-found-in-the-allowed-options-list if the argument name could be changed to $option_group and the docBlock updated accordingly, that would correct the issue without breaking existing implementations {{{#!php ""; echo ''; wp_nonce_field( ""$option_page-options"" ); } }}} " pe01b6 1 Needs Patch 56752 Add get_post_metadata filters by $meta_key Options, Meta APIs normal normal Awaiting Review defect (bug) new 2022-10-06T23:18:56Z 2022-10-12T18:24:06Z "`get_metadata_raw()` applies `get_{$meta_type}_metadata` filters, which means that when trying to filter a single meta key, this function will be executed for EVERY meta key and require a condition that checks for the correct meta key to filter. It would be a great idea to have `get_{$meta_key}_metadata` filters. Since `$meta_key` is some generic string, though, it cannot be used directly, and must be adapted first to suit a PHP function name by replacing any non-alphanumeric character with an underscore." galbaras Needs Patch 37635 BUG in get_option Options, Meta APIs normal normal Awaiting Review defect (bug) new 2016-08-11T08:11:58Z 2020-12-17T23:11:48Z "in wp_options, i had saved this large serialized string: http://pastebin.com/raw/hxwETuHX however, when i run `get_option(""option_name"")` it returns false... i have spent time and found out, that it's because that get_option tries to unserialize it and return the result, but it have problems while unserializing. then i decided to manually grab the value and unserialize by hand.. and i succeeded! {{{#!php $raw_data=$wpdb->get_var(""Select option_value from wp_options Where option_name='option_name'""); unserialize(Serialized_Fixer($raw_data)); function Serialized_Fixer($serialized_string){ // securities if ( !preg_match('/^[aOs]:/', $serialized_string) ) return $serialized_string; if ( @unserialize($serialized_string) !== false ) return $serialized_string; return preg_replace_callback( '/s\:(\d+)\:\""(.*?)\"";/s', function ($matches){ return 's:'.strlen($matches[2]).':""'.$matches[2].'"";'; }, $serialized_string ) ; } }}} and that worked! this is seriously a bug of WP! please fix it! thanks!" tazotodua 5 Needs Patch 55600 Can't save registered post meta field of type string that equals registered default value via REST API Options, Meta APIs normal normal Awaiting Review defect (bug) new 2022-04-21T13:47:24Z 2022-04-21T13:47:24Z "== Current behaviour Currently if you register a post meta key as string and set a default value: {{{ register_post_meta( 'my_cpt, 'my_meta', [ 'show_in_rest' => true, 'single' => true, 'type' => 'string', 'default' => 'foo' ] ); }}} and then save the default value it is not actually being written to the database. If you save any other type, e.g. a boolean {{{ register_post_meta( 'my_cpt, 'my_meta', [ 'show_in_rest' => true, 'single' => true, 'type' => 'boolean', 'default' => true ] ); }}} it is being written to the database. Also not saving via the REST API, but via `update_metadata()` works for strings. == What seems to happen The problem seems to happen like this: - Post meta is only saved if it differs from the currently stored value. - So before saving each field the new value is compared with the stored value. - When doing so the assumption is (rightfully) that all stored data is a string since that is how post meta is stored in the DB. - If the key doesn't exist though, the comparison happens with the default value. - The default value though isn't necessarily a string, but is handled as such in the strict equality check. - So the strict equality check fails on anything but a string field. **-> String fields can't save the default value, anything else can.** == How did it come to this? I am not absolutely sure what is actually the intended behavior, but I assume if there is nothing stored in the DB the value should be saved, even if it equals the default. I assume this because the behavior of `update_metadata()` [https://core.trac.wordpress.org/changeset/48402 got changed] to only consider DB data, not default values for the comparison by retrieving the stored data using `get_metadata_raw()` instead of `get_metadata()`. `WP_REST_Meta_Fields` duplicates some of the checks in `update_metadata()` ([https://github.com/WordPress/wordpress-develop/blob/14d9ca8da64688f799695eb9683e6ac8166cd4ee/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php#L382 even explicitly states that in a comment]) but `WP_REST_Meta_Fields::update_meta_value()` (and some other places in that class) didn't get the change to use `get_metadata_raw()` instead of `get_metadata()`. I assume this got overlooked when introducing the default metadata values in https://core.trac.wordpress.org/changeset/48402 It seems that replacing get_metadata with get_metadata_raw in that class should fix the issue, but I haven't found time yet to prepare a patch, so I thought I'd at least document the issue for now to see if someone else finds time for a fix before me." kraftner Needs Patch 48426 Can't update meta via the REST API if an identical value for a field you don't have permission to update is included Options, Meta APIs 4.7 normal normal Future Release defect (bug) new 2019-10-24T18:20:55Z 2020-10-26T21:36:10Z "On WP 5.3-RC2-46575, if you update any meta via the REST API via Gutenberg, all meta gets updated. If any of those meta update attempts fail because of user cap requirements, all meta updates fail because of that user cap requirement. Thus, all registered meta require the same user caps. This happens because all passed-in meta values are iterated through here: https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php#L135 And then updated here: https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php#L187-L191 From Gutenberg, those update calls fire regardless of whether the value is being changed. I believe this is because the entire Redux store is passed in and iterated over. This causes the issue I mentioned in regards to capability checking with protected meta. Because you can require a user capability for protected meta through the auth_callback when running register_meta, any unrelated meta could prevent another unrelated piece of meta from being updated. For example, if User A has cap_a, and tries to update _custom_meta_a, but _custom_meta_b requires cap_b, that user cannot update _custom_meta_a without getting a WP_Error here: https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php#L258 If we only update meta that has been changed, this should help here. **To replicate the problem follow these steps (props @modernnerd):** 1. Install WP 5.3-RC1 via the WP beta tester plugin by choosing “bleeding edge nightlies” at Tools → Beta Testing. 2. Activate the Twenty Twenty theme (these steps will work with any theme, though). 3. Add this PHP code to the Twenty Twenty theme's functions.php file to add custom post meta exposed to the REST API: {{{ function custom_register_post_meta() { $args = [ 'auth_callback' => 'custom_prefix_require_update_plugins', 'type' => 'boolean', 'single' => true, 'show_in_rest' => true, ]; register_meta( 'post', '_custom_post_meta_one', $args ); $args = [ 'auth_callback' => 'custom_prefix_require_non_existing_cap', 'type' => 'boolean', 'single' => true, 'show_in_rest' => true, ]; register_meta( 'post', '_custom_post_meta_two', $args ); } add_action( 'init', 'custom_register_post_meta' ); function custom_prefix_require_update_plugins() { if ( current_user_can( 'update_plugins' ) ) { return true; } else { return false; } } function custom_prefix_require_non_existing_cap() { if ( current_user_can( 'this_cap_does_not_exist' ) ) { return true; } else { return false; } } }}} 4. Edit a post or page. Make a change to the post content and click “Publish” or “Update” to confirm that changes work as expected. 5. In the browser console, display the post meta exposed to the REST API by pasting this command and typing enter: {{{ wp.data.select( 'core/editor' ).getEditedPostAttribute( 'meta' ); }}} You should see an object that includes your new custom meta: {_custom_post_meta_one: false, _custom_post_meta_two: false} 6. Update _custom_post_meta_one to 'true' with this command (this persists the data to the Redux store, but not the database): {{{ wp.data.dispatch( 'core/editor' ).editPost( { meta: { _custom_post_meta_one : true } } ); }}} Note that this is just a simplified test case. It emulates a plugin or theme updating meta via the WP API, without having to install a plugin or theme that uses custom post meta and Gutenberg. 7. Click Update in the post editor to save your post meta changes to the database. You'll see **“Updating failed. Error message: Sorry, you are not allowed to edit the _custom_post_meta_two custom field.”.** The thing is, _custom_post_meta_two wasn't actually updated or changed by the user, yet their lack of permissions for _custom_post_meta_two is preventing them from updating _custom_post_meta_one. I looked at doing a comparison check prior to saving for the saved value vs the new value, but because the saved value is always a string when coming from the database, you can't do strict checking, which could be problematic. So I am not sure what the fix needs to be here. " johnstonphilip 8 Needs Patch 45353 Homepage title none static homepage when static blog page is set Options, Meta APIs 4.9.8 normal normal Awaiting Review defect (bug) new 2018-11-14T16:28:58Z 2020-12-22T18:56:19Z "Hi I have issue with the title of teh page in the browser tab. When i use a seo plugin and i have a static blog page set and a non static homepage the none static home page show the static blog page title in the browser tab. I have tested this with wp 20-17 and various other themes and they all have the same issue. I tried AIOSEO and YOAST SEO and even if i enter the title for the nin static homepage i get the title for the static blog page. I reported to both plugin builders and they sais i had to be at wordpress core team. You can read all details here. https://github.com/Yoast/wordpress-seo/issues/11548 1) static blog page none static home page. When Index.php is called is_home = true is_front_page=false 2) static home page none static blog page. When front_page.php is called is_home = false is_front_page=true 3) none static home page and none static blog page (set it to ""your latest posts""). When Index.php is called is_home = true is_front_page=true; Exactly as it should be, But only in case 1) the browser tab has the wrong title ! Please advice how to resolve this issue as the none static home page is not equal to the static homepage and can have different content then the static blog page. It all depends on the theme used if the theme is also pulling the default page content and or has a setting for adding content into the non static home page. One can easily detect the homepage id.... for the none static homepage it is 0 https://github.com/Yoast/wordpress-seo/issues/11548#issuecomment-438643740 is_home() should only be true in case 3) and not in case a static blog page is used and a none static home page. I would like to get this resolved. Please advice. Thanks" BackuPs 2 Needs Patch 28454 Inconsistent front page option behavior Options, Meta APIs 3.4 normal normal defect (bug) new 2014-06-04T16:44:57Z 2019-06-04T20:47:09Z "'''Correct/expected behaviour:''' If you change your settings in ''Settings'' > ''Reading'' > ''Front page displays'' as follows: ''From:'' A static page (select below) -- Front page: home -- Posts page: blog ''To:'' Your latest posts then the `Show_on_front` setting is correctly changed to `posts` and the `Page_on_front` setting correctly gets reset to `0`. '''Incorrect behaviour:''' If instead you change the same settings from ''Appearance'' > ''Customize'', the `Show_on_front` setting is correctly changed to `posts`, but the `Page_on_front` setting is not reset and remains set to the previous setting's page ID. '''Testing done:''' I replicated this behaviour with several themes, including twenty fourteen, with all plugins deactivated. '''Why this is a problem:''' This is inconsistent and may cause errors--e.g. if a theme or plugin author checks the `Page_on_front` setting without also checking the `Show_on_front` setting. This is how I encountered it, in Polylang; plugin author had to work around it; details here: http://wordpress.org/support/topic/wrong-front-page-showing-in-appearance-customize-with-polylang-loaded). '''Solution (indicative; I'm not an expert):''' Re-use the ""Settings > Reading > Front page displays"" code in the ""Appearance > Customize"" functions. " ElectricFeet 8 Needs Patch 36760 Intermittent empty returns from get_post_meta function after 4.5 upgrade Options, Meta APIs 4.5 normal normal defect (bug) new 2016-05-05T02:45:08Z 2019-06-04T20:58:39Z "I've seen this reported several times, but the reporters failed to properly explain the issue and the tickets were closed. Since the 4.5 upgrade I am seeing intermittent issues in my custom plugin (which has worked for years and hasn't changed) where the get_post_meta function is used if the request is made via ajax or by calling a custom endpoint. Rolling back the 4.5 upgrade has resolved these issues. The same function called with exactly the same arguments will return the meta data value one minute and return an empty string the next (with single on). The data in the database is unchanged. Logging shows the post id and meta key are the same, only the return value is different. It always seems to work as part of a regular page request (not ajax, not custom endpoint). Sometimes the function works correctly for 24 hours, then fails several times. I can't identify any pattern but suspect the meta cache / session. I tried doing a meta cache update for the object before calling get_post_meta, but the problem still occurred. In Googling I've found several people reporting issues related to get_post_meta after the 4.5 update. Please take a look!" amberau 1 Needs Patch 58761 Make the filter option_page_capability_options available when access options.php directly Options, Meta APIs normal normal Awaiting Review defect (bug) new 2023-07-08T05:43:13Z 2023-07-08T05:43:13Z "The problem is that when wp-admin/options.php is accessed directly $option_page is Empty, and the filter for option_page_capability_options is bypassed. For a requirement to prevent direct access to this page, which exposes all WordPress options, this filter is needed to modify the capability from 'manage_options' to 'do_not_allow'. For any other settings page the value of $option_page is set to something other than 'options' and would not be affected by this change. I'd also suggest the 'back compat' comment is irrelevant and could be removed (or at least better explained if it is relevant). The suggested change is from: {{{#!php Settings -> General. The limit should also be there at time of site setup. 2. Currently, the site title has no limit of characters. This may break the site UI on the frontend. 3. Site title allows to add spaces only, but gets saved as empty." sharduld 4 Needs Patch 44459 Options added to the Permalinks admin page do not get saved Options, Meta APIs normal normal Awaiting Review defect (bug) new 2018-06-25T17:23:39Z 2018-06-26T16:10:24Z "When a new option with matching field is registered to show on the Permalink admin page, it will show there just fine but the setting will never be saved to the database. This seems due to the fact that wp-admin/options-permalink.php submits to itself, not to options.php To reproduce: 1. Register a test option to the permalink group: {{{#!php function register_test_base_setting() { $args = array( 'type' => 'string', 'sanitize_callback' => 'sanitize_text_field' ); register_setting( 'permalink', 'test_base', $args ); } add_action( 'admin_init', 'register_test_base_setting' ); }}} 2. Add settings field to the permalink group, at the optional section: {{{#!php function add_test_base_settings_field() { add_settings_field( 'test_base', 'Test base', 'test_base_settings_field', 'permalink', 'optional', array( 'label_for' => 'test_base' ) ); } add_action('admin_init', 'add_test_base_settings_field' ); function test_base_settings_field( $args ) { global $blog_prefix; $test_base = get_option( 'test_base' ); echo $blog_prefix; ?>"" class=""regular-text code"" /> Permalinks and try to set a value and save the setting. What is expected: the setting gets (a) passed to the sanitize callback and then (b) saved to the DB. What happens: nothing of these two. There is really no point of the `do_settings_fields('permalink', 'optional')` and `do_settings_sections('permalink')` in wp-admin/options-permalink.php if options added though these hooks will never get treated. " RavanH 2 Needs Patch 59871 Prime further options in `wp_load_core_site_options()` Options, Meta APIs normal normal Future Release defect (bug) new 2023-11-10T02:00:57Z 2024-01-11T17:43:33Z "In Multisite, individual database queries are made to query a number of commonly used options. On each request: * WPLANG * nonce_key * nonce_salt On each authenticated request: * auth_key * auth_salt The *_(salt|key) requests are only made if the constant is not defined or uses the default phrase `put your unique phrase here`. Follow up to #56913." peterwilsoncc 2 Needs Patch 41604 REST API: Attempting to create or update a non-existent setting doesn't return an error response Options, Meta APIs normal normal Awaiting Review defect (bug) new 2017-08-10T16:35:44Z 2017-08-10T16:37:07Z "Attempting to create a new setting via a POST request to `/wp/v2/settings` returns a 200 response, despite the request having been invalid. The same goes for attempting to update a non-existent setting with a PUT request. I would have expected maybe a 400 from such requests. The internal logic in `WP_REST_Settings_Controller` routes the request through the `update_item()` method, treats it as a setting update, and silently ignores the problem. " johnbillion 1 Needs Patch 49705 Sanitizing input for parameterized queries + update_meta_cache Options, Meta APIs 5.3.2 normal minor Awaiting Review defect (bug) new 2020-03-26T13:52:36Z 2021-05-25T06:13:37Z "**So, should we just pass anything we get straight to the database?** There are definitely things you can check about user input, but this is highly context-dependent. Because sanitization is ill-defined and mis-used, I prefer to call this validation. I checked the WordPress core function which is not sanitized even this is one of the most used function in across the WordPress. In below code get_result with no prepare statement. I don;t know the reason why? {{{ $meta_list = $wpdb->get_results( ""SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC"", ARRAY_A ); }}} This function should be something like this: {{{ $id_list_sanity = implode( ', ', array_fill( 0, count( $id_list ), '%d' ) ); $meta_list = $wpdb->get_results( $wpdb->prepare( "" SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list_sanity) ORDER BY $id_column DESC"" ,$id_list),ARRAY_A ); }}} Function Name: update_meta_cache File: wp-includes/meta.php Line: #825 " classicalrehan 3 Needs Patch 58269 Store attachment metadata in separate fields Options, Meta APIs normal normal Awaiting Review defect (bug) new 2023-05-08T17:05:42Z 2023-05-08T17:05:42Z "At the moment as far as I can tell information like image dimensions is stored alongside a lot of other information in the _wp_attachment_metadata field This is far from ideal as there are many times you may want to wp_query by individual attachment attributes. Such as all images larger than 1000*1000 pixels. This is not able to be done (as far as I know) in an efficient standard way at the moment. I propose that certain key attributes are stored in their own meta fields going forward" shawfactor Needs Patch 44977 Transient fill fail delete to itself if it's timeout option is missing Options, Meta APIs normal normal Awaiting Review defect (bug) new 2018-09-21T11:25:44Z 2018-09-23T12:47:02Z "Just faced this issue - for some reason, the transient was not deleting itself. While checking the DB, the option with the transient was there, while the timeout option was missing (probably a glitch while saving to DB). Now, if you check get_transient() in option.php (quick link https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/option.php#L0 ) you can see that these are deleted only if both exist and both pass the test: {{{ [...] if ( false !== $timeout && $timeout < time() ) { DELETING TRANSIENT} [...] }}} Otherwise transient will hang... forever. This should be tuned up so it also checks that these options exist, and delete transient if timeout is absolete." nlozovan Needs Patch 50678 Transient: save object with protected attributes will fail Options, Meta APIs 5.3 normal normal Awaiting Review defect (bug) new 2020-07-16T11:16:22Z 2020-07-16T11:16:22Z "When I save a custom object with protected attributes no value is set into database. I think it's because php's serialize function use null bytes (\0) when serializing protected properties. MySql does not complain so function returns true like everthing is normal. See this stack overflow [https://stackoverflow.com/questions/62915246/wordpress-save-object-with-protected-attributes-to-transient-will-fail post]. I'm using: - WordPress 5.3.4 - MySql Ver 15.1 Distrib 10.3.22-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2. - PHP Version 7.3.19-1~deb10u1" mxlq Needs Patch 48855 Updating transient to remove expiration fails Options, Meta APIs 5.3 normal normal Awaiting Review defect (bug) new 2019-12-02T19:50:42Z 2019-12-03T14:09:21Z "When updating a transient using the set_transient method, it fails to update the transient's expiration date. Looking at the code, it appears it's only looking for the expiration and deleting it if a new expiration date is specified. This renders it impossible to switch a transient from having an expiration date to not having one. ex. code: {{{#!php * False for an invalid `$object_id` (non-numeric, zero, or negative value), > * or if `$meta_type` is not specified. Source: https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/meta.php#L596:L597 However, if your metadata contains serialized data that is incorrect for some reason, maybe_unserialize() will (also) return `false`. Source: https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/meta.php#L661 E.g. `a:2:{s:3:""foo"";b:1;}` is invalid due to it expecting 2 entries, but only 1 is present. History check; It seems to have been made a lot more precise (but missing this minor case): * https://core.trac.wordpress.org/ticket/51797 * https://github.com/WordPress/wordpress-develop/commit/3bb06ce10b8ddac22091803b2e85832ed3ca3b1b" igorsch Needs Patch 56944 get_option does not return expected value Options, Meta APIs 6.0.2 normal normal Awaiting Review defect (bug) new 2022-11-01T15:33:38Z 2022-11-04T15:33:26Z "Hello, I ran into the issue when `get_option` does not return any value: `get_option( ""_wp_session_{$this->session_id}"", array() );` It returns an empty value, but the value exists in DB and in cache. I tested with 3 different methods one-by-one for option `_wp_session_5c1f3b8058ca4b6cf9e637c31300bc23`: ==== 1) `get_option` `get_option( ""_wp_session_5c1f3b8058ca4b6cf9e637c31300bc23"", array() );` It returns an empty value (but sometimes it works fine) ==== 2) `wp_cache_get` `wp_cache_get( ""_wp_session_5c1f3b8058ca4b6cf9e637c31300bc23"", 'options' );` It returns correct value {{{ a:6:{s:8:""edd_cart"";s:40:""[{""id"":79377,""options"":[],""quantity"":1}]"";s:13:""edd_cart_fees"";s:0:"""";s:18:""edd_resume_payment"";s:0:"""";s:14:""cart_discounts"";s:0:"""";s:10:""edd_errors"";s:0:"""";s:12:""edd_purchase"";s:1072:""{""downloads"":[{""id"":147706,""options"":[],""quantity"":1}],""fees"":[],""subtotal"":0,""discount"":0,""tax"":""0.00"",""tax_rate"":0,""price"":0,""purchase_key"":""f7f8403a9d9edb93f9be9376d117c1f0"",""user_email"":"""",""date"":""2022-10-31 13:59:43"",""user_info"":{""id"":37847,""email"":"""",""first_name"":"""",""last_name"":"""",""discount"":""none"",""address"":[]},""post_data"":{""edd_email"":"""",""edd_first"":"""",""edd_last"":"""",""edd_agree_to_terms"":""1"",""edd-user-id"":"""",""edd_action"":""purchase"",""edd-gateway"":""manual"",""edd-process-checkout-nonce"":""911cf02037""},""cart_details"":[{""name"":"""",""id"":,""item_number"":{""id"":147706,""options"":[],""quantity"":1},""item_price"":0,""quantity"":1,""discount"":0,""subtotal"":0,""tax"":0,""fees"":[],""price"":0}],""gateway"":""manual"",""card_info"":{""card_name"":"""",""card_cvc"":"""",""card_exp_month"":"""",""card_exp_year"":"""",""card_address"":"""",""card_address_2"":"""",""card_city"":"""",""card_state"":"""",""card_country"":"""",""card_zip"":""""}}"";} }}} ''I removed some private information here.'' ==== 3) direct DB request `$wpdb->get_results('SELECT * FROM wp_options WHERE option_name = ""_wp_session_5c1f3b8058ca4b6cf9e637c31300bc23""')` It returns correct value {{{ Array ( [edd_cart] => [{""id"":79377,""options"":[],""quantity"":1}] [edd_cart_fees] => [edd_resume_payment] => [cart_discounts] => [edd_errors] => [edd_purchase] => {""downloads"":[{""id"":147706,""options"":[],""quantity"":1}],""fees"":[],""subtotal"":0,""discount"":0,""tax"":""0.00"",""tax_rate"":0,""price"":0,""purchase_key"":""f7f8403a9d9edb93f9be9376d117c1f0"",""user_email"":"""",""date"":""2022-10-31 13:59:43"",""user_info"":{""id"":37847,""email"":"""",""first_name"":"""",""last_name"":"""",""discount"":""none"",""address"":[]},""post_data"":{""edd_email"":"""",""edd_first"":"""",""edd_last"":"""",""edd_agree_to_terms"":""1"",""edd-user-id"":""37847"",""edd_action"":""purchase"",""edd-gateway"":""manual"",""edd-process-checkout-nonce"":""911cf02037""},""cart_details"":[{""name"":"""",""id"":147706,""item_number"":{""id"":147706,""options"":[],""quantity"":1},""item_price"":0,""quantity"":1,""discount"":0,""subtotal"":0,""tax"":0,""fees"":[],""price"":0}],""gateway"":""manual"",""card_info"":{""card_name"":"""",""card_cvc"":"""",""card_exp_month"":"""",""card_exp_year"":"""",""card_address"":"""",""card_address_2"":"""",""card_city"":"""",""card_state"":"""",""card_country"":"""",""card_zip"":""""}} ) }}} ''I removed some private information here.'' ---- So the problem only with function `get_option`. I checked this function as well. It selects values for `notoptions`: `$notoptions = wp_cache_get( 'notoptions', 'options' );` And if current option exists in this array – it do return {{{ if ( isset( $notoptions[ $option ] ) ) { /** * Filters the default value for an option. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * @since 3.4.0 * @since 4.4.0 The `$option` parameter was added. * @since 4.7.0 The `$passed_default` parameter was added to distinguish between a `false` value and the default parameter value. * * @param mixed $default The default value to return if the option does not exist * in the database. * @param string $option Option name. * @param bool $passed_default Was `get_option()` passed a default value? */ return apply_filters( ""default_option_{$option}"", $default, $option, $passed_default ); } }}} Current option exists in this array, so it applies filter ""default_option_{$option}"", function filter_default_option. But this function check `get_registered_settings`, and there is no information about this option, so it returns empty result. That’s all information I have so far. This problem exists at least for 1 year, for this time we always update WordPress core and Plugins for latest version, and it does not any effect." planvova 2 Needs Patch 45505 get_post_custom() doesn't pull values Options, Meta APIs 5.0 normal normal Awaiting Review defect (bug) new 2018-12-06T21:37:29Z 2018-12-06T22:07:14Z "When you are on a post or page and change the content and reload, so that the autosave post pops up at the top, the get_post_custom() values in custom metaboxes aren't being pulled in. get_post_meta() values however still works in that scenario." dryane 1 Needs Patch 36440 get_results break in wp-admin/options.php if thetable is huge Options, Meta APIs 4.4.2 normal minor defect (bug) new 2016-04-07T14:17:47Z 2019-06-04T20:56:39Z "If we try to check all values from wp_options table thanks to the admin page wp-admin/options.php, the page will be broken if the table is huge (on my case more than 100 000 rows). A simple pagination feature should fix the issue instead of trying to get all results. Currently on wp-admin/options.php line 253: {{{#!php get_results( ""SELECT * FROM $wpdb->options ORDER BY option_name"" ); }}} " aoculi 2 Needs Patch 58993 "metadata_exists() returns incorrect value when ""get_{$meta_type}_metadata"" filter returns false." Options, Meta APIs 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-07T14:58:38Z 2023-10-30T18:16:14Z "metadata_exists() applies the ""get_{$meta_type}_metadata"" filter. If the $single metadata value is false, 0, an empty string, or an empty array (see https://www.php.net/manual/en/language.types.boolean.php), then metadata_exists() will return false instead of true (ie. the metadata exists). {{{ function metadata_exists( $meta_type, $object_id, $meta_key ) { . . . $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, true, $meta_type ); if ( null !== $check ) { return (bool) $check; } }}} If any value is returned, then the metadata exists, so the code should be: {{{ function metadata_exists( $meta_type, $object_id, $meta_key ) { . . . $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, true, $meta_type ); if ( null !== $check ) { return true; } }}} js." jsmoriss Needs Patch 57162 out of date More Info on code reference for get_option Options, Meta APIs normal normal WordPress.org defect (bug) new 2022-11-21T11:18:07Z 2022-11-21T13:29:17Z "[https://developer.wordpress.org/reference/functions/get_option/#more-information More information section] has been updated for `get_option` reference page, as reported and proposed in [https://github.com/WordPress/Documentation-Issue-Tracker/issues/376 #376 Docs Issue Tracker]. Props @joyously @jaedm97" milana_cap 1 Needs Patch 43704 pre_option_{$option} filter is case sensitive although options are not. Options, Meta APIs 4.9.5 normal normal Awaiting Review defect (bug) new 2018-04-05T18:38:44Z 2018-04-08T01:53:12Z "I noticed the filter ""pre_option_{$option}"" for myOption wouldn't filter get_option('MYOption') for example, yet get_option(name) and MySql in general does not seem to care what case the option is. Perhaps it should also do pre_option_(strtolower($option)) when necessary? Was there a reason this particular filter is case-sensitive?" programmin 2 Needs Patch 34322 set_transient and get_transient don't seem to be working for some users since WP 4.3 Options, Meta APIs 4.3 normal normal Awaiting Review defect (bug) new 2015-10-16T04:07:34Z 2017-04-06T17:08:22Z "I'm the developer of a social media plugin which relies on the WordPress set_transient and get_transient functions to temporarily cache data in the user's database. Since the WordPress 4.3 update, we've had reports of the cache not clearing automatically as it should, meaning that the transients aren't expiring correctly in the database. This seems to only be happening on some servers as I haven't been able to replicate the issue on my own test site, but have confirmed it on user sites, and looks like it could be related to [https://make.wordpress.org/core/2015/07/30/get_transient-is-now-more-strict-in-4-3/ this thread]. The same problem seems to be happening to other developers of similar plugins, and I've had some users report that other unrelated WordPress plugins they're using are also not automatically updating either any more, which I'm assuming is caused by the same issue. I've been able to confirm the problem on user sites by using a page template containing the following basic code. I've commented it to explain what it does and can provide a Facebook Access Token privately if needed, although I included a link on how to obtain your own. The transient set using the script below should expire every 30 minutes and then the script should check the URL again for new data, but it doesn't unless I delete the transient manually. {{{ '; //Show the date the data was last updated from Facebook echo 'Last updated: ' . json_decode( json_encode($transient) )->headers->date; } else { //No transient in the database - get the data from Facebook $facebook_data = wp_remote_get( $url ); //Cache the data in the database set_transient( 'test_transient_expiration', $facebook_data, 1800 ); echo 'Got the data from the URL
    '; //Show the date the data was last updated from Facebook echo 'Last updated: ' . json_decode( json_encode($facebook_data) )->headers->date; } ?> }}} I was in two minds whether to report this as a bug as I've never reported one before, however it definitely seems like this could be a bug as the above code should work, but doesn't on some user's sites. I use code very similar to the above in my plugin and nothing has been changed in that code, but users started reporting an issue shortly after the WordPress 4.3 update was released. Through reading the change logs for the 4.3 update I know some changes were made to transients and so I'm wondering if that's what caused this problem. Sorry for the long post! John" smashballoon 8 Needs Patch 33977 set_transient('settings_errors', get_settings_errors(), 30); and multi user @ wp-admin/options.php Options, Meta APIs 4.3.1 normal normal defect (bug) new 2015-09-23T13:37:52Z 2019-06-04T20:51:48Z " {{{ #!div style=""font-size: 80%"" Code highlighting: {{{#!php /** * Handle settings errors and return to options page */ // If no settings errors were registered add a general 'updated' message. if ( !count( get_settings_errors() ) ) add_settings_error('general', 'settings_updated', __('Settings saved.'), 'updated'); set_transient('settings_errors', get_settings_errors(), 30); /** * Redirect back to the settings page that was submitted */ $goback = add_query_arg( 'settings-updated', 'true', wp_get_referer() ); wp_redirect( $goback ); exit; }}} }}} I see the code above in wp-admin/options.php since the key 'settings_errors' is not binding to a user, Is there a chance than one user's error message may be shown on another user's page?" coldwinds 1 Needs Patch 49452 Approximately every week permalinks are lost for custom post types in multisite Permalinks 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-17T07:31:42Z 2020-02-17T09:49:56Z "I have to check my site https://6teamconditions.com/ multiple times a day as it will randomly just loose the permalinks for custom post types and will return a 404. I have deactivated security and cache plugins and still have same behaviour. There are no errors logged, I can not find any event that is causing this. I have used the same theme method for creating custom post types on hundreds of normal (non multisite) wordpress sites over many years without ever having this problem. The site has had this problem since going live in December, wordpress has been updated to latest version each time. I have been posting in the support forum with no luck https://wordpress.org/support/topic/permalinks-disapear-for-custom-post-types/#post-12332300 Example log of error 404 on website https://6teamconditions.com 135.180.133.34 - - [17/Feb/2020:01:14:55 +0000] ""GET /podcast/episode-002-the-6-conditions-framework/ HTTP/2"" 404 6464 ""-"" ""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.100 Safari/537.36"" " Lauriate Needs Patch 50222 Autocorrect redirect to the wrong URL based on a word after permalink Permalinks 5.4.1 normal normal Awaiting Review defect (bug) new close 2020-05-22T06:31:24Z 2020-05-22T08:56:48Z "Sometimes, when the URL of a post ends with a keyword following the slash it redirects to a different page based on the keyword rather than the permalink. For example: Let's take this wordpress post URL: [http://awishyourheartmakes.com/virtual-services/ ] If I had the word ""super"" at the end of the URL: [http://awishyourheartmakes.com/virtual-services/super ] rather than redirecting to http://awishyourheartmakes.com/virtual-services/ It will redirect to http://awishyourheartmakes.com/super-fun-santa-maria/" bloup 1 Needs Patch 18523 Can't change page permalink if slug metabox is removed helen Permalinks 3.0 normal normal Future Release defect (bug) assigned 2011-08-26T14:42:56Z 2021-01-07T17:19:03Z "If the slug metabox is removed from the ""Edit Page"" page, it is not possible to change permalinks, using the edit permalink function at the top of the page. Slug and other metaboxes are removed by the karma theme, in its admin/theme-functions.php (but only if 'ka_hidemetabox' in the wp_options table is 'true'): {{{ remove_meta_box('slugdiv','page','normal'); }}} Technically, without the slug box, the ""post_name"" field containing the new slug is not sent with the form data when you click the ""Update"" button. I believe this is bug was introduced after version 3.1.3. " dankod 30 Needs Patch 8905 Category pagination broken with certain permalink structures Permalinks 2.7 normal normal Future Release defect (bug) assigned 2009-01-21T07:26:31Z 2021-01-27T10:17:49Z "If one uses a permalink structure with %category% followed by %postname%, accessing pagination can cause a 404, as WordPress attempts to look for a post called ""page"". As per http://barefootdevelopment.blogspot.com/2007/11/fix-for-wordpress-paging-problem.html Presumably can occur with other permalink structures too." rmccue 13 Needs Patch 59434 Changing permalink structure results in failure to save draft posts Permalinks normal normal Awaiting Review defect (bug) new 2023-09-23T21:07:44Z 2023-09-23T21:07:44Z "Steps to reproduce: 1. On a fresh install change Permalink structure from plain to Month and date 2. Create new Blog Post 3. Click Save draft EXPECTED: draft is saved OBSERVED: Error ""Updating failed. The response is not a valid JSON response."" Root cause: POST https://abc.com/wp-json/wp/v2/posts/93?_locale=user HTTP/1.1 404 Not Found Date: Sat, 23 Sep 2023 21:05:16 GMT Server: Apache/2.4.57 (CentOS Stream) OpenSSL/3.0.7 Content-Length: 196 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1" omikheev Needs Patch 37435 Conflicting permalinks with attachment and category of same name Permalinks 4.5.3 normal normal defect (bug) new 2016-07-21T18:58:56Z 2019-06-04T21:01:58Z "On my company site, I created a category called '''Announcements''' and uploaded an image called '''Announcements.png''' Both had permalinks of http://MYDOMAIN/announcements When I tried to navigate to http://MYDOMAIN/announcements I was expecting to see a listing of all the posts in that category, but instead the site was showing the image. I tried with different themes, deactivated all plugins but the issue remained. At the time I didn't realize there was an attachment with the same name as my category. Once I figured that out, I simply changed the attachment name and updated the permalink and everything worked properly. I have a custom permalink structure: '''/%category%/%postname%''' Category Base '''.''' and Tag base of '''keyword'''" Spidergirl1979 1 Needs Patch 46257 Deleting a page can break the permalink of other pages if it had media uploaded to it Permalinks 5.0.3 normal normal Awaiting Review defect (bug) new 2019-02-14T16:36:50Z 2020-06-04T23:30:48Z "Trashing and deleting a page can cause the permalink of another page to break the next time that page is edited. It is not obvious to the user that this will happen. It is also not obvious how to fix this, because when an image is not ""Uploaded To"" a particular page, it is not possible to edit the permalink. 1. Start with vanilla WP installation using twentynineteen and no plugins 1. Add New Page > Title: ""Cat"" 1. Add Block > Image > Upload > Pick the image > Open 1. Publish... > Publish 1. Media > Click on the image that was just uploaded, see that it says ""Uploaded To Cat"" 1. Edit more details > Edit (permalink) > Set to ""dog"" > OK > Update 1. The permalink should now be `http://localhost/cat/dog/` 1. Add New Page > Title: ""Dog"" > Publish... > Publish 1. See that ""Page address"" is `http://localhost/dog/` 1. Visit `/dog/` to confirm the page is displayed 1. Pages > Trash (Cat) > Trash (at the top of the page) > Empty Trash 1. Pages > Dog > Make a change, such as adding text to the existing block > Update 1. Document > Permalink > Notice that URL is now `dog-2` 1. Visit `/dog/` to see that instead of the page, the image is instead displayed " mallorydxw Needs Patch 48903 Drafts or pending posts overwrites existing published post with same url Permalinks 5.3 normal normal Awaiting Review defect (bug) new 2019-12-06T16:33:57Z 2021-01-13T22:02:59Z "The creation of a draft with post_name set to as an existing post will prevent the reachability of the older until the pubblication of the new one. The cause of the issue is that the function ''wp_unique_post_slug'' only acts if the post isn't in the status of draft or pending so in the database will be stored two posts with the same post_name. In the frontend side (in a installation with permastruct set to /%postname%/) the executed query is {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.post_name = 'example' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC }}} This query will return 2 posts and the wordpress considers the most recent (the draft) so the url returns 404. " uatania 2 Needs Patch 32498 Media Library and Page Slug conflict Permalinks 4.2.2 normal normal defect (bug) new 2015-05-26T17:56:18Z 2019-06-04T20:50:04Z "This is a follow-up to #18962. Please also check out this thread on the forum - https://wordpress.org/support/topic/41-slug-issue-when-same-title-exists-in-media-library If you have a pre-existing media file with the same slug as a page then a ""-2"" will be added to the page slug. With a custom content type and page or custom content type and media file, this doesn't appear to be happening." m7csat 1 Needs Patch 16126 Multisite name conflict check doesn't check for pages. Permalinks 3.0 normal normal defect (bug) new 2011-01-06T19:11:19Z 2019-06-04T20:41:45Z "Running WP 3.1-RC2 I made a page off my main site called foobar. Then I went in and made a sub-site (using SubFOLDERS) called foobar. The subsite took precedence and there was NO check or warning. I was able to reproduce this on 3.0.4 Then I went the otherway. I have a subsite called camels (don't ask). I went to make a PAGE called camels and it also let me. No conflict check. Basically you have to add the main blog page names into the banned names list manually, which strikes me as a bit odd. I can see why checking that would be onerous if someone had 600 million pages (and we all know they do) but forcing people to do it manually seems like a gap. Need love! :D This is minor, since not a lot of people have bitched, so clearly we're not running into it YET." Ipstenu 5 Needs Patch 23781 New Post Publishes to Wrong URL Permalinks 3.4.2 normal critical defect (bug) new 2013-03-15T04:59:52Z 2019-06-04T20:43:54Z "The ""Permalink"" displayed in the editor for new posts may be wrong, and changes (surprise!) when the Publish button is clicked. Steps to reproduce this: 1. Start typing a title in a new post. 1. Wait for an auto-save and Permalink to appear. 1. Make the title longer. 1. Type a post body. 1. Click Publish. Expected result: The new post should be published at the Permalink being displayed on the post editor. Actual result: A completely different permalink is generated based on the current title. The new page gets cached at the ""wrong"" URL before any changes can be made. General pandemonium ensues. Etc. (It's not a blocker bug, but it is so completely annoying!)" miqrogroove 6 Needs Patch 48365 No 301 redirection for Numeric style permalink structure Permalinks normal normal Awaiting Review defect (bug) new 2019-10-18T02:43:11Z 2019-11-11T22:34:52Z " Hi :) If permalink structure is **Post name** style and I changed it to **Numeric**. the post get a 301 redirect from http://newwp.local/hello-world/ to http://newwp.local/archives/1 but not so happen with permalink structure **Numeric**. when the current permalink structure is **Numeric** and I changed it to **Post name** or anything else. ideally, the post should get 301 redirection from http://newwp.local/archives/1 to http://newwp.local/hello-world/ but this is not happening. post giving 404 error instead of 301 redirecting to the correct URL format. when I try to access the post with http://newwp.local/archives/1 Thanks Naveen Giri " 1naveengiri 1 Needs Patch 51001 Numbers at the end of the URL are removed Permalinks 5.5 normal normal Awaiting Review defect (bug) new close 2020-08-14T11:41:04Z 2020-08-14T19:10:43Z "Before upgrading to 5.5, the site was at 5.4.2 and the url worked with no issue https://example.come/show-listings/654493 Upgrading to 5.5, the above URL gets changed and it removes the numbers at the end of the URL. If I put a question mark before the number like https://example.com/show-listings/?654493 the page loads with my data being displayed. I would like to keep the same format like it was in 5.4.2 Another user is having the same issue, see link to the forum below. https://wordpress.org/support/topic/wp-5-5-problems-with-permalinks/" dmwebhosting 2 Needs Patch 3451 Page URI canonization markjaquith Permalinks 2.1 normal normal Awaiting Review defect (bug) reopened close 2006-12-07T04:46:08Z 2023-02-20T16:05:43Z "The nice permalink URIs for posts or categories are case-insensitive, but the page URIs are not. e.g. http://matt.wordpress.com/about/ cannot be reached via http://matt.wordpress.com/About/ This results in 404s being returned when a user incorrectly gets the case of the URI wrong. This is particularly a problem for weblogs that have migrated old pages to WordPress, and have external pages pointing to them with varying case applied to the URIs." pah2 18 Needs Patch 45784 Pages and archives containing /[0-9]/ should redirect or redirect correctly Permalinks 5.0.2 normal normal Awaiting Review defect (bug) new 2018-12-28T03:56:06Z 2019-01-07T00:33:55Z "With default settings, https://www.example.com/0 should redirect to https://www.example.com/ but doesn't and instead redirects to https://www.example.com/0/ https://www.example.com/page/0 should redirect to https://www.example.com/ but doesn't and instead redirects to https://www.example.com/page/0/ https://www.example.com/2018/1/25/post-name/ should redirect to https://www.example.com/2018/01/25/post-name but doesn't. So basically there is some issue about redirection with pages containing /[0-9]/ " superpoincare 1 Patch Needs Refresh 23229 Pagination Links Broken Permalinks normal normal defect (bug) new 2013-01-17T23:11:04Z 2019-06-04T20:43:46Z "Currently, if the request URL ends with ""page/[\d]+/?"" it will always assume that it is the pretty version of the paged parameter, and rewrite that section of the URL. This breaks in any condition where a numeric value follows that string at the end of a URL. An example that can be easily reproduced is as follows: 1) Set theme to TwentyEleven 2) Modify the theme to output the results of get_pagenum_link(2) anywhere. 3) Change permalink structure to ""/daily-page/%year%/%monthnum%/%post_id%/"" 4) Go to a year archive for the permalink structure above. 5) The result of the get_pagenum_link will look like this: ""/daily-/page/2/"", breaking pagination within this context. I've attached a patch against current trunk code that addresses this, providing the following features: 1) Pagination links functional in the scenario above, along with custom rewrite rules. 2) Updated to allow numeric post names for hierarchical post types (currently always rewritten with ""-2"") 3) Updated get_pagenum_link filter to include pagenum parameter as it was passed in. " ssmathias 1 Needs Patch 36305 Permalink can't decide the parent category Permalinks normal normal defect (bug) new 2016-03-23T10:46:11Z 2019-06-04T20:55:59Z "'''The bug:-''' There is a bug in the permalink generation that it can't decide the parent category. This means that even though we choose the child & parent both as a post's category, it creates the permalink as /parent/child/ in '''certain situations'''. Please note that the Permalink Structure is set to:- {{{ /%category%/%postname%/ }}} ---- '''What should happen:-''' If we choose a parent category as well as the child category as post's categories, the permalink should be: {{{ /parent/ }}} And if we choose only the child as post category, the permalink should be: {{{ /parent/child/ }}} ---- '''Demonstration:-''' I created a parent-child category set as ""Parent 1 (parent) & Child 1 (child)"" & another set as ""Parent 2 (parent) & Child 2 (child)"". The difference between the two sets is that 'Child 1' was created before 'Parent 1' & then edited to have 'Parent 1' as it's parent, while the 'Child 2' was created after 'Parent 2'. Now, if I choose 'Parent 1' & 'Child 1' as a post's category, it creates the permalink as: {{{ /parent-1/child-1/hello-world/ }}} And if I choose 'Parent 2' & 'Child 2' as a post's category, it creates the permalink as: {{{ /parent-2/hello-world/ }}} ---- '''How to reproduce the bug:-''' 1. Create a category 'child 1'. 2. Create another category 'parent 1'. 3. Now edit the 'child 1' category and set 'parent 1' as it's parent. 4. Now the permalink can't judge that 'parent 1' is the parent of 'child 1' & creates a wrong permalink as if only 'child 1' was selected. ---- '''Possible Reason:-''' A possible reason for this bug maybe due to the category id. Here, the 'Child 1' has lesser category id than 'Parent 1'. And the permalink algorithm checks for the least selected category id." gr8shivam 1 Needs Patch 47755 Permalink in RTL version not correct Permalinks normal normal Future Release defect (bug) new 2019-07-22T23:23:47Z 2023-07-06T00:14:44Z "I have notice many problem with permalink in version RTL: 1- for example : https://www.byarabic.com/category/دروس/تعلم-السياقة/ تعلم-السياقة = child دروس = parent in LTR this is how it was : `http://www.example.com/category/parent/child` but in RTL it display like this : `http://www.example.com/category/child/parent` so the correct direction is `http://www.example.com/category/parent/child` all url must be in LTR direction even if it in arabic letter. so the correct direction for my permalink must be like this : https://www.byarabic.com/category/تعلم-السياقة/دروس *if you have an arabic support please let him to write the link manual and you will see the first word after ""category"" will write like this : category/دروس/ but the second word in arabic after category/دروس will write like this : category/دروس/تعلم-السياقة this is a problem , because the second word in arabic must be the last word in url , like this category/تعلم-السياقة/دروس 2- setting -> permalink : the input field it appear behind text : https://prnt.sc/oi7t8x the correct way to show input field it like version LTR, like this : https://prnt.sc/oi7u63 3- also the same problem in article ''(block editor)'' : — first about the title of the post it show like this https://prnt.sc/oi7v2a but the correct way is like this : https://prnt.sc/oi7w42 — other place show wrong direction of permalink, like this : https://prnt.sc/oi7wjy 4- about decode url: if I copy an arabic permalink from browser and I past it in other place like here it will display some symbols like `%%%%%` : example of my permalink : `https://www.byarabic.com/category/%d8%af%d8%b1%d9%88%d8%b3/%d8%aa%d8%b9%d9%84%d9%85-%d8%a7%d9%84%d8%b3%d9%8a%d8%a7%d9%82%d8%a9/` so I have to decode link to fix the problem and then I can send it to my friend I use this website to decode it : https://www.url-encode-decode.com/" rachid84 17 Needs Patch 60624 Permalinks corrupted Permalinks 6.3.3 normal normal Awaiting Review defect (bug) new 2024-02-23T14:36:27Z 2024-02-23T14:36:27Z "Hello. We experienced an issue now on WP 6.3.3 while all of the sudden all pages started to return 404. This occured on a multisite installation hosting around 500 websites with many of them (presumably all) suffering from this error. Then we realised the quick and only solution was to either reboot the server(s) or manually flush the permalinks... Could you please give us a hand to understand the root cause of this. Best " christianbaltazar Needs Patch 56583 Permalinks in Multisite not working when Main Site is in a subdirectory Permalinks 6.0.2 normal normal Awaiting Review defect (bug) new 2022-09-15T16:07:18Z 2022-11-25T07:05:15Z "Hello I have installed WP 6.0.2 on my Server in a subdirectory `/var/www/example.org/wp` After install I activated Multisite. I added a website ""example2"" to the main site and permalinks are working, e.g.: `example.org/wp/example2` Sites are found as e.g. `example.org/wp/example2/subsite` Then I used an own domain `example2.org` instead of `example.org/wp/example2` and now the subsites of `example2.org` are only accessable with Permalinks > Simple (e.g. `example2.org?p=123`) but not with subsite names (e.g. `example2.org/subsite`). This seems to me a bug, as it should work since WP 3.5 as I read in doc. Thank.frank" francwalter Needs Patch 50439 Post name permalinks htaccess directives do not consider subdirectory installation Permalinks 5.4.2 normal normal Awaiting Review defect (bug) assigned 2020-06-20T12:40:36Z 2020-06-20T12:40:36Z "Having wordpress installed in /wordpress/ subdirectory, and site address as root (following [https://wordpress.org/support/article/giving-wordpress-its-own-directory/#method-i-without-url-change method I in guide]), enabling post name permalinks gives 500 error on any page other than homepage or admin panel pages. This seems to be due to wordpress adding rewrite driectives to root .htaccess file, that seem to override the rewrite rules from method I. Changing permalinks to plain, making root .htaccess read-only (with no wp directives), or disabling them by putting an ifmodule with false condition around them fixes this. I think that wordpress should consider subdirectory installation when writing htaccess directives." filatovdanyl Needs Patch 48658 Post, Page, and Attachment permalinks can be silently overwritten when Permalinks are set to /%postname%/ Permalinks 5.4 normal normal Awaiting Review defect (bug) new 2019-11-15T21:28:17Z 2019-11-16T11:05:13Z "When a new post is created with a permalink that matches an existing attachment page permalink, the attachment page permalink is silently overwritten. The expected behavior of having `-2` appended to the new post permalink does not occur and instead the existing attachment page becomes inaccessible via its permalink, which starts pointing to the new post instead. Steps to reproduce: 1. Ensure pretty permalinks are enabled in Settings -> Permalinks (e.g., `/%postname%/`) 1. Upload something to the Media Library (e.g., `happy-pumpkin.jpg`) 1. Note the Attachment Page permalink generated from the upload (e.g., `/happy-pumpkin/`) 1. Publish a new post with a title that will produce the same permalink (e.g., a post title of ""Happy Pumpkin"" will generate a new post permalink of `/happy-pumpkin/`, ''not'' `/happy-pumpkin-2/` as expected) 1. Now both the attachment page and the new post have the same permalink (`/happy-pumpkin/`, in this example) and the attachment page permalink has been silently overwritten. When the attachment page permalink is overwritten, there's no way to access that attachment page on the front-end (it now points at the new post). There's also no obvious way to manually change the permalink. In testing, what works is to edit some detail of the attachment in the Media Library—once the change is saved, the permalink is regenerated and updated to include `-2`, which then makes the attachment page accessible again." raamdev 2 Needs Patch 31293 Previously uploaded attachment affects page slug Permalinks 4.1 normal normal defect (bug) new 2015-02-11T06:23:15Z 2019-06-04T20:49:10Z "I have page url: abc.com/products/novus-3 (novus page never create but it add -3 in url) so i check directly where the page exist: abc.com/products/novus So basically i found the banner image i upload only showing in this url as ATTACHMENT ID, So i delete that header image and change my page url ""NOVUS-3 to NOVUS"" and after that i re-add image. Its fine. But the question is when creating new page, for example Page title: New Page so url will be /new-page but before setting page title if we import image with the same name of page title, the Permalink url reserved that desired page url. So everytime first add Page title first then add image. Hope you understand, sorry for my bad english. Thanks" funorang 1 Needs Patch 27019 Redirect by page slug does not work in permalink structure /%category%/%postname%/ Permalinks 3.8.1 normal normal defect (bug) new 2014-02-05T08:44:36Z 2019-06-04T20:45:36Z "Wordpress has a feature to redirect by page slug. For ex. site with two pages: {{{ yoursite.com/pageone/pagetwo }}} With default permalink settings redirect works like this: {{{ yoursite.com/pagetwo -> yoursite.com/pageone/pagetwo yoursite.com/randomtext/pagetwo -> yoursite.com/pageone/pagetwo }}} With permalink structure '''/%category%/%postname%/''' redirection from root stops working: {{{ yoursite.com/pagetwo - 404 error }}} , but from non root ok: {{{ yoursite.com/randomtext/pagetwo -> yoursite.com/pageone/pagetwo }}} How to reproduce. Clean wordpress install. Create pages: ""pageone"", ""pagetwo"" with parent page ""pageone"". Try to open url: {{{ yoursite.com/pagetwo - 301 moved }}} Set custom permalink structure to '''/%category%/%postname%/'''. Try to open url: {{{ yoursite.com/pagetwo - 404 error, but 301 expected }}} I think, permalink structure is for post, not for pages. Am I right? After investigations I found, ""pagetwo"" in url ""yoursite.com/pagetwo"" detected as category name in class-wp.php/'''parse_request()'''. And later canonical.php/'''redirect_guess_404_permalink()''' does not try to find page by category name, only by get_query_var('name'), that is blank." dimagsv 7 Needs Patch 60143 Running behind HAProxy with fcgi makes WordPress think URL rewriting is unavailable Permalinks 6.4.2 normal normal Awaiting Review defect (bug) new 2023-12-22T21:10:19Z 2023-12-22T21:10:19Z "I have WordPress set up behind HAProxy which directly uses fcgi for PHP and nginX for static files. HAProxy sends `$_SERVER['SERVER_SOFTWARE'] = 'HAProxy 2.3.20-1ppa1~focal'`. As a result in Settings > Permalinks I'm having `index.php` prefixes for permalinks. If I do not change permalink settings rewriting works just fine but as soon as I make changes I'm set for `index.php` in the permalinks as then the rewrite rules are updated. WordPress here incorrectly infers that URL rewriting might be unavailable. If I trick WordPress into believing I'm running on nginX by making HAProxy sending `$_SERVER['SERVER_SOFTWARE'] = 'nginx'` rewriting works fine and the `index.php` prefix for permalinks is gone. This might be resolved by adding a condition for HAProxy in `got_url_rewrite()` and defining a `is_haproxy` global similar to the one for nginX which then checks if the `SERVER_SOFTWARE` contains `HAProxy`." nebulon42 Needs Patch 9296 Settings API & Permalink Settings Page Bug jfarthing84 Permalinks 2.7.1 normal major Future Release defect (bug) reopened 2009-03-07T05:33:55Z 2020-09-25T23:12:01Z Although there is a hook in the options-permalink.php to insert custom settings, it does not actually save any custom setting which is added to that page. Instead of posting to options.php like all the other options pages, it posts to itself and only handles the form data which is built into the wordpress core. It should be implemented on that page to also store custom settings that may be hooked onto that page. jfarthing84 38 Needs Patch 47207 Specific custom permalink 404 on archive page Permalinks 5.2 normal normal Awaiting Review defect (bug) new 2019-05-10T00:22:54Z 2019-05-10T02:15:23Z "If we set a custom permalink of /%year%/%monthnum%/%day%/%postname%/ archive pages will be /2019/05/ If we want european/asian/african/southamerican D/M/Y date format /%monthnum%/%year%/%postname%/ archive pages will be /2019/05/ US format but doesn't matter, at least it works but with this permalink: /%day%/%monthnum%/%year%/%postname%/ archive pages (at least on archive widget) will be /05/2019/ Which looks good But returns 404 with default wp and theme and WP 5.1.1 or 5.2 tried to go to /2019/05/ but 404 too" briandd 1 Needs Patch 30784 Subsites won't show 404 with default permalink structure Permalinks normal normal Future Release defect (bug) new 2014-12-19T17:10:49Z 2020-07-02T14:20:26Z "On my Multisite (subfolder) installation, I have every site set to use the default (ugly) permalinks. If I go to a subsite and add extra invalid characters after the site name, it displays the site, not a 404 error page. Example: If I type in domain.tld/sitename/EXTRACHARS it displays the content from domain.tld/sitename, yet keeps the /EXTRACHARS in all the links. I spoke with Andrea Rennick and she said that this happens because WordPress ignores anything after the sitename because pretty permalinks are not enabled. This all came up because our Google appliances were crawling millions of invalid URLs because .tld/sitename/EXTRACHARS returns a 200, instead of a 404. Would it be possible to make it so that an invalid URL would return a 404 instead of ignoring characters beyond the sitename when permalinks are set to default?" danhgilmore 4 Needs Patch 52295 The response is not a valid JSON response - URL permalink using the ? sign Permalinks 5.6 normal normal Awaiting Review defect (bug) new 2021-01-14T10:39:41Z 2021-02-20T22:24:44Z "Encountered a problem at a friend's blog so tried to recreate it on a test site. 1. Installed vanilla WP_5.6-he_IL with no additional settings or changes on shared Dreamhost hosting with default settings - no cache, Cloudflare or any other settings. Server uses php 7.4 2. Created a first post - everything works great. 3. Changed the permalink to the simple permalink format e.g. /?=123, that was the default in older versions. 4. Tried to create a new post with a URL inside the post and got the above mentioned error message. 5. Changed to other permalink structures - no problem at all. " rshlo 1 Needs Patch 38595 Unable to access wp-admin/options-permalink.php when .htaccess file is on NFS Permalinks 4.4 normal normal Awaiting Review defect (bug) new 2016-10-31T19:03:14Z 2017-05-03T05:59:25Z "After nearly a week of troubleshooting, we have identified an issue with wordpress which is preventing us from storing our .htaccess file on an NFS mount. This issue exists as far back as 4.4 In order to reproduce: install wordpress in a directory where .htaccess is located on a mounted nfs share. Once wordpress is installed, navigate to yoursite.com/wp-admin/options-permalink.php - the page should fail to load. This issue appears to be caused by the function ""flock();"" in the function ""insert_with_markers();"" in wp-admin/includes/misc.php Per PHPs documentation, flock(); is only acceptable for use on local filesystems. I found an existing ticket regarding this function - #31767 - if I understand correctly, flock(); was added to the ""insert_with_markers(); function to resolve a concurrent write issue on shared filesystems. Disclaimer: I am not a PHP developer, and only understand the basic concepts. The testing for the above bug consisted of commenting out functions till I could find the source of the issue. Commenting out the ""flock();"" function in the ""insert_with_markers();"" function resolved the issue in our environment." kicwordpress 3 Needs Patch 41272 Unattached media URLs broken for anything over 1000 Permalinks normal normal Awaiting Review defect (bug) new 2017-07-07T23:09:21Z 2017-07-08T16:26:17Z "'''Steps to reproduce''' 1. On your local computer, rename a file to {{{1180.jpg}}} 2. Upload the file to the Media Library 3. Visit {{{example.com/1180}}} You will get a 404 broken link. If you do the same for a 1, 2 or 3 digit filename, you won't see the issue. {{{ example.com/31.jpg // Works example.com/872.jpg // Works }}} The problem isn't just related to images. {{{ example.com/1871.mp3 // 404 }}} " henry.wright 6 Needs Patch 35529 Updating to 4.4.1 causes new pretty permalinks for media to break existing permalinks kraftbj Permalinks 4.4 normal normal Awaiting Review defect (bug) assigned 2016-01-19T18:43:41Z 2022-08-01T19:36:30Z "When updating a site from v4.0.9 to v4.4.1 at least one page (which is a top-level page for the site) is getting ""-2"" added on to its slug while an unattached image takes the original slug. This causes problems for SEO as well as breaking things that depend on results from functions like `is_page('slug')`." nyodulf 17 Needs Patch 32048 Uploaded file reserves a name, page can't be named it. Permalinks 4.1.1 normal normal Awaiting Review defect (bug) new 2015-04-22T03:51:57Z 2017-03-09T01:04:29Z "1) Upload a file-name.png file to media library. 2) Publish a page named ""file-name"". 3) Note that (if site is set to post-name permalink) the page is now file-name-2 4) Try to rename the attachment and then give the page the natural name, and it still doesn't work. This might have a similar root cause as bug #13459." programmin 5 Needs Patch 36746 WP v4.5.1 broke something in the Permalinks settings Permalinks 4.5.1 normal normal defect (bug) new 2016-05-04T00:41:24Z 2019-06-04T20:58:32Z "WP v4.5.1 broke something in the Permalinks settings. The Plain Permalink settings do work, though: http://domain/?p=123 One weird thing I saw just now while I was trying different Permalink settings is that several times the word ""blog"" appeared in all the Common Settings example URLs when it never had before. For instance: http://domain/blog/2016/05/04/sample-post/ But it is no longer there now. Now that Day and name common setting shows as: http://domain/2016/05/04/sample-post/ " voidPortal 5 Needs Patch 41008 WP_Error wrote instead of category name in wp_options table, category_base field Permalinks 4.8 normal normal Awaiting Review defect (bug) new 2017-06-12T12:31:13Z 2020-09-08T21:18:17Z "I just installed WordPress 4.8, yet I'm not sure it's a bug specific of this version or not. The issue is documented in the following post: http://www.ryadel.com/en/catchable-fatal-error-object-of-class-wp_error-could-not-be-converted-to-string-wordpress-fix/ Long story short, it seems that sometimes (when some errors occurs, in my scenario was a I/O error) the category_base value of the wp_options table gets filled with a WP_Error json object instead of a category name. This raises an exception in the rewrite.php script (line 326) when the function tries to use that value against a regex, expecting a string. Sadly enough, it doesn't seem easy to reproduce. " Neilgaiman 4 Needs Patch 55597 WordPress 6.0-beta2-53224 not creating .htaccess Permalinks 6.0 normal critical Awaiting Review defect (bug) assigned 2022-04-21T10:58:53Z 2022-05-24T18:46:49Z "on my development site (Plesk Obsidian, Centos 7.9) a fresh installed latest WP 6.0 beta2 does not create an .htaccess file at all. Steps: - wordpress-6.0-beta2.zip does not contain .htaccess - unzipped and uploaded to site - domain opened in browser - run set up process until login - no .htaccess created - table wp_options 'permalink_structure' contains ""/index.php/%year%/%monthnum%/%day%/%postname%/"" - login as admin - selecting a permalink structure and saving on /wp-admin/options-permalink.php - table wp_options 'permalink_structure' contains ""/%postname%/"" as expected - no .htaccess created - repeated saving of permalink structure does not help to create .htaccess - no entry in debug.log - as to be expected: permalinks not working in front end - only solution: create a basic .htaccess manually To me this seems a severe bug. Found this while testing one of my plugins on WP 6.0 before updating it to plugin repository Chris PS: no answer required " campation 17 Needs Patch 58125 WordPress post-name permalink is not compatible with Nginx server, working fine with Apache. Permalinks 6.2 normal normal Awaiting Review defect (bug) new 2023-04-13T10:33:44Z 2023-05-04T14:36:56Z "While I am setting up WordPress in my local environment, after setting up my WordPress I clicked on the sample page link from my home it redirected me to the sample page, and then I changed the permalink to the post-name nav link is not working properly and giving a 404 error. I have provided an image link here. [[Image(https://ibb.co/k84qkBV)]]" lovesoni1999 Needs Patch 48786 Wrong URLs to categories, authors etc. to a site in a multisite Permalinks 5.3 normal normal Awaiting Review defect (bug) new 2019-11-25T01:41:48Z 2023-03-15T15:37:53Z "WP returns a wrong URL to a term if the term is in another site of a multisite. Terms like categories, tags, authors, date archives and other terms. How to reproduce: execute this code, with site ID and post ID as examples of valid values in the current installation, in a subsite different to site ID = 3: {{{#!php %s', esc_url( get_category_link( $category->term_id ) ), esc_html( $category->name ) ); } print join( ', ', $category_links ); restore_current_blog(); }}} If other base names for the category and tags are used (being specified on the Permalinks Settings page) the bug is more obviuos. In the next example the subsite is the german version of the main site, so the site path is '/de' and the category base name is specified to 'kategorien', and the german name for the category 'General' is 'Allgemein': On the english main site the code prints this URL to the german category 'Allgemein': {{{https://www.example.com/de/blog/category/allgemein/}}} which is wrong. The correct URL is {{{https://www.example.com/de/kategorie/allgemein/}}} On the german subsite the code prints this URL to the english category 'General': {{{https://www.example.com/kategorie/general/}}} which is wrong. The correct URL is {{{https://www.example.com/blog/category/general/}}} The code sets correct links if it is executed in the site with the ID = 3 (e.g. is current site is same as the site being switched to). Same is with similar functions like: {{{ get_author_posts_url() get_category_link() get_month_link() get_post_format_link() get_post_type_archive_link() get_tag_link() }}} " Hinjiriyo 1 Needs Patch 51953 "flush_rewrite_rules works not as the same as pressing ""save permalinks"" in backend (breaks system)" Permalinks 5.5.3 normal normal Awaiting Review defect (bug) new 2020-12-07T08:23:09Z 2020-12-07T08:23:09Z "Hello! We got a strange issue in one of our production systems. It has the latest WordPress version (5.5.e). Deactivating all plugins is not possible on the production system. If a plugin (e.g. after updating) is using flush_rewrite_rules, it breaks the permalinks for the woocommerce backend. However, the fix to this issue is, to simply save the permalinks via the backend again and everything works fine. Where does the implementation of the two functions differ? Should both functions not work the same?" rocket.works Needs Patch 53346 get_permalink( $post->ID ) returns plain permalink instead of pretty permalink for CPT registered on subsite Permalinks 5.7 normal normal Awaiting Review defect (bug) new 2021-06-07T10:39:15Z 2021-06-07T11:09:34Z "I have a multisite network with CPTs that are registered individually by subsite. The main site provides an overview of these, using {{{ get_permalink( $post->ID ); }}} to link to the pretty permalink location in each subsite. After the introduction of {{{ wp_force_plain_post_permalink() }}} in WP 5.7.0 #52373 #5272 **get_permalink()** returns plain permalinks due to failing to pass the test in **wp_force_plain_post_permalink()**: {{{ $post_type_obj = get_post_type_object( get_post_type( $post ) ); }}} **get_post_type_object()** returns null, as the CPT is not present in the global **$wp_post_types** of the main site (even after trying switch_to_blog( $post->blog_id );" 1theo Needs Patch 23117 permalink failed on IIS7 and Reserved Proxy for wordpress 3.5 Permalinks 3.5 normal normal defect (bug) new 2013-01-04T06:30:33Z 2019-06-04T20:43:38Z "it seems to work fine on local but get into a canonical redirect loop when we deploy to production after we upgrade to wordpress 3.5. We did a little debug and found the issue with permalink in file .\wp-includes\canonical.php at line 42 with new coded ""&& !iis7_supports_permalinks()"" added in 3.5. the issue is iis7 does support permalink and so it go into create and redirect to pretty link which use the website URL in wp-admin settings which is the site URL. when it hits the site URL, our reserved proxy write back to the wordpress site on diff server with port and canonical.php think that's incorrect, so it redirect back to the website URL and the loop go on and on. we found a temp workaround but not desirable, add this ""remove_filter('template_redirect', 'redirect_canonical');"" in the function.php file in the theme folder you are using. or add a wordpress plugin or simply remove the additional codes in canonical.php file that was added in 3.5. but may cause issue in future upgrade." romeoqngo 1 Needs Patch 41132 permalinks are broken when using PHP7.0-fpm with nginx Permalinks 4.8 normal normal Awaiting Review defect (bug) new 2017-06-22T21:34:07Z 2020-05-29T05:43:02Z "Setting permalinks to anything but plain causes a white screen of death with the nginx error message: the error is ""2017/06/22 19:55:49 [error] 20482#20482: *28040 FastCGI sent in stderr: ""Primary script unknown"" while reading response header from upstream, client: MYIPHERE, server: MYSERVER, request: ""GET /apps/my-secret-drinks-android/ HTTP/1.1"", upstream: ""fastcgi://unix:/var/run/php/php7.0-fpm.sock:"", host: ""MYHOST"", referrer: ""https://MYDOMAIN/apps/"" This is my Nginx site configuration: https://paste.ngx.cc/7e It was working when I was using php5-fpm and only started after upgrading php5-fpm to php7.0-fpm" Towlieban Needs Patch 39670 urlencoded non-alphanumeric permalink Permalinks 4.8 normal normal Awaiting Review defect (bug) new 2017-01-23T16:47:15Z 2020-12-15T21:49:22Z "I don't know it is the problem of wordpress or not. It may yes or it may other problem like server or php setting. When I update new version of wordpress, some permalink that contains non-alphanumeric characters not working. Because $req_uri of WP::parse_request() in class-wp.php has urlencoded. So I think it's better to urldecode to proceed parsing. {{{#!php list( $req_uri ) = explode( '?', $_SERVER['REQUEST_URI'] ); $req_uri = urldecode($req_uri); // added to fix urlencoded permalink $self = $_SERVER['PHP_SELF']; }}} " jeongsu 3 Needs Patch 45819 when {category|tag}_base include spaces their rewrite rules don't get generated correctly, resulting in 404's Permalinks normal normal Awaiting Review defect (bug) new 2019-01-03T17:00:58Z 2019-01-03T17:00:58Z "Steps to reproduce: 1. Go to Settings > Permalinks 2. Enter ""this is a test"" in the `category_base` field 3. Click ""Save Changes"" 4. Notice that `category_base` gets saved as ""this%20is%20a%20test"". 5. Notice that the rewrite rules such as the following get generated: {{{ 'this%20is%20a%test/(.+?)?$' => 'index.php?%20was%$matches[1]&%20test%$matches[2]' }}} instead of (what I imagine the correct rule would be) {{{ 'this%20is%20a%test/(.+?)?$' => 'index.php?category_name=$matches[1] }}} I'm not sure whether the best thing to do is to disallow spaces in `{category|tag}_base` or to fix`WP_Rewrite::generate_rewrite_rules()` to generate correct rules if they do include spaces." pbiron Needs Patch 37160 Pingbacks fail on multi-page posts Pings/Trackbacks normal normal defect (bug) new 2016-06-23T18:48:37Z 2019-06-04T21:00:55Z "Repro: 1. Publish a post to pingback in a subsequent post and assure that the site/post will allow pings. 2. Create a second post that has multiple pages with a reference to the post created in step 1 in one of the later pages (sample content below). 3. Publish the second post. Expected: The pingback will register. Actual: The pingback doesn't register. If you repeat steps 2 and 3 but move the link to the post created in 1 to the first page, the pingback works. Here's some sample content to demonstrate the issue: {{{ Page One Page Two Page Three with pingback: http://pleasetest.me/2016/06/23/page-to-ping/ }}} This fails because the pingback code checks the pinging post to confirm that the pung link exists in the content. Since the pung link displays on a subsequent page, it's not displayed on the un-paginated permalink. Thus when the pingback code fetches the pinging link, it doesn't find a link to itself in the content and it discards the pingback. But this is a valid use case and not an instance of spoofing (which I take it is what this check is designed to prevent). I'm not sure if there's some parameter we could append to the url when we fetch to validate the link in context that might skip the pagination. If so, that might be the simplest fix. I suppose another fix might be to look for `verifying pingback` in the user agent (which is included in this validation request's UA) and skip pagination if found. That feels kind of brittle, though." dllh Needs Patch 56380 The pingback function does not work on internal or external links Pings/Trackbacks 6.0 normal normal Awaiting Review defect (bug) assigned 2022-08-15T15:21:44Z 2022-08-15T15:35:18Z "Whenever I publish an article, I add some internal and external links, but there is no pingback for internal and external links. I have published an article [https://freetestpractices.com/2022/08/15/short-essay-on-wordpress/] and added some external and internal links, but no pingback received (Internal link). I have also changed themes (Generatepress) and deactivated all the plugins. Unfortunately, it's still not working. How to get help in this matter, please help me. " awdhesh19 1 Needs Patch 57363 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding Pings/Trackbacks 6.1.1 normal normal Awaiting Review defect (bug) new 2022-12-20T23:25:00Z 2023-05-05T14:17:38Z "Hi, Is this issue going to be fixed? No one has really answered this in the forums." edavis711 6 Needs Patch 49703 do_all_pings brings race back Pings/Trackbacks 5.4 normal normal Awaiting Review defect (bug) new 2020-03-26T02:54:21Z 2020-03-26T06:20:14Z In ticket #2088, the patch changes if condition to while loop to fix race condition, but the current version uses if condition again, which brings race problem back. The patch is from ticket #36824. caseqiu Needs Patch 14902 weblogUpdates.extendedPing does not implement standard josephscott Pings/Trackbacks 3.0.1 normal normal defect (bug) reviewing 2010-09-19T23:35:37Z 2019-06-04T20:41:29Z "When a blog post is published or updated, Update Services are notified if they are listed in the Wordpress Writing Settings panel. The services are notified by the weblog_ping() function in comment.php That function first attempts an XMLRPC call to the service's weblogUpdates.extendedPing. If that fails, it attempts to notify weblogUpdates.ping. {{{ if ( !$client->query('weblogUpdates.extendedPing', get_option('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping $client->query('weblogUpdates.ping', get_option('blogname'), $home); }}} '''1) The weblogUpdates.extendedPing does not match the published standard.''' See: http://www.google.com/help/blogsearch/pinging_API.html Where 5 parameters are specified: * Name of site * URL of site * URL of the page to be checked for changes * URL of RSS, RDF, or Atom feed * Optional a name (or ""tag"") categorizing your site content. You may delimit multiple values by using the '|' character. The third parameter should be the page to be checked for changes, and not the RSS feed. No 4th or 5th parameter is passed. '''2) The weblogUpdates.extendedPing does not take advantage of notifying the service of the exact page that changed (as is provided in the standard)''' If implemented correctly, this would allow the receiving service (perhaps a search engine) to come directly to the correct page for re-indexing, instead of trying to figure it out from the RSS feed. I am unable to find if pingomatic.com publishes a competing version of the standard. " Scott Schram 2 Needs Patch 52874 "Activating plugins on Install page randomly errors with ""The plugin does not have a valid header"" message." Plugins normal normal Awaiting Review defect (bug) new 2021-03-21T01:09:33Z 2021-03-22T22:10:18Z "This seems to be something that has been occurring for some time without resolution in core. Just started seeing a lot more reports of it recently for one of my plugins, which lead me to dig and see that it has been occurring in the same way to other plugins for years. Issue: On Plugin Installer page, if you install and activate plugins it can show the following message: ""The plugin does not have a valid header"". Most users get around it by going to the All Plugins page and activating without issue. Plugin that currently seems affected include: - Content Control - [W3 Total Cache](https://www.pixelwars.org/forums/topic/the-plugin-does-not-have-a-valid-header/) - [Zapier](https://wordpress.org/support/topic/the-plugin-does-not-have-a-valid-header-198/) And some from the past few years with same issue: - [Etsy Shop](https://wordpress.org/support/topic/the-plugin-does-not-have-a-valid-header-150/) - [Jotform](https://www.jotform.com/answers/2975729-jotform-wp-plugin-plugin-does-not-have-a-valid-header-error) That was only what I found on first page of google." danieliser 2 Needs Patch 59288 Blocks API JSX Map in Save function does not rerender Plugins 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-05T18:39:00Z 2023-09-05T18:39:00Z "Hi, I am building a custom block, it is a hero slider. In the parameters I am defining an attribute called slides which has an empty array as it's default value. In the Edit function : {{{ registerBlockType(""fa-gutenberg-blocks/fa-01-hero-slider"", { edit: Edit, save: Save, }); }}} It loads fine and I can create add new elements to it like so {{{ const addSlide = () => { const emptySlide = { title: """", description: """", media: { url: """", id: null }, ctaLabel: """", ctaURL: """", backgroundColor: ""#CCC"", }; const newCurrentSlide = slides.length; setAttributes({ slides: [...slides, emptySlide], }); setTimeout(() => { setAttributes( { currentSlide: newCurrentSlide, }, 200 ); }); }; }}} However in the Save function it does not load an empty array the attribute is undefined. To try and solve this I set the slides attribute to an empty array if undefined, as I added objects to the slides array they appeared in the Save function. I then called a array map method on the slides in the returned JSX in the save function which returned some html for each array item. When I loaded the the block on the actual page (not the edit screen) it did not render the mapped JSX html, but the attribute slides does contain the updated array. To see the full code view the repo here : https://github.com/frankastin2023/fa-hero-slider " frankastin2023 Needs Patch 36288 Bug Found when you update plugins... Plugins 4.4.2 normal normal defect (bug) reopened 2016-03-21T20:20:04Z 2019-06-04T20:55:53Z If you leave the checkbox(s) when you go to update a plugin php errors appear and a success message appears but no plugins where updated... georgemou 3 Needs Patch 32041 Bulk updating selected Plugins with and without updates fails Plugins 4.1.1 normal normal defect (bug) new 2015-04-21T17:54:54Z 2019-06-04T20:49:39Z "In WordPress 4.1.1 (and possibly some earlier releases of 4) there is a bug in the following scenario. Your site has n+ plugins that need updated. You navigate to the general 'installed Plugins' page. You select ALL plugins (including those without updates) and go to Bulk Actions and select 'update'. In prior versions WordPress would only update the plugins in the selected list with updates. Currently it takes you to the updating screen and says it's finished without updating any plugins or listing any plugin updates in the updating screen." gmariani405 4 Needs Patch 31515 Cannot enable plugins with protected function redeclarations (PHP Fatal Error) Plugins 3.9.3 normal normal defect (bug) new 2015-03-03T18:48:17Z 2019-06-04T20:49:25Z "I'm working on a codebase where the theme or plugins concurrently declare the same function inside a function_exists() however the original plugin defines the function without a function_exists check. In this situation, all the declarations can live together at runtime, but attempting to activate (or reactivate) the original plugin causes an error. Since the plugin initialization sandbox occurs after wp is loaded, the other plugins (with their checks) will have filled the function, any additional function declarations will fail. However this is merely an artifact of the initialization system -- as this plugin is being artificially run much later than it will be regularly running. A usecase -- perhaps you are trying to wean yourself off the Advanced Custom Fields plugin so you've implemented the get_field function in the theme's functions file in a function_exists check. After disabling the ACF plugin, you decided to reenable it to adjust a field. Game over, Fatal Error." brokentone 3 Needs Patch 53395 Cannot use wp_is_mobile() in Network activated plugins Plugins normal normal Awaiting Review defect (bug) new 2021-06-14T10:31:25Z 2021-06-14T21:56:30Z "Steps to reproduce - Create a network site - Create and activate a simple custom plugin, use wp_is_mobile() function anywhere in that plugin - Login to the network dashboard and then activate the plugin You will see an error: Uncaught Error: Call to undefined function wp_is_mobile() Looking at the source code of wp_is_mobile(), I can't see anything that would prevent it from loading earlier. Maybe it should be loaded earlier? " promz 1 Needs Patch 36704 Delete Plugin not compatible with Bulk Actions Plugins 4.5.1 normal normal defect (bug) new 2016-04-28T19:56:38Z 2019-06-04T20:58:09Z "`delete_plugins()` has a `foreach` loop which calls `uninstall_plugin()` which defines a constant: {{{ define('WP_UNINSTALL_PLUGIN', $file); }}} A constant cannot be defined twice. If several plugins are selected for bulk deletion and two of these have uninstall.php, only the first one will see the expected constant value. For example, Jetpack's uninstall.php dies immediately when the constant contains an unexpected value. This prevents the code at the end of `delete_plugins()` finishing the job for the plugins that were uninstalled and deleted. (Jetpack's uninstall.php isn't exactly doing it right, but it's a very real example.) The obvious fix is to remove Delete from bulk actions on the Plugins page. This leaves the working parts in working order and buys time to rewrite the delete/uninstall API to work with a bulk delete function if this is desirable. Part of the rework would involve rewriting `uninstall_plugin()` and the uninstall.php pattern so that it can return a `WP_Error` instead of dying. This way, `delete_plugins()` could continue without leaving the work of `delete_plugins()` incomplete for the plugins that were uninstalled. I propose removing Delete from bulk plugin actions until the uninstall API is made compatible with bulk deletion." andy 1 Needs Patch 18563 Disallowing editing of .php files in the plugin editor blocks access to allowable extensions Plugins 2.8 normal normal defect (bug) new 2011-09-01T04:12:29Z 2019-06-04T20:42:15Z "By using the editable_extensions filter, a user can disallow the editing of php files (more accurately: files with a php extension...) {{{ add_filter( 'editable_extensions', 'disallow_php_file_editing' ); function disallow_php_file_editing( $editable_extensions ) { unset( $editable_extensions[0] ); return $editable_extensions; } }}} However, the file selected when first clicking on the Editor link in the menu is always a php file, so the user is given the ""Files of this type are not editable"" wp_die() message without being presented with a chance to select a file with a different/allowable extension." trepmal 10 Needs Patch 49731 Display embeds in WordPress plugin descriptions Plugins normal normal Awaiting Review defect (bug) new 2020-03-31T03:05:52Z 2020-03-31T04:08:25Z "The WordPress.org plugin directory [https://meta.trac.wordpress.org/browser/sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php#L573 supports two shortcode embeds] (specifically `[youtube` and `[vimeo`) and [https://meta.trac.wordpress.org/browser/sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php#L1401 several oembed locations]. Most of these embeds appear to return `iframe` elements, which are removed by Core, see [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/plugin-install.php#L533 $plugins_allowedtags]. For example, the Updraft Plus plugin has an embed on the WordPress.org site, but not within the WordPress Add new plugin screen. If you have Jetpack installed, it appears that it converts the `iframe` into a shortcode and displays that instead. This was originally reported as #meta2846, see that ticket for an example of the HTML that's stripped by this behaviour." dd32 Needs Patch 43505 Display of html encoded text in dashboard. Plugins normal normal Awaiting Review defect (bug) new 2018-03-08T21:59:56Z 2018-03-08T22:57:45Z "I have discussed the issue in this thread https://make.wordpress.org/polyglots/2018/02/26/hello-18/, I report here the issue of the display of the text in UI, not the editorial choice of the translation itself. In fr_FR and fr_CA, there where changes done (last year?) to accomodate french ponctuation typographic rules but also, I guess, make sure the text doesnt fall on two line inadvertantly (ex. ""text !"", so a non-breaking space is inserted instead of a space). This non-breaking space is inserted as html encoded entity and it looks like it is displayed as is, without decoding like it is visible in this exemple screenshot : https://imgur.com/a/iVy9h " anonym999999 Needs Patch 50554 Do not use iframe for plugin information dialog Plugins normal normal Awaiting Review defect (bug) new 2020-07-03T22:38:07Z 2020-10-08T23:11:45Z When you click a plugin title in the Add Plugins page, the plugin information dialog displays inside an iframe. This causes a problem if your htaccess file has X-Frame-Options: DENY. A solution to this problem would be to not use an iframe for the dialog. techboyg5 Needs Patch 53384 "External plugins who can auto-update are always listed under ""auto-updates"" disabled" Plugins 5.7.2 normal normal Awaiting Review defect (bug) new 2021-06-11T13:57:21Z 2021-12-10T17:46:55Z "On my site, I have four plugins who can auto-update yet in the plugin screen they are shown under ""auto-updates disabled"". I think it would be better if those come under a list that has the name: ""external updating"" or something of that nature. OR a way for devs to tell WP their plugins can auto update so it doesn't appear on that list...? In it's current implementation, it can give the wrong idea to a site admin. " NekoJonez 9 Needs Patch 52443 Extra networkwide param in activate_plugin function Plugins normal normal Awaiting Review defect (bug) new 2021-02-04T08:52:18Z 2021-02-04T08:52:18Z "The issue is an extra $_GET parameter that is added in the `activate_plugin` function. {{{#!php may appear first. When the menu separator
  • appears first in the menu, unwanted extra margin is created. This issue occurs when the Dashboard menu item has been disabled, but could occur under other menu reorganizations and configurations." monopine 2 Needs Patch 40795 If plugin zip file has very long name, windows systems can fail to upgrade Plugins 4.7.5 normal normal Awaiting Review defect (bug) new 2017-05-17T23:17:52Z 2018-09-17T17:01:06Z "If a plugin upgrade zip file has an extremely long name and the plugin a deep directory structure, windows can fail to create directories and therefore the plugin upgrade will fail. I suggest WordPress have an upper limit on the working directory name that is well-shy of that limit--and realistically, even 32 characters might be plenty, as the upgrader only needs to avoid other plugins being upgraded at the same time. Windows has a 247-character limit to the total ''path'' name for directories, as said directory needs to be able to hold, at a minimum, an ""8+3"" file, and allow for a null byte or similar at the end of path + file (260 total characters). As an example, SearchWP fails to upgrade on my local system (WAMP running on top of Windows 10) because the downloaded zip filename is 142 characters long ''sans'' extension (redacted in case this is a license key): {{{ XXX0XXX0XxxxXXxxXXX0XxXxXxX0XXXxXxXxXXXxXxXxXXX0XXx 0X0XxXXx0XxX0XXxxXXX0XXx0X0XxXXX0Xxx0XxX0XXXxXXX0XX XxXxx0xXXXXx0xXXXxxxxxXxxxX0XxXxX-0xxXXx.zip }}} Combine that with my wordpress location on disk: {{{ C:/wamp/www/example/wp-content/upgrade/ }}} And this directory cannot be created because the total path is 254 characters long (including the hidden null): {{{ C:/wamp/www/example/wp-content/upgrade/XXX0XXX0Xxxx XXxxXXX0XxXxXxX0XXXxXxXxXXXxXxXxXXX0XXx0X0XxXXx0XxX 0XXxxXXX0XXx0X0XxXXX0Xxx0XxX0XXXxXXX0XXXxXxx0xXXXXx 0xXXXxxxxxXxxxX0XxXxX-0xxXXx/searchwp/vendor/ pdfparser/vendor/smalot/pdfparser/src/Smalot/PdfParser }}} I think that while this may be an outlier, it's a hard bug to chase for a vendor who may not have windows systems available...and even they do have such an environment available, the results returned by Apache when running WAMP (or in similar environments) does not reflect the actual cause of the error. Looking at the structure above as pretty much as edge-case as you are likely to get, even a truncate at 64 characters would have been more than adequate, while 32 characters would give quite a bit of room for flexibility. I believe that this could be affected by altering `wp_tempnam()` in `file.php`: {{{ /** * Returns a filename of a Temporary unique file. * Please note that the calling function must unlink() this itself. * * The filename is based off the passed parameter or defaults to the current unix timestamp, * while the directory can either be passed as well, or by leaving it blank, default to a writable temporary directory. * * @since 2.6.0 * * @param string $filename Optional. Filename to base the Unique file off. Default empty. * @param string $dir Optional. Directory to store the file in. Default empty. * @return string a writable filename * * @since x.x.x * @param int|string $maxlen Optional. Maximum length (excluding extension) of returned filename */ function wp_tempnam( $filename = '', $dir = '', $maxlen = 32 ) { if ( empty( $dir ) ) { $dir = get_temp_dir(); } if ( empty( $filename ) || '.' == $filename || '/' == $filename || '\\' == $filename ) { $filename = time(); } // Use the basename of the given file without the extension as the name for the temporary directory $temp_filename = basename( $filename ); $temp_filename = preg_replace( '|\.[^.]*$|', '', $temp_filename ); // new: truncate the filename if longer than specified $max = intval( $maxlen ) > 0 ? intval( $maxlen ) - 6 : 32; $temp_filename = strlen( $temp_filename ) > $max ? substr( $temp_filename, 0, $max ) : $temp_filename; // ... remainder omitted for clarity return $temp_filename; } }}} An alternative would be to require plugin upgrade files to have filenames shorter than [insert recommendation here], though actually checking that would mean a similar chunk of code would need to be added elsewhere in WP. (Not sure exactly where the best place to document this for plugin authors, which could be done immediately.)" rogerlos 5 Needs Patch 60448 Iframe from `$errmsg` is now removed from error message in the plugins page Plugins 6.3 normal normal Awaiting Review defect (bug) new 2024-02-06T21:27:23Z 2024-02-14T06:08:56Z "We have a `die` with a message in case of a plugin activation failure here: https://github.com/Automattic/sensei/blob/1933acc544be8a98866bec1b8790a5b195d5b4c7/sensei-lms.php#L65. The message used to work until WordPress 6.3, and it stopped working. I think it was broken with this change: [https://github.com/WordPress/WordPress/commit/768f51f60c308a06492dcda163b80c1c3ff6ebb9#diff-2740240ae408614059218246dd59f4bea9590b6c3f78a2bba71b1afbf8315e7a changeset 56573, wp-admin/plugins.php] The reason seems to be because the iframe is now concatenated in the `$errmsg` variable, which is sent to the `wp_admin_notice`, and later it goes through the `wp_kses_post`, being removed." renathoc 1 Needs Patch 60728 Install/upgrade latest supported version of plugin, when latest version of plugin is not supported Plugins trunk normal normal Future Release defect (bug) new close 2024-03-07T20:49:11Z 2024-03-14T13:38:00Z "== Expected behaviour == When a user finds a plugin to install and the latest version requires a newer version of WordPress, an older version of that plugin which does support the installed version of WordPress is installed. When a user goes to the plugins page to update their plugins, the user is prompted to install newer versions of a plugin which still support the installed version of WordPress. == Actual behaviour == User is presented with an error telling them that the plugin doesn't support their version of WordPress and can't be installed. User is not shown any updates available for plugins where the latest version doesn't support the installed version, even if dozens of newer versions are available which do support it. == Problem == This becomes a particular problem when using something like the Debian packaged version of WordPress (where the version will only be updated every 2 years) when combined with plugins (e.g. Yoast) that, for some reason, keep increasing the minimum version every few months to the latest release. In the above situation, the user upgrades to a newer version of WordPress, but the plugin has already made a new release that requires an even newer version of WordPress. Thus the user doesn't get any notification or easy way to upgrade a plugin which is now several years old and doesn't work with the installed version of WordPress." Dreamsorcerer 2 Needs Patch 52637 "Loading issue with ""popular plugin"" tab - twice the same page." Plugins 5.6.2 normal minor Awaiting Review defect (bug) new 2021-02-24T11:05:41Z 2021-03-10T09:40:04Z "Quite often when I scroll through the ""popular"" section of the plugin page, I get duplicate pages. As in, two pages that are the EXACT same. At the moment of writing, I started at page 1470 out of 1470 and went back using the arrows. Page 1468 and 1469 duplicated. I thought this was a cache issue, so I cleaned my cache... And the problem came back. I thought it was a browser enigne issue so I switched from Opera (Chromium) to Firefox (Gecko) and still found the same issue. On same pages, sadly I can't give an example but I often notice that the first two or three plugins of the list are the same as the last two on the previous page.... " NekoJonez 2 Needs Patch 33215 Main plugin file loaded multiple times under special circumstances on Network Activate Plugins 4.2.3 normal normal defect (bug) new 2015-07-31T10:06:02Z 2019-06-04T20:50:57Z "Consider the following code in the main plugin file: {{{ function test_plugin_install ( $network_wide = null ) { if ( $network_wide ) { trigger_error( 'Please activate individually.', E_USER_ERROR ); } } register_activation_hook( __FILE__, 'test_plugin_install' ); }}} and a multisite setup with * mysite.intern as main site * one.mysite.intern, two.mysite.intern, etc. as blog sites Now, if you first activate the plugin ''individually'' on mysite.intern, and then select ""Network Activate"", the following is logged: {{{ PHP Fatal error: Please activate individually. in test_plugin.php on line 17 PHP Fatal error: Cannot redeclare test_plugin_install() (previously declared in test_plugin.php:15) in test_plugin.php on line 15 PHP Fatal error: Cannot redeclare test_plugin_install() (previously declared in test_plugin.php:15) in test_plugin.php on line 15 }}} and only the last error is displayed on the admin page. If the plugin is first activated on another blog site or isn't activated individually anywhere, only the expected ""Please activate individually"" error is thrown and displayed on network activation, as expected. Wrapping the function test_plugin_install in a conditional only results in the next function in the plugin file triggering the redeclaration error." ccprog 4 Needs Patch 43077 Misleading error when updating plugins Plugins 4.9.1 normal normal Awaiting Review defect (bug) new 2018-01-12T10:22:04Z 2018-09-16T03:45:16Z "Hi, I am in /wp-admin/plugins.php A plugin has a new update and I click ""Update now"". After a few seconds I get ""'''Update Failed: Could not copy file.'''"" However, when I refresh the page and I see that the plugin was updated. After a few tests I realise that if there are Core Translation Updates and they fail(for example due to bad filesystem permissions), you will get the error mentioned above even though the plugin was successfully updated. I would like to comment on two things: a) The translations shouldn't get updated with any plugin update. I might NOT want to update the translations. By doing it in the background without asking me that's bad. b) The error message shown is irrelevant to the plugin update and might cause confusion to some admins who might try to reinstall manually a plugin or do any other changes which might eventually end up breaking a site for nothing. Thanks in advance for your time." SGURYGF 3 Needs Patch 42656 Multisite Global $pagenow variable Plugins 5.1 normal normal Awaiting Review defect (bug) reopened 2017-11-22T03:58:15Z 2019-03-22T13:35:45Z "When the site is configured as multisite, plugins are loaded before ""vars.php"", causing plugin getting null value when trying to access the $pagenow variable. Sample Plugin : Brightcove Video Connect Defect : Setting page is empty Caused by : In the setting page logic, it will check whether $pagenow is in the array of 'admin-ajax.php', 'admin.php', 'post-new.php', 'edit.php', 'post.php'. And since the $pagenow is not initialized yet, it will just display an empty page." thorthecoder 2 Needs Patch 59413 PHP Warning: Undefined property: stdClass::$plugin Plugins 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-20T17:17:32Z 2023-10-27T22:06:50Z "Just checking php www-error.log and saw that there was this error: PHP Warning: Undefined property: stdClass::$plugin in /var/www/html/my-website/wp-admin/includes/class-wp-automatic-updater.php on line 228 Site is working as usual but the log is full of these warnings. PHP 8.0.27 Apache 2.4.37 WordPress 6.3.1" zerofoolcoder 1 Needs Patch 44696 Plugin Deactivation Page Jump Plugins 4.9.7 normal minor Awaiting Review defect (bug) new 2018-08-01T21:22:58Z 2020-06-22T16:58:18Z "This isn't so much a bug as it is a gripe with the plugin management interface that has long annoyed me. If you have a number of plugins installed and activated: 1. Scroll down the list of plugins 2. Deactivate a plugin near the bottom 3. Page refresh jumps back to top of the list Often, I am deactivating and reactivating plugins for testing or development purposes, or to check for potential conflicts. Having the page jump back to the top after deactivation, then having to scroll down the list of plugins and find the same or similarly named plugin again tends to waste a lot of my time. I think it would be much more convenient to load an anchor link to the deactivated plugin upon the page refresh, rather than sending the user back to the top of the list with every deactivation. Just a suggestion that would help me, and I'm sure many others. Thanks! :D" organicthemes 2 Needs Patch 50349 "Plugin Update deletes plugin and showing ""could not delete old plugin"" message." Plugins 6.2 normal normal Awaiting Review defect (bug) new 2020-06-09T16:54:11Z 2023-04-21T14:06:08Z "I just came across this on my local machine (Windows). I had a plugin directory open in vscode editor. I had also previously edited one of the files in that plugin (added {{{error_log}}}s in one of the functions for testing). I may or may not have had same file open with further unsaved changes (I don't know at this point). In the Plugins page I clicked the ""update now"" in the plugin row (directory was still open in vscode). The update resolved with a ""Could not delete old plugin"" error notice. However the plugin was removed and directory is left empty." apedog 7 Needs Patch 58214 Plugin authors should not be able to delete tags from SVN repository Plugins normal normal Awaiting Review defect (bug) new 2023-04-28T00:14:26Z 2023-04-28T00:14:46Z On https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/#delete-old-versions it notes that plugin developers may choose to delete from the SVN repository old tagged versions. I think that allowing plugin authors to rewrite history of production releases is a bad thing for WordPress to allow, much less suggest in the docs. The reason is that you may be relying on those older versions in your WordPress installation so a clean build might break without warning. E.g., if you are using wpackagist for dependency managementd, this can happen: https://github.com/outlandishideas/wpackagist/issues/497 . Since tags represent actual production releases (per the first link) WordPress should not allow tags to be deleted from the repository (or any other history to be rewritten for that matter if that's a thing in SVN), going forward. rkaiser0324 1 Needs Patch 41141 Plugin edit: Missed message about making file writeable Plugins normal normal Awaiting Review defect (bug) new 2017-06-23T18:09:08Z 2017-06-23T18:25:28Z "Again, the messages are easy to miss. This may get scooped up in one improving ticket, but worth reporting. [[Image(https://cldup.com/zzF9FEjMvT.png)]] " karmatosed 1 Needs Patch 41139 Plugin editing: Should the 'browsing' stand out more? Plugins normal normal Awaiting Review defect (bug) new 2017-06-23T17:56:50Z 2017-06-23T18:25:28Z "This message seems to get lost on the page: [[Image(https://cldup.com/ZKUO4NfdPq.png)]] While we are reviewing this making it not just say 'active' and making the message a bit more relatable could be good. " karmatosed 1 Needs Patch 44072 Plugin repository search error - cannot find plugin with Author's name Plugins normal normal Awaiting Review defect (bug) new close 2018-05-14T13:02:45Z 2023-10-20T00:33:06Z "If I search with Author option selected in plugin repository (/wp-admin/plugin-install.php), no plugin is found unless the author name is present in the Plugin name or may be somewhere in the description. Example: I searched with `Takayuki Miyoshi` as a Keyword and got a handful of result, but when I selected Author, it returned no result." subrataemfluence 5 Needs Patch 31184 Plugin update API times out too easily in practice, and is not handled gracefully Plugins 4.1 normal normal defect (bug) new 2015-01-30T16:54:46Z 2019-06-04T20:48:57Z "In wp_update_plugins() the timeout is set to ""Three seconds, plus one extra second for every 10 plugins"" when not doing a cron job. I did some testing (with reasonable bandwidth) and in practice I need about twice that to be safe. I realize you need to arbitrarily choose something, but the problem is that if timeouts do occur, there are unhandled warnings like Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /media/sf_shared/digipowers/www.digipowers.com/httpdocs/wp-includes/update.php on line 297 which doesn't alert you to the real problem, which is that api.wordpress.com took too long to resolve. To repro this, clear your transients to force an update check, and then force the timeout in class-http.php:96 to something short like 1s: {{{ /** * Filter the timeout value for an HTTP request. * * @since 2.7.0 * * @param int $timeout_value Time in seconds until a request times out. * Default 5. */ 'timeout' => 1, //apply_filters( 'http_request_timeout', 5 ), }}} Recommend you do 2 things: 1) increase the default timeout for the plugin check from say 5 to 10. 2) handle this condition more gracefully by stating what's wrong in this case, e.g., : ""WordPress could not connect to the API server to check for plugin updates; please try again later."". And needless to say, don't throw PHP warnings as they break the headers if you have error_reporting and display_errors set to be loud. " rkaiser0324 2 Needs Patch 51467 Plugins API endpoint regex breaks javascript parsing. Plugins 5.5 normal normal Awaiting Review defect (bug) new 2020-10-07T12:47:36Z 2021-07-28T13:40:02Z "The plugin endpoint `/wp/v2/plugins/(?P[^.\/]+(?:\/[^.\/]+)?)` added in 5.5 breaks JavaScript parsing of the regular expression. This can be tested by adding the following into the console: `new RegExp(/^[^.\/]+(?:\/[^.\/]+$/);` Which results in: `VM90:1 Uncaught SyntaxError: Invalid regular expression: /^[^.\/]+(?:\/[^.\/]+$/: Unterminated group at :1:1` One of the effects is that the node-wpapi library can no longer autodiscover WordPress endpoints: https://github.com/WP-API/node-wpapi/issues/476" nielsdeblaauw 5 Needs Patch 59109 Prevent plugins from creating admin accounts Plugins 6.3 normal normal Awaiting Review defect (bug) new close 2023-08-15T13:32:51Z 2023-08-15T16:38:19Z "Honestly someone needs to see the sense in this. I'm pretty confident if you petitioned the worldwide wordpress community everyone would want this fixed regardless of it being self hosted or wordpress.com this is a flaw in the current wordpress. I have given you the email to describe the issue it explains fully. This flaw needs to be fixed. (13:14:10) James: Regardless of whether it's open source or not WordPress needs to be secure (13:14:23) James: People. Business, even enterprise use your product (13:14:59) James: There must be a way for WordPress to prevent any plugin from creating a admin account surely? (13:15:21) James: And only allow WordPress admin to do it (13:15:46) James: That would eliminate the flaw (13:15:54) James: And actually make it secure (13:16:57) James: I don't get how all these minds working on wordpress don't get this is important (13:17:55) Happiness Engineer: Part of the open source spirit is that everything is open and available to change for everybody. After downloading the software you can do with it whatever you want, this is what's also appealing for a lot of developers and users. (13:18:19) James: What you basically telling me is this flaw is OK because wordpress is open source? It's not OK? (13:18:28) Happiness Engineer: Suggestions to improve the software can be made using a tool called Trac https://core.trac.wordpress.org/ (13:19:46) James: Can you send this email to me please (13:19:54) James: I will post this message there (13:20:13) Happiness Engineer: You will receive a transcript of this conversation after we close i. (13:20:25) James: OK thanks let's close it (13:23:41) Happiness Engineer: Ok, no problem. Feel free to pop back in if there is anything else we can help you with. Conclusion... Honestly think of this from a critical point of view, this is a Flaw, that should be able to be fixed so that Plugins cannot make admin accounts and only Admin can make admin accounts. I'm not a coder, and I do not have the foggiest how this would be done, but I hope it can be done, because if you surveyed everyone who uses wordpress I think everyone would feel safer with this implemented." tspnet 1 Needs Patch 36705 Read-only plugins are uninstalled before deletion fails Plugins 4.5.1 normal normal defect (bug) new 2016-04-28T20:06:04Z 2019-06-04T20:58:14Z "Plugin uninstall happens before deletion is attempted. If the plugin's files are read-only, the plugins list action says ""Delete"" but all that happens is uninstall and an error. Plugins that cannot be deleted because they are read-only in the filesystem should not have Delete buttons. `is_writable()` should be checked while constructing the actions. If read-only, either remove the button or replace it with an action which deletes the plugin's data and leaves the files. I prefer the latter." andy 1 Needs Patch 57606 Recently Active instead of Recently Deactivated Plugins 6.1.1 normal major Awaiting Review defect (bug) new 2023-02-02T10:42:48Z 2023-07-09T15:35:23Z "Hello team, Hopefully, you are doing well. I am Afzaal Shamraiz a WordPress developer and a learner. I found on the 6.1.1 version that when I deactivate any plugin, the new filter comes up in the plugin filter menu ""**Recently Active**"", but when I click on it, it displays the list of the recently deactivated plugins, please make this correction. I think it should be ""**Recently Deactivated**"" [[Image(https://ataatravels.com/wp-content/uploads/2023/02/wordpress-bug.png)]]" afzaalshamraiz 1 Needs Patch 40252 Redirection during activation Plugins normal normal Future Release defect (bug) new 2017-03-24T19:33:28Z 2024-02-29T10:56:50Z "for example, i select several plugins (which are deactivated) at once and click BULK ACTIVATE... if any of plugin has custom filter `add_action( 'activated_plugin', ...` (inside where it redirect to plugins settings page after activation), then those plugins are not activated in bulk, instead while that plugin's turn comes, it is activated and the page is redirected to that plugin's url.. i think there is no easy solution... you should create a new hook, that will be named i.e. `redirect_to_after_activation` which will be solely dedicated and used for redirection, while that plugin is activated individually. " tazotodua 3 Changes Requested 58291 Speed up WordPress hooks addition/removal by ~20% Plugins 6.3 normal normal Awaiting Review defect (bug) new changes-requested 2023-05-11T01:02:20Z 2023-06-22T11:54:57Z "I present a patch where `add_filter`/`remove_filter`/`has_filter` are sped up by ~20%. Here's what's changed in the proposed patch: - Calling a static method than a function is faster - check `static-faster.php` for proof - Removed unused arguments, passing less data to the stack - speed should be obvious here - [https://github.com/php/php-src/blob/7c44baa/ext/spl/php_spl.c#L661-L672 spl_object_id] is faster than [https://github.com/php/php-src/blob/7c44baa/ext/spl/php_spl.c#L649-L659 spl_object_hash], as we are not calling [https://github.com/php/php-src/blob/7c44baa/ext/spl/php_spl.c#L674-L677 strpprintf]. - Sometimes `WP_Hook::build_unique_id` will return a string (when concatenated), and sometimes an integer, but this should be okay. - No need to concatenate `'::'` - speed should be obvious here, fewer strings to concatenate - If the argument is an object, return `spl_object_id` right away rather than constructing a pair where the second element is `''` and then concatenate that empty string - speed should be obvious here - Bail early on `add_filter` if `$idx` is null - speed should be obvious here Tested with PHP 8.2.5 by launching `wp shell` a lot of times, after adding `mu-plugin.php` to the `mu-plugins` folder. With the patch applied, several runs average `0.19570341110229492`. Without the patch, the runs average `0.24287629127502441`. Calculating `abs(0.24287629127502441 - 0.19570341110229492)/0.24287629127502441` we get a 19.57% improvement. " bor0 11 Needs Patch 41140 Theme/plugin editing: Long file list goes off page Plugins normal normal Awaiting Review defect (bug) new 2017-06-23T18:01:40Z 2017-06-23T18:25:28Z "If you have a long list of files, the list goes a long way down. Could we paginate? Have a 'scrollbox' (probably bad idea)? Have some better way of showing these? [[Image(https://cldup.com/91gj2sr2jz.png)]] " karmatosed 1 Needs Patch 37395 Transients should be replaced with options, e.g. plugin delete notification Plugins normal normal defect (bug) new 2016-07-18T12:04:04Z 2019-06-04T21:01:46Z "Transient data is not guaranteed. Even in the shortest possible duration, on a page redirect! In `wp-admin/plugins.php` : {{{ set_transient('plugins_delete_result_' . $user_ID, $delete_result); //Store the result in a cache rather than a URL param due to object type & length wp_redirect( self_admin_url(""plugins.php?deleted=$plugins_to_delete&plugin_status=$status&paged=$page&s=$s"") ); }}} Now a delete notification is not critical, but it would be just as easy to do this with `set/get/delete_option()`, and set a good example for plugin authors. The retrieval step does an immediate delete: {{{ $delete_result = get_transient( 'plugins_delete_result_' . $user_ID ); delete_transient( 'plugins_delete_result_' . $user_ID ); }}} So it looks easy to write a patch substituting `set/get/delete_option()`, modulo multi-site perhaps. I expected to see more of these in the WP codebase related to notifications, but it's mainly other stuff. About half the use of transients in WP is wrong. I'll list them here for future bugs, but I leave this bug for the Plugins component. * GOOD: wp-admin/includes/dashboard.php ( $cache_key, 'plugin_slugs' ) * BAD: wp-admin/includes/template.php ( 'settings_errors' ) * GOOD: wp-admin/includes/theme-install.php ( 'wporg_theme_feature_list' ) * BAD: wp-admin/plugins.php ( see above: 'plugins_delete_result_' . $user_ID ) * ALL GOOD: wp-content/themes/* * PROB. BAD: wp-trunk/wp-cron.php AND wp-includes/cron.php ( 'doing_cron' ). Using it as a file lock is either egregious or just confusing, depending on whether it is doubling as a global store for the same run. Why not use `*_option()` instead? * GOOD: wp-includes/author-template.php ( 'is_multi_author' ) * PROB. BAD: wp-includes/class-feed.php ( $this->name, $this->mod_name ) * PROB. BAD: wp-includes/media.php ( $regeneration_lock ). Bad if it's to protect successive ajax calls, confusing if it's a global store for the same run. * GOOD: wp-includes/ms-functions.php ( 'dirsize_cache' ) * BAD: wp-includes/pluggable.php ( 'random_seed' ) * GOOD: wp-includes/rss.php ( $cache_option ) * BAD: wp-mail.php ( 'mailserver_last_checked' ) You were expecting a Clint Eastwood reference? Should all be easy fixes. " kitchin 1 Needs Patch 60318 Update URI: false - sometimes not working Plugins normal normal Awaiting Review defect (bug) new 2024-01-22T14:21:01Z 2024-01-22T14:21:01Z "I've recently copied and modified a small plugin from wp-org for my own need. I've set the {{{Update URI: false}}} header. However on the Plugins page, the View Details link still leads to the original plugin and the Enable/Disable auto-updates button link is present. I've changed the main plugin file name to something else, but not the directory name, however the View Details link is still present. I've removed the {{{readme.txt}}} file and that seems to do the trick. To test this, I've then tried restoring the {{{readme.txt}}} file, removed the {{{Update URI: false}}} header and renamed the plugin file to its original wp-org name. The View Details link was NOT restored. However, changing the plugin file name to something new again DID restore the View Details link. The experience has been very inconsistent throughout. I'm running a LocalWP installation on Windows 10. WordPress 6.4.2 PHP 8.2 VSCode editor. This is not a long-term problem for me as I intend to rename the plugin file AND directory name, but thought I'd report this bug for the record." apedog Needs Patch 54602 Update bug caused crash and removal of Jetpack Plugins normal major Awaiting Review defect (bug) new 2021-12-09T02:39:27Z 2021-12-09T14:50:31Z "There's a bug in your latest update. The plugin update failed to properly install on my wordpress, and it removed Jetpack from my site. I can't reinstall Jetpack because the system is still reading a destination folder. I know this isn't a support section, but this is a bug issue, so I'm mentioning it here. Please fix the problem, and hopefully, let me know how to reinstall Jetpack correctly on my site, which is: amberdaulton.com Thanks! Amber" amberdaultonauthor 1 Needs Patch 49901 Updating plugins error messages for multiple plugins that error Plugins 5.4 normal normal Awaiting Review defect (bug) new 2020-04-14T02:05:08Z 2020-04-14T06:46:37Z "When updating plugins and more than 1 plugin causes an error the first error displays ok, but subsequent errors don't show correctly. They show the first plugin's error message not their own. When I update both plugins separately they both show the correct error message. When I update both plugins together, the first is correct but the second shows the same error message as 1st even its name.... " scole01 1 Needs Patch 45853 Videos embedded in a plugins readme.txt does not load while searching for a plugin in an actual WP install (not wp.org) Plugins 5.0.2 normal normal Awaiting Review defect (bug) new 2019-01-07T16:06:38Z 2022-03-07T15:37:45Z "If you embed a video within your plugins readme.txt file it only shows the video on the wp.org website, videos do not load when you're searching for a plugin via an actual WordPress install. In addition, if you install a plugin and click on ""View Details"" to learn more about the plugin, the video also does not load here either. Inspect element shows an empty span tag: {{{ }}} This should either embed the video or at the least display a link to the video. Here's an example plugin for reference: https://wordpress.org/plugins/simple-icons/" thememason 1 Needs Patch 32602 View Details links for plugins on individual sites on a Multisite Network use the network admin URL Plugins 4.0 normal normal defect (bug) new 2015-06-09T21:05:31Z 2019-06-04T20:50:34Z "To duplicate, make sure you allow the plugins.php page to show on subites. Have (at least) one plugin that is ''not'' network activate and go to an individual site's plugin.php page. The URL for ""View details"" will be for the network admin, not the site. With WP installed at example.com: example.com/subsite/wp-admin/plugins.php links to example.com/wp-admin... subsite.example.com/wp-admin/plugins.php links to example.com/wp-admin... mappeddomain.com/wp-admin/plugins.php links to example.com/wp-admin... This is problematic when you have admin over HTTPS and the cross-site-scripting sanity check stops the view-details page from loading. `/wp-admin/includes/class-wp-plugins-list-table.php` line 628 has `network_admin_url()` in there, which is why it's defaulting to the network domain. https://core.trac.wordpress.org/ticket/17902#comment:31 and https://core.trac.wordpress.org/changeset/29595 appear to be where this issue stems from. To quote @jjj ""It probably just needs a series of `is_multisite()` and `is_plugin_active_for_network()` checks."" The URL should probably just default to whatever the URL of the current site is, to prevent cross-site shenanigans." Ipstenu 2 Needs Patch 48656 Views details blocked by SAMEORIGIN Plugins 5.3 normal major Awaiting Review defect (bug) new 2019-11-15T19:43:41Z 2019-11-17T17:19:12Z "Hello, On multisite, the ""view detail"" link on this page /wp-admin/plugins.php (in each plugin) is bloked by an error {{{ Chargement refusé par X-Frame-Options : « SAMEORIGIN » à l’adresse « https://example.com/wp-admin/network/plugin-install.php?tab=plugin-information&plugin=loco-translate& », le site ne permet pas l’utilisation de cadres multiorigines depuis « https://example.com/wp-admin/plugins.php ». }}} " sebastienserre 2 Needs Patch 56729 Vulnerability in plugin update notification (impersonation of plugins with possible RCE) Plugins normal normal Awaiting Review defect (bug) new close 2022-10-04T09:21:13Z 2022-10-04T09:32:00Z "During the development of a private plugin (not uploaded to the WordPress market https://es.wordpress.org/plugins/) with our own metadata, we noticed that the WordPress plugin update notification system informs us that an update is available for our plugin, how is this possible? Well, the only explanation for this is that the update review system is based solely on the plugin's folder name, ignoring any authorship metadata and project URIs. To make sure that the update system is evidently ignoring any data in the plugin's metadata, we proceed to download it (the plugin). This confirms our suspicions, the update system is only governed by the name of a directory. Due to this lack of security in the metadata check, the only solution so far is to never activate the auto-update and to manually check each update. If you click on the ""update now"" link, the system will install the possible malicious plugin without any confirmation. Criticality: HIGH [8.8] - Exploitation of this vulnerability would affect the server in remote code execution (RCE) mode. It is downgraded from critical to high because it requires human action on plugin configuration. CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected environments: All installations with custom plugins that are not in the official WordPress marketplace. Aggravated if the unattended updater is accidentally activated. If a maintenance technician is unaware of the custom plugin development and hits the update button. Conclusion: As there is no signature checking system in the plugin update review system, there is a possibility of impersonation of our plugin if an attacker created a plugin in the official market with the same name as the directory of our custom plugin, being able to execute remote code on our server. Temporary solution: Disable the automatic update systems and generate plugin page with a so that no one can get to take that name to perform the impersonation. Having today as a warning, process to request a CVE ID for the formal vulnerability write-up. " sylm87 1 Needs Patch 49656 WP_Plugins_List_Table: redirects on core row actions when the current view is a custom view Plugins normal normal Awaiting Review defect (bug) new 2020-03-16T18:49:55Z 2020-03-16T18:49:55Z "`WP_Plugins_List_Table::__construct()` sets a global variable to the current value of the `plugin_status` query arg. That global is used in the URLs of the row action links ('activate', 'deactivate', etc) core adds, so that when a user clicks any of those links the user is returned to same view they were on. Like all good list tables, `WP_Plugins_List_Table` allows custom views to be added (with the `views_plugins` and `views_plugins-network` filters). The problem is that the list table constructor sets the global variable to 'all' if `plugin_status` query arg is for a custom one. Hence, when the current view is a custom view, then the core row actions take the user back to 'all', which is a bad UX in that he behavior of core's row actions is different depending on whether the current view is built-in to core or is custom. This came up recently in [https://github.com/audrasjb/wp-autoupdates/issues/49#issuecomment-599068276 an issue] opened against the [https://wordpress.org/plugins/wp-autoupdates/ WordPress Auto-updates] Feature plugin. That specific issue will resolve itself when the feature plugin is merged in core because the `plugin_status` for the 2 views it adds will be added to the whitelist in the constructor. But the problem will still exist for any other plugins that add custom views to that list table. `WP_MS_Themes_List_Table::__construct()` also sets a global that is whitelisted to the statuses that core knows about. However, that is not a problem because it doesn't use that global to add a query arg to the row action links: the redirects on the row actions are handled differently. I think the easiest way to address this would be modify `WP_Plugins_List_Table` (and `wp-admin/plugins.php`) to handle the redirects on core row actions actions the same way that `WP_MS_Themes_List_Table` does." pbiron Needs Patch 50850 When the deactivate_plugins() function is called in the ABSPATH/wp-admin/includes/plugin.php file, the is_plugin_active_for_network() conditional tag always returns true when the active_sitewide_plugins sitemeta option is set to 1 Plugins 5.4.2 normal normal Awaiting Review defect (bug) new 2020-08-05T01:28:10Z 2020-09-08T21:11:46Z "On multisite during the process of activating a plugin across the network (sitewide plugin activation), I noticed that if the activation process is not successful or if errors are triggered, the `active_sitewide_plugins' sitemeta option will be set to 1 and this causes the **is_plugin_active_for_network()** conditional tag to return true when called within the **deactivate_plugins** function, which is so untrue. Also, when on the admin or network `plugins.php` screen, the **deactivate_plugins()** function triggers the following error becuase the **$plugins = get_site_option( 'active_sitewide_plugins' )** code doesn't return the correct type (array): {{{ Fatal error: Uncaught Error: Cannot unset string offsets in ABSPATH\wp-admin\includes\plugin.php on line 779 }}} Futhermore, after exploring the error, I found that since the **active_sitewide_plugins** sitemeta option is set to 1 and the **array_keys()** function is used to extract the plugin basenames into a new array and merged with non-sitewide activated plugins, then when used in the **foreach()** loop, this will always return true. {{{#!php upload plugin and you try to insall a .php file instead of a zip file you get this error message: Abort class-pclzip.php : Missing zlib extensions. This error message is bad, zlib extensions are not missing, the file type is wrong. Also this message is missing translation support (I might be wrong on this)." jnhghy 3 Needs Patch 51381 ZIP replacement asks to network activate even when activated Plugins normal normal Awaiting Review defect (bug) new 2020-09-23T15:12:09Z 2021-02-01T17:05:49Z "If you replace the zip of a network activated plugin in a multisite install, it will give you the ""Network Activate"" button, which is confusing." stormrockwell 1 Needs Patch 47882 [Plugins][Add new]: Can't install plugin from More details pop-up Plugins 5.2.2 normal normal Awaiting Review defect (bug) new 2019-08-15T08:39:51Z 2019-08-16T10:40:15Z "1. Go to http://something/wordpress/wp-admin/plugin-install.php 2. Chose a plugin and click on More details. 3. Click on Install Now. Current: The button is depressed, but nothing happens. Expected: The plugin should be installed and the pop-up should disappear. Chrome Version 76.0.3809.100 (Official Build) (64-bit)" daniela1104 3 Needs Patch 55582 cURL error 77 (no https to wordpress.org) Plugins 5.9.3 normal critical Awaiting Review defect (bug) new 2022-04-16T10:29:47Z 2022-04-16T10:29:47Z "In order to install or update a plugin, appropriate functions are called in the backend. They end up with the error mentioned above. WordPress 5.9.3 is installed. The updates and installations work in the CLI. In den Einstellungen ist alles auf https umgestellt. Warning: Ein unerwarteter Fehler ist aufgetreten. Es scheint etwas bei WordPress.org oder mit dieser Serverkonfiguration nicht zu stimmen. Sollte das Problem weiter bestehen, nutze bitte die Support-Foren. (WordPress konnte keine sichere Verbindung zu WordPress.org herstellen. Bitte kontaktiere deinen Server-Administrator.) in ...../public_html/wp-includes/update.php on line 413 " pferderausch Needs Patch 47438 "do_action will convert ""single array object"" as ""object""" Plugins 5.1.1 normal normal Awaiting Review defect (bug) new 2019-05-30T19:42:28Z 2019-10-21T14:53:03Z " {{{ /* Correct if $object is not object*/ $orders = array(); $orders[] = 'abc'; do_action( 'action123', $orders); add_action('action123', 'func123'); function func123($orders){ //$orders will be array here (CORRECT) } /* BUG: if $orders is an object */ $orders = array(); $orders[]=new stdClass(); $orders->name='Order1'; do_action( 'action123', $orders); add_action('action123', 'func123'); function func123($orders){ //$orders will be non-array here (BUG?) } }}} Note: This will run correctly if $orders[] is not object " erikdemarco 2 Needs Patch 59408 how to fix below error Plugins 6.3 normal critical Awaiting Review defect (bug) new 2023-09-20T09:02:30Z 2023-09-20T09:02:30Z Fatal error: Uncaught Error: Call to undefined function topdeal_options() in /home/u380733166/domains/books.lk/public_html/wp-content/plugins/sw_woocommerce/includes/sw-woocommerce-shortcodes.php:960 Stack trace: #0 /home/u380733166/domains/books.lk/public_html/wp-includes/class-wp-hook.php(310): topdeal_buton('') #1 /home/u380733166/domains/books.lk/public_html/wp-includes/class-wp-hook.php(334): WP_Hook->apply_filters(NULL, Array) #2 /home/u380733166/domains/books.lk/public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #3 /home/u380733166/domains/books.lk/public_html/wp-includes/general-template.php(3069): do_action('wp_footer') #4 /home/u380733166/domains/books.lk/public_html/wp-includes/template-canvas.php(25): wp_footer() #5 /home/u380733166/domains/books.lk/public_html/wp-includes/template-loader.php(106): include('/home/u38073316...') #6 /home/u380733166/domains/books.lk/public_html/wp-blog-header.php(19): require_once('/home/u38073316...') #7 /home/u380733166/domains/books.lk/public_html/index.php(17 in /home/u380733166/domains/books.lk/public_html/wp-content/plugins/sw_woocommerce/includes/sw-woocommerce-shortcodes.php on line 960 nirmal1985 Needs Patch 60373 plugin activation errors are accidentally hidden Plugins normal normal Awaiting Review defect (bug) new 2024-01-29T15:25:08Z 2024-01-29T15:25:08Z "in recent versions (can't tell exactly when) seems the admin_notice messages were being filtered by wp_kses_post, which caused breaking changes, which contradicts WP core itself. to reproduce, add this to plugin: {{{#!php register_activation_hook(__FILE__, function($x){ die('plugin can not activate, because XYZ'); } ); }}} then try to activate. it will show admin notice `Plugin could not be activated because it triggered a fatal error` and nothing more. however, it should have shown that XYZ message inside iframe, you can confirm that by looking : https://core.trac.wordpress.org/browser/tags/6.4.2/src/wp-admin/plugins.php#L685 (if you do `var_dump($errmsg)` before that `wp_admin_notice` line, you will see that iframe part is also included in `$errmsg`) however, inside `wp_admin_notice` there is `wp_kses_post` which filters out the `iframe` that was added by core itself: https://core.trac.wordpress.org/browser/tags/6.4.2/src/wp-includes/functions.php#L8891 so, that is contradiction in WP, and should be solved either way. I understand that stripping `iframe` might have been a security step, however, it was done incorrectly. that wp_kses_post should allow iframe, but itself the XYZ message itself (coming from plugin's activation) should be filtered, so that would achieve the security goal. at this moment, that change/misbehavior (which we noticed too late) have broken dozens of our plugins on wp.org. please fix it." ttodua Needs Patch 28727 plugin editor content empty when source contains an invalid character Plugins 3.9.1 normal normal defect (bug) new 2014-07-03T11:39:43Z 2019-06-04T20:47:22Z "I happened to create a plugin source file which contained a pound sterling character (£) copied and pasted from a web page, and which therefore appeared in my Windows text editor as lower case u acute ( hex A3, ascii 163 ). esc_textarea() makes a call to htmlspecialchars() which returns a null value for safe text. {{{ $safe_text = htmlspecialchars( $text, ENT_QUOTES, get_option( 'blog_charset' ) ); }}} Note: blog_charset is UTF-8 So the plugin editor displayed nothing at all for the source. Question: Is this really the expected behaviour? The documentation for htmlspecialchars says If the input string contains an invalid code unit sequence within the given encoding an empty string will be returned, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set. Shouldn't the plugin editor pass ENT_IGNORE OR otherwise issue a message to the user at least advising not to save the empty file when the safe content is nothing like the original. " bobbingwide 5 Needs Patch 25648 plugin.php causes infinite loop and gigabytes of warning messages in error logs Plugins 3.6.1 normal normal defect (bug) reopened 2013-10-21T12:12:22Z 2019-06-04T20:45:02Z "We host several wordpress instances in a multi-user environment on our servers. Some installations cause regulary massive error log files with warnings like these: PHP Warning: next() expects parameter 1 to be array, boolean given in [...]/html/wordpress/wp-includes/plugin.php on line 408 PHP Warning: current() expects parameter 1 to be array, boolean given in [...]/html/wordpress/wp-includes/plugin.php on line 404 After some googling I found out, that this behaviour is known for more than 10 month. So, if you could fix that, that'd be great." ticktoo 19 Needs Patch 60783 plugins_api() and parameters audrasjb* Plugins normal normal 6.6 defect (bug) accepted 2024-03-15T13:57:13Z 2024-03-18T04:04:23Z "Hello there, (running WP6.5+, might be useless to say) By reading the doc for `plugins_api()` you can read that some fields are included or not in the response, the doc says ''""$fields: Array of fields which should or should not be returned.""'' and then you have a list of fields, some true some false by default. Let's try it, this is my simple request on my plugin on repo: {{{#!php 'secupress', 'fields' => [] ) ); }}} Since the doc says ''""@type bool $contributors Whether to return the list of contributors. **Default false**.""'' I should not receive this field. Let see the response: {{{#!php string(37) ""SecuPress Free — WordPress Security"" [""slug""]=> string(9) ""secupress"" [""version""]=> string(7) ""2.2.5.1"" [""author""]=> string(44) ""SecuPress"" [""author_profile""]=> string(41) ""https://profiles.wordpress.org/secupress/"" [""contributors""]=> array(4) { ... }}} There is. Same for those params that are ""false"" by default but still included: ""sections"", ""versions"", ""reviews"", ""banners"", ""active_installs"" (I don't know for ""group"", can't get the thing). Also there is one param that is not affected by the arguments passed and always returned: ""num_ratings"". Finally there is some fields that are always returned where the doc can't help, I tried to use they array keys to cancel them, no chance, this is : ""author', ""author_profile"" (those 2 may be forced, that's ok), ""support_threads"", ""support_threads_resolved"", ""upgrade_notice"", and ""requires_plugin"" (I know it's new, but don't forget it) The patch may have to be done on w.org since this is the site that add too much data and to not respect the passed parameters. Thanks for your time" juliobox 2 Needs Patch 55101 pre_set_site_transient_update_plugins was called from deactivated plugin while uninstall. Plugins 5.9 normal normal Awaiting Review defect (bug) new 2022-02-07T08:59:01Z 2022-02-13T12:45:42Z "I have this sample plugin. {{{#!php hooks(); } static public function uninstall() { error_log('uninstall method was called on ' . date('Y-m-d H:i:s')); } } $ATest = new \ATest(); $ATest->run(); }}} When I click on delete plugin (the plugin is already deactivated), the `pre_set_site_transient_update_plugins` hook was called. To reproduce. 1. Copy and paste the sample code above to new plugin file. For example test.php 2. Go to your WordPress > admin > plugins. 3. Activate this plugin. 4. Go to your DB, delete `_site_transient_update_plugins` option name in `options` table to make sure that this hook will be call next time. 5. Reload admin plugins page. This hook will be called as normal process because plugin is activated. The error log will be write to **wp-contents/debug.log** file. 6. Deactive this plugin. 7. Maybe try to reload plugins admin page again. The hook will not called from this plugin, no error log were write. This is correct. 8. Click on delete this plugin. 9. The error log were write because this hook is called while it is on uninstall process. This is incorrect!! It should not be called. WordPress 6.0-alpha-52682" okvee 1 Needs Patch 45779 probable issue in Plugin activation hook Plugins normal normal Awaiting Review defect (bug) new 2018-12-27T13:38:13Z 2019-01-07T00:17:08Z "i.e. if we have a simplest plugin: {{{ Writing, change the Default Post Format to Video 3) Add a new post, it will show the Video format post selected (even if it's not allowed). Add a Featured Image and publish the post. The Featured Image will not show on the front page. I've tested and reproduced this behavior with WP Admin and Calypso for WordPress.com and on a self hosted site. I tried different themes and post formats, but was able to reproduce only with Video format, and found only this theme that it's not allowed. Let me know if you need any other information. Thanks, Carina Pilar Happiness Engineer Trial" carina.pilar 6 Needs Patch 43613 Default post format setting does not respect theme support Post Formats normal normal Awaiting Review defect (bug) new 2018-03-22T22:20:39Z 2023-08-01T16:30:49Z "In `options-writing.php`, the `Default Post Format` setting does not check whether the current theme supports the built-in formats. Would it not be more intuitive if only the formats supported by the current theme were in the list to select? Then a description could be added underneath to say ""these are the formats supported by the currently selected theme"". Alternatively, there could be a filter added to `get_post_format_strings` in `wp-includes/post-formats.php` to allow themes/plugins to remove available formats from this list. " seanleavey 3 Needs Patch 43482 Draft Posts Throw 404 on Preview when Supporting post_format Post Formats 4.9.4 normal normal Awaiting Review defect (bug) new 2018-03-07T01:07:03Z 2018-03-07T01:07:03Z "A client is reporting that they're not able to preview drafts of some of the custom post types we have running on their site. The issue is not occurring for all post types on their site. I believe I've traced the issue to the fact that the errant post types support ""post_format."" The preview URL that gets generated when I preview the ""ask-the-expert"" post is: https://www.sitename.com/?post_type=ask-the-expert&p=4063&preview_id=4063&preview_nonce=ebffa07dd9&post_format=standard&_thumbnail_id=-1 That above URL throws a 404 page. When I pull out the 'post_format=standard' part of the query, so that the URL looks like: https://www.sitename.com/?post_type=ask-the-expert&p=4063&preview_id=4063&preview_nonce=ebffa07dd9&_thumbnail_id=-1 then the preview loads correctly. Interestingly, just for giggles I also tried: https://www.sitename.com/?post_type=ask-the-expert&p=4063&preview_id=4063&preview_nonce=ebffa07dd9&_post_format=standard&_thumbnail_id=-1 and that also worked as it should. (notice the added underscore before 'post_format.' For now I think I'm just going to disable post formats for the offending post types, but methinks I found a bug. " marklavin Needs Patch 54706 EMBED AND IMAGE SLIDER DON'T WORK Post Formats normal major Awaiting Review defect (bug) new 2021-12-29T10:24:43Z 2021-12-29T10:24:43Z "The blocks ""**Embed**"" and ""**Image Slider**"" does not work. As I view my articles with incognito, these two blocks didn't show anything. Just a white blank. This article is an example: [https://nowmods.com/simple-realistic-3d-far-cry-6/] Some capture for more specific: [https://drive.google.com/drive/u/0/folders/1sl_xIjjaQwe3UVhz4ZnFCSNsQr1NuSDH] Really glad if there will be some fix on this! Thank you." anhdoan Needs Patch 59122 List blocks not working in 6.3 Post Formats 6.3 normal major Awaiting Review defect (bug) new 2023-08-16T15:49:38Z 2023-08-16T16:50:04Z " List blocks can be created in editing, but it is glitchy and jumps around. When the post is saved, the list disappears, along with all information contained in it. Sometimes, it crashes the site (freezes, have to close out and restart) This happened directly after updating to newest version 6.3 Reported by several people in forums https://wordpress.org/support/topic/ordered-unordered-lists-not-working-in-6-3/ " jennyd2 2 Needs Patch 47675 No way to select Standard post format in Formats filter Post Formats 5.2 normal normal Awaiting Review defect (bug) new 2019-07-10T17:04:09Z 2019-07-10T17:04:09Z "Background: #35497, #46591, #47359. [45136] removed post format icons from the posts list table. For some users, as noted in comment:52:ticket:35497, these icons were a convenient way to quickly distinguish posts with a format from standard posts. Use case: when most of the posts have a non-standard format, you'd like check if there are any posts where you accidentally forgot to assign a format. Even with the new Formats filter introduced in [44961], that's no longer possible, as it does not have a Standard option. This seems a bit inconsistent with the Categories filter, where you can filter by Uncategorized. Brought up by @dimalash on support forums." SergeyBiryukov Needs Patch 47359 Unable to distinguish post formats when viewing list tables on mobile Post Formats 5.2.1 normal normal Future Release defect (bug) new 2019-05-23T01:03:32Z 2021-04-27T16:51:41Z "Post format icons were recently removed from post list tables and a post format dropdown menu introduced to allow people to filter posts by format. See #46591 and [44961]. On narrow screens, however, the filter tools are hidden leaving mobile users with no way distinguish the format of their posts. I suggest we revisit the decision to remove post format icons and consider the mobile user experience." ajfleming 9 Needs Patch 59093 WordPress 6.3 and Featured Image Resize Problem Post Formats normal normal Awaiting Review defect (bug) new 2023-08-13T12:59:49Z 2023-08-13T13:06:08Z "Hello, After installing WordPress 6.3, we realized that we have an important problem. The images we upload as Featured are cropping.This can seriously affect our site traffic. How can we prevent this from happening? Our featured images are all high resolution, but they appear as 1200px in Google results. We have been using add_filter( 'big_image_size_threshold', '__return_false' ); since day one. Also in media settings all resolution values are set to 0px. But despite this, after WP 6.3, all our images started to be indexed as 1200px. An image that is normally 3000px is now indexed at 1200px: https://ibb.co/YyrRKwV " ungowp 1 Needs Patch 43326 Delay when setting Featured Image Post Thumbnails 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-15T00:09:47Z 2018-02-15T03:49:14Z "When setting a Featured Image on a page/post, there's a delay of a few seconds after choosing the image. If you hit the page/post Update button before the Featured Image is displayed, it won't be saved. Perhaps disable the Update button until the featured image has finished setting." bluesix Needs Patch 55019 Missing the Upload Featured image and Categories option after update the WP 5.9 Post Thumbnails 5.9 normal major Awaiting Review defect (bug) new 2022-02-01T06:06:16Z 2023-10-18T15:18:47Z "Hello. With the update to WordPress 5.9, I discovered one significant inconvenience. I read all the descriptions, searched the forum, but did not find how to solve a problem. The only way, which is working now – to log out, delete all cookies for the website in the browser, log in back and edit ONE post. For the second post, the problem is back and I need to log out and delete cookies again. And yes, the problem occur even when I deactivate all plugins and use the default theme. [[Image(https://i.ibb.co/0KSmCXK/2022-02-01-08-56-27.png)]] The point is that my theme (like many others) is designed to be used with Featured Image. Previously, it was in the right column in the admin panel, where I can select a picture and the theme displayed as the cover of the post. Also, there was a list with categories, but now it's empty. [[Image(https://i.ibb.co/Br330Hp/2022-02-01-08-57-14.png)]] And of course, I have a lot of categories. And no, I can't activate the Featured image in settings, cause there is NO such setting in the preferences. Sorry for the Russian language on the screens, but you can see that these elements just don't exist. [[Image(https://i.ibb.co/9nFgYcH/2022-02-01-08-56-54.png)]] Now I need to add a block in the text itself with the Featured Image. But the problem is that the theme takes a picture from this block and puts it on the cover. Plus, because I inserted the image into the text, it appears in the text as well. I end up with a duplicate image on the page. I think this is very strange. Please, fix it, cause I can't work with the 5.9 :( We need to spend doubled time on 1 post. Thank you in advance." Kuuuzya 8 Needs Patch 39736 Thumbnail src image link to direct large image, cause low page speed Post Thumbnails normal normal Awaiting Review defect (bug) new 2017-01-29T19:38:13Z 2022-03-22T04:33:53Z "Hi, i have install wordpress and add some images to my post.. but when i test it on page speed check it returns me bad figures you may check http://bit.ly/2k6lXNw. i have used coped images but google take it as large images. I have searched a lot and find out something. related images thumbnail src linked with direct image link you may see through source code: [https://postimg.org/image/k71uvbah9/] it is not causing by theme it is causing by wordpress. but i don't know how to fix it" mcky909 3 Needs Patch 45688 admin_post_thumbnail_html filter no longer works in WordPress > 5.0 Post Thumbnails 5.0 normal normal Awaiting Review defect (bug) new 2018-12-18T15:35:21Z 2018-12-18T15:41:12Z "Hello, It seems the admin_post_thumbnail_html filter not longer working in latest WordPress ?" nik00726 1 Needs Patch 36996 get_the_post_thumbnail and the usage of class attribute Post Thumbnails 2.9 normal normal defect (bug) new 2016-06-02T05:08:46Z 2019-06-04T20:59:46Z "Hi, I noticed that if I use class attribute, it overrides some of the standard classes. So in my example I use header image of custom size: {{{#!php ID, 'custom-header-image-large', array( 'id' => 'featured-image', 'itemprop' => 'image', ) ); }}} In this case WP generates these classes for the header image: attachment-custom-header-image-large size-custom-header-image-large wp-post-image If I add attribute `'class' => 'photo u-photo',` {{{#!php ID, 'custom-header-image-large', array( 'class' => 'photo u-photo' 'id' => 'featured-image', 'itemprop' => 'image', ) ); }}} WP skips some classes and final class list produces only: photo u-photo wp-post-image Is it by design, or a possible bug? Thank you!" TomasM 9 Needs Patch 50847 update_post_thumbnail_cache returns notice when get_the_post_thumbnail used with ID after setup_postdata() Post Thumbnails 5.4.2 normal normal Awaiting Review defect (bug) new 2020-08-04T17:23:43Z 2020-08-21T10:55:00Z "**Situation:** - Inside main loop - foreach over array of (related) post_id's, - use ''setup_postdata($post)'' for each item - Items call get_template_part(something) - Template parts uses ''get_the_post_thumbnail'' which allow a post_ID - ''get_the_post_thumbnail'' calls ''update_post_thumbnail_cache'' (because in_the_loop) - ''update_post_thumbnail_cache'' gives **notice on line 101: Trying to get property 'ID' of non-object** - Restore main loop with wp_reset_postdata() **Possible fix:** Change this {{{#!php posts as $post ) { $id = get_post_thumbnail_id( $post->ID ); if ( $id ) { $thumb_ids[] = $id; } } }}} To this {{{#!php posts as $post ) { if (is_object($post)) { $post = $post->ID; } $id = get_post_thumbnail_id( $post ); if ( $id ) { $thumb_ids[] = $id; } } }}} in /wp-includes/post-thumbnail-template.php line 101 " tomcent 1 Needs Patch 50989 """Blog pages show at most"" setting not working when 2 posts are made sticky" Posts, Post Types normal normal Awaiting Review defect (bug) new close 2020-08-13T17:34:04Z 2023-01-16T16:50:49Z "Version: WordPress 5.5 Site: https://wesleytech.com In WordPress Settings -> Reading, for the setting ""Blog pages show at most"". When a single blog post is set to sticky using the ""stick to the top of the blog"" setting on the blog post edit page, the ""Blog pages show at most"" setting is respected. However, when TWO blog posts are set as sticky, then the ""Blog pages show at most"" setting is NOT respected, and an extra post gets shown on the home page. For example, if your ""Blog pages show at most"" setting is set to 6, and you then make 2 blog posts sticky, then your home page will show 7 posts. " wesleytech 9 Needs Patch 49355 """Publishing failed. Error message: Could not update post in the database"" caused by encoding" Posts, Post Types 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-04T01:30:57Z 2023-07-02T14:44:32Z "I have some text that I am copying into the title of a post. I get the following error: ""Publishing failed. Error message: Could not update post in the database"" The text is: 𝐀 𝐖𝐢𝐧 𝐟𝐨𝐫 𝐚 𝐉𝐮𝐬𝐭𝐢𝐜𝐞 𝐂𝐞𝐧𝐭𝐫𝐞 𝐂𝐥𝐢𝐞𝐧𝐭! I am having trouble understanding what encoding this text is. Why is this failing to save to the database? My database is set to utf8mb4. Why WordPress is choking on it?" 1000camels 2 Needs Patch 48954 """Sticky"" post state shows even for non-Post post-types" Posts, Post Types normal normal Awaiting Review defect (bug) new 2019-12-12T21:54:48Z 2019-12-12T22:15:24Z "Reported in the support forums: https://wordpress.org/support/topic/sticky-tag-remains/ When users of my Post Type Switcher plugin switch a Post into a Page, that page still shows as ""Sticky"" in the Pages list-table UI, even though Pages do not support the ""sticky"" functionality." johnjamesjacoby 2 Needs Patch 18701 """hierarchical"" argument for get_pages() does nothing" DrewAPicture* Posts, Post Types 3.0 normal normal defect (bug) accepted 2011-09-19T06:48:32Z 2019-06-04T20:42:19Z "The `hierarchical` argument for `get_pages()` is never actually used. It is in an `if` statement, but one that requires `child_of` to also be set: {{{ if ( $child_of || $hierarchical ) $pages = & get_page_children($child_of, $pages); }}} Props Vynce Montgomery for pointing this out to me." Viper007Bond 5 Needs Patch 31331 $post->post_date displays current time if status is pending or draft Posts, Post Types 4.1 normal normal defect (bug) new 2015-02-14T17:11:45Z 2019-06-04T20:49:15Z "Create a new post and save as a draft or save as 'pending'. On single.php enter these lines of code: {{{ global $post; var_dump(date(""Y-m-d H:i:s"")); //current time var_dump($post); }}} If you wait about 5 minutes to refresh the front-end page after saving the post as draft/pending, you'll notice that the current time and the $post->post_date are the same (accounting for timezone differences). Further more, if you refresh the page after another 5 minutes, the $post->post_date will change. However, the $post->post_date and $post->post_modified are different. When comparing to the database values, the $post->post_modified matches its database value, but $post->post_date will continue to match the current time and '''not''' what is in the database for `post_date`. It seems to me that the post object should reflect what is in the database regardless of the post_status. If a post is draft/pending, it is inconsistent to use post_date to note when the post was originally created. I can see the code that is responsible for this is on wp-includes/query.php on line 3527-3528: {{{ if ( 'future' != $status ) $this->posts[0]->post_date = current_time('mysql'); }}} I apologize if I'm thinking about this wrongly." danbrellis 1 Needs Patch 46288 'get_extended' breaks when using 'more' gutenberg block Posts, Post Types 5.0 normal normal Future Release defect (bug) new 2019-02-20T10:21:14Z 2019-04-24T06:21:18Z "'get_extended' returns the closing tag ' in the extended content, which prevents 'the_content' filter from working correctly. Steps to replicate: {{{#!php ', '', $post); }}} " joewebber 1 Needs Patch 41128 404 Page not found after using same URL in post / page Posts, Post Types 4.8 normal normal Awaiting Review defect (bug) new 2017-06-22T15:40:28Z 2017-06-22T17:13:21Z "Starting from a clean Wordpress 4.8 installation. 1. Configure permalinks to: http://domain.com/post-title/ 2. Create a post with title 'new' 3. Remove the post with title 'new' to trash 4. Create a new page with title 'new' 5. Remove post 'new' from trash (not necessarily, both cases result in 404) 6. The page you created trows a 404 due to a database error since it has two different objects with the same URL, though different objects. " jpgos Needs Patch 41324 Action of password-protect form. Posts, Post Types normal normal Awaiting Review defect (bug) new 2017-07-14T12:38:49Z 2017-07-14T12:43:17Z "The default form action too-easily (I think just two submissions of a blank or incorrect password) loads wp-login.php?action=postpass with a 'service unavailable' message'). Simple validation to ensure correct password can prevent this. " gulliver Needs Patch 53195 Add $post or $post_id to the quick_edit_custom_box hook Posts, Post Types normal normal Awaiting Review defect (bug) new 2021-05-12T11:17:34Z 2021-05-12T11:17:34Z "Right now when you're adding a custom box to quick edit, you can't set an existing value without using JavaScript, cause you don't have acces to the post. For a more elaborate explanation, see the User Contributed Notes, top one by stevenlinx: https://developer.wordpress.org/reference/hooks/quick_edit_custom_box/ It would be more elegant if we could just use the post within the hook I think." tomjdevisser Needs Patch 59986 Add a filter into the $wp_meta_boxes output loop to provide the ability to change data Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-11-29T13:52:42Z 2023-11-29T15:43:44Z "I have a metabox added via plugin that connects a custom post type with users. But I don't like the name of the Meta Box, it obscures the purpose of the box. So, the plugin doesn't have this option, and I have to change global $wp_meta_boxes for the desired effect, which isn't the correct thing to do. Of course, I could write a plugin author plea to add a filter (and it will be the third ""brilliant idea"" from me in two days 🙈), but it is possible to stumble across this need with another plugin as well. This is why I think it is necessary to add the filter to the core. Related ticket: https://core.trac.wordpress.org/ticket/39969" oglekler 2 Needs Patch 31504 Add new item gives bunch of errors if disabled Posts, Post Types 4.1 normal normal defect (bug) new 2015-03-02T14:00:00Z 2019-06-04T20:49:24Z "I created new post category 'cars'. But cars are added/deleted via Php code automatically via: wp_insert_post(...) and wp_delete_post(...) So I wanted to remove 'add new car' from navigation menu. And somehow remove the 'delete' capability. So I used this code in plugins register_post_type $args: {{{ array( ... 'capability_type' => 'car', /*'capabilities' => array( 'create_posts' => false, // Removes support for the ""Add New"" function - DOESN'T WORK 'delete_post' => false, 'publish_posts' => false, ), 'map_meta_cap' => true, // Set to false, if users are not allowed to edit/delete existing posts */ ...) }}} Appears the 'add_new' is not shown, but now I got bunch of warnings all over the admin: {{{ Notice: Undefined offset: 0 in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1075 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1077 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1081 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1083 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1084 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1084 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1087 Notice: Trying to get property of non-object in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1087 Notice: Undefined offset: 0 in C:\Program Files (x86)\Zend\Apache2\htdocs\GitHub\*WEB-NAME*\wp-includes\capabilities.php on line 1075 }}} " ozzWANTED 2 Needs Patch 13926 Adding 'page-attributes' to a custom post type slows down edit screen in the admin Posts, Post Types 3.0 normal normal defect (bug) new 2010-06-16T20:01:17Z 2019-06-04T20:41:18Z "When I add 'page-attributes' to a custom post type it takes roughly 1.5 to 2 min for the edit screen to load... When I remove 'page-attributes' edit screen load is extremely fast. Under the post type i created I have 5000+ entries." granulr 6 Needs Patch 40500 Adding custom capabilities to a custom post type seems to break permalink link on post edit screen Posts, Post Types 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-20T16:28:46Z 2019-11-27T20:38:26Z "Added custom capabilities to a wordpress custom post type to be used in conjunction with a role scoper plugin .... see: https://www.dropbox.com/s/7gzvma9t3lm028j/Screenshot%202017-04-20%2010.27.15.png?dl=0) ... seems to make the permalink link that shows up on the post edit screen, beneath the title, non-functional (ie, no URL is actually outputted). Also does not have the ""view [custom post type]"" link that typically appears in the black wordpress admin toolbar. Otherwise, everything works as designed. Confirmed on two separate hosts with plugins disabled and default theme. Confirmed that removing custom capabilities fixes the issue. Confirmed that adding capability using alternative method of simply 'capability_type' => array('print', 'prints'), also has the same result. " finitejest 1 Needs Patch 16600 AdminMenu rendering code chokes on uppercase Posts, Post Types 3.1 normal minor defect (bug) reopened 2011-02-20T02:43:25Z 2019-06-04T20:41:50Z "When registering custom taxonomies for a custom post type, if the post type name contains uppercase letters, the menu items for the custom taxonomies are not shown. It looks like the post type name is lowercased in some parts of the core code (but no all) and so string comparisons fail. Just isolated this behaviour, so I'm still not sure how much of the core this affects. Moreover, when I saved posts with the intended mixed-case name, they have been saved to the DB with lowercased post_type It it is indeed the intended behaviour, a note should be added to the Codex: ""Custom Post Type names must be lowercase"" The attached sample (real) code reproduces the problem by setting ""post_type_tag"" to ""DomainName"" instead of ""domain_name"". Numbers work properly, however. Tested with latest SVN (RC4 + r17467)" jltallon 14 Needs Patch 55248 Ajax call has stop to work (single custom post content) Posts, Post Types 5.9.1 normal normal Awaiting Review defect (bug) new 2022-02-24T13:31:54Z 2022-03-01T12:40:41Z "Ajax call which should get a content from a single custom post item has stop to work. On other hand, Ajax call which is getting more Portfolio items (more custom post items) works fine (you have all in the video - sorry for my English). All was fine until the WP ver 5.9 but the bug is there after updating on ver 5.9.1 Video link - https://www.youtube.com/watch?v=Gcxtm4FF58E" zak87 1 Needs Patch 35538 "AllPosts page UI: link ""All"" has incorrect color" Posts, Post Types 4.4.1 normal trivial Awaiting Review defect (bug) new 2016-01-19T23:15:48Z 2023-07-09T20:45:45Z "STEPS TO REPRODUCE: 1) Log in (administrator), remove all posts. 2) Create new post. Go to AllPosts page. 3) Remove post to trash by clicking ""Trash"" menu item. EXPECTED RESULT: ""All (0)"" link color #000 ACTUAL RESULT: ""All (0)"" link color #0073aa" antonrinas 8 Needs Patch 35550 AllPosts page: Tags field does not accept characters <> Posts, Post Types 4.4.1 normal minor defect (bug) new 2016-01-20T21:43:49Z 2019-06-04T20:54:37Z " STEPS TO REPRODUCE 1. Log in as administrator and create new post ""Test post"". 2. Go to AllPosts page. Check ""Test post"" and perform ""Edit"" bulk action. 3. Type into ""Tags"" 2 characters ""<>"". Click ""Update"" EXPECTED RESULT: Characters <> are added as a tag. EXPECTED RESULT: Characters <> are not added as a tag." antonrinas 1 Needs Patch 35606 AllPosts page: contradiction in filtering by Category and category assigning to the post Posts, Post Types 4.4.1 normal minor defect (bug) new 2016-01-25T20:52:14Z 2019-06-04T20:54:43Z "'''STEPS TO REPRODUCE''': 1. Log in as administrator. 2. Go to Posts->Categories. 3. Add category: Name - ""Test category"", Slug - ""test-category"". 4. Add category: Name - ""Test subcategory"", Slug - ""test-subcategory"", Parent - ""Test category"". 5. Go to AllPosts page. 6. Add new post: Title - ""Test post"", assign it to ""Test category"". 7. Add new post: Title - ""Test post for subcategory"", assign it to ""Test subcategory"". 8. Go to AllPosts page. 9. Filter posts by category ""Test category"". '''EXPECTED RESULT''': Post ""Test post"" is presented as a result of filtration. '''ACTUAL RESULT''': Posts ""Test post"", ""Test for subcategory"" is presented as a result of filtration. If to follow this logic, post ""Test post for subcategory"" had to be assigned to ""Test subcategory"" and automatically to parent category in the moment of creation. See attachment." antonrinas Needs Patch 31416 An accessibility issue with the Publish metabox Posts, Post Types 4.1.1 normal normal Awaiting Review defect (bug) new 2015-02-22T22:03:33Z 2018-12-09T20:28:05Z "Taking a closer look at the Publish metabox for posts I realise that it has what I would call a bug. Take a look at the image attached. It tells me a post is published, while it's still asking for confirmation to be published. This screen shows up when first a post is set to private -and so gets published privately- and next is set to public, without hitting the 'Publish' button. The post is actually published privately, which should show up as it's status, as it normally does. It tells me though it's published (which impies it should be published publicly). I stumbled upon this, while I was searching for a more intiutive solution for inexperienced posters on one of my sites to post privately. I found two threads in forums which adress this issue: https://wordpress.org/support/topic/how-to-set-new-post-visibility-to-private-by-default?replies=14 http://wordpress.stackexchange.com/questions/118970/set-posts-of-a-custom-post-type-to-be-private-by-default Neither of threads mention (or seem to be aware?) of this shortcoming, while both try to solve the same issue I'm having. I question whether this problem can be solved, while the Publish metabox has such shortcomings. I hope that by fixing this little bug, it might actually be possible to create a more accessisble Publish metabox for guests on a site, maybe by a hack or plugin, but preferably within the WP core files. [[Image(http://www.basbva.nl/wp-content/uploads/2015/02/publish-metabox-bug.jpg)]]" basbva 8 Needs Patch 60796 An error for page and post without revisions support Posts, Post Types 6.4 normal normal Awaiting Review defect (bug) new 2024-03-18T10:03:04Z 2024-03-18T10:03:04Z "Since **6.4.0** the `$revisions_enabled` argument was added to the arguments array of `register_meta()` function (https://developer.wordpress.org/reference/functions/register_meta/#changelog). For post and page with disabled revisions support there is an error: Error: Function register_meta was called incorrectly. Meta keys cannot enable revisions support unless the object subtype supports revisions. Please see Debugging in WordPress for more information. (This message was added in version 6.4.0.). In register_block_core_footnotes() function `revisions_enabled` argument is permanently set to true and it's makes this error." danielpietrasik Needs Patch 52519 Anchor links not working on password-protected pages (on first click) Posts, Post Types 5.6.1 normal normal Awaiting Review defect (bug) new 2021-02-13T17:40:11Z 2021-02-14T07:31:00Z When first clicking an anchor link, the target of which is a password-protected page, and entering the password, the page is loaded without the #anchor in the URL and without jumping to the anchor content. The person has to go back and click the link again after entering the password to jump to the anchor on the page. chrslcy Needs Patch 49109 Array offset access notice problem with `remove_meta_box()` and `add_meta_box()` function. Posts, Post Types 5.3.2 normal critical Awaiting Review defect (bug) new 2019-12-31T13:57:29Z 2020-02-26T10:56:19Z "When I use `remove_meta_box()` function: {{{#!php false`. But here is the interesting part: {{{ 'delete_post' => null, 'delete_posts' => false, }}} To prevent deletion, I need to specify exactly like above, otherwise I will get notices from WP. In my opinion, we should have 1 approach, like `false`" slaFFik 1 Needs Patch 19031 Category view incorrectly counting custom posts Posts, Post Types 3.2 normal normal defect (bug) new 2011-10-24T02:40:31Z 2019-06-04T20:42:32Z "If you define a custom post-type something like this: {{{ Array ( [taxonomies] => Array ( [0] => category [1] => post_tag ) [label] => Book [rewrite_slug] => [query_var] => [public] => [show_ui] => 1 [show_in_nav_menus] => 1 [publicly_queryable] => [exclude_from_search] => 1 ) }}} Even if the post-type is NOT public or NOT publicly_queriable (see above), the counts of the posts in each category still shows, totally ignoring the settings of the post-type. == Expected Output == I would expect the count to be related to the results displayed. If there are no visible results for that category (i.e. the user can't see them due to public settings), I would expect the count to go to zero. == Actual Output == The count of posts in the given category seems to have nothing to do with the visible results. This is related to this bug: #18950" fireproofsocks 4 Needs Patch 59085 Command Palette - switching posts wrong url redirect for non FSE sites Posts, Post Types 6.3 normal normal Awaiting Review defect (bug) new 2023-08-12T12:24:23Z 2023-08-12T12:24:23Z "With the new update to WordPress 6.3, they introduced the command palette. This is great for quickly and easily switching between posts and other things. It is enabled for all sites (including sites not using a FSE theme) However, when trying to switch to a different post, it redirects me to: {{{/wp-admin/site-editor.php?postType=post&postId=12621}}} Which I then get the error: {{{The theme you are currently using is not compatible with the Site Editor.}}} The command should change the slug it tries to visit depending on if your site supports FSE or not. Either: {{{/wp-admin/post.php?post=12621&action=edit}}} or {{{/wp-admin/site-editor.php?postType=post&postId=12621}}} " tdrayson Needs Patch 52389 Consistently check for non-empty post ID in attachment functions SergeyBiryukov* Posts, Post Types normal normal Future Release defect (bug) accepted 2021-01-28T10:53:31Z 2021-02-17T23:54:41Z "Background: #50679, #52196. As a result of the changes in [49084] and [50039], `wp_get_attachment_metadata()` conditionally calls `get_post()` if the attachment ID is not passed: {{{ $attachment_id = (int) $attachment_id; if ( ! $attachment_id ) { $post = get_post(); if ( ! $post ) { return false; } $attachment_id = $post->ID; } }}} This is not really consistent with other attachment functions, which just always call `get_post()` unconditionally: {{{ $attachment_id = (int) $attachment_id; $post = get_post( $attachment_id ); }}} Let's bring some consistency here, there is no reason for these minor differences. This applies at least to: * `wp_get_attachment_metadata()` * `wp_get_attachment_url()` * `wp_get_attachment_caption()` * `wp_get_attachment_thumb_file()` * `wp_get_attachment_thumb_url()`" SergeyBiryukov Needs Patch 40079 Content of static pages does not show when you have a count_post in the theme Posts, Post Types 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-09T14:08:13Z 2017-03-09T14:14:38Z "in page.php when you have elsewhere: {{{#!php publish; $numberofcats = wp_count_terms('category'); echo ""

    "".$posts."" articles in "".$numberofcats. "" categories:

    ""; ?> }}} then the content inside the loop of a static page will display the content of an article. well for me i fixed it with: {{{#!php "".$count_posts->publish."" articles in "".$numberofcats. "" categories:

    ""; ?> }}} I am testing it on a custom theme but with plain code you will see this too. tested it on a plain installation with custom theme in page.php: {{{

    Categories:

    publish; $numberofcats = wp_count_terms('category'); echo ""

    "".$posts."" articles in "".$numberofcats. "" categories:

    ""; ?>

    "">

    }}} " devlink1337 Needs Patch 57741 "Core throwing 'Attempt to read property ""post_type"" on null'" Posts, Post Types 6.1.1 normal normal Awaiting Review defect (bug) new 2023-02-17T04:04:23Z 2023-02-17T10:25:39Z "A calls B. B calls C. C is calling get_post() passing in args from B. C then proceeds to immediately use the results of get_post() ($post->post_type) without checking the response, resulting in an edge condition where a warning is thrown: Attempt to read property ""post_type"" on null A: https://github.com/WordPress/WordPress/blob/f0789b64238a97adc3ce0c9b8cdf33c1753f550c/wp-admin/post.php#L186-L189 B: https://github.com/WordPress/WordPress/blob/f0789b64238a97adc3ce0c9b8cdf33c1753f550c/wp-admin/edit-form-blocks.php#L249-L253 C: https://github.com/WordPress/WordPress/blob/f0789b64238a97adc3ce0c9b8cdf33c1753f550c/wp-includes/media.php#L4552-L4558" haykuro Needs Patch 20438 Custom Post Types with Post Format support aren't registered against post_format taxonomy Posts, Post Types normal normal Awaiting Review defect (bug) reopened 2012-04-13T16:56:40Z 2022-05-13T22:06:11Z "When a custom post type adds support for {{{post-formats}}}, this doesn't actually register the {{{post_format}}} taxonomy for the post_type. Here's a quick test: {{{ add_action( 'init', function() { register_post_type( 'not-post', array( 'supports' => 'post-formats' ) ); global $wp_taxonomies; var_dump( 'post supports post_format:', in_array( 'post', $wp_taxonomies[ 'post_format' ]->object_type ) ); var_dump( 'not-post supports post_format:', in_array( 'not-post', $wp_taxonomies[ 'post_format' ]->object_type ) ); } ); }}} The {{{post_format}}} taxonomy doesn't get returned when {{{get_object_taxonomies}}} is called for the custom post type and one side-effect of this is that the {{{post_format_relationships}}} cache does not get flushed by {{{clean_object_term_cache}}} leading to stale values when a post format is changed. (The {{{post}}} post_type is immune to this because core registers the {{{post_format}}} taxonomy with it.) When a post_type adds support for post-formats, an explicit association should be made between the post_type and the {{{post_format}}} taxonomy." batmoo 11 Needs Patch 47041 Custom Post type author empty Posts, Post Types 5.1.1 normal normal Awaiting Review defect (bug) new 2019-04-25T11:30:05Z 2020-04-22T06:20:09Z "If I created Custom post type with rest enabled [ for Gutenberg support ] and I try to created/publish custom post type then Post author is empty instead of the current user I checked with bbPress Post type forum, For enabled rest support, refer the following code {{{#!php function twentyseventeen_rest_support_bbpress() { global $wp_post_types; $forum_post_type = bbp_get_forum_post_type(); if (isset($wp_post_types[$forum_post_type])) { $wp_post_types[ $forum_post_type ]->show_in_rest = true; } } add_action('init', 'twentyseventeen_rest_support_bbpress', 25); }}} " dipesh.kakadiya 1 Needs Patch 50843 Default category for custom posts when post_content is empty Posts, Post Types 5.5 normal normal Awaiting Review defect (bug) new 2020-08-04T15:44:52Z 2020-08-11T19:08:40Z "If you enter only the post_content and save, or enter the post_title and post_content and save, the default category is selected and it works as intended. But when I type in only the post_title and save it, no categories appear to be selected. Upon investigating the reason, if no post_content is entered, the post_status value will be ""auto_draft"" and as a result the default category will not be applied. Is the above as expected? WordPress: 5.5-RC1-48708" tmatsuur 1 Needs Patch 41727 Draft page loses its hierarchy on save when other pages are drafts in hierarchy Posts, Post Types 4.8.1 normal normal Awaiting Review defect (bug) new 2017-08-25T13:12:54Z 2020-12-15T22:48:25Z "How to reproduce: 1. Create a set of pages with a status publish 2. Set hierarchy to pages 3. Change the status to of the aforementioned set to draft 4. Open draft for editing. 5. Save as draft. 6. Now you have lost the hierarchy. I think you should retain the hierarchy, because it is quite common use case to build something as drafts before publishing them or taking pages to drafts if they are in need for editing and the user wants them out before edits are done. Tickets possibly related #15541 and #12890. " stode 3 Needs Patch 45801 Duplicate post publish action Posts, Post Types 5.0.2 normal normal Awaiting Review defect (bug) new 2018-12-31T21:53:44Z 2019-01-07T08:37:45Z "I'll try to keep this short. Action ""publish_to_publish"" is being called twice when updating a published post under some circumstances. Web server registers two calls (one to index.php, one to /wp-admin/post.php). First call appears to update the content and non-meta data. Second call updates data from meta blocks. Specifics: Any theme or plugin that adds meta data to a post forces a second call to the update process with the meta block data. Problem: Any plugin that performs actions based on ""publish_to_publish"" is being called twice. In my specific instance the Better Notifications for WordPress plugin sends notifications mails doubled. Wordpress version: 5.0.2 Theme: Customify, no plugins Or Theme: TwentyNineteen, and Plugin: Profile Builder Basically anything that adds meta-data to a post object causes a second, duplicate, action. If meta-data updates should trigger a second action, how can a plugin detect that there has been an additional call?" bmettee4 Needs Patch 55905 Edit date / quick edit not working Posts, Post Types normal normal Awaiting Review defect (bug) new 2022-06-02T16:43:24Z 2022-06-02T16:43:24Z "On one of my WordPress sites, after updating, if I click the ""edit"" link on the publish date or the 'quick edit' on the post list, it doesn't do anything. I've tried deactivating all the plugins and it's still doing it. It is fine on another WordPress site I have. " angiefsutton Needs Patch 41573 Editor and Quick Edit display the slug of a page selected as static front page Posts, Post Types 4.8.1 normal normal Awaiting Review defect (bug) new 2017-08-06T16:52:02Z 2017-08-06T17:22:26Z "Dear Happy Engineers of WP! I'm writing about a possible WP BUG after consulting the issue with 'AThemes Support' that tells me there is this possibility... The issue is about a SLUG that can not be cancelled in a ""Homepage"" (it has been a normal page before choosing it as Static Frontpage...) But please, in order to don't repeat the conversation of the issue, I beg you to read it in the following link where is more clear... https://wordpress.org/support/topic/slug-homepage-static-page-seo-front-page-wp/ Thank you a lot! " cekar Needs Patch 47637 Enhance excerpt_remove_blocks to handle more types of group blocks Posts, Post Types 5.2.2 normal normal Future Release defect (bug) reopened 2019-07-02T11:29:15Z 2021-11-22T07:21:00Z "The function excerpt_remove_blocks only considers top-level Blocks in an allowed list for the autogeneration of excerpts. However, since there is now a Group Block in Core (and a lot of self-developed Grouping Blocks out there), this can lead to autogenerated Excerpts being empty although there is plenty of content within the Post. I propose to add a new filterable ""group blocks"" array, which adds another level to be included in the autogeneration. Additionally, there should be a possibility to register a callback which can be used to generate a custom excerpt dynamically if needed for custom blocks. Change function excerpt_remove_blocks to this: {{{ function excerpt_remove_blocks($content){ $allowed_inner_blocks = array( // Classic blocks have their blockName set to null. null, 'core/freeform', 'core/heading', 'core/html', 'core/list', 'core/media-text', 'core/paragraph', 'core/preformatted', 'core/pullquote', 'core/quote', 'core/table', 'core/verse', ); $group_block_excerpt_functions = array( 'core/group' => 'parse_group_block_excerpt', ); $allowed_blocks = array_merge( $allowed_inner_blocks, array( 'core/columns' ) ); /** * Filters the list of blocks that can contribute to the excerpt. * * If a dynamic block is added to this list, it must not generate another * excerpt, as this will cause an infinite loop to occur. * * @since 4.4.0 * * @param array $allowed_blocks The list of allowed blocks. */ $allowed_blocks = apply_filters( 'excerpt_allowed_blocks', $allowed_blocks ); $group_blocks = apply_filters('excerpt_allowed_group_blocks',$group_block_excerpt_functions); $blocks = parse_blocks( $content ); $output = ''; foreach ( $blocks as $block ) { if(in_array($block['blockName'],$group_blocks,true)){ //We have a group Block with no extra excerpt function $output.= parse_group_block_excerpt($block,$allowed_inner_blocks); } elseif(in_array($block['blockName'],array_keys($group_blocks),true)){ //The Block registered a custom callback for autogenerating an Excerpt $output.=call_user_func($group_blocks[$block['blockName']],$block,$allowed_inner_blocks); } elseif( in_array( $block['blockName'], $allowed_blocks, true ) ) { if ( ! empty( $block['innerBlocks'] ) ) { if ( 'core/columns' === $block['blockName'] ) { $output .= _excerpt_render_inner_columns_blocks( $block, $allowed_inner_blocks ); continue; } // Skip the block if it has disallowed or nested inner blocks. foreach ( $block['innerBlocks'] as $inner_block ) { if ( ! in_array( $inner_block['blockName'], $allowed_inner_blocks, true ) || ! empty( $inner_block['innerBlocks'] ) ) { continue 2; } } } $output .= render_block( $block ); } } return $output; } }}} Add a function parse_group_block_excerpt {{{ function parse_group_block_excerpt($block,$allowed_blocks){ $output = """"; if(!empty($block['innerBlocks'])) { foreach($block['innerBlocks'] as $inner_block){ if('core/columns' === $inner_block['blockName']){ $output .= _excerpt_render_inner_columns_blocks( $inner_block, $allowed_inner_blocks ); continue; } // Skip the block if it has disallowed or nested inner blocks. foreach($inner_block['innerBlocks'] as $inner_inner_block){ if ( ! in_array( $inner_inner_block['blockName'], $allowed_inner_blocks, true ) || ! empty( $inner_inner_block['innerBlocks'] ) ){ continue 2; } } } } return $output; } }}} After that, a custom block can register itself as an group block just by using {{{ add_filter('excerpt_allowed_group_blocks','add_my_awesome_group_block_to_excerpt'); function add_my_awesome_group_block_to_excerpt($allowed_blocks=array()){ $allowed_blocks[] = 'my-awesome/groupblock'; return $allowed_blocks; } }}} or even by using a custom excerpt function for dynamic blocks by using {{{ add_filter('excerpt_allowed_group_blocks','add_my_awesome_group_block_to_excerpt'); function add_my_awesome_group_block_to_excerpt($allowed_blocks=array()){ $allowed_blocks['my-awesome/groupblock'] = 'my_awesome_group_block_custom_excerpt'; return $allowed_blocks; } }}} (I hope i did this right as this is my first ticket)" kuchenundkakao 16 Needs Patch 49812 "EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'""." Posts, Post Types normal normal defect (bug) reopened 2020-04-04T18:33:34Z 2020-11-11T11:26:21Z "We got a problem =( Clean wp installation. Pages /wp-admin/post-new.php /wp-admin/post.php?post=1&action=edit Server configuration: NGINX + PHP-FPM I have a security file /etc/nginx/blog.anv.me/security.conf ... add_header Content-Security-Policy ""default-src 'self' http: https: data: blob: 'unsafe-inline'"" always; ... Content Security Policy is an effective measure to protect my blog from XSS attacks. Console log {{{ [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) (anonymous function) (blocks.js:6146:95) __webpack_require__ (blocks.js:21) (anonymous function) (blocks.js:85) Global Code (blocks.js:86) [Error] TypeError: undefined is not an object (evaluating 'wp.blocks.setCategories') Global Code (post-new.php:1673) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) (anonymous function) (rich-text.js:761:95) __webpack_require__ (rich-text.js:21) (anonymous function) (rich-text.js:85) Global Code (rich-text.js:86) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) createReduxStore (data.js:1722) createNamespace (data.js:1611) (anonymous function) (data.js:2240) (anonymous function) (keyboard-shortcuts.js:853:91) __webpack_require__ (keyboard-shortcuts.js:21) (anonymous function) (keyboard-shortcuts.js:85) Global Code (keyboard-shortcuts.js:86) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) createReduxStore (data.js:1722) createNamespace (data.js:1611) (anonymous function) (data.js:2240) (anonymous function) (viewport.js:340:91) __webpack_require__ (viewport.js:21) (anonymous function) (viewport.js:85) Global Code (viewport.js:86) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) (anonymous function) (lodash.js:5115) (anonymous function) (block-editor.js:9447) __webpack_require__ (block-editor.js:21) (anonymous function) (block-editor.js:85) Global Code (block-editor.js:86) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) (anonymous function) (core-data.js:2233:108) __webpack_require__ (core-data.js:21) (anonymous function) (core-data.js:85) Global Code (core-data.js:86) [Error] TypeError: undefined is not an object (evaluating 'external_this_wp_blockEditor_[""withFontSizes""]') (anonymous function) (block-library.js:3388:104) __webpack_require__ (block-library.js:21) (anonymous function) (block-library.js:85) Global Code (block-library.js:86) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) createReduxStore (data.js:1722) createNamespace (data.js:1611) (anonymous function) (data.js:2240) (anonymous function) (notices.js:548:91) __webpack_require__ (notices.js:21) (anonymous function) (notices.js:85) Global Code (notices.js:86) [Error] TypeError: undefined is not an object (evaluating 'external_this_wp_blockEditor_[""SETTINGS_DEFAULTS""]') (anonymous function) (editor.js:2095) __webpack_require__ (editor.js:21) (anonymous function) (editor.js:85) Global Code (editor.js:86) [Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: ""default-src 'self' http: https: data: blob: 'unsafe-inline'"". Function (data.js:161) (anonymous function) (data.js:161) combineReducers (data.js:162) (anonymous function) (lodash.js:5115) (anonymous function) (edit-post.js:1491:148) __webpack_require__ (edit-post.js:21) (anonymous function) (edit-post.js:85) Global Code (edit-post.js:86) [Error] TypeError: undefined is not an object (evaluating 'external_this_wp_richText_[""registerFormatType""]') (anonymous function) (format-library.js:1897) forEach (anonymous function) (format-library.js:1893) __webpack_require__ (format-library.js:21) (anonymous function) (format-library.js:85) Global Code (format-library.js:86) [Error] TypeError: undefined is not an object (evaluating 'wp.editPost.initializeEditor') (anonymous function) (post-new.php:1827) [Error] TypeError: undefined is not an object (evaluating 'wp.blocks.unregisterBlockStyle') (anonymous function) (editor-script-block.js:8) }}} " anvme 2 Needs Patch 59348 Excerpt block length is not full customizable any more Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-09-14T11:40:32Z 2023-09-14T15:19:35Z "Since the latest changes in /src/wp-includes/blocks/post-excerpt.php now the excerpt length is not fully customizable any more. The problem is that previously `$excerpt = get_the_excerpt();` was used, which was filterable with `get_the_excerpt`, but now this excerpt is just getting forcefully trimmed by `wp_trim_words` based on the `excerptLength` option. Which is: a) A number forced to be between 10-100 b) now can not be changed or overwritted with custom code in any way. If I want to display the excerpt of a post on the post's page, now there is no way to correctly display an excerpt that is longer than 100 words. I think this is a loss in features and a bad practice to limit the excerpt's usage in this way. At least allow `$excerpt_length = $attributes['excerptLength'];` to be modified with the already existing `excerpt_length` filter. Mentioned change: https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=56065%40trunk%2Fsrc%2Fwp-includes%2Fblocks%2Fpost-excerpt.php&old=55246%40trunk%2Fsrc%2Fwp-includes%2Fblocks%2Fpost-excerpt.php" frzsombor 2 Needs Patch 24867 Feeds for custom posts type can not be set independently of has_archive and supports => comments nacin Posts, Post Types 3.8 normal normal defect (bug) assigned 2013-07-29T00:12:27Z 2019-06-04T20:44:35Z "I was testing the patch for ticket (Feeds or Feed - add_permastruct missunderstanding: #23302) and discovered a few things (I'm using trunk rev 19712). Turning of feeds for custom post types only works if supports feeds & has_archive are set to either false or true. If you, e.g. set the argument feeds in rewrite to true and has_archive to false then the rewrite rules for feeds do not get created (some happens of you switch true & false around in both arguments). This happens due to this condition in /wp-includes/post.php, line 1242: {{{ if ( ! isset( $args->rewrite['feeds'] ) OR ! $args->has_archive ) $args->rewrite['feeds'] = (bool) $args->has_archive; }}} Another problem I run into is that: With the patch for ticket (#23302) you can not enable/disable the comments feed independent of the main feed of the custom post type. It also does not get disabled if you do not enabled comments via supports. Rewrite rules for feeds seem to always get created. I've attached an example to showcase what I wrote above." marcosf 3 Needs Patch 39651 Find Posts modal does not show post-type labels correctly Posts, Post Types 4.7.1 normal normal Future Release defect (bug) new 2017-01-20T11:59:21Z 2017-01-21T02:22:58Z "The screenshot shows the output of four different posts in the '''Find Posts Modal'''. The last two post are correct, at the first and second post the post-type-label (e.g. cpt_example) is missing. The problem is the post-type parameter ""''public''"", if it is set to ""''false''"" the label will not be shown AND you will get the following PHP-Notice (if DEBUG is true): {{{ Undefined index: cpt_example in ... /wp-admin/includes/ajax-actions.php on line 1803 Trying to get property of non-object in ... /wp-admin/includes/ajax-actions.php on line 1803 }}} At the following code (1745 ff.) you will notice the reason of this issue: '''$post_types''' only includes '''public posts''' {{{#!php true ), 'objects' ); ^^^^^^^^^^^^^^^^ }}} The output of this modal shows all posts (public and unpublic), so i don't think that this ""filter"" was set for security reasons. In my opinion it must either show all posts correctly with their labels (which would be great) or it must suppress all ""unpublic"" posts completely. " arkonisus 1 Needs Patch 18264 Future private posts listed as already published with future date specified Posts, Post Types normal normal Awaiting Review defect (bug) new 2011-07-27T00:05:27Z 2019-05-23T19:33:38Z "Setting a post to private, and scheduling it for some future date or time, results in the stamp that the post was ""Published on (future date)"" in the publish module. The discussion on tickets #5608 and #9136 suggests that all private posts are published immediately (and privately), and that this is intentional. So, it's misleading and confusing to report that it already was published on some future date. In source:trunk/wp-admin/includes/meta-boxes.php#L163, I suggest we replace: {{{ else if ( 'publish' == $post->post_status || 'private' == $post->post_status ) { // already published $stamp = __('Published on: %1$s'); } }}} with: {{{ else if ( 'publish' == $post->post_status ) { // already publicly published $stamp = __('Published on: %1$s'); } else if ( 'private' == $post->post_status ) { // published privately $stamp = __('Published privately'); } }}}" chrisrudzki 16 Needs Patch 47072 Hierarchical post types missing attributes meta box if post type doesn't support 'page-attributes' or have templates Posts, Post Types 5.1.1 normal minor Awaiting Review defect (bug) new 2019-04-29T17:11:09Z 2019-04-29T17:11:09Z Setting the hierarchical argument to true in the register post type function doesn't enable the post parent automatically. In order for this meta box to show up you must also enable post type support for page-attributes or the post type must have templates. I would think the post parent dropdown should be visible by default if the post type is hierarchical. This applies to both the Classic and Gutenberg editor. natereist Needs Patch 59664 I have tested beta 6.4 version and some issue on mobile device Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-10-17T20:08:04Z 2023-10-27T20:57:00Z "I have tested WordPress Beta 6.4 RC1 version and some issue. https://wordpress.slack.com/archives/C02RW657Q/p1697563998445079 Post listing page arrows is not doing anything. For more information see mentioned screenshots and recording. Also credit page on text color issue. " sumitsingh 5 Needs Patch 49294 If multiple posts has same date, get_previous_post() and get_next_post() returns only first/last of them Posts, Post Types normal normal Awaiting Review defect (bug) new 2020-01-26T12:45:02Z 2020-10-06T06:04:04Z "get_previous_post() and get_next_post() both uses get_adjacent_post() -function, which uses date for query. If query return multiple posts for same date, function only returns first or last post depending on $previous -parameter. As a result, if you have multiple posts for a same date, get_previous_post() and get_next_post() functions does not work as meant to. Found one mention about this issue about a year earlier: https://wordpress.stackexchange.com/questions/330276/get-next-post-and-get-previous-post-return-wrong-posts " oskarijarvelin 2 Needs Patch 50435 In some cases wp_get_post_parent_id() = get_post_ancestors Posts, Post Types 5.4.2 normal normal Awaiting Review defect (bug) new 2020-06-19T21:00:44Z 2020-06-19T21:06:23Z "Using wp_get_post_parent_id() while parsing gutenberg blocks in a save_post action, I found out, that when a parent page exists, and parent_id is the actual published post wp_get_post_parent_id() gives back the post_id of the parent page. A turn around seems to be ($postParent == $postId) ? $post_current_ID : $postId; " chvon7thal Needs Patch 53044 Issue on mobile device when try to post QUICK EDIT. Posts, Post Types 5.7.1 normal normal Awaiting Review defect (bug) new 2021-04-15T18:24:10Z 2021-05-13T16:00:24Z "Hi, I have setup updated WP latest version 5.7.1. and some UI issue on mobile device when i am trying to quick edit Post on mobile. More information you can see mentioned screenshot. Thank you" sumitsingh 3 Needs Patch 51268 Issue with excerpts Posts, Post Types 5.5.1 normal normal Awaiting Review defect (bug) new 2020-09-08T19:01:04Z 2020-09-08T19:01:04Z "This is a follow-up to #51042. Hope this is the correct place to report this. Regarding 50142, I have several customer sites (at least 50) in which we type a space in the Excerpt field in order for an Excerpt not to display. It displays the space, which is invisible. But with your change above, WordPress 5.5.1 is ignoring the typed space and displaying the excerpts, which we do not want. I'm going to have about 50 customers ask me how to fix this over the next few weeks when they start to notice the issue. If I type the code for a non-breaking space, the issue goes away but they'd have to manually adjust this on all posts. Can this be adjusted so that WordPress still recognizes a typed space as a single character excerpt? Thank you. I also posted on the WordPress forum at [https://wordpress.org/support/topic/odd-issue-with-excerpts/#post-13378581]" HollyKNY Needs Patch 40786 Leading spaces are added to custom textarea metabox Posts, Post Types 4.7.5 normal normal Awaiting Review defect (bug) reopened 2017-05-17T14:22:55Z 2017-05-17T17:48:51Z "I am using `esc_atr(ltrim(rtrim(br2nl($meta_value))))` to place the value of post meta in textarea metabox I have created in my custom post type. {{{#!php }}} But whenever I go to edit the post, inside all textarea metaboxes values are pre-loaded with leading spaces (exactly 10 spaces) and additional line breaks! Also tried `esc_atr(trim(br2nl($meta_value)))` with no avail." subrataemfluence 3 Needs Patch 39624 Misleading warning when editing the page_for_posts page Posts, Post Types normal normal Awaiting Review defect (bug) new 2017-01-18T14:58:00Z 2018-01-15T17:44:25Z "Whilst I was using Twenty Seventeen, I discovered some unusual page locking. It seemed the blog page was locked and I was unable to edit it, despite it being apparently not locked. I've not experienced this before and whilst it feels like a rare experience, I wanted to bring it to attention incase there was something deeper wrong. [https://cldup.com/qn5iA2HXBR.mp4 Here is the video.] Along with this, I experienced a further issue that I almost feel needs another ticket but going to throw it in together. I found I could upload and change featured images, despite a page lock. This felt weird and something I'd expect to not be able to happen. Note: I can't see a pages component so putting under posts but unsure if correct placement." karmatosed 4 Needs Patch 56479 Missing capability shows blank page in WP-Admin Posts, Post Types 6.0.2 normal normal Awaiting Review defect (bug) new 2022-08-31T16:34:07Z 2023-03-12T21:53:38Z "Hello, I have created a **custom post type** with the following code. {{{#!php _x('Fortbildungen', 'Post Type General Name', 'ibf'), 'singular_name' => _x('Fortbildung', 'Post Type Singular Name', 'ibf'), 'menu_name' => __('IBF', 'ibf'), 'name_admin_bar' => __('IBF-Fortbildung', 'ibf'), 'archives' => __('IBF-Archiv', 'ibf'), 'all_items' => __('Alle Fortbildungen', 'ibf'), 'add_new_item' => __('Neue Fortbildung', 'ibf'), 'add_new' => __('Neue Fortbildung', 'ibf'), 'new_item' => __('Neue Fortbildung', 'ibf'), 'edit_item' => __('Fortbildung bearbeiten', 'ibf'), 'update_item' => __('Fortbildung speichern', 'ibf'), 'view_item' => __('Fortbildung anzeigen', 'ibf'), 'view_items' => __('Fortbildungen anzeigen', 'ibf'), 'search_items' => __('Fortbildung suchen', 'ibf'), ); $args = array ( 'label' => __('IBF', 'ibf'), 'description' => __('Fortbildungen verwalten', 'ibf'), 'labels' => $labels, 'supports' => array('title', 'editor', 'author', 'thumbnail', 'revisions', 'custom-fields'), 'show_in_rest' => true, 'hierarchical' => false, 'public' => true, 'show_in_menu' => true, 'menu_position' => 5, 'menu_icon' => 'dashicons-welcome-learn-more', 'has_archive' => true, 'rewrite' => array('slug' => 'ibf'), 'capability_type' => 'post', 'capabilities' => array ( 'edit_post' => 'edit_ibf', 'edit_posts' => 'edit_ibfs', 'edit_others_posts' => 'edit_others_ibf', 'publish_posts' => 'publish_ibf', 'read_post' => 'read_ibf', 'read_private_posts' => 'read_private_ibf', 'delete_post' => 'delete_ibf', 'create_posts' => 'create_ibfs', ), ); register_post_type('ibf', $args); } add_action('init', 'customPostTypeIBF', 0); }}} Then I adjusted the **wp_user_roles** field in the database so that the permissions are also set appropriately based on the role. Now when I don't have the **create_ibf** permission I get the following message in the admin panel: [[Image(https://i.ibb.co/2dPcrWh/error-ok.png)]] Thats right and it works! **Now the problem:** When I don't have the **edit_ibf** ''(without S at the end)'' permission I just get a white page (blank page) in the admin panel. Now error message or so. Only a white page. The source code shows the page but in the browser I cant see anything. If I use the developer tools I get the following error message: [[Image(https://i.ibb.co/gjjyhkZ/error-white.png)]] If I follow the link in the error message I can see that: [[Image(https://i.ibb.co/3dFQ8Sh/wp-rest-error.png)]] So I think here is a error message missing. **And now another funny thing:** When I havent the permission **edit_ibf** and disable the **block editor** with the parameter: {{{#!php false, }}} the page is loading: [[Image(https://i.ibb.co/dGJPdj3/ibf-ohne-blockeditor.png)]] I think something is wrong here. Maybe someone can take a look and fix this. At least the error message that you don't have enough rights would make sense, since you're looking for the error for a long time. Thanks in advance! **My Live-Server:** Ubuntu 20.04.3 with PHP 8.0.22 and MariaDB 10.5 **My Test-Server (used here for reporting):** Windows 11 with XAMPP and PHP 8.0.19 and a fresh install from 18:00 Uhr" vincenz17 1 Needs Patch 52101 Need to add trash option for Draft Reusable Blocks Posts, Post Types 5.6 normal normal Awaiting Review defect (bug) new 2020-12-17T10:29:34Z 2020-12-31T01:07:58Z "For Reusable Blocks, there is no option for Reusable Blocks draft to trash. Please check and let me know. Screenshot - https://www.screenpresso.com/=GpEBb" rkradadiya 3 Needs Patch 28288 New Post overwriting a previously published post Posts, Post Types 2.5 normal normal defect (bug) new 2014-05-17T01:03:45Z 2019-06-04T20:47:04Z "This was seen on wordpress.com, a user had multiple draft windows open. At one point when saving one draft, it wrote over another previously published post. I believe that it was caused by a race condition that has to do with the environment being hosted on multiple servers. '''To reproduce:''' 1. Open in quick succession multiple draft windows. 2. Check in developer tools for post_id duplicate. I believe that a possible solution would be to enhance post-locking to include if a post is open in duplicate windows by the same user." jackreichert 8 Needs Patch 60777 New terms created when a term with commas is added in post editor Posts, Post Types 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-14T17:35:07Z 2024-03-14T17:35:07Z "When a taxonomy term has commas e.g ""Red, yellow & green"" and you add the term to a post in the post editor, the term gets added but new terms get created for the words before and after each comma. E.g you add the term ""Red, yellow & green"" to your post. That term will get added. However, you will also notice that two new terms have been created called ""Red"" and ""yellow & green"". Not sure if this is the case with both Gutenberg enabled." awesiome Needs Patch 37064 No checkbox in Posts list table for bulk action Posts, Post Types normal normal defect (bug) new 2016-06-09T15:25:20Z 2019-06-04T21:00:24Z In posts list table it checks that user has edit_post capability or not and output checkbox depend on that. WP_Posts_List_Table also output table for any CPT. But user may not have edit_post capability but have delete_post capability or may be any other capability which need bulk select. In my case i created a CPT and which i restricted users from editing published post using 'edit_published_posts' but i did not restrict users from delete published post. But when i saw post table for that CPT i saw that no checkbox after post being published. But have Trash link individually when i mouse over that post. shamim51 Patch Needs Refresh 18395 Non-URL GUIDs are stripped on post update Posts, Post Types 3.2.1 normal normal defect (bug) new 2011-08-13T18:31:48Z 2019-06-04T20:42:09Z "The post guid is run through several filters before the post is saved. the esc_url_raw() call will end up setting a GUID to an empty string if the GUID does not begin with a known/accepted protocol. If a plugin/etc. wants to use the GUID column to store an external ID for an item brought in from another system (say a Flickr photo ID), then updating a post that has the Flickr ID as its GUID through the WP admin will end up setting the GUID for that post to ''. This would need to be changed if the move was made to UUIDs for GUID values as well. Related: #6492. A very basic patch for this specific issue is attached, but a larger discussion around how this should work is likely needed. Related: #18315" alexkingorg 2 Needs Patch 58205 Not able to create or edit new posts and pages in WordPress 6.2. Posts, Post Types 6.2 normal major Awaiting Review defect (bug) new 2023-04-27T09:53:02Z 2023-04-27T09:53:02Z "Dear WordPress Core Team, I was not able to create a new post or a new page recently. It just showed me the white screen of death :D. Nor was I able to edit any existing pages. It also showed a blank white screen and tried to reload the site a few times. So I tried a lot to fix it, basically what I did was all the steps from this guide. https://www.greengeeks.com/tutorials/how-to-fix-the-blank-white-screen-error-in-wordpress/ None of it worked. The only thing that helped me in the end was to reinstall WordPress to 6.1.1 instead of 6.2. OS: Windows 11 Browser: Mozilla Firefox latest Version Host: NameHero.com I am a beginner developer, so have mercy with my report. Hope this helps you out! Kind regards, Michael" newpr0 Needs Patch 59014 PHP Fatal error in post-template.php Posts, Post Types 6.3 normal minor Awaiting Review defect (bug) new 2023-08-09T03:40:21Z 2023-10-31T00:34:33Z "Hi there, I hope this email finds you well. Unfortunately, we've recently encountered a critical error that requires immediate attention. This issue pertains to the single page templates, specifically an example like this: https://volunteeringqld.org.au/governance/before-you-join/. The error was not present a week ago, and we're currently grappling to determine its cause. This problem was initially observed on both WP6.22 and WP6.3. The post https://volunteeringqld.org.au/governance/before-you-join/ connected to a single template php `mytemplate/single-governance-before-you-join.php`, what calls `` what throws error ""There has been a critical error in this website"" and output steam finishes. Log error gives this line: {{{ ""PHP message: PHP Fatal error: Uncaught TypeError: Unsupported operand types: WP_Post - int in /.../wp-includes/post-template.php:330 Stack trace: #0 /.../wp-includes/post-template.php(247): get_the_content() #1 /.../wp-content/themes/volunteeringAU/single-governance-before-you-join.php(411): the_content() #2 /.../wp-includes/template-loader.php(106): include('...') #3 /.../wp-blog-header.php(19): require_once('...') #4 /.../index.php(17): require('...') #5 {main} thrown in /.../wp-includes/post-template.php on line 330', referer: https://volunteeringqld.org.au/governance/"" }}} To address this, we have applied the following code snippet in `post-template.php` line 330: {{{ if( ! is_int($page_no)) { $page_no = 1; // Igor //echo ''; } }}} When echo ancommented it gives {{{ Array ( [page] => WP_Post Object ( [ID] => 5 [post_author] => 7 [post_date] => 2021-10-21 04:24:08 [post_date_gmt] => 2021-10-21 04:24:08 [post_content] => [post_title] => Home [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => home [to_ping] => [pinged] => [post_modified] => 2023-05-26 13:50:03 [post_modified_gmt] => 2023-05-26 03:50:03 [post_content_filtered] => [post_parent] => 0 [guid] => https://volunteeringqld.org.au/?page_id=5 [menu_order] => 0 [post_type] => page [post_mime_type] => [comment_count] => 0 [filter] => raw ) [more] => 1 [preview] => [pages] => Array ( [0] =>

    Achieving a good transition to the next volunteer who will take over from you has benefits for you, the organisation, and the incoming governance member. Let’s explore things you can do to ensure a good handover.

    In this stage of your Governance journey we explore:

    ) [multipage] => 0 ) }}} As you can see, instead of having 1 in `$elements['page']`, it contains a `WP_Post` object of the very first post from the database, even not the one that is displayed. We are hopeful that this information helps you in resolving the issue and that a solution will be included in an upcoming patch. Please don't hesitate to reach out if you require more details or assistance. Best regards, Igor " volqld Needs Patch 51867 Page Parent dropdown is a huge mess Posts, Post Types 5.0 normal major Awaiting Review defect (bug) new 2020-11-24T16:14:53Z 2020-11-29T22:20:30Z "I have seen a few posts (including in this forum) related to this topic, but none seems to exactly address what is going on. Even when I disable all plugins and change to a default theme, the Page Parent dropdown is a huge mess — this is true of two different websites I manage, each of which has hundreds of Pages (plus posts and other custom post types). The problem is that (a) the Page Parent dropdown lists many pages multiple times (literally some pages will appear three or four times in the dropdown, and it seems to repeat a loop) and (b) not all pages are there. So even though it's showing a few multiple times, some don't appear even once. The work-around seems to be to create a new page, then return to ""All Pages"" and make the parent relationship in Quick Edit. It works, but it is a tremendous inconvenience." jamesdonegan 4 Needs Patch 60482 Password Protected stops working Posts, Post Types 6.4.3 normal normal Awaiting Review defect (bug) new 2024-02-09T03:56:15Z 2024-02-09T03:56:15Z I have a site with 4 pages with different passwords to protect them. Every now and then the password just stops working and I need to edit the page, copy and paste the same password in and save it. Then it continues to work again for a while. I number of people visiting the site have reported the same issue. kitka Needs Patch 44759 Percent-encoded unicode characters in CPT rewrite slug prevent finding the CPTs on the front-end Posts, Post Types normal normal Awaiting Review defect (bug) new 2018-08-08T18:03:23Z 2018-08-09T03:17:11Z "If you register a custom post type whose rewrite slug has percent-encoded unicode characters in it, the posts can't be found on the front-end. Eg {{{#!php 'unicode-cpts', 'public' => true, 'rewrite' => array( 'slug' => '%E6%BC%A2%E8%AA%9E%3B' // doesn't work // 'rewrite_slug' => '漢語' // works ) ) ); } add_action('init','register_unicode_cpt'); }}} Seems to initially work fine, the ugly percent-encoded unicode characters don't appear in the post editor (Eg https://drive.google.com/a/eventespresso.com/file/d/1d1j6skbgxrA7IJocGvYi5UMQ_Xw3sCrV/view?usp=drivesdk), but when I go to view the CPT, I'm being redirected to the homepage, (or, when my homepage displays latest posts, I'm seeing those without being redirected). It seems some code needs to recognize percent-encoded rewrite slugs are the same as the unicode character ones. The workaround is to use the unicode characters directly, which is technically against the RFC (see https://stackoverflow.com/questions/2742852/unicode-characters-in-urls/2742985#2742985)" mnelson4 Needs Patch 58062 Positioning of custom post type submenu Posts, Post Types 3.1 normal normal Awaiting Review defect (bug) new 2023-04-02T22:48:57Z 2023-04-12T19:21:47Z "''Current Functionality (since 3.1.0):'' One can add a CPT as a submenu of another CPT by setting the `show_in_menu` argument of the `register_post_type()` function as `edit.php?post_type=CUSTOM_CPT_SLUG`. The submenu is then added into the administration menu by way of the `_add_post_type_submenus()` function. When this occurs, the submenu CPT's are displayed in the order the CPTs were registered. ''Problem:'' The current coding prohibits the ordering of CPT submenu items per the programmer's desires in the event CPT registration is unable to be controlled or in the event other submenu pages are added via the `add_submenu_page()` method. This occurs because the call to [https://developer.wordpress.org/reference/functions/add_submenu_page/#source add_submenu_page()] by [https://developer.wordpress.org/reference/functions/_add_post_type_submenus/#source _add_post_type_submenus()] only passes 5 arguments. (The sixth omitted argument is what handles menu positioning.) ''Solution:'' The `menu_position` argument passed to the `register_post_type()` function already exists, and defines a CPT's positioning within a menu. The solution is to incorporate this argument into the core by modifying line 2079 of [https://core.trac.wordpress.org/browser/tags/6.2/src/wp-includes/post.php#L2079 wp-includes/post.php] as follows: {{{ add_submenu_page( $ptype_obj->show_in_menu, $ptype_obj->labels->name, $ptype_obj->labels->all_items, $ptype_obj->cap->edit_posts, ""edit.php?post_type=$ptype"", isset($ptype_obj->menu_position) ? $ptype_obj->menu_position : NULL ); }}} " mort1305 2 Needs Patch 31254 Post errors show success borders Posts, Post Types 3.7 normal normal Awaiting Review defect (bug) new 2015-02-06T22:38:59Z 2021-01-18T13:47:57Z Similar to #31241 if a post delete/update action fails a green border shows instead of red. I'm not sure what action should be taken here since failures and successes seem to be able to be displayed in the same message box. ninnypants 4 Needs Patch 43569 Post not updated in backend Posts, Post Types 4.9.4 normal normal Awaiting Review defect (bug) new 2018-03-16T17:18:47Z 2018-03-24T16:45:37Z "Hi, posts are not updated in backend panel. After edited the post's contend anche clicked the ""Update"", the older version of the post is reloaded." emmeci 2 Needs Patch 46423 Posts on wp-admin page should be ordered by date_gmt and not date Posts, Post Types normal trivial Awaiting Review defect (bug) new 2019-03-05T19:28:23Z 2021-02-08T16:37:24Z "I believe the dates should be ordered by the absolute value of time (ie, UTC time) instead of by timezone. To illustrate, Current post sequence > Two [@ UTC 1900 (my timezone is set to New York UTC-5 1300)] > One [@ UTC 1800 (my timezone is set to UTC 1800)] Since 1300 is before 1800. Ordered by my `date` ---- Proposed post sequence > One [@ UTC 1800 (my timezone is set to UTC 1800)] > Two [@ UTC 1900 (my timezone is set to New York UTC-5 1300)] Since 1800 is before 1900. Ordered by absolute `date_gmt`." nickylimjj 3 Needs Patch 40325 Potential bug with the “get_post_type” function Posts, Post Types 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-31T12:04:13Z 2020-12-14T12:56:20Z "I have encountered a weird behavior in the WP code, and I want to report it, in case it is a bug. I have posted it in the Support forum first and I was advised to make a ticket here. '''Replication:''' I have a custom post type created. A function is added to the '''before_delete_post''' hook. In this function, I am verifying the current post type. I used to verify it with the '''get_post_type();''' function but I have found a problem with that in some cases. Now, I have replaced it with '''global $post_type;''' {{{ class My_Example { public function build_admin() { add_action('before_delete_post', array($this, 'delete_post')); } public function delete_post($post_id) { $case1 = get_post_type(); global $post_type; $case2 = $post_type; } } }}} On the posts listing page, in the Trash table, there are 3 says of deleting posts: 1. The '''Delete Permanently''' button for each post. 2. The '''Empty Trash''' button. 3. And through '''Bulk Actions > Delete Permanently > Apply'''. The '''get_post_type''' function returns the proper post type name only in the 1st case. For the other 2 cases, it returns '''false'''. However, '''global $post_type''' returns the proper value in all cases. I don’t know if it is a bug but it seems that way on the surface. If the global post type variable is set well, then the function should be able to return it too but I am not sure if something else it at play here. A bit more info: Looking over the source code for the [https://developer.wordpress.org/reference/functions/get_post_type/ get_post_type] function in Code Reference, I see that it is using the [https://developer.wordpress.org/reference/functions/get_post/ get_post] function to retrieve an object, instance of '''WP_Post''', from which it gets the post type. So, the value is retrieved from different locations in the two examples. " ancientro 3 Needs Patch 60210 Preserving Link When Replacing the Image of an Image Block within Unsynced Patterns Posts, Post Types normal minor Awaiting Review defect (bug) new 2024-01-08T14:53:50Z 2024-01-08T14:53:50Z "This may not in fact be a bug, but it seems to be an unusual design if it is of deliberate design... When an unsynced pattern is created containing an image block with a link associated to where clicking said image should take the user, whenever that pattern is again used in future instances, replacing the image erases the link that was originally connected to that image. I feel there should be a way to replace the image within the unsynced pattern, without losing the hyperlink quality associated with the placeholder image in the image block. " prayforsurf0 Needs Patch 49969 "Previewing the page designated as ""latest posts"" shows the frontpage" Posts, Post Types normal normal Future Release defect (bug) new 2020-04-21T11:32:13Z 2024-02-21T18:00:31Z "This continues the discussion from https://github.com/WordPress/gutenberg/issues/2409 **The issue** * Create two pages (let's call them ""My home"" and ""My posts"") * Go to customizer and set Homepage to be ""My home"" and Posts page to ""My posts"" * Edit ""My posts"" in editor mode * Press preview * Confirm you got ""My home"" instead of ""My posts"" **The root cause** When you click ""Open preview in new tab"" while editing ""My posts"", Gutenberg redirects to a preview URL like this one: https://mywpsite.com/?page_id=5&preview_id=5&preview_nonce=12bd60d6f4&preview=true When you visit that URL, WordPress will load the front page instead of the posts page. This is because class-wp-query.php assumes that posts page is also the front page: https://github.com/WordPress/WordPress/blob/b4373fafe9b87f75bf9d65e808be8049510dff8b/wp-includes/class-wp-query.php#L1032 Then, when rendering a preview, it substitutes the page_id that was requested with the value of get_option( 'page_on_front' ): https://github.com/WordPress/WordPress/blob/b4373fafe9b87f75bf9d65e808be8049510dff8b/wp-includes/class-wp-query.php#L1904 If I remove the preview parameters and leave only ?page_id=5, it displays the correct page." zieladam 8 Needs Patch 54920 Problem with blog posts updating to WordPress 5.9 audrasjb Posts, Post Types 5.9 normal normal Awaiting Review defect (bug) reviewing 2022-01-26T12:54:59Z 2022-02-01T13:53:40Z Posts preview view are showing the same text for all of them order by categories. Titles and images are ok. jorgemartineznb 1 Needs Patch 32039 Publish date when publishing a scheduled post in the past Posts, Post Types 4.1.1 normal normal defect (bug) new 2015-04-21T16:04:42Z 2019-06-04T20:49:37Z "Given the following steps: 1. Set a post to be scheduled at a later date, i.e. 20/04/2015 11:30 2. Wait until that time has passed and then click 'Publish', i.e. at 21/04/2015 09:00 The post's published date is set to the date at which it was scheduled to go live, when in reality it was not actually pushed to a published state until the time publish was clicked. `$post->date` was `2014-04-20T11:30` and not the expected `2014-04-21T009:00`, and published date in UI shows the incorrect date. Although this is not necessarily a common occurrence (basically forgetting to click Publish / Schedule) it is possible in the UI and leads to a confusing date, and one that in our case breaks other functionality that relies on a published date." adambarclay 2 Needs Patch 48047 Querying (non-CPT) posts from more than one (native) category only returning posts from first category Posts, Post Types 5.2.3 normal normal Awaiting Review defect (bug) new 2019-09-16T08:23:54Z 2019-09-16T08:51:26Z "I tried selecting posts from two categories using this code: {{{ $wpQuery = new WP_Query([ 'post_type' => 'post', 'posts_per_page' => 30, 'post_status' => 'publish', 'category__in' => [5, 6], ]); $posts = $wpQuery->get_posts(); }}} This code only returns posts from the first category. I tracked this back to the query variables `category_name` and `cat` being set to the first queried category in the `get_posts()` method. Code from core, `class-wp-query.php`, line 2173: {{{ if ('category' === $queried_taxonomy) { $the_cat = get_term_by($queried_items['field'], $queried_items['terms'][0], 'category'); if ($the_cat) { $this->set('cat', $the_cat->term_id); $this->set('category_name', $the_cat->slug); } unset($the_cat); } }}} It was the same with any equivalent of the `category__in` option, such as using a comma separated list as an argument (`'category_name' => 'news,video'`) or writing my own `tax_query`. When I access the `posts` property on the query object (`$wpQuery->posts`), the correct number of posts is returned. The problem only surfaces when `get_posts()` is called. The bug persists on the Twenty Ninetheen theme without any plugins enabled. Why is `category_name`/`cat` even set to the first category term? If there is a reason, it would make sense to filter out any ""duplicate"" category query vars present before the SQL query is built, because ''both'' `category__in` and `category_name`/`cat` don't make sense. I'm looking forward to insights on this. " lialyn 1 Needs Patch 21234 Recursive directory creation & get_calendar() for custom post types Posts, Post Types 3.4.1 normal normal defect (bug) new 2012-07-12T12:31:28Z 2019-06-04T20:43:17Z "Hello! I made two patches, and sent the pull request on githab. https://github.com/WordPress/WordPress/pull/12 https://github.com/WordPress/WordPress/pull/14 And I want to join to contributers team. How can I do it? Irc chanel is Terminated :(" avaddon 3 Needs Patch 55665 Remove unused margin when post-body-content is empty Posts, Post Types normal normal Awaiting Review defect (bug) new 2022-05-03T14:06:18Z 2022-05-06T15:25:33Z "I created a custom post type that does not support any fields (support argument in $args) It's just a metabox inside But on the page to add that post (add-new post in wp-admin), there is an unused margin in , which creates a space at the top of the page that is related to the tag with the post-body-content ID. I suggest deleting this margin if this tag is empty. thank you [[Image(https://i.imgur.com/fFhFWiT.png)]]" myousefi08 1 Needs Patch 39942 Restored Post may steal slug to published Post Posts, Post Types 4.7.2 normal normal Awaiting Review defect (bug) new 2017-02-22T15:37:10Z 2017-02-22T15:49:15Z "Steps to reproduce: 1. Create a Post 1 with title ""Post"", 2. Assign the slug 'post' to Post 1, 3. Publish Post 1, 4. Unpublish Post 1 by setting it as 'Draft', then Update, 5. After Update, Trash Post 1, 6. Repeat 1-5 for Post 2, 7. Create a Post 3 with title ""Post"", 8. Assign the slug 'post' to Post 3, 9. Publish Post 3, 10. Now restore Post 2, 11. Open/Reload the edit screen for Post 3, 12. It'll show 'post-2' as slug, 13. Saving/Updating Post 3 will change the slug from 'post' to 'post-2'. Probably the following functions participate in the issue: * `wp_add_trashed_suffix_to_post_name_for_post`, which is checking for {{{ if ( '__trashed' === substr( $post->post_name, -9 ) ) { }}} while Post 2 has `post__trashed-2` as post name * `wp_unique_post_slug`, which is not checking the uniqueness of the slug if the post is `draft`." ziodave 1 Needs Patch 48106 Revisit post GUID sanitization on `&` Posts, Post Types 5.2.3 normal normal Awaiting Review defect (bug) new 2019-09-23T08:26:37Z 2019-09-28T13:40:16Z "=== The source code of core which needs to be revisit When a new post/attachment is inserted into the database, the post GUID is sanitized and the `&` character in GUID is converted to `&`. More specifically, in `wp-includes/default-filters.php`, function `wp_filter_kses` is added as a default `pre_post_guid` filter. {{{#!php // Save URL foreach ( array( 'pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image', 'pre_link_rss', 'pre_post_guid' ) as $filter ) { add_filter( $filter, 'wp_strip_all_tags' ); add_filter( $filter, 'esc_url_raw' ); add_filter( $filter, 'wp_filter_kses' ); } }}} Before a post GUID is saved, function `wp_filter_kses` in `wp-includes/kses.php` is called, and eventually function `wp_kses_normalize_entities` does the real conversion, so that `&` is converted to `&`. === The problem it causes The plugin External Media without Import (https://wordpress.org/plugins/external-media-without-import/) inserts external image URLs as post GUIDs into database so that users can add external images into their media libraries without actually uploading the image files to their WordPress servers. If the image URL contains `&`, such as https://pbs.twimg.com/media/D_NKa3yWkAYwZwn?name=900x900&format=png it is converted to https://pbs.twimg.com/media/D_NKa3yWkAYwZwn?name=900x900&format=png The result is that the image is not correctly displayed in some places, such as the media library page of the admin dashboard. There're also other plugins, such as Imposer (https://github.com/dirtsimple/imposer/) and Postmark (https://github.com/dirtsimple/postmark/), encountering the same issue. Imposer fixes the issue by forcing to save post GUIDs again with the unsanitized version. I think it is equivalent to removing `wp_filter_kses` from the default `pre_post_guid` filters. === The reason of post GUID sanitization Post GUID sanitization was added with a commit in 2011: https://github.com/WordPress/WordPress/commit/81a5f821fbfb63be6c5517d033b8e7a0a4172f07. The commit log message does not state why post GUIDs need to be sanitized on save and display. Also, the commit is so long time ago that seems that even the members of the core channel of WordPress Slack group can't tell the reason. At first it was thought that it is because when exporting RSS feeds, `&` needs to be converted due to XML specification. But I did some experiments and inspected the core source code, and found that in fact WordPress core does convert `&` to `&` while exporting RSS2 feed, even if I changed the `&` back to `&` in the database via MySQL client. The convertion is done by function `wptexturize` in `wp-includes/formatting.php`. The function is added as a default `the_content` filter. So I really don't understand why post GUIDs should be sanitized, especially for the `&` issue. This might be a core issue rather than a plugin issue. It might be fine to not add `wp_filter_kses` as a default `pre_post_guid`, i.e. not do the post GUID sanitization. This issue has also been discussed here: https://github.com/zzxiang/external-media-without-import/issues/17" zzxiang 2 Needs Patch 22003 Saving custom fields goes to post-new.php rather than post.php Posts, Post Types 2.5 normal normal defect (bug) reopened 2012-09-26T15:57:01Z 2019-08-09T00:46:50Z "Create a new post or page. Add a title and message. Add a custom field (click ""Add Custom Field"") The post is saved, but as you are taken to post-new.php rather than post.php, it looks as if your post has disappeared! All is well - it is actually saved - but it's confusing. Tested on 3.5-alpha-21989" curiousdannii 4 Needs Patch 27002 Scheduling not working when editing posts Posts, Post Types 3.8.1 normal normal defect (bug) new 2014-02-04T00:56:19Z 2019-06-04T20:45:34Z "I didn't see this the list but I have had this happen to me more than once. I have posts scheduled 2-3 weeks in advance to work on them and set for Feb 22 at 14:00 posting time. While working on the post the button that should be ""schedule"" says ""publish"" If you click the publish butting it will publish it immediately rather then que it for posting via scheduling. I have to go in change the time or date, click the ok button below scheduling and then change it back. This has happened more than once for me. If the post does publish it is still listed as the original date rather than the date it publishes. I have to double check them but I don't always catch them. This has happened on both firefox and Safari. Today is February 3 but the post says it was posted on February 22, 2014. It is now set to private " timgoleman 2 Needs Patch 50467 Search results not displaying all entries in Admin > Posts in certain conditions Posts, Post Types 5.4.2 normal minor Awaiting Review defect (bug) new 2020-06-24T20:54:20Z 2021-08-23T20:41:55Z "**''Limitations of my bug report''** I observed that bug in a live wordpress site, not even mine, so, my apologies, I cannot experiment with it as I would have liked otherwise. No deactivating plugins, no switching to another theme. Thus: I report the issue, explain it the best I can, but I'm leaving it at that. Either (a) it's affecting all wordpress installs, I'm glad I could help by reporting it, or (b) for some reason, it's only the blog on which I've seen it that has it, and then I'm perfectly fine with it, it's just that, me, I cannot tell at all on my side. **''Context of the bug report''** A wordpress blog, latest stable, on which the admins are preparing a number of posts that will be posted while they're away on holidays, with a schedule of 2 posts a day. Those blog posts are written in advance, their title starts with ""READY TO POST ++"" or ""READY TO POST --"" (that part will be removed in the final scheduling phase, when dates are assigned). Those blog posts are saved as Drafts for now. **''Nature of the bug:''** In blog administration > Posts > All Posts, I was reported there was an issue, and indeed, - if I type ""READY TO POST"" in the upper-right search box, run the search, - it returns the text ""12 items"", and that's the right number of posts that are currently called ""READY TO POST"", currently in Draft state... - however in the listing of posts below, only 7 posts are listed, and there is no ""next page"" navigation to browse to a second page of posts listing Here's a screenshot: https://imgur.com/a/qG4Awo8 I think I may have found either the origin, or a factor in the problem: In Screen options (horizontal menu, in the admin, in the same Posts page), there is an entry called ""Number of items per page:"", with the value ""20"". Screenshot: https://imgur.com/a/e3oDjBq And that's wrong, it says ""20"", but there are only 7 posts listed in Admin > Posts > All Posts, be it the default listing, or a search. I don't know if there's a relation, but the blog is configured to display 7 posts on the home page. I tested something, in Admin > Posts > All Posts, I replaced that ""20"" by other numbers. - If those numbers are above the number of search results, the current bug remains, telling there are 12 results, but only showing 7. - If I replace ""Number of items per page"" by 11 or a smaller number, this time it still lists 7 posts only, but I get the missing pagination buttons, screenshot: https://imgur.com/a/fLBv7PL Summary of what I tried: with a search, what I write on ""Number of items per page"" actually does NOT affect the number of displayed results, it's always 7, but depending on whether I choose a number lower, or above or equal to the expected number of results, I have, or haven't, the pagination buttons that allow to view the rest of the results posts. * I could partially reproduce the issue with another query. Simply searching ""ready to"" returns 168 results among the posts. - If I configure Number of items per page to 170, I get no navigation buttons: https://imgur.com/a/DKC70ZZ - If I configure Number of items per page to 167, I get navigation buttons: https://imgur.com/a/HF3cLjN ... oh, damnit, I just realized. It's only a second page of results. No more. Even going into the URL of the page, trying replacing &paged=2 with something like &paged=3, did nothing, still listing the contents of &paged=2. The only workaround is to choose to display 7 posts per page, screenshot: https://imgur.com/a/r2qwRqu * I forgot to list the plugins on the blog, namely: Add Browser Search, Akismet anti-spam, Antispam bee, Classic editor, Custom Smilies, Dave's wordpress live search, disable emojis (gdpr friendly), Display php version, Enhanced text widget, Inline spoilers, ManageWP- Worker, Nextscripts: social networks auto-poster, Php Code widget, Post-plugin library, Random Posts, Scheduled Post Trigger, Seemore, Shortcoder, Term Management Tools, ThreeWP Activity Monitor, User lLocker, WordPress editorial calender, Wp Editor (that one, with a community php fix to make it php7 compatible), Wp super cache, Wp-dbmanager, WP-pagenavi, Wp-polls, Wp-postratings, Wp-sweep, Wpdiscuz, WPS Hide Login, Yoast SEO, ZigWidgetClass * I checked the site's apache error log (I'm the host, it's on my dedi, and I help when there are issues), and I can tell there are zero events appearing in the error log while searching in the list of posts, or changing the number of display results. * I also helped last year, same period of time, and there wasn't that bug at that time. * Well, I don't see what else I could do here, hopefully it's only that blog that has that problem. Apologies, also, that it's not a standard bug report, I'm not used to doing it at all. Good evening!" Sabinooo 2 Needs Patch 55445 Should WP_Post_Type preserve Array of capability_type? Posts, Post Types normal minor Awaiting Review defect (bug) new 2022-03-23T03:57:40Z 2022-03-23T03:57:40Z If I register a post type with `capability_type` as an array `capbility_type => array( 'singular', 'plural' )`. The WP_Post_Type object only holds onto the singular capability_type. Should the object preserve the array since it has singular and plural? Howdy_McGee Needs Patch 57810 Should wp_insert_post() function call 'wp_insert_post' action with 'update' equals true after creating post for the first time. Posts, Post Types 6.1.1 normal normal Awaiting Review defect (bug) new 2023-02-26T00:55:07Z 2023-03-12T03:06:30Z "The wp_insert_post() function calls 'wp_insert_post' action hook with 'update' equals true when creating post for the first time. Post was created using the Gutenberg editor. /* $update should only be true when updating post */ `do_action( 'wp_insert_post', $post_ID, $post, $update );` " zenithcity 5 Needs Patch 28017 Slug conflict with hierarchical Custom Post Types Posts, Post Types 3.9 normal normal defect (bug) new 2014-04-24T20:32:46Z 2019-06-04T20:46:48Z "To Replicate, create a '''hierarchical ''' custom post type and make sure it has support for page attributes, lets call it ""items"" Publish 3 ""items"" posts with the following slug and content ( IN THIS ORDER! ) Post 1: Slug - samsung , No Parent , content : ""Welcome to Samsung"" Post 2: Slug - cell-phones , No Parent , content : ""Welcome to cell phones"" Post 3: Slug - samsung , Parent: cell-phones , content : ""Welcome to cell phones by Samsung"" Navigate to http://localhost/items/samsung/ , You will see the content for Post 3. The correct content should be from Post 1. http://localhost/items/cell-phones/samsung/ works just fine. To get the correct results: Modify wp-includes/query.php , line 2340: {{{ // ORIGINAL LINE if ( ! $ptype_obj->hierarchical || strpos($q[ $ptype_obj->query_var ], '/') === false ) { // MODIFIED LINE if ( ! $ptype_obj->hierarchical ) { }}} " internetrnd 3 Needs Patch 15993 Sort arrows improperly wrap on narrow columns Posts, Post Types 3.1 normal normal defect (bug) reopened 2010-12-27T06:14:21Z 2019-06-04T20:41:43Z Specifically, I noticed the 'Posts' column on a taxonomy screen (or 'Links' for link categories, etc). nacin 23 Needs Patch 25493 Sorting posts in ascending order of date at admin side wonderboymusic Posts, Post Types 3.1 normal normal defect (bug) reopened 2013-10-06T08:57:14Z 2019-06-04T20:44:49Z Posts are displayed in descending order of date in the admin side but if we click on date column header to sort it then again it is sorted in descending order of date instead it should be sorted in ascending order of date. vinod dalvi 15 Needs Patch 58487 Text editor problem Posts, Post Types 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-08T11:07:40Z 2023-06-08T14:02:19Z "Hi, the < character causes corruption. lines are concatenating and shortcodes don't work 1: https://ibb.co/yndnCP1 2: https://ibb.co/Rhd2r87 If there is no < character, everything will look normal. 3: https://ibb.co/1Xvvw7V" burhi 4 Needs Patch 51374 The initial revision of an imported post goes missing Posts, Post Types normal normal Awaiting Review defect (bug) new 2020-09-22T09:58:24Z 2020-09-22T09:58:24Z "There are two problems relating to revisions when making a change to an imported post. 1. The first change does not cause the Revisions meta box to appear. A second change is required. 2. The first change gets ""lost"" and appears as if it was part of the first version of the post. Steps to reproduce: * Import a published post * Make a change to it * Observe that the ""Revisions"" meta box does not show up even after reloading the editing screen * Make a second change to the post * Click the ""2 Revisions"" link and observe that the second revision is recorded correctly, but that the first revision shows the entire contents of the post being added. The first change made ""disappears"" as it's incorrectly included in the entire contents of the first revision. I think the root cause here is that imported posts do not create an initial revision. A possible solution might be to create an initial revision at the point where a user makes a change to a post and there isn't an existing revision. I assume this can also be reproduced by deleting all the revisions from your database and then making changes to a post." johnbillion Needs Patch 55638 Undefined property: WP_Post_Type::$post_type Posts, Post Types 5.9.3 normal normal Awaiting Review defect (bug) new 2022-04-28T08:38:11Z 2022-05-13T08:48:12Z " PHP 8.1.5 PHP Warning: Undefined property: WP_Post_Type::$post_type in wp-includes/post-template.php on line 649" pienoz 7 Needs Patch 47988 Unexpected behaviour when draft post has the same page_name as published post Posts, Post Types normal normal Awaiting Review defect (bug) new 2019-09-06T02:49:20Z 2019-09-06T06:35:15Z "> What steps should be taken to consistently reproduce the problem? {{{ wp rewrite structure '/%postname%/' wp post create --post_title=""Example post title"" --post_status=publish --post_name=my-chosen-post-name wp post create --post_title=""A draft post"" --post_status=draft --post_name=my-chosen-post-name }}} Visit http://www.example.com/my-chosen-post-name > In case it's relevant to the ticket, what is the expected output or result? We're expecting the published post to be displayed. > What did you see instead? If you're authenticated and have permission to view drafts, the draft post will populate the `Global $post` object and be displayed. Anonymous users will get a 404 page or the browser will throw a `Too many redirects` error. > Does the problem occur even when you deactivate all plugins and use the default theme? Yes. > Please provide any additional information that you think we'd find useful. (OS and browser for UI defects, server environment for crashes, etc.) The core behaviour of the WP Admin post edit screen doesn't allow us to get into this state because `post_name` values are not stored for a post until it transitions to the `publish` post status. When this transition does happen `wp_unique_post_slug()` ensures the `post_name` being saved unique. We first encountered this issue via the Yoast SEO plugin metabox which allows a ''Slug'' to be saved for draft posts. As you can see with the WP-CLI commands above, however, there are other ways of getting to this state. The draft post is loaded for authenticated requests because the default query vars `order_by => post_date` and `order => DESC` means the draft post created after the published post populates the `WP_Query->post` property. Anonymous requests are not able to view the draft post, so before returning a 404, `redirect_canonical()` calls `redirect_guess_404_permalink()` which builds a query for a published post where `page_name` is `LIKE` the post name and finds the published post and redirects to it... and the loop continues." ajfleming Needs Patch 48580 Update status in save_post hooks always true in WordPress 5.0 Posts, Post Types 5.2.4 normal normal Awaiting Review defect (bug) new 2019-11-12T21:47:58Z 2019-11-12T21:47:58Z "I think this issue shown after integration of Gutenberg editor, The {save_post} and {save_POST_TYPE} hooks always triggers {$update} as TRUE. I made some tests, The {$update} is TRUE on saving the post for the first time and on updating also, it's always true. {{{#!php 'No' ); if( $update ) { /* Saving New Post trigger this -- always {Yes} */ $db_values['is_new'] = 'Yes'; } else { $db_values['is_new'] = 'No'; } /* Connect to IBM Server */ /* Update DB */ update_post_meta( $post_ID, 'postmetas_save_test', wp_unslash( $db_values ) ); } }}} " oxibug Needs Patch 58134 Use correct plural of status Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-04-15T06:58:24Z 2023-08-18T23:37:30Z "Core uses a variable named **$stati** (10 times to be found, in 3 files), but that's not the correct plural form of '**status**', neither in english, nor in latin or elsewhere. So I plead to change it to **$statuses**. While there seems to be no decent rule for variable names, so technically the variable could be named $stsii or whatever, still we are called to not {{{ ""abbreviate variable names unnecessarily; let the code be unambiguous and self-documenting."" }}} see https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/ Also, as we all know, ""**Code is Poetry**"", isn't it? Now you could argue poetry has some freedoms, but I strongly believe it should use correct grammar, at least in this case. So I may have convinced you finally of that one, but there's one more issue: There's also a function {{{ get_post_stati() }}} see https://developer.wordpress.org/reference/functions/get_post_stati/ c'mon, let's rename it to **get_post_statuses**, while we're on it. You may think this is petty, but it gave me some confusion and after all it's just wrong. Let's get rid of an usage of a plural form which doesn't exist. " Presskopp 7 Needs Patch 37832 Using ?p=xxx on a posts page with an invalid post ID does not return a 404 status Posts, Post Types normal normal Awaiting Review defect (bug) new 2016-08-25T23:06:41Z 2019-04-19T15:20:07Z "Steps to replicate: - Create a page and set it as the posts page. - Visit this page with ?p=123456 (an invalid ID) added. WordPress will return whatever 'no results found' message you have in the theme, but with a 200 status. The handle_404 function seems to have been set up to always give a 200 status if is_home() returns true. This should not apply if you're overriding the query in some way via the URL. Somehow many of these URLs have been detected by Google on a site of ours and are being reported as soft 404s. How they were found is one thing, but WordPress should not be returning a 200 status regardless." smerriman 2 Needs Patch 40521 Using a custom query var on a static front page results in wrong $post Posts, Post Types 4.7.4 normal normal Awaiting Review defect (bug) new 2017-04-21T20:52:36Z 2017-04-22T09:15:03Z "'''Steps to reproduce:''' * Create a page and make it the static front page * Add a new query var via filter in theme's functions.php: `add_filter( 'query_vars', function( $vars ) { array_push( $vars, 'buggy' ); return $vars; } );` * Open the front page setting the newly added query var (e.g. ""https://example.com/?buggy=yep"") '''Result:''' displays the latest blog post '''Expected result:''' displays front page" mechter 2 Needs Patch 58714 View post link issue in post/article listing screen Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-07-05T10:04:19Z 2023-07-05T10:04:19Z "Hello, View post or permalink not generated when ""public"" argument is ""false"" in custom post type but ""View"" link show in post/article listing screen if ""public"" argument is ""false"" so It should be not shown in listing screen" hiren1094 Needs Patch 54258 WP_Query::is_tax() returns true on custom post type archives (5.8.1) Posts, Post Types 5.8.1 normal normal Awaiting Review defect (bug) new 2021-10-13T19:26:11Z 2021-10-19T13:52:35Z "I was testing the upgrade to 5.8.1 (from 5.7.3) on a copy of my (Lightsail/Bitnami-hosted) live instance and found that after upgrading to 5.8.1, a `post_type=` parameter is added to the URL when I navigate away from a page that displays posts from one of my custom post types. This happens whether or not I update plugins and themes. E.g. I visit `/photographs`, then click to go to `/quotes`; `post_type=photos` gets added to the URL (i.e. `/quotes/?post_type=photos`) and it continues displaying photographs instead of quotes. This happens both with my custom post types defined through the CPT plugin and with the ones I've defined in my own code. The parameter is not added when navigating away from standard post results. Even if the parameter didn't interfere with the website's behavior, it would be a bug, as it's adding unnecessary and unwanted clutter to my URLs, but it does interfere and is a breaking change." arestelle 5 Needs Patch 41857 Walker_PageDropdown doesn't set correct selected value when using value_field Posts, Post Types 4.8.1 normal normal Awaiting Review defect (bug) new 2017-09-11T17:16:16Z 2020-07-22T16:55:25Z "If the ''value_field'' is different from ID, the selected value was not set. Function Walker_PageDropdown::start_el {{{ if ( $page->ID == $args['selected'] ) $output .= ' selected=""selected""'; }}} See also #32330 " it4life 5 Needs Patch 56364 When I update to 6.0.1 it hides categories, Featured image, Author selection when I want to create a post Posts, Post Types 6.0 normal normal Awaiting Review defect (bug) new 2022-08-11T13:35:08Z 2022-09-03T14:40:39Z "Since I updated to v6.0, when I create/edit posts, the Author, Category and Feature Image tabs on the right-hand side have disappeared. I’ve tried disabling plugins and reactivating plugins to determine if it’s a plugin compatibility issue, but I don’t understand why it would be. But nothing worked. My user account is a full admin. After searching, I can see that some people have had the same or similar issue, but their solutions (deactivating plugins etc.) didn’t work for me." digital2019 2 Needs Patch 49136 White screen in password protected posts, referrer policy Posts, Post Types 5.3.2 normal normal Awaiting Review defect (bug) new 2020-01-05T17:19:32Z 2020-03-06T15:20:10Z "**Background** Under some circumstances WP is displaying a white screen refering to URL ..../wp-login.php?action=postpass after entering either correct or incorrect password into password protected posts. It turns out this behaviour occurs reproducably in case WP site is set to no-referrer policy e.g. by Nginx configuration. This behaviour was observed since about July last year. **Steps to reproduce** 1. Force no-referrer policy in Nginx .conf file add_header Referrer-Policy no-referrer; service nginx restart 2. Protect any post by password 3. Verify no-referrer policy in e.g. Chrome F12->network 4. Enter password into your password protected post 5. /wp-login.php?action=postpass white screen pops up, no error message, no debugg hints. These steps reproduce in any WP configuration (under ubuntu server 18.04 LTS, LEMP stack) with or without themes/plugins. Exception: Safari and Edge (as of August last year) do not show white screenn. Reason: These browsers do not support referrer policy. **Work around** Set referrer policy to any other policy than no-referrer. In my case strict-origin-when-cross-origin did the job. **Suggestion** This issue might not be too common but it might become more relevant due to GDPR in Europe. It seems that wp-login.php requires a reference to the calling URL to be able to redirect to that URL after verifying the password. In case of no-referrer policy this reference is not disclosed, hence wp-login.php cannot return to its caller. If that is the case in order to ensure stable operation of password protected posts WP must not allow no-referrer policy but should force any other secure policy." derfuchs98 2 Needs Patch 32773 You cannot move Private nor Passworded posts to Draft. You must make them public first. Posts, Post Types normal normal Awaiting Review defect (bug) new 2015-06-24T03:30:09Z 2017-07-03T16:32:40Z "This is an odd quirk of the editor and might be a security issue for some. However, there is no option from the main editor to move a post directly to draft status from Private nor from Passworded status. I suspect you can trash the post first and then mark it as draft and maybe you could do it from the quick edit. In any case marking as draft should be able to be done from within the actual editor without the disclosure of private information. NOTE: This kinda is a security issue, but not in the way the check box is asking about. It is procedural. So I'm marking ""I am not reporting a security issue.""" BrianLayman 3 Needs Patch 56480 _add_post_type_submenus doesn't use WP_Post_Type::$menu_position Posts, Post Types normal normal Awaiting Review defect (bug) new 2022-08-31T17:17:11Z 2023-04-12T19:26:37Z "Although it's possible to add a post type as a submenu when registering by setting the property show_in_menu, it's not possible to set the position. This is happening because in the function [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/post.php#L2071 _add_post_type_submenus] (wp-includes/post.php) the function add_submenu_page is called without passing the parameter $position. {{{#!php true ) ) as $ptype ) { $ptype_obj = get_post_type_object( $ptype ); // Sub-menus only. if ( ! $ptype_obj->show_in_menu || true === $ptype_obj->show_in_menu ) { continue; } add_submenu_page( $ptype_obj->show_in_menu, $ptype_obj->labels->name, $ptype_obj->labels->all_items, $ptype_obj->cap->edit_posts, ""edit.php?post_type=$ptype"" ); } } }}} Steps to reproduce the issue: 1. Add the code snippet in the functions.php of the theme (notice the 'menu_position') {{{#!php array( 'name' => 'Foo', ), 'show_in_menu' => 'edit.php?post_type=page', 'menu_position' => 20, 'public' => true, ) ); register_post_type( 'bar', array( 'labels' => array( 'name' => 'Bar', ), 'show_in_menu' => 'edit.php?post_type=page', 'menu_position' => 10, 'public' => true, ) ); }}} 2. Visit the Dashboard and check that under the menu Pages, ""Foo"" appears **before** ""Bar"" Expected behaviour: ""Foo"" appears **after** ""Bar""" Rahmohn 1 Needs Patch 48622 `editable_slug` filter does not pass the correct value Posts, Post Types 5.3 normal normal Future Release defect (bug) new 2019-11-14T05:23:52Z 2019-11-14T15:36:42Z "''Originally reported in https://github.com/WordPress/gutenberg/issues/15802.'' **Describe the bug** When using the block editor, the 1st param $post_name passed to the editable_slug filter hook is not the same as the classic editor, which is the expected one. **To reproduce** 1. Install Classic Editor to switch from block to classic 2. Create a draft post with title ""the post title"" and slug ""this-is-the-slug"" 3. Create a muplugin with: add_filter( 'editable_slug', function( $post_name ) { wp_die( $post_name ); } ); 4. Refresh your edit page **Expected behavior** With the classic editor you should have ""this-is-the-slug"" but when using block editor you have ""the-post-title"", sounds like the post_title sanitize with sanitize_title, it should be the real post_,name like classic is doing." noisysocks 3 Needs Patch 48410 `wp_insert_post()` can result in duplicate post data Posts, Post Types normal normal Awaiting Review defect (bug) new 2019-10-23T15:04:14Z 2020-01-02T02:10:25Z "If 2 identical calls to `wp_insert_post()` are made close enough together, 2 posts are added to the database instead of 1. These posts differ by post ID only. The slug for example is the same. This seems to happen because `wp_insert_post()` does a fair amount of processing before the database write takes place. The check to determine if a post already exists can be _stale_ at the point of insertion." henry.wright 2 Needs Patch 52950 add_meta_box issue in wordpress 5.7 Posts, Post Types 5.7 normal major Awaiting Review defect (bug) new 2021-03-31T13:09:44Z 2021-03-31T17:23:29Z "I recently moved to the new WordPress version 5.7 and now I am facing an issue in the add_meta_box function in function.php. The issue I am facing is the custom post type ID which I added in the add_meta_box function is conflicts with my custom post slug. Whenever I add a new post or open an existing post it shows a pre-generated slug from that custom post type without saving. Please see my code below. {{{#!php set('post__not_in', array(5800)); } } } add_action('pre_get_posts', 'mod_func', 999); }}} Screenshot: [https://webgeek.hu/wp-bug-post-counter.jpg] Hope you can understand me, I'm not the best in English. If you have questions, feel free to ask me. Thanks for helping in advance (and thanks for working hard for years), Sincerely, Somogyi Balázs " err Needs Patch 60121 "catastrophic content overwrite from ""Add New Pattern""" Posts, Post Types 6.4.2 normal blocker Awaiting Review defect (bug) new 2023-12-20T11:20:48Z 2023-12-20T11:20:48Z """Add New Pattern"" /wp-admin/post-new.php?post_type=wp_block&lang=en from /wp-admin/edit.php?post_type=wp_block and Publishing it overwrites / replaces the last there added pattern, giving it the same post id like the one overwritten / replaced. When then creating a pattern from a post editor Gutenberg block, that pattern is added next to the pattern(s) at /wp-admin/edit.php?post_type=wp_block giving it an id jumping all those ids equalling attempts at adding a pattern from there. " vialars Needs Patch 43084 dashboard confuses published posts count with all posts Posts, Post Types 2.7 normal normal Awaiting Review defect (bug) new 2018-01-13T23:22:05Z 2019-05-15T08:11:35Z "the following is a good first bug for new contributors, IMO! because it's very easy to fix https://core.trac.wordpress.org/tickets/good-first-bugs in dashboard, in ""at a glance"" section there's a misleading link: 1. its hyper reference uri leads to list of '''all existing''' posts /wp-admin/edit.php?post_type=post there are currently 26 posts in my blog 2. its label is ""8 posts"" where 8 -- is the number of '''currently published''' posts /wp-admin/edit.php?post_status=publish&post_type=post there are currently 8 published posts in my blog 3. its icon is the pushpin. and the pushpin usually means '''sticky''' posts /wp-admin/edit.php?post_type=post&show_sticky=1 there are currently 1 sticky post in my blog thus, as you can see, this link confuses ""all posts (26)"" with ""published posts (8)"" AND with ""sticky posts (1)"" I know, WordPress uses pushpin icon to indicate any post, so, maybe, I'm wrong about sticky posts. But I'm definitely not mistaken in that you cannot label the link as ""8 posts"" and make it refer to the list of 26 posts -- it should be fixed. Either label should be ""26 posts"" or it should go to list of published posts. IMO, the latter choice (lead to published posts)." awardpress 3 Needs Patch 11381 display_page_row() generates boat loads of needless queries pbearne Posts, Post Types normal normal defect (bug) assigned 2009-12-10T12:41:45Z 2024-02-22T22:43:04Z "on sites with many static pages that are spread across multiple parents, display_page_row() triggers multitudes of calls to the db. specifically, it's repeatedly calling get_pending_comments_num(). it's also calling get_editable_user_ids() and wp_dropdown_users(), both of which do not seem to cache their results in case they're used several times on the same page." Denis-de-Bernardy 10 Needs Patch 32057 fix: allow plugins to access click event in edit inline post Posts, Post Types 2.7 normal normal defect (bug) new 2015-04-22T12:03:58Z 2019-06-04T20:49:45Z "I wanted to add custom functionality to inline post edit, but there is code that prevents me from doing this. ---trunk--- in /wp-admin/js/inline-edit-post.js, line 53 {{{ 51: $('#the-list').on('click', 'a.editinline', function(){ 52: inlineEditPost.edit(this); 53: return false; 54: }); }}} fix: {{{ 51: $('#the-list').on('click', 'a.editinline', function(e){ 52: inlineEditPost.edit(this); 53: e.preventDefault(); 54: }); }}} but first time appered in 2.7 {{{ 82: addEvents : function(r) { 83: r.each(function() { 84: var row = $(this); 85: $('a.editinline', row).click(function() { inlineEditPost.edit(this); return false; }); 86: }); 87: }, }}} " wasikuss 1 Needs Patch 32651 get_adjacent_post() doesn't return posts with the same date Posts, Post Types 4.3 normal normal Future Release defect (bug) new 2015-06-15T05:48:40Z 2019-06-24T05:28:53Z "When using `get_adjacent_post()` on a post, the query skips posts with exactly same date and time. In a blog context, the problem is rarely encountered, but it's more present when posts are added programmatically." willybahuaud 6 Needs Patch 37441 get_default_post_to_edit() function is broken Posts, Post Types normal normal defect (bug) new 2016-07-22T08:32:09Z 2019-06-04T21:02:04Z "The [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/post.php?rev=38118#L591 get_default_post_to_edit()] function contains the following code (formatted for the sake of better readability) in case a new post should be inserted to the database: {{{#!php __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft', ) ); $post = get_post( $post_id ); }}} Later in the function, we just ''work'' with the `$post` object. The problem is, there are [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L2919 se]-[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L2966 ve]-[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L3038 ral] [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L3205 rea]-[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L3220 sons] under which [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L2873 wp_insert_post()] returns `0`. In such a case, [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L451 get_post()], in turn, will return `null`, which is neither a `WP_Post` object nor an `object` at all. Then, [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/post.php?rev=38118#L639 setting a property on this null post] will automatically create a new `stdClass`, resulting in the `$post` object only having the three explicitly set properties `post_content`, `post_title` and `post_excerpt`. If you want to see how this affects WordPress, just put `$post = null;` before [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/post.php?rev=38118#L631 wp-admin/includes/post.php:L631]." tfrommen Needs Patch 36313 get_pages() child_of argument does not work in combination with meta_key/value query Posts, Post Types 4.4.2 normal normal defect (bug) new 2016-03-23T21:38:48Z 2023-07-06T12:21:02Z "If you pass both `child_of` and `meta_key/value` parameters to the `get_pages()` function, there are problems. To reproduce: Create a page structure like so: Grandparent (id=1) -Parent (id=2) --Child (id=3) Add a custom field to the Child page. Say `meta_key='bark'` and `meta_val='woof'`. Call {{{ get_pages(array( 'child_of'=>1, 'meta_key'=>'bark', 'meta_value'=>'woof' )); }}} And it will return an empty array. The reason this is happening is because in the `get_pages` function (`wp-includes/post.php`) on line 4562, the `$pages` array only contains Child because it's been filtered by the `meta_key`, but `get_page_children()`, which is being used to determine which pages are `child_of`, requires the complete hierarchy of connected pages to determine which are children, and so it returns nothing. I hope this is helpful. Obviously there are workarounds using loops and get_posts() and people are always suggesting you don't use get_pages() but anyhow, there it is, a bug report. :)" MarcGuay 4 Needs Patch 41355 get_post_status filter is ignored in some cases Posts, Post Types 4.8 normal normal Awaiting Review defect (bug) new 2017-07-18T11:55:09Z 2017-07-18T11:55:09Z "Code: {{{#!php 'my_plugin_render_block_latest_posts', ) ); function my_plugin_render_block_latest_posts( $atts ) { $output = ''; $args = array( 'posts_per_page' => 3, ); $query = new WP_Query( $args ); if ( $query->have_posts() ) : while ( $query->have_posts() ) : $query->the_post(); $output .= '
  • '; $output .= get_the_excerpt(); $output .= '
  • '; endwhile; wp_reset_postdata(); else : $output .= 'No posts found.'; endif; return $output; } }}} For some reason, get_the_excerpt is causing this error in /wp-json/wp/v2/posts: Fatal error: Maximum function nesting level of '256' reached, aborting! in /app/public/wp-includes/plugin.php on line 899 When I remove get_the_excerpt() or replace it with get_the_content() the error disappears. I use 'Local by Flywheel' and this is happening on PHP5.6 and 7" DannyCooper Needs Patch 50255 get_the_modified_author() not working Posts, Post Types 5.4.1 normal normal Awaiting Review defect (bug) new 2020-05-26T14:16:36Z 2021-08-03T05:56:58Z "It seems that get_the_modified_author() is not working. Looking at the source code of the function I noticed that the _edit_last meta field is not filled for the specific post, even though the post was edited. After a closer look it seems that _edit_last is not in the meta data for regular posts and for pages (though I noticed it was there for the standard privacy page). It is there for custom posts. So it seems that get_the_modified_author() is not working for pages and regular posts. I looked at wp_check_post_lock() and saw that this function takes another approach. It looks at the _edit_lock field. This field is still there after the editing is over. So, this piece of code works for pages, posts and custom posts: {{{#!php ID, '_edit_last', true ); return $user; } }}} In this case the user who modified the page/post is part of another field, which makes it harder to filter for that. My suggestion would be to make _edit_last work again, or have a specific field in the post object, just like post_modified and post_modified_gmt that are used for the modification date/time. This would make it easier to filter also. The functions get_the_modified_date() and get_the_modified_time() are working correctly. I have tested this on WP 5.4.1 This was discussed in the forum here: https://wordpress.org/support/topic/get_the_modified_author-not-working/" stilldreaming 1 Needs Patch 50438 item_ labels do not work once registered in a post type Posts, Post Types normal normal Awaiting Review defect (bug) new close 2020-06-20T09:38:42Z 2023-10-04T11:02:23Z "Labels starting with prefix item_ from here: https://developer.wordpress.org/reference/functions/get_post_type_labels/ Are not used in the dashboard when registering them in a custom post type. {{{#!php _x( 'Cars', 'Post Type General Name', 'abcde' ), 'singular_name' => _x( 'Car', 'Post Type Singular Name', 'abcde' ), 'menu_name' => __( 'Cars', 'abcde' ), 'name_admin_bar' => __( 'Car', 'abcde' ), 'archives' => __( 'Car Archives', 'abcde' ), 'attributes' => __( 'Car Attributes', 'abcde' ), 'parent_item_colon' => __( 'Parent Car:', 'abcde' ), 'all_items' => __( 'All Cars', 'abcde' ), 'add_new_item' => __( 'Add New Car', 'abcde' ), 'add_new' => __( 'Add New', 'abcde' ), 'new_item' => __( 'New Car', 'abcde' ), 'edit_item' => __( 'Edit Car', 'abcde' ), 'update_item' => __( 'Update Car', 'abcde' ), 'view_item' => __( 'View Car', 'abcde' ), 'view_items' => __( 'View Cars', 'abcde' ), 'search_items' => __( 'Search Car', 'abcde' ), 'not_found' => __( 'Not found', 'abcde' ), 'not_found_in_trash' => __( 'Not found in Trash', 'abcde' ), 'featured_image' => __( 'Initial Image', 'abcde' ), 'set_featured_image' => __( 'Set initial image', 'abcde' ), 'remove_featured_image' => __( 'Remove initial image', 'abcde' ), 'use_featured_image' => __( 'Use as initial image', 'abcde' ), 'insert_into_item' => __( 'Insert into Car', 'abcde' ), 'uploaded_to_this_item' => __( 'Uploaded to this Car', 'abcde' ), 'items_list' => __( 'Cars list', 'abcde' ), 'items_list_navigation' => __( 'Cars list navigation', 'abcde' ), 'filter_items_list' => __( 'Filter Cars list', 'abcde' ), 'item_published' => __( 'Car published', 'abcde' ), 'item_published_privately' => __( 'Car published privately', 'abcde' ), 'item_reverted_to_draft' => __( 'Car reverted to draft', 'abcde' ), 'item_scheduled' => __( 'Car scheduled', 'abcde' ), 'item_updated' => __( 'Car updated', 'abcde' ), ); $capabilities = array( 'edit_post' => 'update_core', 'read_post' => 'update_core', 'delete_post' => 'update_core', 'edit_posts' => 'update_core', 'edit_others_posts' => 'update_core', 'delete_posts' => 'update_core', 'publish_posts' => 'update_core', 'read_private_posts' => 'update_core' ); $args = array( 'label' => __( 'Car', 'abcde' ), 'description' => __( 'Post Type Description', 'abcde' ), 'labels' => $labels, 'supports' => array( 'title', 'thumbnail' ), 'hierarchical' => false, 'public' => false, 'show_ui' => true, 'show_in_menu' => true, 'menu_position' => 40, 'menu_icon' => 'dashicons-businessman', 'show_in_admin_bar' => true, 'show_in_nav_menus' => false, 'can_export' => true, 'has_archive' => false, 'exclude_from_search' => true, 'publicly_queryable' => false, 'rewrite' => false, 'capabilities' => $capabilities, 'show_in_rest' => false, ); register_post_type( 'abcde_car', $args ); }}} e.g. on post update the notice is Post updated. Not Car updated. " ninetyninew 5 Needs Patch 11311 kses converts ampersands to & in post titles, post content, and more Posts, Post Types 2.9 normal normal Future Release defect (bug) new 2009-12-03T01:49:32Z 2022-08-03T15:41:48Z "Make a test user that has the ""author"" role (i.e. no `unfiltered_html`) and write a post with a title that has `&` in it. After saving, it will becomes `&` due to `wp_filter_kses()`. It gets saved in the database this way too. It's confusing to the user." Viper007Bond 21 Needs Patch 37372 "missing ""edit permalink button"" below the title" Posts, Post Types 4.5.3 normal normal defect (bug) new 2016-07-14T22:14:25Z 2019-06-04T21:01:40Z "With posts and pages there is an ""edit permalink button"" below the title. Also, permalinks change when the title is changed. For custom posts that does not seem to work in the same way: For the function register_post_type() there is a 'public' argument which is merely a way of defining 4 other arguments in 1. If you set that to false and then set 'show_ui' to true to get the user interface back you get the complete user interface except the ""edit permalink button"" below the title. Also, permalinks do not change when the title is changed. That seems like a bug and not like intended functionality." realblueorange 2 Needs Patch 25113 non-latin CPT rewrite slugs fail `wp_safe_redirect` Posts, Post Types 3.6 normal normal defect (bug) new 2013-08-21T20:37:36Z 2019-06-04T20:44:40Z "If you localize your custom post type rewrite slugs in non-latin language and pass it to `wp_safe_redirect` it will strip all non-latin characters and attempt to redirect to stripped location. This can be easely reproduced if your custom post type supports comments and you submit a comment from post type single page as `wp_safe_redirect` is called after comment submission." entr 3 Needs Patch 47552 post_name when inserting is not guaranteed to be unique Posts, Post Types normal normal Awaiting Review defect (bug) new 2019-06-18T00:41:05Z 2019-06-18T03:59:14Z "Hi all, In wp_insert_post, there is a gap between the allocation of the post_name (as wp_unique_post_slug), and the insertion ($wpdb->insert) of the post. This is problematic because another WordPress instance can insert a post with the same post_name in this gap, which would result in two posts being inserted with the same post name See here for an example: https://github.com/domsleee/wp_insert_post_duplicate I suppose a solution may be to obtain a table lock, then find a unique slug and insert the post, and then release the table lock... but this doesn't seem very performant. What do you guys think?" domslee 1 Needs Patch 58476 preg_split(): Passing null to parameter #2 ($subject) of type string is deprecated Posts, Post Types 6.3 normal normal Awaiting Review defect (bug) new 2023-06-08T00:16:08Z 2023-12-12T20:54:33Z "== Bug Report === Description Using the filter hook 'the_content' and passing an empty string or null produces the preg_split deprecation notice in the convert_smilies() function. === Environment - WordPress: 6.3-alpha-55892 - PHP: 8.2.2 - Server: Apache/2.4.54 (Win64) PHP/8.2.2 mod_fcgid/2.3.10-dev - Database: mysqli (Server: 8.0.27 / Client: mysqlnd 8.2.2) - Browser: Chrome 114.0.0.0 (Windows 10/11) - Theme: Seele 1.1.1 - MU-Plugins: * WP Migrate DB Pro Compatibility 1.1 - Plugins: * bbPress 2.6.9 * Classic Widgets 0.3 * Contact Form 7 5.7.7 * Database Backup for WordPress 2.5.2 * Envato Market 2.0.8 * Force Plugin Updates Check 1.0.2 * Optimize Database after Deleting Revisions 5.0.110 * Query Monitor 3.12.3 * Redux Framework 4.4.1.4 * Regenerate Thumbnails 3.1.5 * Requite Core 1.1.13 * Slider Revolution 6.6.14 * Slider Revolution Paint-Brush Add-On 3.0.4 * Slider Revolution Particles Effect 3.3.2 * Slider Revolution Slicey Add-On 3.0.4 * Theme Check 20230417 * Ultimate Addons for WPBakery Page Builder 3.19.14 * WooCommerce 7.7.2 * WordPress Beta Tester 3.4.1 * WordPress Importer 0.8.1 * WPBakery Page Builder 6.13.0 * WP Crontrol 1.15.2 * WP Migrate DB Pro 1.8.1 * WP Migrate DB Pro CLI 1.3.2 * WP Migrate DB Pro Media Files 1.4.9 * WP Migrate DB Pro Multisite Tools 1.2 === Steps to Reproduce 1. Use this filter, ensuring $content is empty or null: $content = apply_filters( 'the_content', $content ); preg_split(): Passing null to parameter #2 ($subject) of type string is deprecated wp-includes/formatting.php:3482 preg_split() wp-includes/formatting.php:3482 convert_smilies() wp-includes/class-wp-hook.php:310 apply_filters('the_content') x. 🐞 Bug occurs. === Expected Results 1. ✅ The filtered content. === Actual Results 1. ❌ The indicated deprecation error due to preg_split not liking a null value." KProvance 4 Needs Patch 55332 problem with quick comment discarded changes Posts, Post Types 5.9.1 normal minor Awaiting Review defect (bug) new 2022-03-07T22:56:11Z 2023-08-09T15:08:12Z "The function discardCommentChanges in js/edit-comments.js does not seem to be working as intended. When using the quick comment editor, the function is called when an edit is started, and it does nothing at that point as expected. But if you click away from the form, nothing stops you and you lose your comment changes. On the other hand, if a plugin enqueues edit-comment.js, buddyboss-platform does (I don't know how/why), and you are editing a post (my attached example is an event venue), the function is triggered on update. With no comments involved, the original content is an empty string and the editied comment is undefined and that triggers the popup warning that changes might be lost." LinuxArchitect 1 Needs Patch 56059 "register_post_type()'s ""description"" argument can't be translated (gettext)" Posts, Post Types 6.0 normal normal Awaiting Review defect (bug) new 2022-06-24T00:25:17Z 2022-06-25T22:36:35Z "Calling ''register_post_type'' it is possible to use ''gettext'' to translate the labels of the post type. However, while the labels do work, the argument ''""description""'' doesn't translate. {{{#!php __('Books', 'text_domain'), 'singular_name' => __('Book', 'text_domain'), 'add_new' => 'New Book' ); $args['description'] = esc_html__(""This is a beautiful description for this post type, but sadly it doesn't get translated"", 'text_domain'); $args['has_archive'] = 'books'; ... ?> }}} I'm rather sure that it's not some mistake of mine, because I checked the ''.po'' and ''.mo'' files multiple times and if I copy and paste that gettext line of code and I echo it anywhere on my website, it gets correctly translated. So it's something about the ''""description""'' parameter." andreacalligaris 4 Needs Patch 51246 single_post_title() doesn't respect private and protected posts Posts, Post Types normal normal Awaiting Review defect (bug) new 2020-09-04T12:35:59Z 2020-09-05T00:03:26Z "`single_post_title()` doesn't respect private and protected content. It will either display or return the content regardless. In contrast, `get_the_title()` does respect private and protected content. Note `single_post_title()` is used when building the document title in `wp_get_document_title()`." henry.wright Needs Patch 60427 "small ""ü"" in page as anchor causes a mistake when try to save (wrong JSON-response)" Posts, Post Types 6.4.3 normal minor Awaiting Review defect (bug) assigned 2024-02-02T19:00:04Z 2024-02-02T19:00:04Z "I tried to make some changes on a page with pre-block content. It contains some anchors and everytime I tried to save the page after some small changes I got the alert ""Aktualisierung fehlgeschlagen. Die Antwort ist keine gültige JSON-Antwort."". The well know answer that there is something wrong with JSON. I found the reason is that in the anchors where small ""ü"" (a german umlaut). It happened with the anchor target as well as with the anchor link. And at the same time there are some anchors with other umlauts, namely with a big ""Ü"", which do not cause the issue." gregordoehnert Needs Patch 47742 sorting by date incorrect Posts, Post Types normal normal Awaiting Review defect (bug) new 2019-07-19T17:36:02Z 2019-07-20T20:34:46Z Sorting pages by date should be doing date modified. It seems to be going off another date, possibly date published. lamaan 2 Needs Patch 43036 the_posts_pagination() - redirect URL for first page in category Posts, Post Types 4.9.1 normal normal Awaiting Review defect (bug) new 2018-01-06T20:51:56Z 2018-01-06T20:51:56Z "When you are on the second, third, etc. the page function `the_posts_pagination ()` outputs a link to the first page for the current category with a slash `/` at the end of the URL: {{{ /category/category-1/ }}} But when clicking on a link, a redirect to the page takes place without a slash `/` on the end: {{{ /category/category-1 }}} A link to the following pages from this category is displayed already without a slash on the end of the URL: {{{ /category/category-1/page/2 }}} Permalink at the same time on the site are configured to look like this: {{{ /%postname%.html }}}" webliberty Needs Patch 47652 wp_dashboard_right_now() emits debug notices on unregistered core post types Posts, Post Types normal normal Awaiting Review defect (bug) new 2019-07-04T20:31:23Z 2019-07-05T02:26:47Z "When you unregister a core 'post' or 'page' post type (I know... I know...) if they have posts in the database, the dashboard ""Right Now"" widget will output a debug notice for each unregistered type: {{{ Undefined property: stdClass::$publish; wp-admin/includes/dashboard.php:270 }}} This is because the code inside of `wp_dashboard_right_now()` always expects a `WP_Post_Status` object as the return type of each `wp_count_posts()` key, however a `stdClass` return type is also possible when no registered type or status is currently registered at the time the widget is rendered. ---- Unregistering ""built in"" post types is normally considered to ""void the warranty"" and the `unregister_post_type()` function explicitly throws an error when you try, but the patch I'm about to attach is a small and bit of code hardening that prevents filling debug logs for those of us that frequently work with out-of-warranty installation types." johnjamesjacoby 4 Needs Patch 34253 wp_insert_post() can assign a random, unauthorized user_id's Posts, Post Types 4.3.1 normal normal defect (bug) new 2015-10-11T07:48:09Z 2019-06-04T20:52:13Z "Hello, When using wp_insert_post, the `get_current_user_id()` function is being called when post_author is left empty. When updating a plugin, and this function appears, you would assume the admin (whoever updated the plugin) would ""insert the post"". But this is not always the case, for instance when you update the plugin through FTP, or use auto-update, or static Opcode caching, etc. However, the admin area is accessible to many on a multisite environment with open registrations. But is also accessible by subscribers, if permitted. The user who accesses the admin area first after updating the code be assigned as post author. An example code below will show you the defect in action, on a Multisite environment: {{{ // Update 'plugin' here, log out and flush opcode cache. // This 'plugin' now executes the following code in admin_init: // Some options. $the_post_id = false; $main_blog = 0; $post_title = 'About WordPress'; $post_content = 'WordPress is great!'; $post_id_option = 'the_inserted_post_id'; // Switch to main blog switch_to_blog( $main_blog ); // Prevent code from running twice with option $page = get_post( get_option( $post_id_option ) ); if ( !$page ) { // Page doesn't exist yet // Insert post $the_post_id = wp_insert_post( array( 'post_title' => $post_title, 'post_status' => 'publish', 'post_type' => 'page', 'post_content' => $post_content ) ); } if ( $the_post_id ) { // Prevent code from running twice by updating option. update_option( $post_id_option, $the_post_id ); } // Back to current blog. restore_current_blog(); }}} A resolution would be to check if the current user has rights to post content. Either by default or parameter. Even more so, assign the site admin if the `current_user_can()` check fails. Thanks!" Cybr 1 Needs Patch 56700 wp_update_post function not support meta update Posts, Post Types normal normal Awaiting Review defect (bug) new 2022-09-30T15:04:23Z 2022-09-30T15:31:59Z "Hi. Seems like wp_update_post() function not support meta fields update. I found post meta update only in wp_insert_post() function https://github.com/WordPress/wordpress-develop/blob/6.0.2/src/wp-includes/post.php#L4498-L4502 Is there are some reasons to not include meta fields update in wp_update_post() function? Or this can be fixed in the future?" borisolhor 1 Needs Patch 59479 'Erase Personal Data' simply doesn't work Privacy 6.3.1 normal critical Awaiting Review defect (bug) new 2023-09-27T20:42:01Z 2023-09-27T20:42:01Z "Here's the steps: 1. Set up a fresh WordPress install on my local machine 2. Add a new subscriber user to that WordPress install 3. Go to 'Export Personal Data' 4. Put in an export request without requiring email confirmation 5. Click on 'download personal data' on the new request entry 6. Open the downloaded content and confirm that there are fields that need to be deleted listed in 'export.json'. There are. These fields include: 'User Nice Name', 'User Email', 'User Display Name' 7. Go to 'Erase Personal Data' 8. Add a new erasure request without requiring confirmation 9. Click 'erase personal data' on the new erasure item 10. Get the message 'No personal data was found for this user' Looking at the user's profile does show that nothing was erased or anonymized. Per https://wordpress.org/documentation/article/tools-erase-personal-data-screen/: 'To confirm what data will be erased by this tool, Go to Tools > Export Personal Data from Administration Screens, and export Personal data.' None of the items that were in the export were erased. The line in that doc doesn't make sense, as the export includes the user's username, which will definitely not be erased. I have replicated this behavior on other hosted sites. There's something wrong with either the tool, the docs, or the feedback from WordPress. Please let me know where I'm going wrong, or if this is actually something that needs fixing." kingfisherwebdev Needs Patch 44010 Add general filters for registering various privacy policy information (cookies) from plugins Privacy normal normal Awaiting Review defect (bug) new 2018-05-08T19:04:24Z 2019-07-22T16:35:53Z "I didn't see it mentioned but during testing of integrating a real plugin, I found that it seems extremely complicated and out of order without some explicit filters for listing things like cookies. To be clear when a plugin adds additional suggested text it appears below the core text in a completely separate box. This is so detached it means if you have 10+ plugins this is gonna be an all-day process for any user to go through generating a policy for their needs. If I just append our plugin suggested text to the end and it has cookies, they will be separate from the other ""Cookies"" sections further up. I think the smarter approache is to implement something to the effect that we could register our cookies, analytics etc, just like the exporters. {{{#!php __( 'Cookie Label' ), 'reason' => __( 'Used for reason x, y & z' ), ]; return $cookies; }); }}} Then it could automatically be output via a shortcode or block or whatever to a table of | Cookie Name | Cookie Label - Cookie Description | | wp_cookie_test | WP Test Cookie - Used to determine if cookies are available for use. | The same would apply to several other sections. I think outputting those into a simple 2 column table would be easy to work with, clean output and easy enough for plugins & themes to integrate with. You could do similar and register user meta info collected, or even specific analytics plugins could output label and info on how they use the data directly under the Analytics heading. Monster Insights, for instance, might add Google Analytics: Tracks visitor engagement with the site anonymously for use in marketing & improvement." danieliser 3 Needs Patch 47491 Avoid double colouring in privacy request rows w/ notices Privacy 4.9.6 normal normal Future Release defect (bug) new 2019-06-06T07:28:54Z 2020-05-11T19:46:57Z "As initially raised here - https://core.trac.wordpress.org/ticket/44135#comment:16 @karmatosed; > I would note a caution in double colouring as seen with blue and green combined in messages. I have to ask why are we showing blue and green together? I would say the following works: > - No color around the actual email itself. > - If successful green > - If no personal data found blue > Grey doesn't really mean anything in terms of this UI so I think lets just not have a double notice color combination and we're set. It after all should only have a notice for information about the state change, not wrap everything. Branching this ticket to keep trac of the issue here." garrett-eclipse 6 Needs Patch 50141 Data erasure/export links should notify the user that the action has already been confirmed Privacy normal normal Future Release defect (bug) new 2020-05-11T02:16:56Z 2020-05-12T05:53:27Z "When a data erasure/export process is started, an email is sent to the email to confirm the action. That email contains only-use-once link that needs to be confirmed for the process to start. The first request to that url has a nice ""Thanks, you'll be notified when ready"" type message, but clicking the link a second time will just trigger a `wp_die( 'This link has expired.' );` message without any context as to why. It's also possible that some email scanners (Either on the server, or on an email client) may request the URL on the users behalf to verify if the URL contains any malicious content in which case the email owner would never actually see the success message, and only the expired link message." dd32 7 Needs Patch 52070 Erase Personal Data & Export Personal Data Table Nav Free Space Issue Privacy 5.6 normal normal Awaiting Review defect (bug) new 2020-12-14T19:20:28Z 2021-01-28T21:45:41Z "Hello Erase Personal Data & Export Personal Data Ui Design Mistake https://www.screenpresso.com/=87BDf please remove Free Space of ""tablenav - top "" apply CSS Display: none; I think also need to check into the RTL language also. Thanks." urvik1 5 Needs Patch 53611 Font size inconsistency in the data erasure inline notice for 'additionalMessages' list items Privacy 5.7.2 normal minor Awaiting Review defect (bug) new 2021-07-06T20:17:30Z 2021-07-06T20:17:30Z "This in reference to the unordered list items added by plugins or other code as 'additionalMessages' with a personal data erasure admin process. The inline notice has a

    tag with text about the completed request. Plugins can add messages using the wp_privacy_personal_data_erasers filter. Additional messages are displayed using the unordered list markup. Right now, the

    tag in this notice has a smaller font size and line height, so the added items are not uniform with the default message's appearance. I'm working on an update that will add CSS to adjust the font-size and line-height of these list items to match the paragraph. " kimannwall Needs Patch 44381 GDPR V2 - Anticipate front-end only sites for confirm actions Privacy normal normal Awaiting Review defect (bug) new 2018-06-15T22:30:30Z 2019-06-03T16:54:06Z "Hello, This is spawned from #44376 as I realized that the confirmaction living in wp-login.php means that front-end only sites that block wp-login.php won't have the ability to execute the action. As GDPR V2 is expected to introduce front-end versions of the request forms it would make sense that these could operate without any backend or wp-login.php available. The code that drives this lives in wp-login.php here;[[BR]] https://github.com/WordPress/WordPress/blob/3ee58b55b14683af4c568bce1845c37408c88fbb/wp-login.php#L862 Cheers " garrett-eclipse 1 Needs Patch 44258 Inconsistency in Export and Erase Personal data behavior Privacy 4.9.6 normal normal Awaiting Review defect (bug) new 2018-05-29T12:01:21Z 2020-01-10T09:53:46Z "I am not sure if it is done on purpose but I have noticed an inconsistency in selecting contents for `Erase Personal Data` tool compared to `Export Personal Data` tool. I have made a few comments as well as uploaded some images through Media Library. My account display name is Subrata Sarkar and the email address is gdpr-tester@emailprovider.com I created an Export Request for gdpr-tester@emailprovider.com and downloaded the `.zip` file. I see both comments and media files are considered in index.html as a part of Personal Data. On the contrary, Erase Personal Data for the same email address does not consider Media Files. In Media Library the images uploaded by me are still showing uploaded by Subrata Sarkar! Comment author is updated to `Anonymous` though. Am missing something? One more thing I have noticed. May be this is done to comply with GDPR regulations. That is, in users' list the email addresses are no longer appearing for each user, although I am logged in as the admin. Just wanted to know if this is the case." subrataemfluence 4 Needs Patch 44669 Privacy Notification doesn't clear after dismissing notification garrett-eclipse Privacy 4.9.7 normal normal Future Release defect (bug) assigned 2018-07-30T06:38:39Z 2019-09-30T19:08:08Z "Every time the 'Suggested privacy policy text' is changed, the **Settings > Privacy** page displays a notification. Clicking the Close (x) icon doesn't clear the notification. If I navigate away from the page, the Privacy Policy notification reappears. The only way to clear the notification is to click the ''review the guide'' link. If a site has a custom privacy policy page, like most typical business sites, then they shouldn't be forced to view this page every time it changes as it's not going to be relevant to them. The Close icon should clear the notification in the same way that clicking the ''review the guide'' link does. Screenshot: https://cl.ly/3r0Y3m0P452X" ahortin 25 Needs Patch 44204 Privacy export codebase in 4.9.6 doesn't use WP Filesystem API Privacy 4.9.6 normal normal Future Release defect (bug) new 2018-05-23T13:01:28Z 2020-08-22T21:11:04Z "The codebase added in WP 4.9.6 for privacy was written with low-level file APIs like fopen(), file_exists(), fwrite(), etc. rather than the WP Filesystem API. Quick to see in wp_privacy_generate_personal_data_export_file(). This restricts core parts of the privacy management functionality to only operate on hosts with direct access to the local filesystem. It is recommended to instead use the WP Filesystem API so that more secure hosts are supported and a broader set of filesystems can be used, e.g. SSH, FTPext, FTPsocket, etc. https://codex.wordpress.org/Filesystem_API" diablodale 3 Needs Patch 14682 Privacy leakage: gravatars leak identity information Privacy 3.0 normal normal Awaiting Review defect (bug) reopened 2010-08-24T14:54:42Z 2020-07-01T19:18:00Z "If a commenter on a blog leaves a comment without having a log in to the site, and the ""Comment author must fill out name and e-mail"" preference is enabled for the blog, the author must provide an email address. The form for this says ""Mail (will not be published) (required)"" It's true that the email address itself is not published, but if the site has gravatars enabled, the persistent identity of the commenter is nonetheless revealed. Together with inspection of other posts where the commenter has chosen to reveal their identity, on the same blog or other blogs, or a brute-force approach taking a known email address to find postings attributed to them (using a global search engine) this results in a complete loss of anonymity. At the bare minimum, the user should be aware of this, so that they can choose not to comment; preferably, the software should be changed so that gravatars are not used for these sorts of posts (or made configurable, in combination with the user being made aware)." jmdh 53 Needs Patch 58969 Privacy setting > The ''Copied'' text also shows, When double-clicking on the 'Copy suggested policy text to clipboard' option, Privacy 6.3 normal normal Awaiting Review defect (bug) new 2023-08-03T12:09:39Z 2023-08-07T16:11:03Z " When double clicked the ''Copy suggested policy text to clipboard'' and paste it to the notes the ''copied'' text is also showing ( Only when double clicking ) === Environment - WordPress: 6.3-RC3-56344 - PHP: 7.4.33 - Server: TasteWP-S4 Official/3.0.0 - Database: mysqli (Server: 8.0.32-0ubuntu0.20.04.2 / Client: mysqlnd 7.4.33) - Browser: Firefox 116.0 (Windows 10/11) - Theme: Twenty Twenty-Three 1.2 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.2 === Steps to Reproduce 1. Open the wordpress 'policies' section 2. Double Click on the 'Copy suggested policy text to clipboard 'option 3. Paste the policy on the notepad or notes 4. ''Copied '' text is showing === Expected Results When you double-click on the 'Copy suggested policy text to clipboard' option, the 'Copied' text should not be displayed. === Actual Results When you double-click the 'Copy suggested policy text to clipboard' option, the 'Copied' text is also displayed." vivekawsm 3 Needs Patch 44723 The user ID in a `WP_User_Request` is not an integer as stated Privacy 4.9.6 normal normal Future Release defect (bug) assigned 2018-08-03T21:00:02Z 2022-01-30T16:54:53Z Discovered this while debugging something in #43985. The value of `WP_User_Request->user_id` is a string, not an integer as stated by the inline documentation. This was causing some unexpected behavior in `get_user_locale()`, which performs a strict comparison for `0` and was causing the condition to incorrectly evaluate as `false`. desrosj 15 Needs Patch 43372 $wp_query->max_num_pages return value as float Query 4.9.4 normal trivial Awaiting Review defect (bug) new 2018-02-20T16:32:40Z 2022-02-10T15:13:40Z "As a page number, Integer would make more sense than Float. This is not a big problem but kinda annoying when you do strict comparison on this value. since no one will define a page number as float." ironghost63 5 Needs Patch 39914 'orderby' date results differs depend on 'post_status' Query 4.7.2 normal normal Awaiting Review defect (bug) new 2017-02-19T09:40:43Z 2017-02-19T09:40:43Z "Default 'orderby' date return different order results depend on 'post_status' passed in WP_Query. For example, 3 published posts with identical post_date (if bulk publish, import or other stuff) in WP_Query will return different posts order on page, which depend on 'post_status' = 'publish' or 'any'. Since all posts are published, setting 'post_status' should not affect default orderby date results. Most notably this difference in edit.php?post_type= in comparison with front-end WP_Query results. Is it normal behaviour of such querying results?" esemlabel Needs Patch 56312 Appending ?name to home URL shows the posts page instead of a static front page Query normal normal Future Release defect (bug) reopened 2022-07-30T10:45:09Z 2023-01-06T09:17:54Z "I found something strange I installed a WordPress then from setting . Reading I set a sample page as homepage And when I opened website it was ok and showed content of sample page but when I added query string “?name” it showed latest blog posts I tried everything as query string nothing did that and all showed sample page content and that was ok Just just with ?name query string showed different thing For ex localhost/site/?name show latest posts but Localhost/site/?everythingyoutype Was ok and show content of the page Why ?name query string is like that??? I want to remove it actually you must test it just on homepage of your site not another pages it hurts SEO if you show something else with query string on your site (specially on your homepage) instead of the main content basically as you said when you enter the url of homepage with /?name you should see the homepage and nothing should change because it’s just a query string I can show you an example see this : https://amepro.at/ as you see everything is fine and homepage of website is ok but please see this one https://amepro.at/?name here you see the blog posts and it hurts SEO very bad I got too much errors on search console with these kind of urls Can you explan the logic behind it why should we show another thing like latest post when someone enter some parameter ? it’s not normal at all" masimoti 6 Needs Patch 55649 Block Query with full post content do not display properly Query 5.9.3 normal normal Awaiting Review defect (bug) new 2022-05-02T12:15:53Z 2022-05-02T12:15:53Z "When i change the QueryBlock content from the post excerpt to full post content in block theme edditor i get the correct behaviour but on the website it will not display the correct post content i think it's not inheriting the query from the queryBlock and it is taking the query parameters from the main page instead." jawedzennaki Needs Patch 56165 Bogus query parameters force WordPress to drop query limit and exhausts memory Query 6.0 normal normal Awaiting Review defect (bug) new 2022-07-06T18:30:28Z 2022-07-06T18:33:37Z "I noticed that a site was regularly getting out of memory errors at a URL that seems to be an attempt at ""hacking"" a Drupal site: {{{ https://example.com/?q=user%2Fpassword&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=dir&debug }}} For some reason this causes WordPress to execute this query: {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.post_type = 'post' AND ((wp_posts.post_status = 'publish')) ORDER BY wp_posts.post_date DESC }}} You'll notice that there is no `LIMIT` set, even though the site has a limit set by default and there are no plugins/filters to alter this. On a site with a large number of posts this can easily cause memory issues (I noticed it during the `update_meta_cache` function running after the query. That URL is causing WordPress to execute this query: {{{ WP_Query->query(Array ([name] => Array ([#post_render] => Array ([0] => passthru),[#type] => markup,[#markup] => dir))) }}} The `name` parameter is supposed to be a string, so I'm not sure why it's affecting the query at all (PHP 7.4 does throw warning because WP tries to `trim()` the value, PHP 8.1 throws error). I haven't gotten far enough in to see why the query limit is dropped, but I imagine in any case this URL should result in either the homepage being displayed or a 404. Here is a full backtrace: {{{ #0 update_meta_cache(post, Array ([0] => 81102,[1] => 80934,[2] => 80927,...)) #1 update_postmeta_cache(Array ([0] => 81102,[1] => 80934,[2] => 80927,...)) #2 update_post_caches(Array ([0] => WP_Post Object ([ID] => 81102,[post_author] => 5,[post_date] => 2022-07-01 10:17:29,[post_date_gmt] => 2022-07-01 17:17:29,[post_content] => #3 WP_Query->get_posts() called at [/wp-includes/class-wp-query.php:3586] #4 WP_Query->query(Array ([name] => Array ([#post_render] => Array ([0] => passthru),[#type] => markup,[#markup] => dir))) called at [/wp-includes/class-wp.php:648] #5 WP->query_posts() called at [/wp-includes/class-wp.php:775] #6 WP->main() called at [/wp-includes/functions.php:1330] #7 wp() called at [/wp-blog-header.php:16] #8 require(/wp-blog-header.php) called at [/index.php:4] }}}" coreyw 1 Needs Patch 28568 Can't get private posts/pages via WP_Query when not logged in as administrator Query 3.9 normal normal Awaiting Review defect (bug) reopened 2014-06-17T18:44:59Z 2019-03-22T14:10:01Z "I want to use WP_Query to display content of one private page on some place in a template. {{{ // ... theme template sidebar.php, for example 25, 'post_status' => 'private' )); // page #25 is set to ""private"" if ($the_query->have_posts()) { // ... nope, no posts for you today while ($the_query->have_posts()) { $the_query->the_post(); the_content(); } wp_reset_postdata(); } ?> }}} But it only works when I am logged in as administrator. When I am not logged in, and print_r() the $the_query, there is ""request"" index filled with: {{{SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.ID = 25 AND wp_posts.post_type = 'page' AND ((wp_posts.post_status = 'private')) ORDER BY wp_posts.post_date DESC}}} Querying database with it directly in PHPMyAdmin, it returns one row as expected (page ID 25 row). But template loop does not anything. ""Posts"" index in $the_query is empty. I have expected WP_Query works like ""just give me anything I want (defined by the arguments)"" ... and I want page with ID 25. " mklusak 7 Needs Patch 15551 Custom post type pagination redirect Query 3.1 normal normal defect (bug) reopened 2010-11-23T21:50:06Z 2022-12-28T06:15:12Z "We seem to be having a problem with a redirect on a custom post page (e.g., http://www.example.com/show/slug/). Everything on the page shows correctly. The template pulls in posts with the following query: {{{ 'show', 'meta_value' => $show->ID, 'paged' => get_query_var('paged'), 'caller_get_posts' => true)); ?> }}} After the posts we display pagination links (e.g., http://www.example.com/show/slug/page/2/). In our rewrite rules, we include the following rule which should handle these URLs: {{{ 'show/([^/]+)/page/([0-9]{1,})/?$' => 'index.php?show=$matches[1]&paged=$matches[2]', }}} Instead of the page displaying and allowing us to pull in the second page of posts, the browser is being redirected back to the original page (http://www.example.com/show/slug/) with a 301. I see that this is happening inside the redirect_canonical function. The following code in wp-includes/canonical.php replaces /page/2/ with / causing the redirect: {{{ // paging and feeds if ( get_query_var('paged') || is_feed() || get_query_var('cpage') ) { if ( !$redirect_url ) $redirect_url = $requested_url; $paged_redirect = @parse_url($redirect_url); while ( preg_match( ""#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#"", $paged_redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $paged_redirect['path'] ) || preg_match( '#/comment-page-[0-9]+(/+)?$#', $paged_redirect['path'] ) ) { // Strip off paging and feed $paged_redirect['path'] = preg_replace(""#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#"", '/', $paged_redirect['path']); // strip off any existing paging $paged_redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $paged_redirect['path']); // strip off feed endings $paged_redirect['path'] = preg_replace('#/comment-page-[0-9]+?(/+)?$#', '/', $paged_redirect['path']); // strip off any existing comment paging } }}}" cbsad 14 Needs Patch 58200 Empty result when meta_query is supposed to select date less than certain date Query normal normal Awaiting Review defect (bug) new 2023-04-26T17:53:16Z 2023-11-10T09:04:06Z " {{{ $args = [ 'post_type' => 'page', 'posts_per_page' => '10', 'paged' => '1', 'meta_query' => [ 'event' => [ 'key' => 'event_end', 'value' => date( 'Y-m-d H:i:s' ), 'compare' => '<', 'type' => 'DATETIME' ], ]; }}} Request will be: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) WHERE 1=1 AND ( ( wp_postmeta.meta_key = 'event_end' AND CAST(wp_postmeta.meta_value AS DATETIME) < '2023-04-26 17:12:15' ) ) AND wp_posts.post_type = 'page' AND ((wp_posts.post_status = 'publish')) GROUP BY wp_posts.ID ORDER BY CAST(wp_postmeta.meta_value AS DATETIME) DESC LIMIT 0, 10 }}} And as a result, empty values will be among the result. How to check: 1. Add to certain post_type post_meta event_end with empty value. 2. Create new WP_Query with this post_type and meta_query where event_end is less than current date (look above). 3. Get post and check that selection has empty value. Expected behaviour is to get all posts, where event_end post_meta has a type of DATETIME and not empty." oglekler 2 Needs Patch 40903 Filtered posts_request query can break found_posts query Query normal normal Awaiting Review defect (bug) new 2017-06-01T16:54:45Z 2017-06-01T18:40:57Z "Suppose the `posts_request` query is built with `SQL_CALC_FOUND_ROWS`. The stage is set for `WP_Query::set_found_posts` issue `SELECT FOUND_ROWS()` because `$limits` is non-empty. Now suppose a plugin filters `posts_requests` to the empty string because it gets results another way. WP_Query will still go ahead and issue `SELECT FOUND_ROWS()` erroneously. Some plugins avoid this by filtering `found_posts_query` to the empty string. However, it seems like there is a better way to write the logic of `set_found_posts` so that it respects the filtered `posts_request` query and avoids the problematic statement: simply check the filtered query for `SQL_CALC_FOUND_ROWS` instead of looking at `$limits`. Proposed fix: {{{ private function set_found_posts( $q, $limits ) { global $wpdb; // Bail if posts is an empty array. Continue if posts is an empty string, // null, or false to accommodate caching plugins that fill posts later. if ( $q['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) return; - if ( ! empty( $limits ) ) { + if ( substr( $this->request, 0, 26 ) === 'SELECT SQL_CALC_FOUND_ROWS' ) ) { /** * Filters the query to run for retrieving the found posts. * }}}" andy 1 Needs Patch 60395 Filtering posts by open ping_status returns posts with closed ping_status Query normal normal Awaiting Review defect (bug) new 2024-01-31T07:06:00Z 2024-01-31T10:50:47Z "CLI command {{{wp post --ping_status=open}}} returns published sticky posts with a {{{ping_status}}} of {{{closed}}}. {{{ wp post list --ping_status=open --fields=ID,post_status,post_type,ping_status +------+-------------+-----------+-------------+ | ID | post_status | post_type | ping_status | +------+-------------+-----------+-------------+ | 2521 | publish | post | closed | | 2508 | publish | post | closed | +------+-------------+-----------+-------------+ }}} The same command with a different output format yields no results: {{{ wp post list --ping_status=open --format=ids (no output) }}} Setting an arbitrary {{{ping_status}}} still returns results; {{{ wp post list --ping_status=foobar --fields=ID,post_status,post_type,ping_status +------+-------------+-----------+-------------+ | ID | post_status | post_type | ping_status | +------+-------------+-----------+-------------+ | 2521 | publish | post | closed | | 2508 | publish | post | closed | +------+-------------+-----------+-------------+ }}} The command should return no results as there are no posts with {{{ping_status}}} of {{{open}}}. At the very least, the results output should be consistent regardless of format. Environment {{{ OS: Linux 4.18.0-513.9.1.el8_9.x86_64 #1 SMP Wed Nov 29 18:55:19 UTC 2023 x86_64 Shell: /bin/bash PHP binary: /usr/bin/php PHP version: 8.1.27 php.ini used: /etc/php.ini MySQL binary: /bin/mysql MySQL version: mysql Ver 15.1 Distrib 10.5.22-MariaDB, for Linux (x86_64) using EditLine wrapper SQL modes: WP-CLI root dir: phar://wp-cli.phar/vendor/wp-cli/wp-cli WP-CLI vendor dir: phar://wp-cli.phar/vendor WP_CLI phar path: /var/www WP-CLI packages dir: WP-CLI cache dir: /home/deploy/.wp-cli/cache WP-CLI global config: WP-CLI project config: /var/www/wp-cli.yml WP-CLI version: 2.9.0 }}} GitHub issue: https://github.com/wp-cli/entity-command/issues/453 " jamieburchell 1 Needs Patch 59809 "Inconsistent ""ITEMS PER PAGE"" across pagination pages in the Query Loop" Query normal normal Awaiting Review defect (bug) new 2023-11-06T02:11:45Z 2024-02-21T13:47:33Z "There is an inconsistent behavior of the ""ITEMS PER PAGE"" across pagination pages in WP 6.4 and TT4 the Query Loop block. Here is how to replicate it: 1. Ensure you have WP 6.4-RC3 installed, and the TT4 activated. 2. Ensure you have at least 10 blog posts. 3. Make a certain blog post sticky. 4. Navigate under Appearance > Editor, and edit any template. 5. In the template, add the Query Loop block, and choose a pattern that has pagination on it. 6. Disable the ""Inherit query from template"", and ensure the ""STICKY POSTS"" is set to include. Also, ensure the ""ORDER BY"" is set to ""Newest to Oldest"" 7. From the ""Display Settings"" of the block, set the ""ITEMS PER PAGE"" to 2. 8. Save the changes, and come back to the frontend. 9. You will see that it shows 3 posts in the Query Loop, which is expected as it includes the Sticky post as well. 10. Now, navigate to the 2nd page using the pagination. See, now you will see 2 posts. This includes the STICKY post and another post. 11. Now, navigate to the 3rd page using the pagination. See, now you again have 3 posts showing, which is expected. This is causing an issue with the 2nd page of the pagination, which is only showing 2 posts, including the Sticky one. But all the other pagination pages are showing fine, with 3 posts each, including the Sticky one. This is occurring in WP 6.4 and with the TT4 theme." rajinsharwar 10 Needs Patch 47493 Meta Query Sorting with relation => OR not behaving as expected Query 4.8.2 normal normal Awaiting Review defect (bug) new 2019-06-06T13:45:36Z 2019-06-06T14:18:32Z "When sorting on multiple meta query clauses with the default AND relation the sorting works as expected. When sorting with an OR relation the sorting does not function as expected. {{{ 'meta_query' => array( //'relation' => 'OR',// when turning this on the sorting does not work.. 'cornerstone_clause' => array( 'key' => '_yst_is_cornerstone', 'compare' => 'EXISTS', 'type' => 'BINARY', ), 'count_clause' => array( 'key' => 'erp_post_views_count', 'compare' => '>', 'value' => 0, 'type' => 'NUMERIC', ), ), 'orderby' => array( 'cornerstone_clause' => 'DESC', 'count_clause' => 'DESC', ), }}} The idea of the query is to first show any posts that contain '_yst_is_cornerstone' and sort the remaining by 'erp_post_views_count'." tcaneeaglepub Needs Patch 37251 Not return 404 on front-page with option page and url `/page/2` Query 4.5.3 normal normal Awaiting Review defect (bug) new 2016-07-01T15:31:11Z 2023-05-28T15:33:44Z "If i setup page on front-page(Go `Settings`->`Reading`->`Set show on front static page and choose own page`->`Save`). Then go to front page on my site (example http://my-domain/) i see page, which setted before. But if i try open `http://my-domain/page/2`, `http://my-domain/page/3` and etc, i get always front-page, except i am wait 404 error. After debug i found solution (line 1777 in `query.php`): {{{#!php is_home && 'page' == get_option('show_on_front') && get_option('page_on_front') && !$this->is_paged) { $_query = wp_parse_args($this->query); // pagename can be set and empty depending on matched rewrite rules. Ignore an empty pagename. if ( isset($_query['pagename']) && '' == $_query['pagename'] ) unset($_query['pagename']); unset( $_query['embed'] ); if ( empty($_query) || !array_diff( array_keys($_query), array('preview', 'page', 'paged', 'cpage') ) ) { $this->is_page = true; $this->is_home = false; $qv['page_id'] = get_option('page_on_front'); // Correct for page_on_front if ( !empty($qv['paged']) ) { $qv['page'] = $qv['paged']; unset($qv['paged']); } } } }}} Add `&& !$this->is_paged` check." sheo13666q 7 Needs Patch 40397 PHP 7.1.x problem in WP_Query Query 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-08T23:08:20Z 2018-01-11T03:59:56Z "I believe I have found another instance of the defect reported in Trac #37772. This was reported in my plugin's support forum: https://wordpress.org/support/topic/warning-parameter-2-to-mlaquery The first post there includes the PHP message: Warning: Parameter 2 to MLAQuery::mla_query_posts_search_filter() expected to be a reference, value given in /home/prodport/staging/1/wp-includes/class-wp-hook.php on line 298 A later post from @adrianb includes a call trace showing the call to `apply_filters()` from line 1995 in WP_Query." dglingren 6 Needs Patch 40984 Possible Bug with Named Orderby Meta Query SQL Query 4.8 normal normal Awaiting Review defect (bug) new 2017-06-09T19:51:56Z 2017-06-09T20:10:26Z "I don't know how easy this would be to replicate, but I can at least walk through the steps in identifying the bug, and how I was able to address it for my own use-case. On the web application we're building, we've added a simple meta field called ""spotlight"" to basically drive a single post to the front of the list, and apply some extra styling. To do this, I had built the following query: {{{#!php 'post', 'posts_per_page' => 3, 'orderby' => 'has_spotlight post_date', 'meta_query' => [ 'relation' => 'OR', 'has_spotlight' => [ 'key' => 'spotlight', 'value' => '1' ], 'standard' => [ 'key' => 'spotlight', 'compare' => 'NOT EXISTS' ] ], 'tax_query' => [ [ 'taxonomy' => 'post_tag', 'field' => 'name', 'terms' => 'News' ] ] ]); }}} In other areas of the web application, similar queries appeared to function as expected - the ""spotlight"" post would appear first in the list, with remaining posts ordered by date. However, for the above query, something interesting happened: A post with no spotlight metadata was appearing at the top of the list, and the actual spotlight post was appearing below it. Using PHPStorm and Xdebug, I set a breakpoint for the query and examined the object. Under the request property, the following SQL was generated: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_relationships.object_id) LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) LEFT JOIN wp_postmeta AS mt1 ON (wp_posts.ID = mt1.post_id AND mt1.meta_key = 'spotlight' ) WHERE 1=1 AND ( wp_term_relationships.term_taxonomy_id IN (724) ) AND ( ( wp_postmeta.meta_key = 'spotlight' AND wp_postmeta.meta_value = '1' ) OR mt1.post_id IS NULL ) AND wp_posts.post_type = 'post' AND ( wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled' ) GROUP BY wp_posts.ID ORDER BY wp_posts.menu_order, CAST(wp_postmeta.meta_value AS CHAR) DESC, wp_posts.post_date DESC LIMIT 0, 3 }}} When running this SQL directly in SequelPro, the following IDs were returned, confirming the order that I was seeing: 1 227 <-- Spotlight Post ID 225 After looking through the SQL statement, I decided to check exactly what Wordpress was seeing. After modifying the query to include everything from the wp_postmeta query, something interesting happened: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID, wp_postmeta.* FROM wp_posts ... }}} I receive the following results: {{{ ID meta_id post_id meta_key meta_value 1 51 1 _edit_lock 1496942377:1 227 20794 227 spotlight 1 225 3305 225 _yst_is_cornerstone }}} It appears that the table that's being used to define the ordering - '''wp_postmeta''' - is not being filtered the same way as the other table alias '''mt1'''. Upon changing the order clause to use the filtered meta table: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID, mt1.* ... CAST(mt1.meta_value AS CHAR) DESC }}} I received the correct results: {{{ ID meta_id post_id meta_key meta_value 227 20794 227 spotlight 1 225 NULL NULL NULL NULL 1 NULL NULL NULL NULL }}} This is strange to me, as this line should theoretically prevent other unrelated meta information from being included in the results: {{{ WHERE ... ( wp_postmeta.meta_key = 'spotlight' AND wp_postmeta.meta_value = '1' ) OR mt1.post_id IS NULL ... }}} It should be noted that simply changing the ORDER BY clause in my case - while it ""fixes"" the issue - is not technically correct. Instead, the primary meta query clause should also contain the same filtering that the second does. The complete query looks like so: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_relationships.object_id) LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id AND wp_postmeta.meta_key = 'spotlight' ) LEFT JOIN wp_postmeta AS mt1 ON (wp_posts.ID = mt1.post_id AND mt1.meta_key = 'spotlight' ) WHERE 1=1 AND ( wp_term_relationships.term_taxonomy_id IN (724) ) AND ( ( wp_postmeta.meta_key = 'spotlight' AND wp_postmeta.meta_value = '1' ) OR mt1.post_id IS NULL ) AND wp_posts.post_type = 'post' AND ( wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled' ) GROUP BY wp_posts.ID ORDER BY wp_posts.menu_order, CAST(wp_postmeta.meta_value AS CHAR) DESC, wp_posts.post_date DESC LIMIT 0, 3 }}} '''Notice that the first metadata left join contains the same filtering by meta_key as the second.''' I'm not sure what far-reaching consequences this might have, or if this issue has come up in the past. I imagine it's a bit of an edge-case. Let me know if this is something that you're able to reproduce on your end, or if you need more information in regards to this." maiorano84 Needs Patch 60027 Post patterns show no posts Query normal major Awaiting Review defect (bug) new 2023-12-07T09:14:28Z 2023-12-07T09:14:28Z Newly created patterns for posts give 'no post found error' and create 'one post' of their own. bferonia Needs Patch 60566 Posts Page as Draft remains publicly queryable Query normal normal Future Release defect (bug) new 2024-02-17T11:46:03Z 2024-02-19T11:04:08Z "When assigning a Posts Page at ""WP Admin > Settings > Reading"" and afterward setting that page to draft, the page remains publicly queryable. This is possible via the `?page_id=` query (not `?p=`) and the provisioned slug." Cybr 2 Needs Patch 42732 Problem with usage of WP_Term_Query inside WP_Tax_Query Query 4.9 normal normal Awaiting Review defect (bug) new 2017-11-28T15:15:21Z 2017-11-28T15:15:21Z "This problem started on WP 4.9 because of #37038. In WPML plugin, we filter the tax queries in order to convert the term IDs to their translations in the current language (if any). In WP 4.8.3, `WP_Tax_Query::transform_query` was making direct calls to the DB. In WP 4.9, `WP_Tax_Query::transform_query` is using `WP_Term_Query` to fetch the terms of the meta query. The problem is that we have filters on `WP_Term_Query` (on `get_terms_args`) which applies to this. This is usually not a problem, except for a post query with tax queries and `suppress_filters` set to `true`. Here's an example: {{{ $args = array( 'post_type' => 'post', 'suppress_filters' => true, 'tax_query' => array( array( 'taxonomy' => 'category', 'field' => 'term_id', 'terms' => [ 3, 4 ] // 3 is the English category and 4 is the translation in French ), ) ); $wp_query = new WP_Query( $args ); }}} '''What is expected (and actual behavior in 4.8.3):''' This query should return all the posts attached to the category 3 or 4, whatever the current language. '''What we have now:''' The query returns the posts attached to 3 OR the posts attached to 4 (depending on the current language). So we need a way to flag that `WP_Term_Query` is used inside `WP_Query` (via `WP_Tax_Query`) and `suppress_filters` is set to `true`." strategio Needs Patch 48020 Queries display in inconsistent order when ordering by meta_value_num Query normal normal Awaiting Review defect (bug) new 2019-09-11T17:00:10Z 2019-09-11T18:22:09Z "So I caught this the other day. When ordering a query by {{{meta_value_num}}}, multiple posts sharing the same meta value display in a random order such that if you run two identical queries, the order of the posts could differ between the two. Example use case. I have a custom {{{class}}} post type with a {{{date}}} post meta. Many classes share the same date. On the frontend, I am displaying 12 classes at a time, ordered by date, and when users select to load more I fetch more posts from the server with and query more classes with {{{'offset' => $classes_showing}}} and {{{'orderby' => 'meta_value_num'}}}. Classes belonging to the same show up in different orders from query to query, which occasionally results in multiple classes shown on the frontend. Hopefully that was clear enough. Let me know if you need more code. Thanks." truheart Needs Patch 56081 Query Loop block with selection causes Sticky Posts setting to be ignored Query 6.0 normal normal Awaiting Review defect (bug) new 2022-06-27T21:06:32Z 2022-06-27T21:06:32Z "The Query Loop has an option to ""Inherit query from template"". There is another option to display Sticky posts - only, include, or exclude. On an Archive page where a query has pre-selected taxonomy, the sticky selector is ignored. So, where Inherit Query is checked, it doesn't matter if Sticky Posts is set to Include, Exclude, or Only - stickies and non-stickies are both always shown. The correct selection is shown in the template editor, but not when rendering an archive page from the front-end. **To test:** I am getting my stickies up top and everything following by using two query loops in the default Home page that displays all blog posts. In the Home template: This page is not filtered. The first query loop has Inherit Query unchecked, and Sticky Posts set to Include. The second query loop has Inherit Query unchecked, and Sticky Posts set to EXclude. So there are two loops, one for stickies, and the next for all others. This results here are as expecteed. To achieve the same results as above for the Archive template, which is filtered. The two query loops would be set the same as above, except with Inherit Query checked in both. But the result is not as expected. Let's try a simpler version for the Archive. One Query Loop has Inherit Query checked, and Sticky Posts set to Exclude or Only. The Sticky setting is ignored and all pre-selected posts are rendered in the archive page with stickies and non-stickies mixed. Again, it looks OK on the back-end, not on the front-end. **Desired behavior:** The Sticky setting and anything else that can be configured for a Query Loop should be included in the query at run-time. **Notes:** - This might be specific to the Twenty TwentyTwo theme. - I have not checked to see if the behavior is the same with the classic loop, without blocks, with PHP templates rather than HTML templates." Starbuck Needs Patch 60274 Query loop showing too many posts Query 6.4.2 normal normal Awaiting Review defect (bug) new 2024-01-17T14:26:37Z 2024-01-17T14:35:11Z With recent updates, the query loop shows 4 posts while in editor (per the settings) but shows 5 in the site itself. (see mcld.org home page towards the bottom) jcoonrod 1 Needs Patch 35758 Reading Settings fallback option when none is selected at Front page displays Query 4.4.1 normal normal defect (bug) new 2016-02-05T20:26:25Z 2019-06-04T20:54:56Z "Hi, I found a bug that makes the home page think it's a page. (I didn't look at the WP_Query variables.) Here are the steps to replicate the issue: 1. Go to /wp-admin/options-reading.php 2. Delete the selected option at ""Front page displays"" through Developer Tools/Web Inspector. 3. Save settings. 4. Now no setting is selected. The home page is a Posts Page but WP_Query doesn't recognize it as one, nor as a front page at all. This causes all kinds of issues when plugins/themes rely on is_front_page(). Thanks!" Cybr 3 Needs Patch 57767 SQL query error with multiple order specifications in pre_get_posts. Query 6.1.1 normal critical Awaiting Review defect (bug) new 2023-02-20T03:09:37Z 2023-02-21T02:27:55Z "https://ja.wordpress.org/support/topic/pre_get_posts%e3%81%a7%e8%a4%87%e6%95%b0%e3%81%ae%e4%b8%a6%e3%81%b3%e9%a0%86%e6%8c%87%e5%ae%9a%e3%81%a7%e3%82%a8%e3%83%a9%e3%83%bc/#post-11682395 We have started a thread in the above forum but have not been able to resolve the issue. You can refer to the URL for more details, but when I specify multiple sorting conditions based on the value of a custom field, the results are not displayed properly, and when I throw the query portion of the request in $query directly to SQL in the hook point of pre_get_posts, the following error is returned The following error is returned. {{{ Expression #1 of ORDER BY clause is not in GROUP BY clause and contains non-aggregated column 'local.wp_postmeta.meta_value' which is not functionally dependent on columns in the GROUP BY clause; this is incompatible with sql_mode=only_full_group_by }}} {{{ }}} Is this part of a bug?" kuroro111 5 Needs Patch 46285 Search colums of WP User Query vars is not updated after applying user_search_columns filter Query 4.9.8 normal trivial Awaiting Review defect (bug) new 2019-02-20T08:21:54Z 2019-02-20T08:21:54Z While preparing the query variables of WP_User_Query , it appears that, after applying user_search_columns filter, the possibly modified array search_columns in WP_User_Query->query_vars argument is not updated . wonderyan Needs Patch 36966 Search is not working with soft hyphen symbols Query 4.5.2 normal normal defect (bug) new 2016-05-28T21:36:29Z 2019-06-04T20:59:30Z "Site search doesn't work if a word contains soft hyphen symbols. When a word is pretty long and it should fit within a limited space, the best solution seems to be to stuff it with soft hyphens (­), so there will be no hanging lines. It looks like this: Pseu­do­pseu­do­hy­po­pa­ra­thy­roi­dism But in this case the word can't be found." mvasin Needs Patch 45376 Search not working as described in codex Query normal normal Awaiting Review defect (bug) new 2018-11-19T13:07:01Z 2018-12-07T01:56:14Z "In the codex it says if I sort my search query results by relevance it should behave as follows: ""Order by search terms in the following order: First, whether the entire sentence is matched. Second, if all the search terms are within the titles. Third, if any of the search terms appear in the titles. And, fourth, if the full sentence appears in the contents."" That actually is not right, because the third case never happens! Example: I have 3 Posts with titles: ""Keyword"", ""Key"" and ""Word"" If I search for ""?s=key+word"" the result ist only ""Keyword"" but it should be ""Key"" and ""Word"" too!?" totatari Needs Patch 54853 Search only searching phrases and not searching individual terms Query 5.8.3 normal normal Awaiting Review defect (bug) new 2022-01-19T03:00:51Z 2022-01-19T07:46:09Z " {{{ get_posts(array( ""post_type"" => ""fruit"", ""s"" => ""apple orange banana"" )); }}} should search for each term separately, but it does not. It searches the entire string as a phrase. Issue is within /wp-includes/class-wp-query.php line 1398. It's a simple change: {{{ $searchand = ' AND '; to $searchand = ' OR '; }}} " jchang 4 Needs Patch 50885 Setting a pre_get_posts query post_type to array results in broken wp-admin filters Query 5.4.2 normal normal Awaiting Review defect (bug) new 2020-08-10T12:46:14Z 2020-08-11T01:27:00Z "I have a in-house plugin which creates a few extra alternate post types (eg. `post_custom`), and one of its requirements is that these post types are queried together with normal posts. To do this, I've implemented a function which converts any queries for the `post` post type into `array( 'post', 'post_custom', ... )` and it works as it should, but when on wp-admin, if one tries to go into the default ""Posts"" menu and filter by author or even search for anything, it will return a message saying ""Invalid post type"". Checking the URL, it will contain the `post_type` query string as ""Array"" instead of ""post"", and changing it manually to ""post"" fixes the issue. I guess the wp-admin interface is not handling the array of post types correctly?" matpratta 2 Needs Patch 54436 Sorting issue- when sorting via a custom meta key Query 5.5.2 normal normal Awaiting Review defect (bug) new 2021-11-13T12:38:27Z 2021-11-14T18:01:55Z "So, I created a new meta key with the name `_tstock` and stored numeric values in it, used the code below for sorting: {{{ $args['orderby'] = 'meta_value_num'; $args['order'] = 'DESC'; $args['meta_key'] = '_tstock'; }}} The products tend to repeat after switching the page if the value of `_tstock` of the last product is similar to first product on the next page. Elaborating a bit more :- Let's assume that there are 10 products with the `_tstock` value equal to one and 5 products are displayed on the first page while the rest 5 are displayed on second page. The total number of the product will not change instead some of the products from the first page will be displayed on the second page replacing the ones that should be displayed." prashantinfozion Needs Patch 23336 Sticky Posts lack sanity bounding. If used too much, can severely degrade performance. Query normal normal defect (bug) reopened 2013-01-31T05:09:37Z 2019-06-04T20:43:50Z "Came across an issue where a site was using sticky posts for a slider on the front page. The rest of the front page used custom taxonomy queries. As such, they'd mark items as sticky, have the slider grab the first three. Over years, they accumulated thousands of sticky posts, which, as you can imagine, made the front page of their site absurdly slow, as it was querying those thousands of posts every time. Should we establish some sort of sanity limit here, to keep people from shooting themselves in the foot? I found this a REALLY hard issue to diagnose. Even with debug bar, there is no indication that sticky posts are being queried. There's just a giant WP_Query call that does a giant `IN()` query. Something like a limit of 100 with FIFO would keep things from getting too crazy, without restricting people too much. If you have a need for more than that, you need to be using a taxonomy query." markjaquith 21 Patch Needs Refresh 39140 Taxonomies - operator AND doesn't work properly for taxonomy hierarchies Query 4.6.1 normal normal Awaiting Review defect (bug) new 2016-12-07T08:54:32Z 2019-01-08T19:56:52Z "Hi, This is a problem discovered using WooCommerce shortcodes but has its core problem in the WP core according to my findings. I've already implemented a fix for this in a customer project. I’ve ran into problems using one of the Woo shortcodes and operator ‘AND’. This is questioned by others several times before (see links below) but it seems like the core of the problem is not solved. I’ve worked with the issue on WP 4.6.1 installation and come to what I believe is a solution (changes in file class-wp-tax-query.php). Even if the issue is found using Woo product categories I believe this is an issue for taxonomies in general. Problem: Using shortcode to retrieve a filtered product list and filtering on two or more product categories using operator “AND” fails when using one or more non-leaf (i.e. parent) product categories. There even seemed to be additional problems when using more than two leaf keywords. In general the ""AND"" didn't behave as expected. Other reports on the issue: [https://wordpress.org/support/topic/operator-and-on-product_category/] [https://wordpress.org/support/topic/woocommerce-display-products-from-two-categories-combined/] [https://wordpress.org/support/topic/woocommerce-product_category-and-operator-returns-no-results/] Examples using Woo shortcodes: Taxonomies (product categories) for Product1: '''Leaf'''CatA, '''Leaf'''CatB [product_category category=”'''Parent'''CatA, '''Leaf'''CatB” operator=”AND”] => '''Fails''' - shows nothing. Should show Product1 [product_category category=”'''Leaf'''CatA, '''Leaf'''CatB” operator=”AND”] => '''Ok''' - shows Product1 Reason: There is no individual and complete hierarchial evaluation of each taxonomy/category keyword specified in the shortcode. Solution that worked for me: The issue is found in the WP-core file class-wp-tax-query.php. I’ve modified three functions to correct the issue. This includes changes to the SQL-statements generated. Changes to file class-wp-tax-query.php: class WP_Tax_Query - function get_sql_for_clause – code - function clean_query – input params and code - function transform_query – input params and code You find my modified and running code/functions with my comments here (tagged with // BF): [https://gist.github.com/Nettsidespesialisten/5d4596e18dced3c7d97501f195ffe02e] This is my first ticket here so please notify me how to contribute the best way with this issue (providing code into SVN or other). Kind regards Brede " bredefladen 2 Needs Patch 41446 The PHP notice displayed after the overwriting global $posts by a new empty query. Query 4.8 normal normal Awaiting Review defect (bug) new 2017-07-26T07:57:45Z 2020-08-25T12:46:57Z "'''Tested in WordPress 4.8, twentyseventeen theme with default configuration (just installed).''' After the overwriting a global variable {{{$posts}}} by a new {{{get_posts()}}} query (which return an empty array (no posts)) there is a PHP notice displayed: {{{ Notice: Undefined offset: 0 in /.../wp-includes/class-wp-query.php on line 3162 }}} The overwriting is not a best choice, but some themes and plugins do it, so we should solve this problem. The problem is in {{{WP_Query}}} class in {{{rewind_posts()}}} method in {{{wp-includes/class-wp-query.php}}} file. '''The original method:''' {{{#!php current_post = -1; if ( $this->post_count > 0 ) { $this->post = $this->posts[0]; } } }}} '''The problem:''' the global query has at least one posts, but a new query has not. So the {{{$this->post_count}}} property is always positive, but the {{{$this->posts[0]}}} is not exists. In this step, the PHP notice is displayed. '''An example of solution:''' {{{#!php current_post = -1; if ( $this->post_count > 0 && isset( $this->posts[0] ) ) { $this->post = $this->posts[0]; } } }}} Right now the method checks that the query has posts and the first post is set and is not null." danielpietrasik 2 Needs Patch 58553 Two query blocks on home template (FSE) breaks the second one Query 6.2 normal normal Awaiting Review defect (bug) new 2023-06-16T06:47:30Z 2023-06-16T06:47:30Z "On a site we have a home.html template where we display a custom query with sticky posts before the main query (inherited). We also filter the main query to do not display sticky posts again. Since we updated to 6.1.3 the second query skips the first post (that is the most recent non-sticky post). After some debugging I realize that the `$wp_query->current_post` value is 0 after the first loop instead of -1, causing it to skip the first item (index 0) on the `$wp_query->posts array`. Following the logic in wp-includes I cannot find any obvious change introduced on 6.1.3 to produce this error. I’ve reproduced the issue on a fresh new installation of wp (with 6.2 version): * I have created several posts (duplications of Hello world) * I have crated a new category. * I have assigned three posts to the new category * I have modified the home template (on the site editor) to add a custom query before the main one, where I display the three posts from the new category [[Image(https://images2.imgbox.com/3d/5c/wfm9rpvl_o.png)]] Result with wp 6.1.2 When I update to 6.1.3, the “last one” disapears: [[Image(https://images2.imgbox.com/43/b0/OMZDY2ba_o.png)]] I have found a quick fix that solves it: {{{#!php is_home){ global $wp_query; //sets the $wp_query->current_post to -1 $wp_query->current_post = -1; } }); }}} But I assume this may potentially affect more users and should be fixd on the core. BTW: Using two custom queries doesn’t work for us because we want to keep the default pagination settings with the `/page/2` urls" acaballerog Needs Patch 57412 Uncaught TypeError: Cannot read properties of undefined (reading 'length'): jquery migrate Query 6.1.1 normal critical Awaiting Review defect (bug) new 2023-01-03T01:14:50Z 2023-01-03T01:16:13Z "Hi everyone! I've been trying to fix this for days, but no change. i tried to install different jquery migration plugins, but none solve the error on my site. probably a plugin needed for the theme to work is in conflict. this plugin is helvig core. if I go to the web page the problem does not exist, but when I enter the menu and try to go to one of the menu pages it doesn't work and gives me the following error: Uncaught TypeError: Cannot read properties of undefined (reading 'length') at init. (jquery-migrate-3.4.0.min.js?ver=3.4.0:2:8491) at e. [as run] (jquery-migrate-3.4.0.min.js?ver=3.4.0:2:1566) at u (jquery-3.6.2.min.js?ver=3.6.2:2:59974) at E.fx.tick (jquery-3.6.2.min.js?ver=3.6.2:2:65017) at st (jquery-3.6.2.min.js?ver=3.6.2:2:59376) (anonymous) @ jquery-migrate-3.4.0.min.js?ver=3.4.0:2 e. @ jquery-migrate-3.4.0.min.js?ver=3.4.0:2 u @ jquery-3.6.2.min.js?ver=3.6.2:2 E.fx.tick @ jquery-3.6.2.min.js?ver=3.6.2:2 st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 requestAnimationFrame (async) st @ jquery-3.6.2.min.js?ver=3.6.2:2 I tried uninstalling themes and plugins. i downloaded the latest version directly on the theme forest purchase page, but no change. i have tried different plugins to try to use other versions of jquery migrated, but the problem persists. I also tried downgrading wordpress and completely uninstalled and reinstalled it. the same problem of the site, I also find it locally. how can i solve?" russellperez399 1 Needs Patch 35131 Unexpected 404: pending post hides published post with matching slug Query 4.3.1 normal normal defect (bug) new 2015-12-17T08:55:51Z 2019-06-04T20:53:40Z "While attempting to recreate #35012 and #35031 I also noted the anomaly previously reported in #22902 where an authorized user could see all the posts displayed as if they were a single page. Investigating this led me to determining that the existence of a new ""pending"" post with the same slug as an existing post prevents the user from visiting the existing post using its permalink. Example: post: 31766, status: pending, title: Cycle 1, slug: cycle-1 date: 2015-12-16 11:18:26 Content: You might be able to see this if you're logged in. post: 31764, status: publish, title: Cycle 1, slug: cycle-1 date: 2015-12-16 11:17:17 Content: You should be able to see this. Steps: 1. Create posts as above 2. Log out or otherwise visit the site as a visitor 3. View the blog page or the archive 4. Note that you see the published post, not the pending post 5. Click on the published post's permalink 6. You'll get a 404. === Expected result === Displays the published post. === Actual result === Displays a 404 page. === Explanation === - The query in WP_query returns two posts: 31766:pending and 31764:publish. - Even though there are two posts in the result set, `is_single` is true. - The logic to ""Check post status to determine if post should be displayed."" kicks in and the post array is emptied. - This eventually leads to the 404. === My Conclusion === There are two problems leading to this one 1. The pending post should not have been given the same slug as the published post. 2. `is_single` should not have been set to true. === Proposed solution === If it's not possible to deal with the underlying cause then the logic in the ""Check post status..."" should be adjusted to filter out the posts that the user shouldn't have been able to see. If the resulting set contains more than one post then is_single should become false. I noticed this on 4.4 but have reproduced it on 4.3. I imagine the actual bug goes back a long long way. " bobbingwide 3 Needs Patch 58806 Unexpected ordering result when ordering based on multiple clauses Query 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-14T08:17:52Z 2023-07-14T08:17:52Z "I am not sure if this is a bug or this is a mis-understanding from my side on how the ordering works but Consider the following `WP_Query`: {{{#!php 'ids', 'post_type' => 'post', 'post_status' => 'publish', 'posts_per_page' => -1, 'meta_query' => [ 'relation' => 'OR', 'sticky_clause' => [ 'key' => '_sticky', 'type' => 'UNSIGNED', ], [ 'key' => '_sticky', 'compare' => 'NOT EXISTS', ], ], 'orderby' => [ 'sticky_clause' => 'desc', 'title' => 'asc', ], ] ); }}} The expected behavior is that the query should show posts that have a `_sticky` meta first, then shows the rest of the posts sorted by their title alphabetically. However it doesn't happen. {{{ array(7) { [0]=> string(20) ""A guide to WordPress"" [1]=> string(27) ""Brotherhood of creativeness"" [2]=> string(30) ""Gather all information you can"" [3]=> string(16) ""Yet another post"" [4]=> string(12) ""Hello world!"" [5]=> string(36) ""Opera browser released a new version"" [6]=> string(27) ""Zebras are cool and relaxed"" } }}} In the above output of post titles, the `""Hello World!""` has `_sticky` meta, but the sorting isn't correct (nor alphabetically and nor by `_sticky` meta first) This is the SQL query generated by this query: {{{#!php SELECT wp_posts.ID FROM wp_posts LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) LEFT JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id AND mt1.meta_key = '_sticky' ) WHERE 1 = 1 AND ( wp_postmeta.meta_key = '_sticky' OR mt1.post_id IS NULL ) AND wp_posts.post_type = 'post' AND ( (wp_posts.post_status = 'publish') ) GROUP BY wp_posts.ID ORDER BY CAST( wp_postmeta.meta_value AS UNSIGNED ) DESC, wp_posts.post_title ASC }}} If I am not wrong the issue happens at the position `ORDER BY CAST(wp_postmeta.meta_value AS UNSIGNED) DESC`, it should use the alias instead of the table name here (should be `mt1.meta_value`)" pelentak Needs Patch 38709 Unlimited query for invalid post names Query 4.6.1 normal normal Future Release defect (bug) new 2016-11-08T13:25:13Z 2024-01-31T21:38:38Z "In case a request which is being parsed as one which sets a ""name"" query var (eg.: `http://localhost/wordpress-latest/2016/11/08/[` ) includes an invalid name ( the `[` ), a query without any limit with empty post_name is triggered: {{{#!sql SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND ( ( YEAR( wp_posts.post_date ) = 2016 AND MONTH( wp_posts.post_date ) = 11 AND DAYOFMONTH( wp_posts.post_date ) = 8 ) ) AND wp_posts.post_name = '' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC }}} The problem with the query is that it matches all the drafts in the database, since they don't have the post_name set (is empty). This may have a performance implications for the database in case it contains a lot of drafts (or posts without the post_name set for any reason) as it queries all the posts. The `post_name` is being set as empty due to `sanitize_title_for_query` in https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/query.php#L2717 I have tested a more suitable validation function than `trim` ( eg.: `sanitize_title` ) in https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/query.php#L1609 but it leads to archives being served on those invalid URLs, which does not seem like good fix. Trying to set `posts_per_page` to 1 in case the `name` is parsed based on the rewrite rule (which seems like a good thing since we really should be interested in a single and unique post_name in such cases) hits a wall as the is_singular() returns true and the limit is not set even if the posts_per_page is present ( due to https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/query.php#L3215 ). So the fix might need to be more complicated than." david.binda 6 Needs Patch 54268 Using `author_name` in URL parameter gives unexpected results when logged into contributor account Query 5.8.1 normal minor Awaiting Review defect (bug) new 2021-10-14T22:22:48Z 2021-10-14T22:22:48Z "When logged into a contributor account, and trying to view the post listing on the dashboard of an administrator user, the query changes unexpectedly when the URL uses the `author_name` parameter rather than the default url. Assuming a user ID of 1 for an administrator user, and a user ID of 2 for a contributor user: When logged into the contributor account, and displaying the admin user's posts in the dashboard, the URL looks like this and works as expected: `/wp-admin/edit.php?post_type=post&author=1` The main query is: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.post_author IN (1) AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'future' OR wp_posts.post_status = 'draft' OR wp_posts.post_status = 'pending' OR wp_posts.post_author = 2 AND wp_posts.post_status = 'private') ORDER BY wp_posts.post_date DESC LIMIT 0, 20 }}} But if the URL is switched to the username of the administrator user, example, admin, like this `/wp-admin/edit.php?post_type=post&author_name=admin` or even just `/wp-admin/edit.php?author_name=admin` I would expect the same results, but they are different: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.post_author IN (2) AND (wp_posts.post_author = 1) AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'future' OR wp_posts.post_status = 'draft' OR wp_posts.post_status = 'pending' OR wp_posts.post_author = 2 AND wp_posts.post_status = 'private') ORDER BY wp_posts.post_date DESC LIMIT 0, 20 }}} The `IN (2)` and the `OR wp_posts.post_author = 2` here is unexpected, because the 2 is the user ID of the contributor user that is logged in, and it isn't relevant to a query for the posts of user ID 1 (admin). For comparison, when logged into the administrator's account, this query looks like this: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND (wp_posts.post_author = 1) AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'future' OR wp_posts.post_status = 'draft' OR wp_posts.post_status = 'pending' OR wp_posts.post_status = 'private') ORDER BY wp_posts.post_date DESC LIMIT 0, 20 }}} To replicate: 1. Create two users, one with the administrator role, and another with a contributor role. 2. Publish a post for the admin user. 3. While logged into the contributor user's account, view the administrator user's posts in the dashboard. The link will look like `/wp-admin/edit.php?post_type=post&author=1`. Take note of the main query and the search results. 4. Alter the url to look for the username of that administrator user, in this format: `/wp-admin/edit.php?post_type=post&author_name=admin`. Check the main query and search results again. This appears to be coming from the `get_posts` function in the wp-includes/class-wp-query.php file. This is a low severity issue that I stumbled upon while investigating a Co Authors Plus [https://github.com/Automattic/Co-Authors-Plus/issues/820 issue], a plugin that uses the `author_name` in the URL. However, even when that plugin is not installed, the above described behavior is replicable." lschuyler Needs Patch 41546 WP Query order by meta_clause not working correctly for decimal values Query 4.2 normal normal Awaiting Review defect (bug) new 2017-08-03T13:06:36Z 2017-08-05T07:13:01Z "Short description: When using the WP 4.2 improvements for meta queries (as described here: https://make.wordpress.org/core/2015/03/30/query-improvements-in-wp-4-2-orderby-and-meta_query/) and trying to order the query by a decimal custom field, wordpress orders as if these fields are all integer and incorrectly handles all decimal values such as 1.5, 1.6 and 1.7 (all of these are seen as 1). In detail: {{{ WP_QUERY_ARGS Array ( [ignore_sticky_posts] => 1 [post_status] => publish [offset] => 0 [post_type] => Array ( [0] => post ) [orderby] => Array ( [cf_clause_1] => DESC [ID] => ASC ) [meta_query] => Array ( [cf_clause_1] => Array ( [key] => my_decimal_custom_field [type] => DECIMAL [compare] => EXISTS ) ) [posts_per_page] => 10 [nopaging] => ) }}} 5 Test posts: Post 1 - my_decimal_custom_field = 1 Post 2 - my_decimal_custom_field = 2 Post 3 - my_decimal_custom_field = 2.2 Post 4 - my_decimal_custom_field = 2.6 Post 5 - my_decimal_custom_field = 3 Using the query above results in the order: 1,3,4,2,5 When it should be 1,2,3,4,5. Trying out different order types as described in the WP Codex does not help." LordSpackolatius 2 Needs Patch 36696 WP_Meta_Query can give wrong results when comparing large numbers Query 3.8.1 normal normal defect (bug) new 2016-04-28T02:23:43Z 2019-06-04T20:58:03Z "This is a follow on from #27272. Using quoted numbers can trigger MySQL to do floating-point type conversion (last two points in the first bullet list in http://dev.mysql.com/doc/refman/5.7/en/type-conversion.html): > * If one of the arguments is a decimal value, comparison depends on the other argument. The arguments are compared as decimal values if the other argument is a decimal or integer value, or as floating-point values if the other argument is a floating-point value. > * In all other cases, the arguments are compared as floating-point (real) numbers. Currently number literals are quoted in `WP_Meta_Query`, whereas the LONGTEXT `meta_value` column is cast to the passed-in meta `type`. Thus when a number literal (quoted string) is compared to the `meta_value` column (cast to SIGNED/UNSIGNED meta `type`), floating-point type conversion is evoked. If the numbers involved are larger than the floating-point precision (53 bits), then incorrect comparisons can occur. You can see this happening in the `mysql` client by using the 54 bit numbers 9007199254740992 (`0x20 0000 0000 0000`) and 9007199254740993 (`0x20 0000 0000 0001`): {{{ select '9007199254740992'+0.0, '9007199254740993'+0.0, '9007199254740992'+0.0 < '9007199254740993'+0.0; }}} which will return: {{{ +------------------------+------------------------+-------------------------------------------------+ | '9007199254740992'+0.0 | '9007199254740993'+0.0 | '9007199254740992'+0.0 < '9007199254740993'+0.0 | +------------------------+------------------------+-------------------------------------------------+ | 9.007199254740992e15 | 9.007199254740992e15 | 0 | +------------------------+------------------------+-------------------------------------------------+ }}} (Note the results are system dependent.) A way around this is to not quote number literals, as in the proposed patch, based on @wonderboymusic's [https://core.trac.wordpress.org/ticket/27272#comment:5 ""27272.2.diff""]. It's been switched (ahem) to an if-elseif-else statement to easily allow cases like `DECIMAL(10,2)` etc to be added. (Note the patch attached here also fixes a regression I introduced in previous proposed patches on the #27272 ticket re casting on `LIKE`/`NOT LIKE`.) This issue relates to #36652 (using the PHP type of the meta `value` to determine cast), and the proposed patch should facilitate it. This issue also relates to #36625 (don't bother `CHAR` casting `meta_value` column), and the proposed patch shouldn't impact on a fix for that. " gitlost 1 Needs Patch 47009 WP_Query bug with author=0 Query normal normal Awaiting Review defect (bug) new 2019-04-22T07:10:12Z 2019-04-22T08:17:08Z "Hi all, I found a weird behaviour of WP_Query using the argument author. If author is set to 0, the query returns all the posts and not an empty set. Is this a wanted behaviour or a bug?" mikylucky Needs Patch 40387 WP_Query bug with product post type with search parameter on Query 4.7.3 normal normal Awaiting Review defect (bug) reopened 2017-04-07T11:07:02Z 2017-04-18T21:09:16Z "I am not sure if it is a WordPress core bug, but seems like it! I have 5 different custom post types along with 'product' post type from Woocommerce. The following query gives (only) product result: {{{ $args = array( 'post_type' => array('product'), 'posts_per_page' => 5, 'post_status' => array('publish', 'future') ); }}} Actual query output: {{{SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.post_type = 'product' AND ((wp_posts.post_status = 'publish' OR wp_posts.post_status = 'future')) ORDER BY wp_posts.post_date DESC LIMIT 0, 5}}} But the following query: {{{ $args = array( 'post_type' => array('product'), 's' => 'mobile', 'posts_per_page' => 5, 'post_status' => array('publish', 'future') ); }}} outputs this (even post_type is specified the query is generated to search all other post types and surprisingly not product): {{{SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND (((wp_posts.post_title LIKE '%htc%') OR (wp_posts.post_excerpt LIKE '%htc%') OR (wp_posts.post_content LIKE '%htc%'))) AND wp_posts.post_type IN ('post', 'travelog', 'hotel-info', 'trips', 'package_tour') AND ((wp_posts.post_status = 'publish' OR wp_posts.post_status = 'future')) ORDER BY wp_posts.post_title LIKE '%htc%' DESC, wp_posts.post_date DESC LIMIT 0, 5}}} and brings up results from all other post types and simply ignoring product. " subrataemfluence 7 Needs Patch 44372 WP_Query cannot properly order by nested Parent/Child relationships Query 4.9.6 normal minor Awaiting Review defect (bug) new 2018-06-14T19:28:48Z 2018-06-14T20:23:58Z "Steps to reproduce the problem: - Create a new CPT named `series`. - Create numerous parent/child relationships in no particular order. Some are nested since we have the concept of seasons and episoded in series. These will not fit properly with taxonomies because data for each ""Season 1"" is unique to the parent series. - The parent can be added after the child is created and then associated (important as the date is taken into account here as it is unreliable in this case and is a very realistic scenario). - use `menu_order` as a way to order these items. Seasons `menu_order` will be the season number and episodes are most commonly going to be used 1-10. One could argue season 2 should be 20-30 but that is not normal user expectation when using the system (I already have teams working on this and they all favor 1-10 and not 20... 30... per season. I tried...) Basically, what you are creating is a bunch of series that have seasons as their immediate children then these seasons have episodes assigned to them. Typical series structure. Series (parent) -> Season (child of Series, parent of Episode) -> Episode (child of Season). I can easily filter the results for parents and list the children. The issue I have is that I am not able to sort by children properly. What I expect is a structure like: Game of Thrones {{{ - Season 1 -- Episode 1 -- Episode 2 -- Episode 3 - Season 2 -- Episode 1 -- Episode 2 -- Episode 3 - Season 3 -- Episode 1 -- Episode 2 -- Episode 3 ... }}} What I get: Game of Thrones {{{ - Season 1 - Season 2 - Season 3 -- Episode 1 - season 3 -- Episode 2 - season 3 -- Episode 3 - season 3 -- Episode 1 - season 1 -- Episode 2 - season 1 -- Episode 3 - season 1 -- Episode 1 - season 2 -- Episode 2 - season 2 -- Episode 3 - season 2 ... }}} I have tried playing with the orderby for all available options and I can not get the structure I expect. It seems like this is a limitation with the table design as menu_order and post_parent are not enough to create this structure. In fact, you can pretty much only do what I am getting, not what I would expect. It would seem that we need a better way to handle deeper parent/child relationships for this to order properly. Perhaps a meta field would help with this. I'm not sure if there is anything that can be done here. I am very doubtful. I may have to rethink the system and add more meta fields for ordering as this is going to be a problem for the project. Reporting this here to see if it's worth anyone's time to research. I've included my class to help with testing. {{{ _getAllSeriesParents(); if (empty($_series)) { return; } $selected = isset($_REQUEST[self::REQUEST_SERIES_NAME_VARIABLE]) ? $_REQUEST[self::REQUEST_SERIES_NAME_VARIABLE] : ''; ?> is_main_query()) { return $query; } // Ensure proper post_type and that we have the request var if ('series' !== $query->query['post_type'] || empty($_REQUEST[self::REQUEST_SERIES_NAME_VARIABLE])) { // No need to filter, not where we want to be return $query; } // Ok, let's extend the WP_Query to use our filter // Fetch Series Object so we can extract the season post IDs $_seriesObject = VideoFactory::getObject($_REQUEST[self::REQUEST_SERIES_NAME_VARIABLE]); $_seriesSeasons = $_seriesObject->getSeasons(); $_seriesSeasons = array_keys($_seriesSeasons); // gets the season post ID // build $_parentIDs to be used to limit the result set $_parentIDs = [(int)$_seriesObject->getPostID()]; $_parentIDs = array_merge($_parentIDs, $_seriesSeasons); // Modify the query object to use our new filter $query->query_vars['post_parent__in'] = $_parentIDs; $query->query_vars['orderby'] = [ 'parent' => 'ASC', 'menu_order' => 'ASC' ]; return $query; } /** * Returns all series parents * @return mixed */ private function _getAllSeriesParents() { if (NULL === $this->allSeriesParents) { // Build query for genre query $args = array( 'posts_per_page' => -1, 'post_status' => 'publish', 'orderby' => 'title', 'order' => 'ASC', 'post_parent' => 0, 'post_type' => array( 'series' ), 'ignore_sticky_posts' => 1 ); // Do query $wpQuery = new \WP_Query($args); if ($wpQuery->have_posts()) { foreach ($wpQuery->get_posts() as $p) { // Normal loop logic using $p as a normal WP_Post object $this->allSeriesParents[$p->ID] = $p->post_title; } } } return $this->allSeriesParents; } } }}} Series CPT is: {{{#!php array( 'name' => __('Series', 'parables_core'), 'singular_name' => __('Series', 'parables_core'), 'featured_image' => __('Poster Image', 'parables_core'), 'set_featured_image' => __('Set Poster Image', 'parables_core'), 'remove_featured_image' => __('Remove Poster Image', 'parables_core'), 'use_featured_image' => __('Use Poster Image', 'parables_core'), ), 'public' => true, 'menu_position' => 21, 'menu_icon' => 'dashicons-video-alt2', 'hierarchical' => true, 'capability_type' => 'series', 'capabilities' => array( 'edit_post' => ""edit_{$capabilityType}"", 'read_post' => ""read_{$capabilityType}"", 'delete_post' => ""delete_{$capabilityType}"", 'edit_posts' => ""edit_{$capabilityType}s"", 'edit_others_posts' => ""edit_others_{$capabilityType}s"", 'publish_posts' => ""publish_{$capabilityType}s"", 'read_private_posts' => ""read_private_{$capabilityType}s"", 'delete_posts' => ""delete_{$capabilityType}s"", 'delete_private_posts' => ""delete_private_{$capabilityType}s"", 'delete_published_posts' => ""delete_published_{$capabilityType}s"", 'delete_others_posts' => ""delete_others_{$capabilityType}s"", 'edit_private_posts' => ""edit_private_{$capabilityType}s"", 'edit_published_posts' => ""edit_published_{$capabilityType}s"" ), 'rewrite' => array( 'with_front' => false ), 'supports' => array( 'title', 'editor', 'page-attributes', ), ) ); }}} " son9ne Needs Patch 47802 WP_Query get_posts sometimes inserts contradictory taxonomy queries Query normal normal Awaiting Review defect (bug) new 2019-07-30T18:15:54Z 2020-09-04T15:17:24Z "In our website, we have a custom taxonomy called 'section.' It figures prominently in a query we're doing. Here's a (lightly anonymized) dump of the array we pass to the WP_Query constructor, before calling get_posts() on the query created: {{{ [posts_per_page] => 25 [post_type] => post [tax_query] => Array ( [0] => Array ( [operator] => IN [taxonomy] => section [field] => slug [terms] => Array ( [0] => section1 [1] => section2 [2] => section3 [3] => section4 ) ) [1] => Array ( [operator] => NOT IN [taxonomy] => section [field] => slug [terms] => Array ( [0] => section5 ) ) [relation] => AND ) [orderby] => post_date [order] => DESC }}} We had a problem where many posts that should be returned here, are not. After much digging, I found the problem in get_posts. specifically in the segment of code commented: {{{ /* * Set 'taxonomy', 'term', and 'term_id' to the * first taxonomy other than 'post_tag' or 'category'. */ }}} It's true, the code is doing just that. It's adding a taxonomy parameter. But it's picking up one of the sections that is supposed to be one of several possibilities the section can be IN, not required. It then makes that one single section required in an appended AND! Sample (again, lightly anonymized) SQL segment of the obviously self-contradictory conditions created (where 1001-1005 are the IDs corresponding to sections 1-5) {{{ wp_term_relationships.term_taxonomy_id IN (1001, 1002, 1003, 1004) AND wp_posts.ID NOT IN ( SELECT object_id FROM wp_term_relationships WHERE term_taxonomy_id IN (1005) ) AND tt1.term_taxonomy_id IN (1001) ) }}} That third clause, the final IN (1001) is being added by get_posts in the above-commented section. That's why we only get a fraction of the posts we're supposed to get. It's effectively overriding most of our IN list! I can work around this by prepending to my tax_query an effective no-op using some custom taxonomy, but this seems like a problem that should be addressed in the WP core. thank you," nstevensdc 1 Needs Patch 60468 "WP_Query matches any post when query parameter ""name"" is an empty string" Query normal minor Awaiting Review defect (bug) new 2024-02-07T17:25:07Z 2024-02-07T17:25:07Z "`WP_Query` matches any post when query parameter `name` is an empty string. For example: {{{ $query = new WP_Query([ 'name' => '', 'post_type' => 'post', 'posts_per_page' => 1, ]); var_dump($query->posts); }}} The same is true for `get_posts()` which uses `WP_Query` internally. This might be the intended behavior, but it's unintuitive and surprising. It can (did) cause a bug in user code that expects such a query to return no results." miyarakira Needs Patch 42546 WP_Query not handling 'LIKE' correctly. Query 4.8.3 normal normal Awaiting Review defect (bug) new 2017-11-14T16:27:03Z 2018-03-14T09:30:49Z "I am doing custom PHP to retrieve listings (as a CPT) from the database for a Realty Company website I'm working on and one of the criteria is searching on the city from a search field on a form. The problem is the generated SQL has some sort of guid in it instead of the expected percent character normally used with LIKE. Here is the generated SQL from WP_Query: {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) INNER JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id ) WHERE 1=1 AND ( ( wp_postmeta.meta_key = 'city' AND wp_postmeta.meta_value LIKE '{f270e6c7d3b231242ceefa28fdd47243cac2100fe4fe8c9df633ec6f3cc2f583}fairfield{f270e6c7d3b231242ceefa28fdd47243cac2100fe4fe8c9df633ec6f3cc2f583}' ) AND ( mt1.meta_key = 'beds' AND mt1.meta_value >= '0' ) ) AND wp_posts.post_type = 'listings' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'future' OR wp_posts.post_status = 'draft' OR wp_posts.post_status = 'pending' OR wp_posts.post_status = 'private') GROUP BY wp_posts.ID ORDER BY wp_posts.post_date DESC LIMIT 0, 10 }}} As you can see the generated code for searching the ""city"" field is: {{{ wp_postmeta.meta_value LIKE '{f270e6c7d3b231242ceefa28fdd47243cac2100fe4fe8c9df633ec6f3cc2f583}fairfield{f270e6c7d3b231242ceefa28fdd47243cac2100fe4fe8c9df633ec6f3cc2f583}' }}} The ""expected"" code should look like this: {{{ wp_postmeta.meta_value LIKE '%fairfield%' }}} The form is found here: https://millersells.com/search-2/ After making selections and clicking the Search button it calls itself with url parameters and you get one of these errors: ""Fatal error: Maximum execution time of 60 seconds exceeded in /home/extremx1/public_html/millersells2017b/wp-includes/query.php on line 0"" OR ""Fatal error: Maximum execution time of 60 seconds exceeded in /home/extremx1/public_html/millersells2017b/wp-includes/class-wp-query.php on line 3090"" (Example URL with parameters: https://millersells.com/search-2/?cf_id=37&loc=fairfield&type=SingleFamilyHome&beds=3&baths=2&min_price=0&max_price=0) I am using this PHP code to create the query (for now I'm just working with 2 of the search fields): {{{ array( 'listings' ), 'meta_query' => array( array( 'key' => 'city', 'value' => $location, 'type' => 'CHAR', 'compare' => 'LIKE', ), array( 'key' => 'beds', 'value' => $bedrooms, 'compare' => '>=' ) ) ); $the_query = new WP_Query( $args ); ?> }}} To see the generated SQL I added this code at line 2752 in wp_includes/class-wp-query.php: echo $this->request; Also to aid in debugging I would suggest you add a ""generated_sql"" parameter to the query object that we can echo to see what the actual generated SQL looks like. EX: {{{echo $the_query->generated_sql;}}} Thanks! Tim :o] PS: Your welcome to contact me at tberneman@gmail.com" tberneman 1 Needs Patch 43634 WP_Query returns wrong result if 10+ search terms and all negative. Query normal normal Awaiting Review defect (bug) new 2018-03-26T15:09:42Z 2019-01-17T01:18:05Z "Set up: create single post with title or body ""Don't match this one!"" Use WP_query with 's' parameter: {{{ -one -two -three -four -five -six -seven -eight -nine -ten }}} WP_Query will find and return the single post and it shouldn't. Less than 10 negative search terms works fine. I believe it has to do with a special 'if clause' in the function '''parse_search''' in ''class-wp-query.php'' {{{ // if the search string has only short terms or stopwords, or is 10+ terms long, match it as sentence if ( empty( $q['search_terms'] ) || count( $q['search_terms'] ) > 9 ) { $q['search_terms'] = array( $q['s'] ); } }}} this makes {{{ JPH q['search_terms'] : Array ( [0] => -one -two -three -four -five -six -seven -eight -nine -ten ) }}} and later in the function the search variable becomes {{{ JPH search variable is: AND (((testsite_posts.post_title NOT LIKE '{07e030b91cb064568b0acafd83d99152667b06f2ffd415e48cd2d2f458c2c217}one -two -three -four -five -six -seven -eight -nine -ten{07e030b91cb064568b0acafd83d99152667b06f2ffd415e48cd2d2f458c2c217}') AND (testsite_posts.post_excerpt NOT LIKE '{07e030b91cb064568b0acafd83d99152667b06f2ffd415e48cd2d2f458c2c217}one -two -three -four -five -six -seven -eight -nine -ten{07e030b91cb064568b0acafd83d99152667b06f2ffd415e48cd2d2f458c2c217}') AND (testsite_posts.post_content NOT LIKE '{07e030b91cb064568b0acafd83d99152667b06f2ffd415e48cd2d2f458c2c217}one -two -three -four -five -six -seven -eight -nine -ten{07e030b91cb064568b0acafd83d99152667b06f2ffd415e48cd2d2f458c2c217}'))) AND (testsite_posts.post_password = '') }}} " johnh10 Needs Patch 52971 WP_Query's meta_query With Multiple EXISTS keys and OR Relation Doesn't Work Properly Query 5.7 normal critical Awaiting Review defect (bug) new 2021-04-05T12:31:53Z 2021-04-05T12:31:53Z "Hi There! Another Very Weird Issue :) Using WP_Query's [meta_query] with **OR relation** and Multiple **EXISTS Keys** generates a very long unnecessary inner joins relation and **stuck in an infinite loop** and **consume the MySQL resources** with high load. I'm trying to get all post IDs that have one of 50 meta keys to replace with new keys, So I collect all meta keys using foreach statement with **OR relation** and pass it to the [meta_query] in WP_Query .. Very simple but I noticed that there's no result and infinite page load and using high resources of MySQL. I create the SQL statement with $wpdb and it works very fast, So I create a new WP_MetaQuery object to see the result and I noticed a huge unnecessary INNER JOINs relation. **Here's a full example:** 1. Insert 100 Test Posts and 50 Metas For Each: Append [?action=insert] in the URL 2. Try to get posts using WP_Query: Append [?action=wp_query_and_meta_query] in URL - **RESULT: Infinite Loop** 3. Try to use $wpdb instead: Append [?action=wpdb_query_get_ids] in URL - **RESULT: Success, Takes few seconds** 4. See the SQL statement generated by WP_MetaQuery: add [?action=show_meta_query_clause] - **RESULT: a Huge unnecessary **INNER JOIN x AS x# ON y** relation** 5. [?action=wpdb_query_delete] to delete all added posts only. {{{ add_action('wp', 'oxibug_trigger_action'); /** * Trigger Suitable Function * * @return void */ function oxibug_trigger_action() { if( ! isset( $_GET['action'] ) ) { return; } $action = wp_strip_all_tags( $_GET['action'] ); switch( strtolower( $action ) ) { case 'insert': { oxibug_insert_posts_and_metas(); } break; case 'wp_query_and_meta_query': { oxibug_WP_Query_and_meta_query(); } break; case 'show_meta_query_clause': { oxibug_show_meta_query_clause(); } break; case 'wpdb_query_get_ids': { oxibug_wpdb_query_get_ids(); } break; case 'wpdb_query_delete': { oxibug_wpdb_query_delete(); } break; } } /** * Return New Meta Key * * @param mixed $key * @return string */ function oxibug_get_new_meta_key( $key ) { return sanitize_text_field( sprintf( 'oxibug_xyz%s', $key ) ); } /** * Return Key-Value Pairs array with Old and New meta keys * * @return array */ function oxibug_legacy_and_new_meta_keys() { return [ 'oxibug_abc_post_main_color' => oxibug_get_new_meta_key('_page_main_color'), 'oxibug_abc_page_layout' => oxibug_get_new_meta_key('_page_layout'), 'oxibug_abc_post_sbwide' => oxibug_get_new_meta_key('_page_sb_wide'), 'oxibug_abc_post_sbnarrow' => oxibug_get_new_meta_key('_page_sb_narrow'), 'oxibug_abc_page_sbwide' => oxibug_get_new_meta_key('_page_sb_wide'), 'oxibug_abc_page_sbnarrow' => oxibug_get_new_meta_key('_page_sb_narrow'), 'oxibug_abc_self_video_m4v_url' => oxibug_get_new_meta_key('_format_video_selfhosted_mp4'), 'oxibug_abc_self_video_ogv_url' => oxibug_get_new_meta_key('_format_video_selfhosted_ogv'), 'oxibug_abc_self_video_webmv_url' => oxibug_get_new_meta_key('_format_video_selfhosted_webmv'), 'oxibug_abc_self_video_poster_url' => oxibug_get_new_meta_key('_format_video_selfhosted_poster'), /* Audio */ 'oxibug_abc_soundcloud_url' => oxibug_get_new_meta_key('_format_audio_oembed'), 'oxibug_abc_self_audio_mp3_url' => oxibug_get_new_meta_key('_format_audio_selfhosted_mp3'), 'oxibug_abc_self_audio_oga_url' => oxibug_get_new_meta_key('_format_audio_selfhosted_ogg'), 'oxibug_abc_self_audio_m4a_url' => oxibug_get_new_meta_key('_format_audio_selfhosted_m4a'), /* Post Formats: Image | Video */ 'oxibug_abc_lightbox_check' => oxibug_get_new_meta_key('_format_image_lighbox_enable'), 'oxibug_abc_post_banner_caption' => oxibug_get_new_meta_key('_format_status_banner_caption'), 'oxibug_abc_quote_text' => oxibug_get_new_meta_key('_format_quote_text'), 'oxibug_abc_quote_author' => oxibug_get_new_meta_key('_format_quote_author_name'), 'oxibug_abc_url_text' => oxibug_get_new_meta_key('_format_link_text'), 'oxibug_abc_url_destination' => oxibug_get_new_meta_key('_format_link_url'), /* * Layout Settings - if Old = [hide] turn ON the new option * * */ 'oxibug_abc_post_breadcrumb' => oxibug_get_new_meta_key('_hide_breadcrumb'), 'oxibug_abc_post_meta_info' => oxibug_get_new_meta_key('_hide_metas'), 'oxibug_abc_post_share_box' => oxibug_get_new_meta_key('_hide_share_icons'), 'oxibug_abc_post_tags' => oxibug_get_new_meta_key('_hide_tags_box'), 'oxibug_abc_post_author_box' => oxibug_get_new_meta_key('_hide_author_box'), 'oxibug_abc_related_posts' => oxibug_get_new_meta_key('_hide_related_posts_box'), 'oxibug_abc_posts_navigation' => oxibug_get_new_meta_key('_hide_nav_box'), /* Review Items */ 'oxibug_abc_post_review_types' => oxibug_get_new_meta_key('_review_type'), /* [disabled] => Add 0 to the new meta [_review_show] */ 'oxibug_abc_post_review_position' => oxibug_get_new_meta_key('_review_position'), 'oxibug_abc_post_reviews_summation' => oxibug_get_new_meta_key('_review_items_avg'), /* This field is Dynamic - SUM of all review items */ 'oxibug_abc_review_item' => oxibug_get_new_meta_key('_review_items'), 'oxibug_abc_post_review_title' => oxibug_get_new_meta_key('_review_title'), 'oxibug_abc_post_review_desc' => oxibug_get_new_meta_key('_review_desc'), 'oxibug_abc_post_review_summary_title' => oxibug_get_new_meta_key('_review_summary_title'), 'oxibug_abc_post_review_summary_desc' => oxibug_get_new_meta_key('_review_summary_desc'), 'oxibug_abc_post_review_user_rates' => oxibug_get_new_meta_key('_review_user_ratings_status'), 'oxibug_abc_post_review_user_rates_bgcolor' => oxibug_get_new_meta_key('_review_user_ratings_result_bgcolor'), 'oxibug_abc_post_review_btn_text' => oxibug_get_new_meta_key('_review_add_btn_text'), 'oxibug_abc_post_review_btn_icon' => oxibug_get_new_meta_key('_review_add_btn_icon'), 'oxibug_abc_post_review_btn_url' => oxibug_get_new_meta_key('_review_add_btn_url'), 'oxibug_abc_post_review_btn_bgcolor' => oxibug_get_new_meta_key('_review_add_btn_bgcolor'), 'oxibug_abc_post_review_pros_word' => oxibug_get_new_meta_key('_review_pros_word'), 'oxibug_abc_post_review_pros_icon' => oxibug_get_new_meta_key('_review_pros_icon'), 'oxibug_abc_post_review_pros_list' => oxibug_get_new_meta_key('_review_pros_list'), 'oxibug_abc_post_review_cons_word' => oxibug_get_new_meta_key('_review_cons_word'), 'oxibug_abc_post_review_cons_icon' => oxibug_get_new_meta_key('_review_cons_icon'), 'oxibug_abc_post_review_cons_list' => oxibug_get_new_meta_key('_review_cons_list'), /* Post Views */ 'oxibug_abc_post_views_count' => oxibug_get_new_meta_key('_post_views'), ]; } /** * Insert 100 Test Posts and some Meta Keys * */ function oxibug_insert_posts_and_metas() { $legacy_and_new_keys = oxibug_legacy_and_new_meta_keys(); $result = []; for( $i=0; $i<100; $i++ ) { $post_id = wp_insert_post( [ 'post_type' => 'post', 'post_title' => wp_strip_all_tags( sprintf( 'Test Meta Query Post #:%s', $i ) ), 'post_content' => sprintf( 'Test Meta Query Post Content #:%s', $i ), 'post_content_filtered' => '', 'post_excerpt' => '', 'post_status' => 'publish', // 'post_author' => 1, // 'post_category' => [], 'comment_status' => '', 'ping_status' => '', 'post_password' => '', 'to_ping' => '', 'pinged' => '', 'post_parent' => 0, 'menu_order' => 0, 'guid' => '', 'import_id' => 0, 'context' => '', 'post_date' => '', 'post_date_gmt' => '', ], TRUE, TRUE ); if( ! is_wp_error( $post_id ) ) { $result[ $post_id ] = []; foreach( (array) array_keys( $legacy_and_new_keys ) as $_legacy_key ) { $upstatus = update_post_meta( $post_id, $_legacy_key, '' ); $result[ $post_id ][ $_legacy_key ] = $upstatus ? 'Added' : 'Failed'; } /* Clean Cache */ clean_post_cache( $post_id ); } else { echo 'ERROR: Insert Post Failed!'; } } /* DEBUG */ echo sprintf( '%d Posts Inserted', count( $result ) ); // echo print_r( $result ); } /** * --- DEBUG --- * Show the Meta Query SQL Statement * */ function oxibug_show_meta_query_clause() { /** * * @var wpdb * */ global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $meta_query = [ 'relation' => 'OR' ]; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $meta_query[] = [ 'key' => $_legacy_key, 'compare' => 'EXISTS' ]; } $objMetaQuery = new WP_Meta_Query( $meta_query ); echo print_r( $objMetaQuery->get_sql( 'post', $wpdb->posts, 'ID', NULL ) ); } /** * Query using WP_Query and meta_query key inside it * */ function oxibug_WP_Query_and_meta_query() { /** * * @var wpdb * */ global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $meta_query = [ 'relation' => 'OR' ]; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $meta_query[] = [ 'key' => $_legacy_key, 'compare' => 'EXISTS' ]; } $obj_WP_Query = new WP_Query( [ 'numberposts' => -1, 'paged' => null, 'post_type' => 'post', 'post_status' => 'publish', 'meta_query' => $meta_query, 'fields' => 'ids', 'cache_results' => false, ] ); /* * Stuck in an Infinite Loop Because of the Huge SQL Statement * generated by [meta_query] * * */ if( $obj_WP_Query->have_posts() ) { echo sprintf( '%d Posts Found', $obj_WP_Query->found_posts ); /* DEBUG - NOT Working - */ // echo print_r( $obj_WP_Query->meta_query->get_sql( 'post', $wpdb->posts, 'ID', NULL ) ); } else { echo 'No Posts Found'; } $obj_WP_Query->reset_postdata(); wp_cache_flush(); } /** * Get Posts IDs by one of the meta_key(s) provided * */ function oxibug_wpdb_query_get_ids() { global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $qry = ""SELECT DISTINCT tbl_posts.ID FROM {$wpdb->posts} tbl_posts INNER JOIN {$wpdb->postmeta} tbl_metas ON ( tbl_posts.ID = tbl_metas.post_id ) WHERE""; /* Add [OR] in the second condition */ $where_clause = 0; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $where_clause++; $qry .= ( $where_clause === 1 ) ? $wpdb->prepare( ' tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ) : $wpdb->prepare( ' OR tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ); } $result = $wpdb->get_results( $qry ); $wpdb->flush(); echo print_r( wp_list_pluck( $result, 'ID' ) ); } /** * --- DEBUG --- * * DELETE all added Posts by meta_key(s) * */ function oxibug_wpdb_query_delete() { global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $qry = ""DELETE tbl_posts, tbl_metas FROM {$wpdb->posts} tbl_posts INNER JOIN {$wpdb->postmeta} tbl_metas ON ( tbl_posts.ID = tbl_metas.post_id ) WHERE""; $where_clause = 0; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $where_clause++; $qry .= ( $where_clause === 1 ) ? $wpdb->prepare( ' tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ) : $wpdb->prepare( ' OR tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ); } $result = $wpdb->get_results( $qry ); $wpdb->flush(); } }}} " oxibug Needs Patch 35820 WP_Query(array( 'p' => 0)) will return posts Query 4.4.2 normal normal defect (bug) new 2016-02-12T21:28:16Z 2019-06-04T20:55:04Z "Long to short, I was presuming that if the $args were such that no rows exist then WP_Query would return nothing. Not so. If by chance, 'p' => 0, you do get results. Perhaps the 0 is interpreted as false? Even so, an ID == false should return no row, yes? Or one might argue ""well, that query doesn't make sense. it's not really valid."" again, all the more reason to return nothing. " ChiefAlchemist 1 Needs Patch 48029 WP_Query::query only using a single post_status Query normal normal Awaiting Review defect (bug) new 2019-09-12T18:27:51Z 2020-05-12T05:01:09Z "While investigating why `bbp_forum_get_subforums()` was not returning private forums while being a keymaster, I found that WP_Query::query() will only use the first post_status of a given array. E.g: {{{ WP_Query Object ( [query] => Array ( [post_parent] => 5420 [post_type] => forum [post_status] => Array ( [0] => publish [1] => private [2] => hidden ) [posts_per_page] => 50 [orderby] => menu_order title [order] => ASC [ignore_sticky_posts] => 1 [no_found_rows] => 1 ) ... [request] => SELECT wpp_posts.ID FROM wpp_posts WHERE 1=1 AND wpp_posts.post_parent = 5420 AND wpp_posts.post_type = 'forum' AND ((wpp_posts.post_status = 'publish')) ORDER BY wpp_posts.menu_order ASC, wpp_posts.post_title ASC LIMIT 0, 50 }}} The same thing applies if you pass it a comma-separated string of statuses: {{{ WP_Query Object ( [query] => Array ( [post_parent] => 5420 [post_type] => forum [post_status] => publish,private,hidden [posts_per_page] => 50 [orderby] => menu_order title [order] => ASC [ignore_sticky_posts] => 1 [no_found_rows] => 1 ) ... [request] => SELECT wpp_posts.ID FROM wpp_posts WHERE 1=1 AND wpp_posts.post_parent = 5420 AND wpp_posts.post_type = 'forum' AND ((wpp_posts.post_status = 'publish')) ORDER BY wpp_posts.menu_order ASC, wpp_posts.post_title ASC LIMIT 0, 50 }}} Steps to replicate (taken from bbpress/includes/forums/template.php): {{{ $r = bbp_parse_args( $args, array( 'post_parent' => 0, 'post_type' => bbp_get_forum_post_type(), 'post_status' => implode( ',', $post_stati ), // 'post_status' => $post_stati, 'posts_per_page' => get_option( '_bbp_forums_per_page', 50 ), 'orderby' => 'menu_order title', 'order' => 'ASC', 'ignore_sticky_posts' => true, 'no_found_rows' => true ), 'forum_get_subforums' ); $r['post_parent'] = bbp_get_forum_id( $r['post_parent'] ); // Create a new query for the subforums $get_posts = new WP_Query(); // No forum passed $sub_forums = !empty( $r['post_parent'] ) ? $get_posts->query( $r ) : array(); }}}" useStrict Needs Patch 49911 WP_Tax_Query generates incorrect SQL Query normal normal Awaiting Review defect (bug) new 2020-04-15T16:25:44Z 2020-04-15T19:33:57Z "When calling WP_Query($arguments)::get_posts() like: {{{ $arguments = [ 'category__in' = ['7','31','704'], 'post_type' => array('post', 'page'), 'post_status' => array('publish'), 'nopaging' => true ]; }}} 704 is the category for posts and 7, 31 for pages. The following query will be produced: SELECT bct_posts.* FROM bct_posts LEFT JOIN bct_term_relationships ON (bct_posts.ID = bct_term_relationships.object_id) LEFT JOIN bct_term_relationships AS tt1 ON (bct_posts.ID = tt1.object_id) LEFT JOIN bct_term_relationships AS tt2 ON (bct_posts.ID = tt2.object_id) WHERE 1=1 AND ( bct_term_relationships.term_taxonomy_id IN (704) AND tt1.term_taxonomy_id IN (704) AND tt2.term_taxonomy_id IN (7,31,704) ) AND bct_posts.post_type IN ('post', 'page') AND ((bct_posts.post_status = 'publish')) GROUP BY bct_posts.ID ORDER BY bct_posts.post_date DESC instead of SELECT bct_posts.* FROM bct_posts LEFT JOIN bct_term_relationships ON (bct_posts.ID = bct_term_relationships.object_id) WHERE 1=1 AND ( bct_term_relationships.term_taxonomy_id IN (7,31,704) ) AND bct_posts.post_type IN ('post', 'page') AND ((bct_posts.post_status = 'publish')) GROUP BY bct_posts.ID ORDER BY bct_posts.post_date DESC The first query returns only posts, second one posts, and pages. Please note that categories and tags are enabled for pages. " janznordman Needs Patch 46347 WP_Term_Query where sql_clauses oddity Query normal normal Awaiting Review defect (bug) new 2019-02-26T02:37:08Z 2019-02-26T03:03:52Z "Hello, I was messing around with a customized version of the WP_Term_Query and noticed something odd. In the function get_terms, there are a lot of places where {{{$this->sql_clauses['where'][somekey]}}} variables are created. However, on line [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-term-query.php#L642 643], this code : {{{#!php $where = implode( ' AND ', $this->sql_clauses['where'] ); }}} only uses the first sub array value found and ignores all the other keys. Shouldn't this be: {{{#!php $where = implode( ' AND ', array_values($this->sql_clauses['where'])); }}} so that all array elements are included in the where?" vrandom Needs Patch 43391 WP_User_Query bug Query 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-23T09:47:47Z 2018-03-03T08:44:40Z "I've got an issue when doing a query with WP_User_Query and trying to list from a specific role AND using 'orderby' => 'post_count'. The query simply fails to list the correct results. Here are the query arguments: {{{#!php array( 'ID', 'user_login', 'display_name' ), 'role' => 'expert', 'number' => $numPosts, 'offset' => $page > 1 ? $numPosts : 0, 'order' => 'DESC', 'orderby' => 'post_count' ); }}} If I remove the 'role' argument from the query it works, but with the 'role' included it doesn't. " zkingdesign 5 Needs Patch 21790 When set a static front page WP main query isn't set correctly SergeyBiryukov Query 3.4.1 normal normal Future Release defect (bug) assigned 2012-09-04T13:50:26Z 2017-05-05T09:34:57Z "In my project I use on several places pre_get_posts filter. When setting a static frontpage and blog page I get several notices on my screen. When I var_dump the main query the only value that is set it the page_id. Even the post_type isn't set." markoheijnen 26 Needs Patch 44519 Where are the pages of the headings added with the + add-on (any) ala https://wp-kama.ru/cat/wordpress/codex+xxx Query normal normal Awaiting Review defect (bug) new 2018-07-05T10:00:29Z 2018-07-05T14:39:16Z "Here is the page for this blog (kama) - https://wp-kama.ru/cat/wordpress/codex+xxx This is a page of the rubric with the added + add-on (any) She does not give out the content, but her response code is 200 - http://joxi.ru/vAWplvLi13bNqr It's just that Kama banned the headings for indexing through meta name = ""robots"" content = ""noindex"" I have the same headings for indexing are allowed.So somehow finding such pages the search drags them to the index. This is exactly what happens to me and Yandex joyfully informs me that I have dragged another pack of such pages into the index. How to make sure that an error 404 would appear on the page https://wp-kama.ru/cat/wordpress/codex+xxx As an option - how to add them meta name = ""robots"" content = ""noindex"" Thank you." Dmitriy1973 Needs Patch 43445 Wildcard `LIKE` support for `WP_Meta_Query` (and maybe other queries?) Query normal normal Awaiting Review defect (bug) new 2018-03-01T04:09:44Z 2018-03-02T16:15:22Z "Passing `LIKE` as the `compare` parameter for a meta query (or `compare_key`, after [42768]) results in what is essentially a ""contains"" query for the literal `value` (or `key`) string. So: {{{ array( 'compare' => 'LIKE', 'value' => 'foo', ) }}} becomes `WHERE ... value LIKE '%foo%'`. MySQL `LIKE` wildcard characters `%` and `_` are escaped, so it's not possible to do a non-standard anchored search, or any other custom `LIKE` query. It would be nice if you could pass a string like `foo%` and have the wildcard characters respected. A few considerations: 1. Syntax. A potential solution is suggested in https://core.trac.wordpress.org/ticket/42409#comment:14. Another possibility is a filter for enabling the ""non-escaped"" version 2. Security. I'm unsure that there's a way to do this without introducing security issues, specifically around the `%` character. Any potential patch would need serious review." boonebgorges 1 Needs Patch 48768 WordPress 5.3 ajax bug with Elementor 2.7.5 Query 5.3 normal critical Awaiting Review defect (bug) new 2019-11-22T15:17:38Z 2019-11-22T15:17:38Z "To whom it may concern, I was working on my WordPress site and updated it to the latest version available (5.3), before had the 5.2.4 version, i also updated the plugin Elementors to the latest version 2.7.5 . I noticed that when i was trying to access their build in option, build query, for the elements, it would give and ajax error of type : **core-query uncaught TypeError: Cannot read property 'ajax' of undefined** . I tried to downgrade the Elementor to a previous version but it didn't work, than i downgraded the WordPress one version older and it worked normally. " argentum95 Needs Patch 40327 Wrong SQL request for 'EXIST' OR 'NOT EXIST' on same post meta Query 4.7 normal normal Awaiting Review defect (bug) new 2017-03-31T19:57:27Z 2017-03-31T19:57:27Z "Hi, I want to make a query on a custom post type (event post type) with custom post status (on air, forthcoming...) joining optional meta (event rating) then order by decreasing rating, defaulting to increasing title. I'm using 'new WP_Query()' way as secondary loop with the following WP query parameters: {{{#!php [ // Valid events only 'post_type' => My_Post_Type::POST_TYPE_EVENT, 'post_status' => [ My_Post_Type::EVENT_STATUS_ON_AIR, My_Post_Type::EVENT_STATUS_FORTHCOMING, ], // Join optional rating 'meta_query' => [ 'relation'=> 'OR', [ 'key' => My_Post_Type::EVENT_ATTR_RATING, 'compare'=> 'EXISTS', ], [ 'key' => My_Post_Type::EVENT_ATTR_RATING, 'compare' => 'NOT EXISTS', ], ], // Order by rating then title 'orderby' => [ My_Post_Type::EVENT_ATTR_RATING => 'DESC', 'post_title' => 'ASC', ], // Limit number 'posts_per_page' => self::NB_HOME_COMING_EVENTS, ] }}} Resulting SQL query is: {{{#!php SELECT SQL_CALC_FOUND_ROWS cq_posts.* FROM cq_posts LEFT JOIN cq_postmeta ON ( cq_posts.ID = cq_postmeta.post_id ) LEFT JOIN cq_postmeta AS mt1 ON (cq_posts.ID = mt1.post_id AND mt1.meta_key = 'ev_rating' ) WHERE 1=1 AND ( cq_postmeta.meta_key = 'ev_rating' OR mt1.post_id IS NULL ) AND cq_posts.post_type = 'event' AND ((cq_posts.post_status = 'ev_on_air' OR cq_posts.post_status = 'ev_coming')) GROUP BY cq_posts.ID ORDER BY cq_postmeta.meta_value+0 DESC, cq_posts.post_title ASC LIMIT 0, 6 }}} The result set is not what I was looking for (in fact has no sense at all for me) The right SQL query should be something like this: {{{#!php SELECT SQL_CALC_FOUND_ROWS cq_posts.* FROM cq_posts LEFT JOIN cq_postmeta ON ( cq_posts.ID = cq_postmeta.post_id AND cq_postmeta.meta_key = 'ev_rating' ) WHERE 1=1 AND cq_posts.post_type = 'event' AND ((cq_posts.post_status = 'ev_on_air' OR cq_posts.post_status = 'ev_coming')) GROUP BY cq_posts.ID ORDER BY cq_postmeta.meta_value+0 DESC, cq_posts.post_title ASC LIMIT 0, 6 }}} Only one LEFT JOIN is required. Can anyone confirm it is a bug or tell me what WP query parameters I must use instead ? Thanks in advance. " solo14000 Needs Patch 48360 `meta_value` is ignored when empty string is provided Query 3.2 normal normal Awaiting Review defect (bug) new 2019-10-17T16:40:23Z 2020-02-13T12:30:59Z "When trying to create a custom query using `meta_*` parameters, `WP_Meta_Query` will ignore `meta_value` if it is an empty string. This does appear to be somewhat intentional, since `WP_Query` will set the default value for `meta_value` to an empty string. This can be seen here: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-meta-query.php#L255 The problem comes when you want to write a query that specifically targets meta keys that have empty values. The `'meta_value' => ''` parameter is stripped, and then the query does not behave properly. Here's an example query: {{{#!php 'product', 'posts_per_page' => 10, 'meta_key' => '_regular_price', 'meta_value' => '', 'meta_compare' => '=', ); $query = new WP_Query( $args ); }}} I would like to propose that an empty string be allowed for `meta_value`. Alternatively, the fact that an empty value will be stripped should at least be documented more clearly so that developers know to expect that behavior. Props also to @richardbuff for helping identify the issue." JPry 3 Needs Patch 40300 `title` parameter causes `WP_Query` to return sticky posts. Query 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-29T14:24:28Z 2017-03-29T14:24:28Z "When a `title` parameter is present in the WP_Query arguments array then sticky posts are included in the `$query->posts` array. I'm not sure is it a bug, or is it just an incomplete documentation. The same happens with `post__in` parameter but in this case, I'm sure that it's not a bug because the documentation mentions that sticky posts are returned when using the `post__in` parameter." wujek_bogdan Needs Patch 45666 "adding ""order"" as query arg to the homepage url you are redirected to the last posts page" Query normal normal Awaiting Review defect (bug) new 2018-12-16T19:30:08Z 2018-12-18T11:38:25Z "I've tested it on many sites, with different plugins, no plugins, different themes, default WordPress themes. If you add ?order=something to the home page url you have a redirection to the last posts page. " giuse 3 Needs Patch 57505 "category archive url ending with ""/0"" should be 404" Query normal normal Awaiting Review defect (bug) new 2023-01-19T09:33:54Z 2023-05-14T13:17:29Z "First, if URL is ""/category/cat1/0"", first, it is recognized as `category_name=""cat1/0""`, then ""is_category=true"" and category archive template should be selected. But for really query, `category_name=""0""` and `empty($q[""category_name""])==true`, so it is recognized as ""category is not specified"", then `tax_query` will be empty, and `queried_object==null`. Finally, category template will be confused. No category is selected, any category related information are broken (maybe rise warnings or errors). Any recent posts of any public post types will be displayed even if its post_type dose not belong to core 'category' taxonomy." obache 2 Needs Patch 57766 filter query_loop_block_query_vars repeater 4 times Query 6.1.1 normal normal Awaiting Review defect (bug) new 2023-02-18T21:20:51Z 2023-02-18T21:40:51Z "Hello! I think that filter query_loop_block_query_vars be repeated 4 times foreach query. Tried to use this simple code in functions.php(theme Twenty Twenty-Two, no plugins): add_filter( 'query_loop_block_query_vars', function( $query, $block ){ echo '1
    '; return $query; }, 21, 2 ); You can notice 4 times 1 on top of the page." gigito78 1 Needs Patch 27507 get_posts() not honoring post_status criteria Query 3.8.1 normal normal defect (bug) new 2014-03-25T05:49:53Z 2019-06-04T20:46:17Z "Toss in the following in a mu-plugin file to reproduce: {{{ $posts = get_posts(); var_dump($posts); }}} You'll get auto-drafts in the returned result set, instead of the expected published posts only (i.e. the default as set by `get_posts()`). I've traced the problem to this loop that calls `get_post_stati()` in the `WP_Query#get_posts()` method: {{{ foreach ( get_post_stati() as $status ) { if ( in_array( $status, $q_status ) ) { if ( 'private' == $status ) $p_status[] = ""$wpdb->posts.post_status = '$status'""; else $r_status[] = ""$wpdb->posts.post_status = '$status'""; } } }}} `get_post_stati()` latter relies on a global that isn't set yet. I'm suspicious that we should be calling it here to begin with. Assuming we should, I definitely don't think WP should silently return an empty array. It should cough a `_doing_it_wrong()` notice, and quite possibly even a warning. That being said: why aren't the built-in post statuses registered by the time plugins get loaded? Can't we register them earlier? (And: does the same apply to custom post types?)" Denis-de-Bernardy 6 Needs Patch 48860 get_queried_object return false when executed in parse_query hook Query 5.3 normal normal defect (bug) reopened 2019-12-03T08:47:53Z 2019-12-03T22:42:20Z "When this function is executed in parse_query hook (i.e. woocommerce-perfect-seo-url) on author page ( /author/XXX/ ) it results with this notice. {{{ #13 E_NOTICE: Trying to get property 'ID' of non-object }}} It's because 'author_name' is not converted into 'author' field in parse_query. It's only used to mark page as ""is_author"". {{{ if ( '' != $qv['author_name'] ) { $this->is_author = true; } }}} And get_queried_object relies on 'author' variable. {{{ } elseif ( $this->is_author ) { $this->queried_object_id = (int) $this->get( 'author' ); $this->queried_object = get_userdata( $this->queried_object_id ); } }}} " fliespl 2 Needs Patch 53495 incorrect (and confusing) DocBlock for get_page_by_title() Query 5.3 normal normal Awaiting Review defect (bug) new 2021-06-24T00:41:14Z 2021-06-24T00:42:10Z "The DocBlock of [https://developer.wordpress.org/reference/functions/get_page_by_title/ get_page_by_title()] says: > If more than one post uses the same title, the post with the smallest ID will be returned. Be careful: in case of more than one post having the same title, it will check the oldest publication date, not the smallest ID. That description was added in [45779]. Besides the fact that the text after `Be careful:` seems to contradict that the statement that `the post with the smallest ID will be returned`, there actually is no guarentee that if there is more than 1 post with the same title that the one with the smallest ID will be returned. The query performed by [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php#L5534 get_page_by_title()] is: {{{#!php $sql = $wpdb->prepare( "" SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type = %s "", $page_title, $post_type ); }}} (with a slight mod if an array of post types is passed). Since there is no `ORDER BY` clause in that query, if there are more than 1 posts with the same title the order in which they are returned is not defined by SQL (i.e., is implemented dependent). The SQL-92 spec [http://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt explicitly states]: > General Rules > > 1) All General Rules of Subclause 7.10, """", apply > to the . > > 2) Let Q be the result of the . > > 3) If Q is empty, then a completion condition is raised: no data. > > 4) If an is not specified, then the ordering of > the rows of Q is implementation-dependent. As far as I can tell, no later revisions of the SQL spec are available for free on the web, so I don't know if anything has changed in the what the language says happens in the absense of an `ORDER BY` clause I've looked through the MySQL and Maria DB docs for an explicit statement that says as much and haven't been able to find one. But I think the DocBlock should be changed to say something like: > If more than one post uses the same title, which of the multiple posts is returned is not defined. though I'm not completely happy with that wording, and welcome other suggestions. " pbiron 1 Needs Patch 49550 is_home is set to true even for cron jobs, which causes sticky posts to get prepended to all WP_Query results Query 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-28T21:10:32Z 2023-02-24T23:41:36Z "Hi, We just ran into a bug where sticky posts were prepended to the list of posts being processed by a WP cron job in a new `WP_Query` like this: {{{ $query = new WP_Query([ 'post_status' => 'future', 'date_query' => array( 'before' => '- 1 minute' ), 'numberposts' => -1 ]); }}} To my surprise, once someone stickied a post, our function in the cron job started doing stuff to the stickied posts, even though it simply runs in WP cron and we're not on the homepage. I then looked at the logic that determines if the sticky posts get prepended. {{{ // Put sticky posts at the top of the posts array $sticky_posts = get_option( 'sticky_posts' ); if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $q['ignore_sticky_posts'] ) { }}} So this can only fire when `is_home` is true. But how can it be? We're running via WP cron. Looking at that logic: {{{ if ( ! ( $this->is_singular || $this->is_archive || $this->is_search || $this->is_feed || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) || $this->is_trackback || $this->is_404 || $this->is_admin || $this->is_robots ) ) { $this->is_home = true; } }}} Since none of these are set - we're in WP cron - `is_home` gets set to true. That doesn't seem right. Is this a sneaky bug or am I missing something? Shouldn't it also check if it's running in cron here and not set `is_home` if so?" archon810 2 Needs Patch 45400 last of query_vars contains anchor Query 4.9.8 normal normal Awaiting Review defect (bug) new 2018-11-22T16:23:44Z 2018-12-05T17:17:29Z "Anchor links (at least individual comment links) are generated basically by appending ""/#Comment-XX"" to the end of URL. In which case $wp_query->$query_vars returns last variable with appended ""/"" in it. " visnevskis Needs Patch 48280 orderby meta_value breaks with newer versions of MySQL Query 5.2.3 normal normal Awaiting Review defect (bug) new 2019-10-10T19:01:27Z 2020-01-30T23:03:53Z "When running a query like this: {{{#!php 'course_record', 'posts_per_page' => -1, 'orderby' => 'meta_value', 'meta_key' => 'start_date' )); ?> }}} which results in the following SQL query: {{{#!sql SELECT wp_posts.* FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) WHERE 1=1 AND ( wp_postmeta.meta_key = 'start_date' ) AND wp_posts.post_type = 'course_record' AND (wp_posts.post_status = 'publish') GROUP BY wp_posts.ID ORDER BY wp_postmeta.meta_value DESC }}} On MySQL v5.7.25, it works fine and returns posts as expected. On MySQL v8.0.16, it returns zero posts without any errors. The weird thing is, if I try to run the SQL statement from above directly into the MySQL console '''on either MySQL version''', I get the following error: {{{#!text ERROR 1055 (42000): Expression #1 of ORDER BY clause is not in GROUP BY clause and contains nonaggregated column 'wp_artofed.wp_postmeta.meta_value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by }}} I also get the same error if I try the SQL statement directly in PHP outside of WordPress '''again, on either MySQL version''': {{{#!php connect_error) die(""Connection failed: $conn->connect_error""); if (!$results = $conn->query(""SELECT wp_posts.* FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) WHERE 1=1 AND ( wp_postmeta.meta_key = 'start_date' ) AND wp_posts.post_type = 'course_record' AND (wp_posts.post_status = 'publish') GROUP BY wp_posts.ID ORDER BY wp_postmeta.meta_value DESC"")) { die(""Query Error: $conn->error""); } ?> }}} However it works if I use `$wpdb->get_results` '''on MySQL v5.7.25''' but not v8.0.16: {{{#!php get_results(""SELECT wp_posts.* FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) WHERE 1=1 AND ( wp_postmeta.meta_key = 'start_date' ) AND wp_posts.post_type = 'course_record' AND (wp_posts.post_status = 'publish') GROUP BY wp_posts.ID ORDER BY wp_postmeta.meta_value DESC""); ?> }}} I was able to get everything working however by adding `wp_postmeta.meta_value` to the `GROUP BY` clause: {{{#!php query_vars) && $query->query_vars['orderby'] === 'meta_value' ) { global $wpdb; $groupby .= "", {$wpdb->postmeta}.meta_value""; } return $groupby; } ?> }}}" KodieGrantham 2 Needs Patch 31957 query fails, when post is queried under specific name Query 4.1.1 normal normal defect (bug) new 2015-04-13T07:28:11Z 2019-06-04T20:49:30Z "i.e., i have custom post type, named ""CARS"", and when i have standard category, named ""CARS"".. when i publish '''standard''' post under ""cars"" category: mysite.com/cars/something-name... worpdress thinks, that it is under custom-post types, and 404 page is displayed.. to fix that, i have made this function: {{{ //example URL: yoursite.com/cars/subcat/TORNADOO add_action( 'pre_get_posts', 'myf' ); function myf( $query ) { if ( $query->is_main_query() ) { //when the PERMALINK was not found, then 404 maybe triggered.. But wait! maybe it is a standard post, under the standard category(which's name is i.e. ""cars"") if (!url_to_postid(currentURL__MLSS)){ $link_array=explode('/','/cars/subcat/TORNADOO'); $k=array_filter($link_array); //remove empty values $k=array_values($k); //reset hierarchy $all_nmb = count($k); //if post exists with the found slug(""TORNADOO""), lets check, if their parents are categories $post=get_page_by_path(basename('TORNADOO'), OBJECT, 'post'); if ($post){ for($i=0; $i<$all_nmb-1; $i++){ $cat = get_term_by('slug', $k[$i], 'category'); if(!(in_category($cat->term_id,$post->ID) || post_is_in_descendant_category(array($cat->term_id),$post->ID))){ $failed=true; break; } } if (!$failed){ //new query $query->init(); $query->parse_query( array('post_type' =>'post') ) ; //others $query->is_home = false; $query->is_single = true; $query->is_singular = true; $query->is_page = false; $query->queried_object_id = $post->ID; $query->set( 'page_id', $post->ID ); } } } //if page exists with the that link, then query will be made correctly.. //$page=get_page_by_path(...., ..., 'page'); } if ( ! function_exists( 'post_is_in_descendant_category' ) ) { function post_is_in_descendant_category( $cats, $_post = null ) { foreach ( (array) $cats as $cat ) { $descendants = get_term_children( (int) $cat, 'category' ); if ( $descendants && in_category( $descendants, $_post ) ) {return true;} }return false; } } }}} " selnomeria 3 Needs Patch 40166 query_vars bug sets is_home to false. Query 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-15T18:36:27Z 2019-05-20T09:17:12Z "Hi @boonebgorges, in reference to an older ticket - #25143 following is the issue i am facing. Similar to the other ticket, when registering a query variable as follows: {{{#!php query_vars; $args = [ 'meta_key' => 'my_meta_key', 'orderby' => 'meta_value', 'order' => 'ASC', ]; $query->query_vars = array_merge($queryVars, $args); }); }}} And for `pre_get_posts` this technique would work. But with `pre_get_terms` it's different. Digging into `WP_Term_Query` class code I found that this code would cause `parse_orderby()` method to set the `$maybe_orderby_meta` variable to `true`. But it doesn't mean that terms will be sorted by a meta field. It only means that terms '''maybe''' will be sorted by meta. There's an another filter required. At the end of the `parse_orderby()` method there's an another filter applied: `get_terms_orderby`. So in order to sort terms by meta field there's one more thing required. Something like: {{{#!php

    "" />
    }}} Notice how the tags field is being inserted into my fieldset. It seems as thought the tags field is being inserted via javascript into whatever the last fieldset in the panel is. Here's the same fields in the quick edit panel: [[Image(https://www.dropbox.com/s/haju5pkzu4f80ih/Screenshot%202014-10-01%2019.02.36.png?dl=1)]] This is how it ''should'' show up." webgeekconsulting 7 Needs Patch 53008 Creating an anonymous comment with custom fields via REST API REST API 4.7 normal normal Awaiting Review defect (bug) new 2021-04-09T14:16:40Z 2021-04-12T08:04:40Z "Hi! When `rest_allow_anonymous_comments` filter is enabled, I'm able to successfully create anonymous comments via REST API POST /comments method, without any authorization. Unfortunately, when trying to create a comment with a registered, non-protected meta field, I got a 401 error (details below). Even when `auth_callback` is forced to return true for that field, things don't change. I think that by default, when `rest_allow_anonymous_comments` is enabled, one should be able to create a comment with meta fields. Field definition: {{{#!php true, 'type' => 'string', 'show_in_rest' => true, ]); }}} Request: {{{ curl --request POST \ --url 'http://example.com/wp-json/wp/v2/comments' \ --header 'Content-Type: application/json' \ --data '{ ""post"": 1, ""content"": ""Lorem ipsum"", ""author_name"": ""Dawid"", ""author_email"": ""example@example.com"", ""meta"": { ""twitter_handle"": ""dmgawel"" } }' }}} Response: {{{ { ""code"": ""rest_cannot_update"", ""message"": ""Sorry, you are not allowed to edit the twitter_handle custom field."", ""data"": { ""key"": ""twitter_handle"", ""status"": 401 } } }}} I got the same response for the following meta field definition: {{{#!php true, 'type' => 'string', 'show_in_rest' => true, 'auth_callback' => function(){ return true; } ]); }}} " dawgawel 2 Needs Patch 47188 Ensure that valid json is return for rest api, even when correct headers not sent. spacedmonkey REST API 4.4 normal normal Future Release defect (bug) assigned 2019-05-08T17:46:47Z 2021-01-03T22:00:19Z "Current when wp_die is called in php fatal error handler, valid json is only returned when json headers are returned as the function `wp_is_json_request` is used. See [https://core.trac.wordpress.org/ticket/45933 #45933]. However, core could do more to return json when it knows the current request is a REST API call. " spacedmonkey 30 Needs Patch 57048 Handle trailing slashes in rest_preload_api_request REST API 4.7 normal normal Future Release defect (bug) new 2022-11-09T16:36:35Z 2022-11-09T16:36:35Z When passing a path to `rest_preload_api_request` that ends in query string, ensure that the parsed path also is untrailingslashit. Follow up to #51636 spacedmonkey Needs Patch 56079 "Internal rest_do_request calls for posts/CPTs with status of anything but ""published"" should not need authentication" REST API normal normal Awaiting Review defect (bug) new 2022-06-27T20:04:22Z 2023-10-31T02:47:42Z "If I am performing an internal `rest_do_request()` call to a local REST endpoint, I shouldn't need to provide authentication to access posts or custom post types with a status of anything other than ""published"". It's an INTERNAL request, it should ALREADY be authenticated by the code running internally already." mkormendy Needs Patch 52629 Introduce a better way to deprecate REST API parameters REST API normal normal Future Release defect (bug) new 2021-02-23T18:03:30Z 2021-02-23T18:47:07Z "Background: #52192. [50124] introduced new endpoints to allow for batch image editing using the REST API, and soft-deprecated some older parameters. Splitting this out from #52192 to figure out a more formal way to deprecate them. @SergeyBiryukov, comment:17:ticket:52192: >> DEPRECATED: Use `modifiers` instead > > Putting this in translatable descriptions doesn't seem to follow any other patterns in core. Is that necessary? Is there anything wrong with using the older format, apart from the newer one taking precedence? > > If we want everyone to stop using the older format, could we call `_deprecated_argument()` instead when any of these older arguments are used? That would also allow us to specify the version in which they were deprecated. > > At the very least, `modifiers` should be moved out of the translatable strings and replaced with a placeholder, to prevent it from being translated. > > I think these changes would also benefit from `@since` tags on the affected methods. @TimothyBlynJacobs, comment:19:ticket:52192: > AFAIK, we haven't deprecated any REST API parameters yet, this is the first. At a later point I plan on adding a more formal `deprecated` syntax that we could apply to the parameter schemas. So at the moment, this is just a soft deprecation. > > The problem generally is that we don't have a good way to generate changelogs for the REST API. We could add `@since` markers, but they aren't picked up by the [https://developer.wordpress.org/rest-api/reference/ REST API reference] documentation. We also haven't really done this in the past. AFAICT the only usages are in `WP_REST_Posts_Controller::get_collection_params()`. Ideally, we'd make this available in the schema definition for each parameter. > > Putting `Deprecated` in the parameter description means that it will be picked up by the REST API reference. Though for some reason, the edit endpoint isn't being picked up at all. I'll take a look at that when we regenerate our docs for 5.7." SergeyBiryukov 1 Needs Patch 53942 Non-single post meta multiple value update breaks post save through REST API REST API 5.8 normal blocker Awaiting Review defect (bug) assigned 2021-08-17T13:00:31Z 2021-08-17T15:21:25Z "This is a follow-up to #52787. Same situation as in #52787, but this time while updating **non-single** meta **multiple values at once** like `{ meta: { metaKey: [1, 2, 3] } }`, REST API fires `update_multi_meta_value()`, which tries first to delete old values in the database. When no meta value is present in database, `get_metadata()` returns defaults as `$current_values` and then trying to delete them anyway (non-existent in fact). This causes `update_multi_meta_value()` to return `WP_Error('rest_meta_database_error')` on `delete_metadata()` failure. BTW, error messages could be more specific from `'Could not update the meta value of %s in database.'` to `'Could not update/delete...'` and `'Could not update/add...'`." iknowsomething 1 Needs Patch 53828 Nullable registered meta with format does not display in JSON schema REST API normal normal Awaiting Review defect (bug) new 2021-07-29T16:06:34Z 2021-07-29T16:06:34Z "When registering a piece of meta as a nullable type in the REST schema, it does not display in the JSON schema for the particular object. For example, the following will not correctly register a meta key in REST: {{{#!php true, 'type' => 'string', 'show_in_rest' => [ 'schema' => [ 'title' => __( 'Background Color' ), 'type' => [ 'string', 'null' ], 'format' => 'hex-color', ], ], ], ); }}} The key will not be visible in the JSON schema, and the key/value pair will also not be available in the meta object in the post response from the API." chrisvanpatten Needs Patch 53117 Post types which are not public, but which are show_in_rest and publicly_queryable and not exclude_from_search, do not appear in REST API search endpoint REST API 5.0 normal normal Awaiting Review defect (bug) new 2021-04-30T14:39:32Z 2021-04-30T15:40:44Z "I have a custom post type ""tease"" which is registered with the following code: {{{ register_post_type( 'tease', array( 'menu_icon' => 'dashicons-update', 'exclude_from_search' => false, // allow us to include these in query results. 'publicly_queryable' => true, 'show_in_nav_menus' => false, // Don't allow to slot in nav. 'show_ui' => true, // Show in admin UI. 'has_archive' => false, 'show_in_rest' => true, 'supports' => array( 'title', 'editor', 'custom-fields' ), 'map_meta_cap' => true, // Set to true, so that default capabilities are mapped from posts to Teases. 'capability_type' => 'post', 'taxonomies' => array( 'category', 'post_tag' ), ) ); }}} Given that it is publicly queryable, shows in the REST API, and is not excluded from search, I would expect to be able to perform a search using the REST API for posts of this type. However, a search for posts or teases matching the word ""patience"" returns an error message: /wp-json/wp/v2/search?search=patience&subtype=post,tease {“code”:“rest_invalid_param”,“message”:“Invalid parameter(s): subtype”,“data”:{“status”:400,“params”:{“subtype”:“subtype[1] is not one of post, page, category, post_tag, and any.“},“details”:{“subtype”:{“code”:“rest_not_in_enum”,“message”:“subtype[1] is not one of post, page, category, post_tag, and any.“,”data”:null}}}} I get the same error message when I replace ""tease"" in that URL with a nonexistent post type. If I modify the post-type registration with 'public' => true, then the search completes. I'd like to credit @delipeelia for finding the potential cause: WP_REST_Post_Search_Handler only looks for post types which are public or show_in_rest: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-api/search/class-wp-rest-post-search-handler.php#L32 Changing /wp-includes/rest-api/search/class-wp-rest-post-search-handler.php to the following allows the search to work as I would expect it to, but I'm not sure that this is the right way to handle it. {{{ get_post_types( array( 'exclude_from_search' => false, 'show_in_rest' => true, ), 'names' ) }}} It does seem kind of weird to want to be able to search a non-public post type; the use case here is building a post-picker in the Block Editor that can pick posts or teases, without exposing the existence of teases to visitors to the site. For now, I've marked the post type as public, but that the REST API doesn't allow searching of posts which are marked as searchable does seem like a bug." benlk 2 Needs Patch 55128 REST API /media leaves holes in the result, making it virtually impossible to paginate through them REST API 5.9 normal normal Awaiting Review defect (bug) new 2022-02-09T18:09:03Z 2022-02-09T18:09:03Z "A request to the REST API for say /media?per_page=20 can unexpectedly return any number of results up to 20, including an empty array when there are more pages to follow. This happens when some of the media library entries are attached to unpublished posts, and the media were added in the post, not directly to the media library. Now it may be reasonable to omit these when not authenticated, but not by post-processing the array after it has been fetched from the database, as seems to be happening currently. Doing that makes it extremely difficult to paginate through them, or to choose an appropriate page size. This is compounded by the fact that it is more likely the missing images will be near the beginning, as those are the ones less likely to have been published yet. Consider just displaying a matrix of the thumbnails, as obtained from the API, 20 at a time. So you ask for a page of 20 and get 5. OK, let's get another page before returning it to the client: you get 18 this time, so you take the first 15 of those and along with the first 5 give those to the client. The user clicks ""show more"". Where do I start? I can't start on page 3 because there were some left over on page 2. But I have no idea where the gaps are so I can't set an appropriate offset - offset apparently _includes_ the missing entries! And there is no information about where the missing entries might be. Basically using offset is not possible. The only solution is to start from the beginning every time, and then omit the first however many results already delivered to the client. This defeats the point of pagination, and gets slower and slower as they ask for more. I could provide randomly more than they requested, up to some maximum (set as per_page), and work entirely in pages, noting the page number highwater mark on each request, each time fetching as many pages as needed to get some minimum number of images. This doesn't require starting again each time, but can also result in hundreds of API requests retrieving empty arrays each time if there are many unpublished images, which is also very slow. It also makes it impossible to work to a UI where the user specifies how many to retrieve at once. Or I could work with page_size = 1, which means I can use page number where I would have liked to have used offset, but that is also very slow: at least 20 requests, probably many more to skip unpublished images, where I would expect only to need one request. And it makes it much harder to implement either way, as the obviously intended implementation is to set offset to the currently retrieved images, and a number up to 100 as the page size, and just fetch that page. " frankieandshadow Needs Patch 56668 REST API calls are failed when cookies are cleared from the site REST API 6.0.2 normal normal Awaiting Review defect (bug) new 2022-09-27T14:46:34Z 2022-09-27T14:46:34Z "Hi, REST API calls are failed when the site cookies are cleared from browser console. Manually logging out and Logging in again will fix the issue but WordPress should automatically prompt for login in such cases right ? Please Ignore if I am wrong. Response from API: {{{ {""code"":""rest_cookie_invalid_nonce"",""message"":""Cookie check failed"",""data"":{""status"":403}} }}} " sarathgp Needs Patch 51909 REST API inconsistencies REST API 4.8 normal normal Awaiting Review defect (bug) new 2020-12-01T18:23:49Z 2020-12-01T18:27:23Z "Changeset [39967] introduced a new behavior in parts of the API. A request for posts with a page parameter that is out of range results in a status 400 and rest_post_invalid_page_number error response. This is different behavior than the class-wp-rest-users-controller, which happily returns a status 200 with an empty array, and it always has. Status 200 with an empty array is the more correct behavior, in my opinion. A status 400 would be for bad requests, not for valid requests that result in empty results. Would you return a status 400 for a search filter with no results? That's conceptually similar to an out-of-range page in the parameters. Regardless, the most important for developer experience, I think, is stability and consistency. Unfortunately this change introduced instability (when people upgrade from old versions) and inconsistency (when new developers write clients for the rest api and get different behavior from posts than from users)." icameron 1 Needs Patch 54484 REST API returns (empty) array for Meta but Schema has type object REST API 5.8.2 normal normal Awaiting Review defect (bug) new 2021-11-21T18:35:54Z 2021-11-24T07:18:38Z "When checking http://localhost/wp-json/wp/v2/posts (fresh setup) the meta field is an empty array: {{{ [{""id"":1,...,""meta"":[],...}] }}} But the schema (localhost/wp-json/wp/v2/posts?_method=OPTIONS) has type definition object: {{{ { ..., ""schema"":{ ""$schema"":""http:\/\/json-schema.org\/draft-04\/schema#"", ""title"":""post"", ""type"":""object"", ""properties"":{ ..., ""meta"":{ ""description"":""Metafelder."", ""type"":""object"", ""context"":[ ""view"", ""edit"" ], ""properties"":[ ] }, ... }, ... }, ... } }}} Either the schema is wrong and should be array or REST API should not return an empty array I'm downloading the schema from my local WordPress instance in order to create POJOs and using those with Springs WebClient which results in the following error: {{{ Error: JSON decoding error: Cannot deserialize value of type `com.acme.api.wp.Meta` from Array value (token `JsonToken.START_ARRAY`); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `com.acme.api.wp.Meta` from Array value (token `JsonToken.START_ARRAY`) at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: com.acme.api.wp.Posts[""meta""]) }}} Manually changing type from object to array fixes it. But I'm not sure if the schema is wrong or the REST API is returning invalid data." dtrunk90 1 Needs Patch 60618 REST API: Meta update fails if unrelated unchanged field is a multi-item array REST API 4.7 normal normal Awaiting Review defect (bug) new 2024-02-23T09:32:02Z 2024-02-23T10:17:20Z "In some plugins there may be code which repeatedly calls `add_post_meta` without registration, e.g. calling {{{#!php true` - exposes the post meta field as `'show_in_rest' => true` then subsequent saves to this post through the REST API will fail. The reason is that the REST API iterates through post meta that is passed back in the REST post, and checks whether the incoming value is the same as the stored value using this check in `WP_REST_Meta_Fields::update_meta_value`: {{{#!php is_meta_value_same_as_stored_value( $meta_key, $subtype, $old_value[0], $value ) ) { return true; } }}} In our case the `$old_value` will be an array, but the count will be 3, so we never opt in to our similar-data check. This means that the incoming value will be passed through and will call `update_meta`, which will return `false` because update_meta returns `false` ""on failure **or if the value passed to the function is the same** as the one that is already in the database."" (emphasis added) If a ''new'' value is passed for the existing meta, all rows will be updated as expected. It is only unchanged values which fail the comparison. Summary: Our logic in our update meta function is problematic, and doesn't handle existing arrays of metadata properly when checking for an identical existing value." kadamwhite Needs Patch 59425 REST API: Preserve boolean values when generating next/prev Link headers REST API 5.2 normal normal Awaiting Review defect (bug) new 2023-09-21T20:26:00Z 2023-09-21T20:26:00Z "When generating `rel=""next""` and `rel=""prev""` values for the `Link` header in the terms, users, search, revisions, posts, global styles, and comments controllers, existing parameter data is passed to `urlencode_deep()`, which converts boolean `false` to an empty string. The example I'm focused on is a request for terms with `hide_empty` set to `false`. An initial URL like: {{{ https://example.org/wp-json/wp/v2/tags?hide_empty=false&per_page=100&context=edit&_locale=user }}} Returns a response with a `Link` header of: {{{ ; rel=""next"" }}} When this URL is followed, a `400` response is returned from the REST API with the error: ` is not of type boolean.` When `hide_empty=true` is passed with the URL instead, the REST API converts the parameter to `1` in the `Link` header, which it then seems to accept in future requests as if it was `boolean`. The cause of this is the use of `urlencode_deep()` [https://github.com/WordPress/wordpress-develop/blob/e486ac07458d36182ee75091eac06f9a99a5ae2a/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php#L361 on request params when generating the header]: {{{ $base = add_query_arg( urlencode_deep( $request_params ), $collection_url ); }}} {{{ wp> urlencode_deep( true ); => string(1) ""1"" wp> urlencode_deep( false ); => string(0) """" // which is really wp> map_deep( true, 'urlencode' ); => string(1) ""1"" wp> map_deep( false, 'urlencode' ); => string(0) """" }}} Which is really just `urlencode()` making sure it's dealing with a `string`, as expected. I _think_ the answer is for the REST API to restore boolean values in the request params back to URL-compatible strings before building the `Link` header. While `false` being altered breaks things, it is also strange that `true` is altered as well. I set the version as 5.2, as this is when the `urlencode_deep()` change was made. (See [45267] via #46199) I haven't investigated further, but before that change, `hide_empty` would just be dropped from the `rel=""next""` link entirely." jeremyfelt Needs Patch 54740 REST API: oneOf validation behaves unexpectedly with strings/arrays REST API 5.6 normal normal Awaiting Review defect (bug) new 2022-01-04T20:01:59Z 2022-09-05T19:17:33Z "I'm trying to validate block.json files against [https://github.com/WordPress/gutenberg/blob/trunk/schemas/json/block.json the block.json schema], which uses `oneOf` in a few places ([https://github.com/WordPress/gutenberg/blob/b7b62d2d3db4395ce5d2ad42bd1fc0f1c3c2f12d/schemas/json/block.json#L428 for example, ""style""]). Using `rest_validate_value_from_schema`, I end up with this error: ""[style] matches more than one of the expected formats."". I think this is a bug in the validation, because `style` can be one of a string or an array of strings, but the code that checks the value (`rest_is_array`) converts the string to an array, forcing it to match both options." ryelle 4 Needs Patch 48257 REST API: post-process endpoint cannot be discovered from media creation endpoint REST API 5.3 normal normal Future Release defect (bug) new 2019-10-08T14:24:14Z 2019-10-08T14:24:14Z "Split out from #47987: In #47987 we introduced a new `/wp/v2/media/{id}/post-process` endpoint, which may be hit with a POST to resume media processing in the event the initial POST to `/wp/v2/media` fails. Clients may know to utilize this new endpoint through the presence of a new non-standard header `X-WP-Upload-Attachment-ID`, but @rmccue caught that we do not provide any Link-based method of discovering the existence of this endpoint from the initial media collection. @TimothyBlynJacobs proposes using the `edit-media` relation for this link. We should add an additional `Link` to the header of the failing POST response (or any POST response, potentially, with the understanding a link is only necessary in the event of failure). Implementing this Link was punted from 5.3 because the `$response` object on which we can call add_link was not available at the time we set the initial X-header, which we can work around but did not have time to resolve before the final 5.3 beta. ''Aside:'' If we're able to resolve the order-of-operations issue, it's possible that the Link could become the preferred method of signalling that post-processing should occur, rather than the non-standard header. However the X-header is more appropriate for the other media paths in `media.php` and `admin-ajax.php`, so this may not be feasible." kadamwhite Needs Patch 60599 REST API: rest_filter_response_fields fails with a PHP fatal when a custom API endpoint returns a scalar value. REST API normal normal Future Release defect (bug) new 2024-02-22T09:45:54Z 2024-03-11T11:50:22Z "The code in `rest_filter_response_fields` seems to only work with arrays. Thus if a given API endpoint returns a scalar value, then querying this endpoint by adding the `_fields` GET parameter will throw a PHP fatal in PHP >= 8.x. Steps to reproduce it: Add the following dummy plugin and enable it to a test WP {{{ alex@wayra time % cat time.php 'GET', 'callback' => 'my_awesome_func', ) ); } ); { ""plugins"": [ ""."" ] } alex@wayra time % cat .wp-env.json { ""plugins"": [ ""."" ] } alex@wayra time % wp-env start WordPress development site started at http://localhost:8888/ WordPress test site started at http://localhost:8889/ MySQL is listening on port 32768 MySQL for automated testing is listening on port 32769 ✔ Done! (in 77s 181ms) alex@wayra time % curl 'http://localhost:8888/?rest_route=/myplugin/v1/datetime' ""2024-02-22T09:38:36+00:00""% alex@wayra time % curl 'http://localhost:8888/?rest_route=/myplugin/v1/datetime&_fields=foo' Fatal error: Uncaught TypeError: array_intersect_key(): Argument #1 ($array) must be of type array, string given in /var/www/html/wp-includes/rest-api.php:869 Stack trace: #0 /var/www/html/wp-includes/rest-api.php(869): array_intersect_key('2024-02-22T09:3...', Array) #1 /var/www/html/wp-includes/rest-api.php(928): _rest_array_intersect_key_recursive('2024-02-22T09:3...', Array) #2 /var/www/html/wp-includes/class-wp-hook.php(324): rest_filter_response_fields(Object(WP_REST_Response), Object(WP_REST_Server), Object(WP_REST_Request)) #3 /var/www/html/wp-includes/plugin.php(205): WP_Hook->apply_filters(Object(WP_REST_Response), Array) #4 /var/www/html/wp-includes/rest-api/class-wp-rest-server.php(454): apply_filters('rest_post_dispa...', Object(WP_REST_Response), Object(WP_REST_Server), Object(WP_REST_Request)) #5 /var/www/html/wp-includes/rest-api.php(424): WP_REST_Server->serve_request('/myplugin/v1/da...') #6 /var/www/html/wp-includes/class-wp-hook.php(324): rest_api_loaded(Object(WP)) #7 /var/www/html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters('', Array) #8 /var/www/html/wp-includes/plugin.php(565): WP_Hook->do_action(Array) #9 /var/www/html/wp-includes/class-wp.php(418): do_action_ref_array('parse_request', Array) #10 /var/www/html/wp-includes/class-wp.php(813): WP->parse_request('') #11 /var/www/html/wp-includes/functions.php(1336): WP->main('') #12 /var/www/html/wp-blog-header.php(16): wp() #13 /var/www/html/index.php(17): require('/var/www/html/w...') #14 {main} thrown in /var/www/html/wp-includes/rest-api.php on line 869 }}}" xknown 3 Needs Patch 60708 REST page 2 item 0 === page 1 item 99 when requesting 100 posts from a post type REST API 6.4.3 normal major Awaiting Review defect (bug) new 2024-03-06T16:39:22Z 2024-03-11T06:51:24Z "in our case of a custom WP post type default REST API call page 2 item 0 === page 1 item 99 when requesting 100 items per page. (as of writing this.) Demo: https://deananddavid.com/wp-json/wp/v2/catering_article?lang=de&orderby=menu_order&order=asc&_fields=acf,catering_category,featured_media,id,title&per_page=100&page=1 https://deananddavid.com/wp-json/wp/v2/catering_article?lang=de&orderby=menu_order&order=asc&_fields=acf,catering_category,featured_media,id,title&per_page=100&page=2 This is no issue when requesting 99 items per page." vialars 1 Needs Patch 58710 REST: media (images) deleted or replaced are returned by their new id when requested by their old id REST API 6.2.2 normal major Awaiting Review defect (bug) new 2023-07-04T12:08:44Z 2023-10-16T14:53:56Z "An article has got a featured image assigned (id X). The featured image is replaced* using Media library (id Y). REST API for article delivers old image id (X). Upon requesting fields (id, src) for old image id (X) from REST API media endpoint, the field id returned is the new image id (Y). I expect the requested id and the returned id to match. Alternatively I like to be able to get to know which id returned correlates to which id requested. Example: https://deananddavid.com/wp-json/wp/v2/media/?include=77793&_fields=id,source_url&per_page=100 ""include"" as per documentation requests certain ids. Notice the returned id is 77795 (5 instead 3 at last digit). '* the replacement was done by an editor. I don't know the exact procedure she/he took." vialars 1 Needs Patch 54125 Rest API tax_relation=OR doesn't seem to work correctly REST API 5.8 normal major Awaiting Review defect (bug) new 2021-09-15T07:02:38Z 2021-09-15T07:02:38Z "Let's say we have posts of a custom post type. Post 1 has custom-tax1 with ID1 and custom-tax2 with ID2. Post 2 has custom-tax2 with ID2. Post 3 has custom-tax1 with ID3. Post 4 has no custom taxonomies attached. When querying {{{ /wp/v2/custompost?&_fields=id,title&custom-tax1=ID&custom-tax2=ID2 }}} it returns only Post 1 as expected. {{{ /wp/v2/custompost?&_fields=id,title&custom-tax2=ID2 }}} returns Post 1 and Post 2 as expected Querying {{{ /wp/v2/custompost?&_fields=id,title&custom-tax1=ID1&custom-tax2=ID2&tax_relation=OR }}} I expect it to return Post 1 and Post 2 as well, but instead it returns all 4 Posts. As soon as tax_relation=OR is added to the query, it seems all prior tax queries are just ignored. Unless I'm misreading this https://make.wordpress.org/core/2020/02/29/rest-api-changes-in-5-4/ and it should somehow work differently." roverlap Needs Patch 39861 WP REST API and Caching Issue johnbillion* REST API 4.7.2 normal normal Future Release defect (bug) accepted 2017-02-13T16:32:51Z 2023-06-21T15:57:00Z "It appears that the current implementation of the WP REST API uses the following cache control header: cache-control:no-cache, must-revalidate, max-age=0 The problem is that some providers, e.g., SiteGround, also tack on a bogus last modified header: last-modified:Thu, 01 Jan 1970 00:00:00 GMT This combination causes the browser to add a ""if-modified-since"" header to subsequent API call and resulting with a 304 response (in this case NGINX at SiteGround). At the point, you continually get stale results from the API. The fix is to also add a ""no-store"" to the API response. Cache-Control: no-cache, no-store, must-revalidate For reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control" sckmkny 7 Needs Patch 43149 WP-API JS Client not triggering change event when using setMeta/setMetas helpers REST API 4.9 normal normal Awaiting Review defect (bug) new 2018-01-23T16:49:55Z 2020-10-25T04:19:42Z "As briefly [https://wordpress.slack.com/archives/C5UNMSU4R/p1516717879000467 mentioned] on Slack earlier today the `model.setMeta()` helper method introduce in #41055 has a couple of weaknesses. 1/ The `meta` attribute is undefined when creating a new model, which makes sense, but causes `setMetas()` to silently fail at set new meta values; using `setMeta()` causes an error. {{{#!javascript var post = new wp.api.models.Post( { id : 1234 } ); post.setMetas( { foo : 'bar' } ); // post.attributes.meta remains undefined post.setMeta( 'foo', 'bar' ); // TypeError: metas is undefined }}} 2/ When the `meta` attribute is properly defined, some changes in meta values fail to trigger a change event. Provided that the above issue does not show: {{{#!javascript var post = new wp.api.models.Post( { id : 1234 } ); post.on( 'change:meta', console.log ); post.set( 'meta', { foo : 'bar' } ); // trigger change event post.setMetas( { foo : 'BAR' } ); // Does not trigger change event post.setMeta( 'foo', 'BAR' ); // Does not trigger change event }}} Values are correctly updated; the `change` event is just not triggered as it should. The only way I found to make this work is to clone the `meta` attribute in `setMeta()`/`setMetas()`. As of now these methods simply retrieve the `meta` attribute using `get()` and then `_.extend()` to add/update properties, which doesn't seem enough to make Backbone consider it a change." caercam 1 Needs Patch 50964 WordPress view/preview links + post editor don't get along with SPA frontend REST API 5.3 normal major Awaiting Review defect (bug) new 2020-08-12T21:25:29Z 2021-04-20T05:56:43Z "Hi, I've built a separated frontend (SPA) using WordPress as headless CMS. I managed to allow writers to view/preview posts on the frontend by setting the ''home_url'' accordingly. I also used the ''preview_post_link'' filter to rewrite the preview URL and adding a generated nonce I then pass to the API to fetch the post content. Here is the function : {{{#!php post_type . '&id=' . $post->ID . '&nonce=' . $nonce; } }}} Everything worked just fine until I met the new post editor (must be version 5.3 or 5.4 - working with the REST API). I now have 2 issues : 1. **Saving a post** (or cusotm post). It seems the ''home_url'' needs to be the same as the site_url (wordpress) overwise it fails to update any post (it makes multiple REST API calls to the ''home_url''). Settings the same URL works but now we can't view a post on the frontend using view links. 2. **Previewing a post** (or custom post). In the new block editor, the ''preview_post_link'' filter doesn't seem to be called. URL aren't changed so I can't preview my post on the frontend. I couldn't find anything about similar issues. Could you please help me ? Cheers, Fabrice" fdouchant 2 Needs Patch 54753 Wrong post content when uploading raw post data via REST API when html data url is used REST API 5.8.2 normal normal Awaiting Review defect (bug) new 2022-01-05T21:26:59Z 2022-05-14T18:39:54Z "I want to make use of data URLs in my post: https://en.wikipedia.org/wiki/Data_URI_scheme https://napuzba.com/data-url/ So I've added the following html to a post: Download text file 2 Now I want to upload this html via REST API, and the rest API just filters out the ""data:"" part and the ""download=""a2.txt"": Download text file 2 I made sure, that I am also uploading the post with the edit context, but that does not help. I also tried to url encode all content, so my test case is also not faulty. No luck. This is my curl: curl -X POST https://example.com/wp-json/wp/v2/posts/ -u 'user:password' -d 'title=test&status=draft&context=edit&content=Download text file 2' curl -X POST https://example.com/wp-json/wp/v2/posts/ -u 'user:password' -d 'title=test&status=draft&context=edit&content=%3Ca%20href%3D%22data%3Atext%2Fplain%2CI%20am%20text%20file%22%20download%3D%22a2.txt%22%3EDownload%20text%20file%202%3C%2Fa%3E' Is there a way to disable this filtering of my html? If not, it might be a bug?" nicohood 1 Needs Patch 54832 _doing_it_wrong should write into debug.log REST API 5.8.3 normal normal Awaiting Review defect (bug) new 2022-01-16T05:49:11Z 2024-02-14T14:26:27Z "I was created a plugin that called to `register_rest_route()` without `permission_callback` argument. It worked fine until WordPress 5.5 that this argument is now required. However, the errors is not appears anywhere except in the REST API headers but it is very hard to notice about that. I keep using the old code because I didn't know about this change as it is not showing in the debug.log. Until one day that WordPress 5.8 released and I was entered to the new widget management and BOOM! All errors appears on the debug.log now. This function (`_doing_it_wring()`) is useful and **should** write the details into debug.log file no matter where it is called. Example: {{{ add_action('rest_api_init', 'myplugin_register_routes'); function myplugin_register_routes() { register_rest_route('myplugin', '/allitems', [ 'args' => [ 'mycustom' => 'args', ], 'methods' => \WP_REST_Server::READABLE, 'callback' => 'myplugin_get_items_function', // 'permission_callback' => 'is_missing',// should always showing error in debug.log ]); } }}} " okvee 3 Needs Patch 59558 not documented information about changes in embedded data REST API normal normal Awaiting Review defect (bug) new 2023-10-06T11:17:40Z 2023-10-06T14:14:21Z Hello. In latest wordpress become changes,after which embedded data not works properly if in request we havent any fields. I mean rest api issue see #59552 for details. I expected to see this information with detailed examples at https://developer.wordpress.org/rest-api/using-the-rest-api/linking-and-embedding/#embedding or/and at https://developer.wordpress.org/rest-api/using-the-rest-api/global-parameters/#_embed. Please not ignore my issue #59552, because i not understand how to fix this issue. Thanks. sashakozlovskiy 1 Needs Patch 57312 pattern validation fails in case of multitype validation using WP JSON REST REST API normal normal Awaiting Review defect (bug) new 2022-12-11T14:55:22Z 2022-12-11T15:36:21Z "Just as this https://core.trac.wordpress.org/ticket/56483 question for which I'm still waiting for a reply; I seemingly found another issue when trying to validate the input via oneOf. Concretely, I'm trying to validate that an object has: - pattern properties - with values being either a `^none$` string or a an array of strings matching another regex, like `^[A-Z][a-z]{5}[0-9]$`. Try to submit your data via the js FormData API which holds an object that should validate against sth like this: {{{ [ 'type' => 'object', 'patternProperties' => [ '$[a-z]{5}$' => [ 'type' => [ 'array', 'string', ], 'pattern' => '^none$', 'items' => [ 'type' => 'string', 'pattern' => '^[A-Z][a-z]{5}[0-9]$', ], 'uniqueItems' => true, 'required' => true, ], ], 'additionalProperties' => false, 'minProperties' => 1, 'required' => true, ] }}} If you submit something like: {{{ { ""my_data"":{ ""abcde"":""none"" } } }}} It will result in a Bad Request error, telling you that `my_data[abcde]` does not match with `^none$`. I've tried to use `""enum"": [""none""]` instead of `""pattern"": ""^none$""`, which is when it also responds with a 400 Bad Request, saying that `my_data[abcde]` is not none. Seems like a bug?" joeyojoeyo12 1 Needs Patch 27244 'Restore This Autosave' immediately updates a published post Revisions normal normal Awaiting Review defect (bug) new 2014-02-28T23:43:29Z 2024-02-25T19:29:55Z "The ""Restore This Autosave"" button on the revisions screen immediately replaces the post with the autosave without making it clear that that is the case. Steps to reproduce: 1. Publish a post. 2. Edit the content of the post and trigger an autosave (either by waiting two minutes or by clicking the 'Preview Changes' button). 3. Navigate away from the post editing screen. 4. Return to the post editing screen and note the message stating ""There is an autosave of this post that is more recent than the version below"". Click ""View the autosave"". 5. On the revisions screen, click ""Restore This Autosave"". 6. Note that the autosave has been published rather than simply being restored to the editing screen." johnbillion 6 Needs Patch 52303 Accessibility issues in revisions screen joedolson Revisions 3.6.1 normal normal Future Release defect (bug) assigned 2021-01-15T00:04:34Z 2021-01-27T21:59:41Z "In the course of assessing a functional problem with `wp_text_diff`, a number of accessibility concerns were unearthed regarding the revisions screen. Once the output of `wp_text_diff` is settled, the other concerns noted in #25473 should be addressed here. " joedolson 3 Needs Patch 30679 "Clicking ""Restore this Revision"" publishes immediately" Revisions normal normal defect (bug) new 2014-12-11T20:58:35Z 2019-06-04T21:13:03Z "This is the same as #27244, but for non-autosaved posts. The ""Restore This Revision"" button on the revisions screen immediately replaces the post with the autosave without making it clear that that is the case. Desired behaviour: Clicking Restore This Revision puts this revision into the editor, saving it as draft. Example: 1. Create a post with three revisions, and publish it Revision A Revision B Revision C <-- live and published 2. On the post edit screen, click on revision B. 3. On the revisions screen, click Restore This Revision. Revision A Revision B Revision C <-- live and published Revision B' <-- in the editor, saved as a draft " paulschreiber 7 Needs Patch 49291 Code issues with set_time_limit Revisions 5.3.2 normal normal Awaiting Review defect (bug) new 2020-01-25T23:24:12Z 2020-01-27T12:43:01Z "file: wp-admin\includes\ajax-actions.php function: `wp_ajax_get_revision_diffs` line: 3425 Issue: no time limit set Suggestion: set value to 120 file: wp-includes\class-pop3.php function: `__construct` line: 63 Issue: timeout value is not tested and can be set to 9999999 or a negitive value that acts the same as 0 Suggestion: Force a range for the value (1 to 120) " madpeter 2 Needs Patch 53607 Loading or saving a post with enough (large) revisions exhausts available memory Revisions 5.7.2 normal normal Awaiting Review defect (bug) new 2021-07-06T14:22:21Z 2021-07-06T14:22:21Z "This is a follow-up to #34560. **What steps should be taken to consistently reproduce the problem?** - create a post with enough (large) revisions (see ""Steps to reproduce"" from #34560). - Reduce `WP_MAX_MEMORY_LIMIT` so that it is enough to load one revision but not enough to load tens / hundreds of revisions (e.g. 128M) - save post -> `Updating failed. The response is not a valid JSON response.` - edit post -> `**Fatal error**: Allowed memory size of 134217728 bytes exhausted` **Does the problem occur even when you deactivate all plugins and use the default theme?** - yes **Likely cause** It seems full post revisions (including post content) are still being loaded when editing a post. This is likely the cause of high memory consumption. To look into this: - on a standard WordPress installation, activate [https://wordpress.org/plugins/debug-bar/] with {{{#!php }}} - edit a post with revisions enabled - check the ""Queries"" tab of the debug bar (might need to turn off Gutenberg full screen mode to see it) and look for the query that loads the exhaustive list of full revisions (`wp_posts.*`): {{{ SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.post_parent = [[THE CURRENT POST ID]] AND wp_posts.post_type = 'revision' AND ((wp_posts.post_status = 'inherit')) ORDER BY wp_posts.post_date DESC, wp_posts.ID DESC }}} " mlbrgl Needs Patch 43189 Restoring page revision doesn't restore page template previously used Revisions 4.9.2 normal normal Awaiting Review defect (bug) new 2018-01-31T13:23:15Z 2018-01-31T15:09:27Z "I noticed this when one of the editors made a change in a page and also changed page template. We reverted the change by restoring a previous revision, but this didn't restore the previous page template. " bugnumber9 1 Needs Patch 44540 Revision restoring redirect issue when using custom wp_query inside shortcodes Revisions 4.9.7 normal normal Awaiting Review defect (bug) assigned 2018-07-07T10:43:11Z 2019-03-11T20:44:02Z "Using a custom WP_Query inside page content shortcodes leads to weird ""revisions restoring"" behavior which is redirecting to improper page id. However the page content is restored correctly. Have found this lines 55, 56 in revision.php {{{ wp_restore_post_revision( $revision->ID ); $redirect = add_query_arg( array( 'message' => 5, 'revision' => $revision->ID ), get_edit_post_link( $post->ID, 'url' ) ) }}} While wp_restore_post_revision( $revision->ID ) returns a correct post_id, the redirect is made to get_edit_post_link( $post->ID, 'url' ) and $post->ID may be broken by custom wp_query loop. Why not using wp_restore_post_revision( $revision->ID ) returned result to perform a correct redirect? " vendetta90 2 Needs Patch 44929 Revisions: wp_get_revision_ui_diff only displays existing meta fields of the current post Revisions normal normal Awaiting Review defect (bug) new 2018-09-11T08:38:42Z 2019-01-16T23:01:18Z "For reproducing the issue: 1. Turn on revisions 2. Create a post 3. Save 4. Create a custom field with some value 5. Save 6. Delete the custom field 7. Save 8. Go to the revision comparison 9. The field added and deleted won't display in the comparision After doing some debug I found out that the the foreach loop in the function wp_get_revision_ui_diff in wp-admin\includes\revision.php uses _wp_post_revision_fields( $post ) which only takes into consideration of the custom fields of the actual post. Solution: Change: {{{ foreach ( _wp_post_revision_fields( $post ) as $field => $name ) { }}} To: {{{ $fields_from = array(); $fields_to = array(); if ( $compare_from != null ) $fields_from = _wp_post_revision_fields( $compare_from ); if ( $compare_to != null ) $fields_to = _wp_post_revision_fields( $compare_to ); $fields = array_merge( $fields_from, $fields_to, _wp_post_revision_fields( $post ) ); foreach ( $fields as $field => $name ) { }}} " luisarn 1 Needs Patch 41029 The changed author is not making the coming revisons adamsilverstein Revisions 4.8 normal normal Awaiting Review defect (bug) assigned 2017-06-13T14:02:03Z 2021-04-30T18:28:07Z "Hi In WordPress 4.8 the changed author won't be changed in the new revisions (and autosave)." elisa-demonki 1 Needs Patch 53417 The revisions endpoints provide an incorrect JSON schema Revisions 4.7 normal normal Awaiting Review defect (bug) new 2021-06-15T23:20:51Z 2021-06-15T23:29:55Z "The schema provided by the REST API endpoints for revisions at `wp/v2/posts/{id}/revisions` and `wp/v2/pages/{id}/revisions` is incorrect. The schema states that `content.protected` and `excerpt.protected` properties exist for each revision, but these properties do not exist. * [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L736 The schema is constructed here] from the parent controller for posts, which does include this property * [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L600-L604 When the content data is prepared here] the `protected` property is not included * [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L608-L611 When the excerpt data is prepared here] the `protected` property is not included Two options: 1. Remove the `content.protected` and `excerpt.protected` properties from the schema 2. Add the `content.protected` and `excerpt.protected` properties to the response Here is the `content` property from the schema. Note the `protected.context` property states that the property exists for all three contexts. {{{ ""content"": { ""description"": ""The content for the post."", ""type"": ""object"", ""context"": [ ""view"", ""edit"" ], ""properties"": { ""raw"": { ""description"": ""Content for the post, as it exists in the database."", ""type"": ""string"", ""context"": [ ""edit"" ] }, ""rendered"": { ""description"": ""HTML content for the post, transformed for display."", ""type"": ""string"", ""context"": [ ""view"", ""edit"" ], ""readonly"": true }, ""block_version"": { ""description"": ""Version of the content block format used by the post."", ""type"": ""integer"", ""context"": [ ""edit"" ], ""readonly"": true }, ""protected"": { ""description"": ""Whether the content is protected with a password."", ""type"": ""boolean"", ""context"": [ ""view"", ""edit"", ""embed"" ], ""readonly"": true } } }, }}}" johnbillion 1 Needs Patch 30854 `wp_insert_post` doesn't save revision for new published post adamsilverstein Revisions normal normal Future Release defect (bug) assigned 2014-12-28T16:41:25Z 2022-04-19T05:55:17Z "Calling `wp_insert_post` with `post_status` of `publish` or any other status on a new post doesn't save a new revision. The reason for this is the `$update` check at the beginning: https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/post.php#L3085 checks whether or not the args include an ID, indicating that we're updating a post. Further down, that update check is what calls `post_updated` https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/post.php#L3473 which `wp_save_post_revision` is hooked to. Therefore, if we call `wp_insert_post` in a plugin to insert a post with a`post_status` of `publish`, WordPress doesn't save a post revision. Post revisions are supposed to be up-to-date with the latest post data, but we don't get a revision if we insert a post in this manner. I think the reason we ended up with this is to avoid saving a revision of the auto-draft that is created when opening up post-new.php, but that isn't necessary now, as `wp_save_post_revision` checks whether the `post_status` is an auto-draft. I think the easiest solution is to move the `wp_save_post_revision` to the `save_post` hook, but I'm not sure if there are other places in the codebase this would cause issues." JamesDiGioia 47 Needs Patch 48973 wp_text_diff() out of memory with 10GB memory limit on certain revisions Revisions 5.3.1 normal normal Awaiting Review defect (bug) new 2019-12-14T16:33:35Z 2019-12-16T20:59:38Z "Hi, I have identified a bug with wp_text_diff on a blank WP install on PHP 7.2.8 and 7.3.12 The bug causes the system to run out of memory no matter how much is available. I found it while trying to edit some revisions. The texts are large (50KB), maybe it has something to do with it. To replicate the bug you need to use this code. I will provide the files. {{{#!php is_main_query()) { return; } // Cache the actual query vars first. $queryVarCache = $query->query; // Only continue when our query vars are not already empty. if (!empty($queryVarCache)) { // Remove our query vars from the cache when they are set. if (isset($queryVarCache['foo'])) { unset($queryVarCache['view']); } // When our cache is empty, we are on a front-page (is_home() or is_front_page()). Ensure that the following filtering only happens on a static front page. if (empty($queryVarCache) && get_option('show_on_front') === 'page') { // Get the ID of the front page and add it to the query vars. $query->query['page_id'] = get_option('page_on_front'); // Reparse the query. $query->parse_query($query->query); } } } add_action('pre_get_posts', 'fix_query_vars_on_front_page'); }}} Maybe some way to add custom rewrite tags without adding them as a query var would be a possible solution for this. Of course there would be a need to add a function to access them, for example {{{get_rewrite_var('foo')}}} instead of {{{get_query_var('foo')}}}. I am looking forward that WordPress will make this possible in a future version. :-)" Asgaros Needs Patch 47686 Always flush rewrite rules when active plugins changes & on plugin upgrades Rewrite Rules normal normal Awaiting Review defect (bug) new 2019-07-11T21:02:29Z 2021-12-18T14:09:24Z "I think it's odd that plugins each need to roll their own rewrite rule flushing. It's definitely nice to have the freedom to decide when it's necessary, but it is inconvenient as a developer to reinvent a new way with every new plugin whenever a rule needs to be changed. It's also inconvenient to users when a plugin forgets to flush rules, or when a developer is unaware that it is their responsibility to flush their own rules. I'm proposing here that WordPress core could improve the lives of both developers and users by automatically flushing rewrite rules every time a plugin is activated, deactivated, or updated. For context, `flush_rewrite_rules()` is already called inside of `check_theme_switched()` which in hooked to `init` and always flushes rewrite rules when a new theme is activated, and I'm suggesting we consider doing this for plugins too." johnjamesjacoby 8 Needs Patch 20520 Author Page Pagination Broken When Removing /author/ Slug Rewrite Rules 3.3 normal normal defect (bug) new 2012-04-23T04:16:03Z 2019-06-04T21:07:29Z "WP 3.3.1 Multisite Permalink setup: /author/post-name - If the request is ""domain.com/authorname"" the authors page pagination link is broken. - If the request is ""domain.com/author/authorname"" the authors page pagination link works fine." rbaccaro 1 Needs Patch 41891 Bug when changing $(comments_)pagination_base of WP_Rewite instance to string with non-ASCII characters Rewrite Rules normal normal Awaiting Review defect (bug) new 2017-09-15T13:05:55Z 2017-09-15T13:05:55Z "When you change `$pagination_base`/`$comments_pagination_base` for `WP_Rewrite` instance to string with ASCII characters, it works as expected. But when you change to non-ASCII string, it doesn't work because it redirects from `//2` to `//2//2` which returns 404. If you use `rawurlencode()` on that string, it again works as expected. So, in short: `$GLOBALS['wp_rewrite']->pagination_base = 'something';` - works `$GLOBALS['wp_rewrite']->pagination_base = 'чџш';` - doesn't work `$GLOBALS['wp_rewrite']->pagination_base = rawurlencode( 'чџш' );` - works This doesn't apply to other bases, they work without `rawurlencode()`, for example: `$GLOBALS['wp_rewrite']->author_base = 'гдђ';`" dimadin Needs Patch 54654 Can flush_rewrite_rules() be called automatically after changing the site URL? Rewrite Rules normal normal Awaiting Review defect (bug) new 2021-12-18T08:52:09Z 2021-12-18T14:50:04Z "A common issue that users run into after changing the WordPress Address and/or Site Address (such as when migrating to a new domain) is that some of their links stop working correctly after a site change. The most common fix/workaround is to go to the wp-admin > Settings > Permalinks page and click ""Save"" once or twice, which usually does the trick. Examples of this problem and workaround can be found all over Google: https://www.google.com/search?q=wordpress+links+not+working+after+migration https://wordpress.stackexchange.com/questions/221108/wordpress-links-not-working-after-migration https://wordpress.stackexchange.com/questions/14685/after-server-migration-only-the-homepage-works https://wordpress.stackexchange.com/questions/253245/wordpress-migration-getting-404-errors-only-home-page-works https://stackoverflow.com/questions/42162570/wordpress-issue-after-migration-only-homepage-works https://stackoverflow.com/questions/39514343/wordpress-migration-broken-links I'm not sure if there's already a ticket for this anywhere, but surely there's some way to do this automatically? The view counters on the various Stack Exchange questions suggest that it has affected hundreds of thousands or even millions of users, so fixing it would be a fantastic QOL improvement, especially for non-technical users and users who don't notice the broken links until they start getting complaints. Would it be possible to automatically flush_rewrite_rules() in the core function that handles the address change? I haven't looked into what happens when the permalink settings are resaved, but I would imagine that it does something similar there." pikamander2 3 Needs Patch 51805 Clarify the prerequisites for updating the .htaccess file in flush_rewrite_rules() Rewrite Rules normal normal Future Release defect (bug) new 2020-11-17T17:08:11Z 2022-03-04T20:32:41Z "Background: #51723 In `flush_rewrite_rules()`, the documentation for the `$hard` parameter currently says: > Whether to update .htaccess (hard flush) or just update rewrite_rules option (soft flush). Default is true (hard). However, this does not mention that `WP_Rewrite::flush_rules()` only calls `save_mod_rewrite_rules()` if the function exists, which is only loaded in the admin. Moreover, there is a section in [source:tags/5.5.3/src/wp-admin/admin.php?marks=40#L38 wp-admin/admin.php] to flush the rewrite rules when a database version is bumped, but `save_mod_rewrite_rules()` is not loaded yet at that point, leading to [comment:3:ticket:51723 some confusion]. The function should clearly state what exactly is needed for updating the `.htaccess` file. Another idea suggested in #51723 is to make sure `save_mod_rewrite_rules()` is loaded to regenerate the file when flushing the rewrite rules after database version bumps, see comment:5:ticket:51723." SergeyBiryukov 2 Needs Patch 39442 Custom rewrite endpoints and wp_old_slug_redirect Rewrite Rules 4.7 normal normal Awaiting Review defect (bug) new 2017-01-03T00:21:03Z 2020-07-14T05:13:13Z "Previously: #33920 {{{wp_old_slug_redirect}}} currently only handles core rewrite endpoints (like {{{feed}}} and {{{embed}}}). If you have a custom rewrite endpoint, you end up redirected back to the new permalink. You can use the [old_slug_redirect_url https://developer.wordpress.org/reference/hooks/old_slug_redirect_url/] filter to redirect correctly but the filter does not pass the post id, which makes things a bit challenging (especially if you need to do any processing beyond just appending the endpoint). It would be nice if the post id was passed into the {{{old_slug_redirect_url}}} filter: {{{ $link = apply_filters( 'old_slug_redirect_url', $link, $id ); }}} It would be even nicer if the redirect handled custom endpoints automatically as well." batmoo 1 Needs Patch 34683 Default .htaccess config creates rewrite infinite loops for path-based multisite installations Rewrite Rules 4.3.1 normal normal Awaiting Review defect (bug) new 2015-11-14T20:16:54Z 2020-03-27T14:11:01Z "Default .htaccess config for path-based multisite installations looks like that: {{{ RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule . index.php [L] }}} The problem is in these lines: {{{ RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] }}} `?` sign makes expression `([_0-9a-zA-Z-]+/)` optional, so rule works also for request like `http://example.com/wp-config/file.png` and basicly try to internal redirect request to the same address. If file does not exist, it creates infinite internal loops that causes internal server errors. There is no sense create rewrite rules for main site of network and site prefix should no be optional for rewrites. Correct .htaccess content should be: {{{ RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)(.*\.php)$ $2 [L] RewriteRule . index.php [L] }}} " rob006 3 Needs Patch 53545 Domain Mapping not working with page as homepage Rewrite Rules 5.7.2 normal normal Awaiting Review defect (bug) new 2021-06-28T20:43:11Z 2021-06-28T20:43:11Z "Hi! Since a few WordPress Versions it is possible to point different domains to the same WP installation without a redirect. So the domain example.org can point to a WP installation with foobar.org in the database home and siteurl without gettin redirected. This is very handy when it comes to SSL. Thanks for that. That works great if the homepage displays the latest posts, or if a blog post or page is loaded. But if the homepage is a page it redirects to foobar.org. I tried this out in a few different wp installtions and hat the same problem everywhere. Is this a bug or intended? I brought an example: https://www.sumisuweb.at/ It is a plain wp installation. There are no themes or plugins installed except the default ones. Also the htaccess is default. Everything. The siteurl and home is https://www.sumisuweb.at/, I only made changes to the titles of the posts and the permalink (it's set to year/month/day - but it does not matter what permalink type) and I changed the homepage to a page instead of the latests posts archive. The subdomain https://blog.sumisuweb.at/ also points to the wp installation. If you visit https://blog.sumisuweb.at/example-page, the url stays the same, no redirect, it works, because it is a page. But if you try to call only https://blog.sumisuweb.at/ it redirects to https://www.sumisuweb.at. It is also possible to visit https://blog.sumisuweb.at/2021/06/28/hello-world/ So the redirect only happens if the homepage is a page. It does not happen if the homepage is the default post archive. This is a bug, I can't explain otherwise why this would be intended behaviour. Please take a look at it, it would mean very much to me. If you have any further questions or need my assitance or anything, please don't hesitate to contact me. Thank you! Alle the best, Theresa " teresasumisu Needs Patch 40339 If $home_path=='wp' then WP::parse_request() will remove 'wp' from 'wp-json/wc/v1/products' in $pathinfo Rewrite Rules 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-02T13:32:06Z 2018-01-12T02:33:28Z "I have installed WordPress in a subdirectory 'wp' so $home_path is 'wp'. The statement {{{#!php pathinfo = preg_replace( $home_path_regex, '', $pathinfo ); }}} is called with arguments {{{ $home_path_regex = '|^wp|i' $pathinfo = 'wp-json/wc/v1/products' }}} and returns {{{ $pathinfo = '-json/wc/v1/products' }}} Since, $_SERVER[ 'PATH_INFO' ] is the trailing part of the path wouldn't the leading home path be already removed? Here is the $_SERVER variable: {{{ $_SERVER=Array ( [SERVER_SOFTWARE] => PHP 5.6.30 Development Server [REQUEST_URI] => /wp/wp-json/wc/v1/products [DOCUMENT_ROOT] => C:\\WWW [REMOTE_ADDR] => 192.168.1.113 [REMOTE_PORT] => 54207 [SERVER_PROTOCOL] => HTTP/1.1 [SERVER_NAME] => me.local.com [SERVER_PORT] => 80 [REQUEST_METHOD] => GET [SCRIPT_NAME] => /wp/index.php [SCRIPT_FILENAME] => C:\\WWW\\wp\\index.php [PATH_INFO] => /wp-json/wc/v1/products [PHP_SELF] => /wp/index.php/wp-json/wc/v1/products [HTTP_HOST] => me.local.com [HTTP_CONNECTION] => keep-alive [HTTP_CACHE_CONTROL] => max-age=0 [HTTP_UPGRADE_INSECURE_REQUESTS] => 1 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,en-AU;q=0.6 [HTTP_COOKIE] => wp-settings-1=libraryContent%3Dbrowse%26mfold%3Do%26editor%3Dhtml%26posts_list_mode%3Dexcerpt%26widgets_access%3Don%26post_dfw%3Don%26hidetb%3D1; wp-settings-time-1=1489742056; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_82a92e8b6fd4f1e7bd35e69acfebe645=mc%7C1491295996%7ClSYWOrX5ljiNvjMUuOsdx3Hqd3B4PsyM6sdhaHx3VHB%7C0f85cc8928c44377d339344bd93f970151fb018ad0623b09964e252bc6104127 [REQUEST_TIME_FLOAT] => 1491131923.8711 [REQUEST_TIME] => 1491131923 ) }}} " Magenta Cuda 1 Needs Patch 57858 If permalink structure is set to /%category%/%postname% , WordPress will match a /0/ path as a category archive Rewrite Rules 6.1.1 normal normal Awaiting Review defect (bug) new 2023-03-02T22:30:38Z 2023-03-12T08:30:39Z "Issue: When the post permalink structure (Settings > Permalinks > Permalink Structure > Custom Structure ) is set to /%category%/%postname% , any path containing /0/ will be matched as a category archive page. eg. example.com/wp-content/0/ will not return a 404, and resolve to category archive template. example.com/wp-includes/0/ will not return a 404 and resolve to category archive template. example.com/wp-admin/0/ will not return a 404 and resolve to category archive template. example.com/some-post-name/0/ will resolve to some-post-name example.com/0/ will properly resolve to the site_url, but still wont 404 Setting the permalink to anything but that, eg. /%author_name%/%postname% it will properly 404. I'm guessing somewhere in the permalink structure, 0 is seen as a valid category and not empty/null. Steps to reproduce: 1. Spin up a fresh WordPress 2. Go to Settings > Permalinks > Permalink Structure > Custom Structure 3. Set the Custom Structure to: /%category%/%postname% 4. Visit one of the example URLs above. We found this issue as we noticed Google was indexing a page like example.com/wp-content/uploads/2011/0/ " krdevio 7 Needs Patch 19896 Non-WP rewrites not saved on a multisite install Rewrite Rules 3.0 normal normal Awaiting Review defect (bug) new 2012-01-25T16:14:20Z 2017-08-22T14:29:46Z "The following code adds a rewrite rule which is classed as a non-WP rewrite rule because its redirect doesn't begin with `index.php`, and is stored in the `non_wp_rules` member variable of the `WP_Rewrite` class. {{{ function my_rewrite() { add_rewrite_rule( 'login/?$', 'wp-login.php', 'top' ); } add_action( 'init', 'my_rewrite' ); }}} On a single site install, this rewrite rule gets saved directly to the .htaccess file rather than being added to WordPress' internal rewrite array. On a multisite install, this doesn't happen and the rewrite rule has no effect (probably because once a site is multisite-d WordPress no longer writes to .htaccess). The rule has to be manually added to .htaccess. Likely introduced in 3.0, reproduced in 3.3 and trunk." johnbillion 7 Needs Patch 41079 PHP Notice: Undefined offset: -1 in /var/www/html/live/wp-includes/rewrite.php Rewrite Rules 4.3 normal normal Awaiting Review defect (bug) new 2017-06-15T17:22:51Z 2017-06-16T01:27:50Z "Low priority, but I'm trying to reduce the size of my error logs, and this notice is a vast majority of it. Issue lies at lines 376 & 378 in the ""wp_resolve_numeric_slug_conflicts"" function. Occurs when $postname_index is 0. With my limited understanding, it seems like that scenario can be skipped, so I added the below snippet to the ""if"" statement at line 363 in my build: {{{ || 0 === $postname_index }}} Please resolve in the next update. Thanks." myrmidon16 3 Needs Patch 52419 Pagination adds trailing slash when it shouldn't Rewrite Rules 5.6 normal minor Awaiting Review defect (bug) new 2021-02-02T09:24:13Z 2021-02-02T09:24:13Z "When the WordPress site has been set-up to not use trailing slashes, the 1st page of the pagination still adds a trailing slash to the URL. Tested with WordPress 5.6 and 5.5 in Nginx 1.16.0 with Twentytwenty, no active plugins. ---- For example: The archive page is https://playground.local/category/classic, when using the pagination to go to page 2, the url changes to https://playground.local/category/classic/page/2. Now, when I try to navigate back to page 1 of the archive, the URL is https://playground.local/category/classic/. Adding a trailing slash, even though the WordPress installation has been set up so that it doesn't use trailing slashes." DhrRob Needs Patch 50726 Pagination error on 4 digit page when category and year are in the permalink structure Rewrite Rules 5.5 normal minor Awaiting Review defect (bug) new 2020-07-21T17:40:38Z 2020-07-21T17:40:38Z "When looking at a category archive page where the page number has four digits, and the permalink structure has the category and year in it, WordPress lumps together the category name and the ""page"" part of the URL and assumes that the number refers to the year of publication. Steps to reproduce: 1) Update the permalink structure to /%category%/%year%/%monthnum%/%day%/%postname%/ 2) Create a category 3) Create and assign enough posts and/or update posts per page to generate at least 1000 pages. 4) Navigate to page 1000 or greater. Even though the resulting URL would be /%cat%/page/1000/, WordPress will assume that the category name is ""%cat%/page"" and that the year of publication is 1,000. The correct behavior is to go to page 1,000 of the specified category, just as it works in page 999. This issue leads to 404s being generated by the standard pagination component which get flagged on search engine crawls, resulting in lower search rankings for the entire website. Here is the immediate fix I added to my website: {{{#!php is_main_query() && is_archive() && substr_count($_SERVER['REQUEST_URI'], '/page/') ) { $year = $query->query_vars['year'] ?? 0; $page = $query->query_vars['paged'] ?? 0; if ($year && !$page) { unset($query->query_vars['year']); $query->set('paged', $year); } if (isset($query->query['category_name'])) { $query->set('category_name', str_replace('/page', '', $query->query['category_name'])); } } }); }}} " elpadi17 Needs Patch 26885 Path Based Multisite Rewrite rule absolute path without trailing slash Rewrite Rules 3.8 normal normal defect (bug) new 2014-01-20T16:06:31Z 2019-06-04T21:10:12Z "The .htaccess rewrite rules generator output the absolute path to the files, but there is missing a slash at the begining to use it as absolute. I've seen the same problem at http://wordpress.stackexchange.com/questions/77818/multisite-configuration-fails-with-css-js-files The solution is to make it relative, or to add a ""/"" at the beggining of the two rewrite rules. I think the .htaccess code generated can be fixed for future users." skalex 2 Needs Patch 52969 Permalink for /wp-includes falls back to blog post Rewrite Rules 5.6.1 normal normal Awaiting Review defect (bug) new 2021-04-05T09:39:45Z 2021-04-05T10:11:00Z "After setting up WordPress, and enabling pretty looking permalinks, I found something odd happening. The Apache rewrite rules have been also set up in the VHost config: {{{ ServerName example.com DocumentRoot /usr/share/wordpress Alias /wp-content /var/www/example.com/wp-content RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ^index\.php$ - [L] RewriteCond /usr/share/wordpress%{REQUEST_URI} !-f RewriteCond /usr/share/wordpress%{REQUEST_URI} !-d RewriteCond /var/www/example.com%{REQUEST_URI} !-f RewriteCond /var/www/example.com%{REQUEST_URI} !-d RewriteRule . /index.php [L] # Directory permissions omitted }}} '''Note''': I have the (shared) code in `/usr/share/wordpress` and the actual ''site-specific'' content in `/var/www/` so I can host several sites with the same WP installation. So, everything seems fine and dandy, until Chrome tries to load some `.js.map` files, which will raise a warning in the browser console: DevTools failed to load SourceMap: Could not parse content for https://example.com/wp-includes/js/underscore.min.js.map: Unexpected token < in JSON at position 0 Having a look into the issue, I found, that most of the non-existent files will correctly return a 404 (as before the permalinks), however anything below `/wp-includes/js/` will fall back to my first blog post. (So `https://7c00.io/wp-includes/js/foo/` will also show my ""hello-world"" test post) As due the rewrite rules everything is essentially handled by PHP, I suspect this is an issue with the WP permalinks business logic." fancsali 1 Needs Patch 36915 Permalinks broken after 4.5 Rewrite rules Rewrite Rules 4.5 normal normal defect (bug) new 2016-05-22T20:08:04Z 2019-06-04T21:23:21Z "Hi guys, Some of my websites had the permalinks broken after upgrading to 4.5. My webserver is NginX and the theme is iMedica. How I fixed: ============ This file: /wp-includes/class-wp-rewrite.php Line: 1813: ""update_option( 'rewrite_rules', '' );"" Before 4.5 that line was ""delete_option('rewrite_rules');"" But I think when WP team changed to update_option function they missed a parameter, it should be: ""update_option('rewrite_rules', $this->rules);"" After fixing this the permalink started working again. " fatorbinario 4 Needs Patch 49510 Regular expression metacharacters in category and tag base lead rewrite rules to fail. Rewrite Rules 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-25T09:47:00Z 2020-02-25T11:05:59Z "Steps to reproduce (theme Twenty Twenty): 1. Go to ''Settings > Permalinks'', search for the ''Category base'' and/or a ''Tag base'' with some [RegExp meta-characters](https://www.php.net/manual/en/regexp.reference.meta.php), for example: [[Image(permalinks.png)]] 2. Try to access a category archive page, either by typing its URL directly in your web browser, or by clicking on a generated link for this category: [[Image(category-page.png)]] 3. Same for tag archive page: [[Image(tag-page.png)]] I've done some research, and it seems that a similar bug happen with feeds URL: #43571 The proposed solution in the above patch is to escape the rewrite rules with PHP built in function `preg_quote()`, which would solve this problem too if we apply it in the correct location. But what is the correct location? And could other parts of the rewrite rules generation/evaluation benefits of escaping too? I don't know if it should be discussed in the same ticket, but after solving this issue, this would allow WordPress administrators to use reserved characters (as defined in [RFC 3986](https://tools.ietf.org/html/rfc3986#section-2.2) in their URLs..." raaaahman Needs Patch 38518 Rewrite Rules rebuilding on parse_request Rewrite Rules 4.6.1 normal normal Awaiting Review defect (bug) new 2016-10-26T18:33:59Z 2019-03-26T17:20:05Z "Hi, We have an issue that when flush_rewrite_rules is flushing, another request is coming in an parse_request is firing. While update_option('rewrite_rules', ' ') is deleted and the rules are being processed, parse_request is passing the conditional and writing it's own rules. I've created a patch that has flush_rewrite_rules being solely responsible for rebuilding the rewrite rules. Otherwise, parse request will just read the current rules." andyphillips82 1 Needs Patch 32471 There is no proper way to flush rewrite rules at plugin network de-activation Rewrite Rules 3.0 normal normal defect (bug) new 2015-05-23T10:28:02Z 2019-06-04T21:15:18Z "It is considered as best practice for a plugin modifying rewrite rules to flush them at activation and de-activation: http://codex.wordpress.org/Function_Reference/flush_rewrite_rules Plugins should then handle this at network activation and de-activation too. Following a [https://core.trac.wordpress.org/ticket/14170#comment:30 comment] from @nacin on #14170, we can find a way to handle this properly at network activation. We can even make something which scales using for example the plugin [https://wordpress.org/plugins/proper-network-activation/ proper network activation] from @scribu as a basis. However the only proposal I found to handle the network de-activation is: {{{ foreach ($wpdb->get_col(""SELECT blog_id FROM $wpdb->blogs"") as $blog_id) { switch_to_blog($blog_id); flush_rewrite_rules(); restore_current_blog(); } }}} Apart from the fact that it does not scale, it would mess the rewrite rules of all blogs. I am aware of #20171 but fixing it with the proposed patch is not sufficient as other plugins may modify the rewrite rules and we then face the fact that $wp_rewrite->extra_rules_top is shared accross blogs. So the only way I foresee as a potential solution is that the network de-activation is not handled at network level but that each blog runs its own individual de-activation process - in a similar way as @nacin proposed for the activation as indeed, with the current architecture, we must never mix switch_to_blog() and flush_rewrite_rules(). Unless I miss something, it seems that there is currently no way for a plugin to properly flush rewrite rules at network de-activation." Chouby 1 Needs Patch 16832 Trouble if the slug of a custom taxonomy is the same as the url of page/post Rewrite Rules 3.1 normal normal defect (bug) new 2011-03-11T11:50:43Z 2019-06-04T21:06:35Z "I got some troubles with the 3.1 version of WordPress concerning the slug of custom taxonomy. '''An example that work in 3.0.5'''[[BR]] www.example.com/agency (url of a page)[[BR]] www.example.com/agency/john-smith (url of a custom type's detail) Apparently having the same ""folder"" 'agency' only works for one or the other url but not both. Hope I made myself clear." LucasHantz 12 Needs Patch 20109 Valid htaccess rule causes 404 after upgrade to 3.3.1 Rewrite Rules 3.3.1 normal normal defect (bug) new 2012-02-24T06:26:42Z 2019-06-04T21:07:25Z "On 2/18/2012, I upgraded WP from 3.2.1 to 3.3.1. on www.denverhomevalue.com. I later noticed that Google webmaster tools started reporting 404 errors on lots of pages that were fine before. WP was still returning the proper pages and content, not my custom 404 page, so the issue was not readily apparent except in WMT reports. Running http header response checkers confirmed 404 responses, despite good contents being returned. Deleting sections of the htaccess file until the problem went away, the issue was isolated to two rules meant to escape following rewrite rules on certain urls: {{{ RewriteRule ^city(.*) - [L] RewriteRule ^areas(.*) - [L] }}} These were the same family of urls that started returning 404s after 3.3.1 upgrade. These rules were in place since 12/5/2011, with WP 3.2.1 and never caused a problem. I was able to revert a backup of the site to 3.2.1, on the same exact server environment, and confirm that these same valid htaccess rewrite rules were not a problem in that release." ronnieg 4 Needs Patch 49155 WP_HOME constant will force-redirect static front page but not posts on front page Rewrite Rules 5.3.2 normal normal Awaiting Review defect (bug) new 2020-01-09T03:42:32Z 2020-01-09T03:42:32Z "When a static front page is set and I have an HTTPS URL configured with the `WP_HOME` constant (such as `https://example.org`) and I try to navigate to `http://example.org`, I'll be redirected to `https://example.org`. When the front page is set to show latest posts and I do the same thing, WP will respond successfully to `http://example.org` with no redirect. I imagine this isn't specific to http/https. If my server is configured to respond to other URLs with the WP app, I ''think'' it would respond to anything. This behavior seems like it ought to be consistent. The code in `wp-includes/canonical.php` around line 192 is responsible, and perhaps another case should be added?" eclev91 Needs Patch 36812 WP_Rewrite removes regex groups, should replace with non-capturing Rewrite Rules 4.5.2 normal normal defect (bug) new 2016-05-11T05:23:43Z 2019-06-04T21:22:59Z "I have got that plugin which adds a rewrite tag like so: {{{ add_rewrite_tag('%lang%', '(en|fr)', 'lang='); }}} One can then customize the permalinks and add the post's language anywhere in the url. The problem is that, at one point, the WP_Rewrite class adds rules for attachment and on line 1112 of class-wp-rewrite.php it simply gets rid of all the parenthesis in the regex. So, if I configure the permalink to be `/%postname%/lang/%lang%/` the resulting regex for the rewrite rule is: {{{ [^/]+/lang/en|fr|zh/attachment/([^/]+)/?$ }}} which is a totally different rule than expected, where `anything/lang/en` is matched as an attachment page when it really shouldn't be. Instead the regex should be: {{{ [^/]+/lang/(?:en|fr|zh)/attachment/([^/]+)/?$ }}} The code on line 1112 of class-wp-rewrite.php should be replaced with: {{{ $submatchbase = str_replace( '(', '(?:', $match); }}} " cvedovini 1 Needs Patch 54161 "WordPress destroy iis web.config when using ""location"" config." Rewrite Rules 5.8.1 normal critical Awaiting Review defect (bug) new 2021-09-22T15:53:05Z 2021-09-22T15:53:05Z "When wordpress doesn't find rewrite rulres, it tries to add them, and it works correctly. BUT If we use the ""location"" in web.config, that allow config to NOT inherit in sub applications, it crashes web.config. When web.config looks like this: {{{ }}} ... wordpress thinks that the ""system.webserver"" is not present, so it append it at the end of the web.config. And, we get a ""500 error"" because that new edited web.config is invalid. We fixed it temporary by disabling ""write"" access to web.config for our app pool, but you should fix it, and correctly find the ""rewrite rule"" even if it's under the xml path." foxontherock Needs Patch 50943 add_rewrite_rule() sample codes don't work for passing multiple params Rewrite Rules 5.5 normal critical Awaiting Review defect (bug) new 2020-08-12T13:46:46Z 2020-08-14T00:54:37Z "Hi I'd found out a new bug in wordpress v5.5 (latest release update), and its related to rewrite rules. Even sample codes in following page won't work for passing multiple params in url mentioned in ""Using Custom Templates with custom querystring"" section: https://codex.wordpress.org/Rewrite_API/add_rewrite_rule I'd tried every possible ways to achieve that, but I couldn't. I think it's a bug. I hope this is not a false report. if it is, sorry for that and could you help me. I using this code: {{{#!php This is only a partial sample of the file. " jaendres 1 Needs Patch 45970 "in IIS if web.confing section and the site craches with wrong web.config" Rewrite Rules 5.0.3 normal normal Awaiting Review defect (bug) new 2019-01-13T12:12:37Z 2019-01-13T22:34:19Z "in IIS if web.confing section and the site craches with wrong web.config error (2 sections). It happens/triggers by example if you are trying to change the ""Permalink Settings"". The code responsible for this check is located in \wp-admin\includes\misc.php (line 748) {{{ // First check if the rule already exists as in that case there is no need to re-add it $wordpress_rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]'); if ( $wordpress_rules->length > 0 ) return true; }}} The fix could be to register the namespace: {{{ $xpath->registerNamespace(""x"", ""http://schemas.microsoft.com/.NetConfiguration/v2.0""); }}} and then in `$xpath->query` to check also for `/x:configuration/x:system.webServer/x:rewrite/x:rules/x:rule[starts-with(@name,\'WordPress\')]` In this way it works without problem and does not break the site." boychev Needs Patch 46000 non empty post object in case of error 404 Rewrite Rules 5.0.3 normal normal Awaiting Review defect (bug) new 2019-01-16T09:21:09Z 2019-01-16T09:21:09Z "In case of an 404 error the Posts Object is not empty if permalink setting is something like {{{ /blog/%postname%/ }}} The attached plugin can be used to debug this issue. == How to reproduce the problem **Step 1** Change permalink setting to {{{ /%postname%/ }}} Request a non existing URL like example.com/non-existent. Result: the Posts Object is empty **Step 2** Change permalink setting to {{{ /blog/%year%/%monthnum%/%postname%/ }}} Request a non existing URL like example.com/non-existent. Result: the Posts Object is empty **Step 3** Change permalink setting to {{{ /blog/%postname%/ }}} Request a non existing URL like example.com/**blog**/non-existent. Result: the Posts Object is empty **Step 4** permalink setting is still {{{ /blog/%postname%/ }}} Request a non existing URL like example.com/non-existent. Result: **the Posts Objec is NOT empty** == Impact == Plugins that use **the_posts** filter may produce wrong results. I've tested it with 5.0.3 but I'm pretty sure, previous versions are affected also." petersplugins Needs Patch 19493 post and archive pagination don't work with custom endpoints Rewrite Rules 2.1 normal normal Awaiting Review defect (bug) new 2011-12-09T23:55:09Z 2018-01-25T20:22:02Z "Archive pagination and post pagination are not endpoint-aware, so they break when endpoints are added to them. The following example code creates an endpoint, and then uses a filter to add that endpoint to various links on the rendered page: {{{ add_action( 'init', function() { global $wp_rewrite; add_rewrite_endpoint( 'foo', EP_ALL ); $wp_rewrite->flush_rules(false); } ); add_filter( 'post_link', 'gist_add_endpoint_to_url', 99 ); add_filter( 'get_pagenum_link', 'gist_add_endpoint_to_url', 99 ); function gist_add_endpoint_to_url( $url_base ) { $endpoint = 'foo'; $url_parts = parse_url( $url_base ); $url = ( isset($url_parts['scheme']) && isset($url_parts['host']) ) ? $url_parts['scheme'] . '://' . $url_parts['host'] : ''; $url .= isset($url_parts['path']) ? $url_parts['path'] : ''; $url = user_trailingslashit( $url ); if ( '' === get_option('permalink_structure') ) { $url .= isset($url_parts['query']) ? '?' . $url_parts['query'] : ''; $url = add_query_arg( $endpoint, 'true', $url ); } else { $url .= $endpoint . '/true'; $url = user_trailingslashit( $url ); $url .= isset($url_parts['query']) ? '?' . $url_parts['query'] : ''; } $url .= isset($url_parts['fragment']) ? '#' . $url_parts['fragment'] : ''; return $url; } }}} You'll see that it works perfectly using the theme unit test, except that paginated posts produce URLs like this: http://example.com/2008/09/layout-test/foo/true/2/ ...which doesn't work. The inverse -- http://example.com/2008/09/layout-test/2/foo/true/ -- also doesn't work, and produces a 404 on top of it. Also, the older posts / newer posts produce this format of link: http://example.com/page/2/foo/true/ .. .which also doesn't work. If you change gist_add_endpoint_to_url() to add a querystring param, older posts/newer posts links work fine, but post pagination still breaks: {{{ function gist_add_endpoint_to_url( $url_base ) { $endpoint = 'foo'; $url_base = add_query_arg( $endpoint, 'true', $url_base ); return $url_base; } }}} If you don't use a permalink structure at all, it works fine, since the pagination params are passed directly in the URL. I'm not sure if the fix lies in modifying add_rewrite_endpoint() so that it creates pagination urls in wp_rewrite, or modifying the way _wp_link_page() and get_next_posts_link() work. " mintindeed 8 Needs Patch 60330 redirect that working incorrectly! Rewrite Rules normal normal Awaiting Review defect (bug) new 2024-01-23T19:57:30Z 2024-03-05T02:31:29Z "Issues that once you going to for example https://example.com/example-page-slug/1000/ will redirect you to https://example.com/example-page-slug/ . But it's supposed to display 404 page. Is bad for SEO because that redirect using 301. {{{#!php 0) { $query = array( 'pagename' => '404' ); } return $query; } } new RedirectFixer(); }}} This is how to fix it." markuscode 2 Needs Patch 58536 url_to_postid does not work at MS install in context of another blog when $wp_rewrite->use_verbose_page_rules differs Rewrite Rules normal normal Awaiting Review defect (bug) new 2023-06-14T11:18:44Z 2023-10-29T06:02:12Z "In a multisite installation, where there are blogs with mixed permastruct of some have the `$wp_rewrite->use_verbose_page_rules` set to `true` and some to `false`, the `url_to_postid` fails to find a post, since it's queried as a page, [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rewrite.php?rev=54364#L609 due to a falsey check]. As the rewrites rules are untouched upon `switch_to_blog` action and as the `url_to_postid` function works directly with the `rewrite_rules` option ([https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rewrite.php?rev=54364#L563 via `WP_Rewrite::wp_rewrite_rules()` function] ), IMHO the best way to fix such a case would be to not rely on the property, but perform the same check as when the `use_verbose_page_rules` property is being set (see the attached patch)." david.binda Needs Patch 43881 url_to_postid doesn't works with custom post type in PhpUnit Test Rewrite Rules normal normal Awaiting Review defect (bug) new 2018-04-27T14:10:38Z 2018-12-21T02:32:13Z "In the {{{functions.php}}} I have the following code: {{{#!php [ 'name' => 'products', 'singular_name' => 'products', 'add_new' => 'Add New', 'add_new_item' => 'Add New Product', 'edit_item' => 'Edit Product', 'new_item' => 'New Product', 'all_items' => 'All Product', 'view_item' => 'View Product', 'search_items' => 'Search for Product', 'not_found' => 'No product found', 'not_found_in_trash' => 'No product found in the Trash', 'menu_name' => 'products', 'parent_item_colon' => '', ], 'description' => 'Product description', 'public' => true, 'rewrite' => ['slug' => 'products'], 'menu_position' => 5, 'supports' => ['title', 'editor', 'excerpt'], 'has_archive' => true, 'menu_icon' => 'dashicons-id-alt', ] ); } add_action('init', 'post_type_products'); }}} Then I need to test it. And for this test I create the test record via factory class: {{{#!php 'Test Post', 'post_content' => 'Test Post Content', 'post_excerpt' => 'Test Post excerpt', 'post_type' => 'products' ]; $this->factory->post->create($post_data); }}} The problem is when I got URL from following code: {{{$url = get_permalink($this->factory->post->create($post_data));}}} The function {{{url_to_postid}}} return {{{0}}} {{{#!php flush_rules(); } add_action( 'init', 'duke_add_endpoints'); }}} and discovered that i can't get it work because of it completely absence in further $wp_rewrite references. Intrigued by that fact (especialy with hard flushing) i've been lead to ''parse_request''of class-wp and due to it's {{{ $rewrite = $wp_rewrite->wp_rewrite_rules(); }}} i guided to '''wp_rewrite_rules''' method of wp-includes/rewrite.php where discovered that rewrite_rules option is loaded from wp_options but if it's not there - it loaded from cache (bacause of get_option behaviour). {{{ $alloptions = wp_load_alloptions(); if ( isset( $alloptions[$option] ) ) { $value = $alloptions[$option]; } else { $value = wp_cache_get( $option, 'options' ); if ( false === $value ) { $row = $wpdb->get_row(.... }}} Wondering why it was not overriden by flush_rules both in wp_options and in cache i've dig into '''flush_rules''' and discovered that it operates the same method {{{ function flush_rules($hard = true) { delete_option('rewrite_rules'); $this->wp_rewrite_rules(); ....... }}} but wait... IF THE REWRITE_RULES IS NOT IN THE WP_OPTION then it still taken from cache with previous value. {{{ function wp_rewrite_rules() { $this->rules = get_option('rewrite_rules'); ///at this point the value already deleted from table but still remains in cache so get_option returns OLD value till it remain in cache for indefinite time if ( empty($this->rules) ) { $this->matches = 'matches'; $this->rewrite_rules(); update_option('rewrite_rules', $this->rules); } return $this->rules; } }}} so if your rewrite rules not in table but in cache - they probably stuck there forever till cache gets cleared. i guess it has something to infere with delete_option and situation when cache is not cleared. but i guess it's next bug to catch. " mainpart 2 Needs Patch 52247 Author role unable to set featured image (Error 403) Role/Capability 5.6 normal normal Awaiting Review defect (bug) new 2021-01-07T17:42:56Z 2021-01-07T17:42:56Z "Users with the role of author are unable to set featured images in posts. I am able to replicate this in a fresh installation of WordPress (Ver 5.6, Php 7.4.8, no plugins, 2021 theme). There are two errors in the console: {{{ api-fetch.min.js?ver=5f98b08f212ba8fa8b4685ad2e1b1378:2 GET https://dev.msiachild.org/wp-json/wp/v2/media/16?context=edit&_locale=user 403 }}} and {{{ Uncaught (in promise) {code: ""rest_forbidden_context"", message: ""Sorry, you are not allowed to edit this post."", data: {…}} code: ""rest_forbidden_context"" data: status: 403 __proto__: Object message: ""Sorry, you are not allowed to edit this post."" __proto__: constructor: ƒ Object() hasOwnProperty: ƒ hasOwnProperty() isPrototypeOf: ƒ isPrototypeOf() propertyIsEnumerable: ƒ propertyIsEnumerable() toLocaleString: ƒ toLocaleString() toString: ƒ toString() valueOf: ƒ valueOf() __defineGetter__: ƒ __defineGetter__() __defineSetter__: ƒ __defineSetter__() __lookupGetter__: ƒ __lookupGetter__() __lookupSetter__: ƒ __lookupSetter__() get __proto__: ƒ __proto__() set __proto__: ƒ __proto__() }}} " yewzy Needs Patch 29594 Basic Cookie Authentication from External Database Role/Capability 4.0 normal normal defect (bug) new 2014-09-09T05:42:46Z 2019-06-04T21:12:21Z "Several bridges (WP plugins) linking different forum software packages rely on the wp_set_auth_cookie($user_id,0,0) to get the user logged into WordPress. With the change in WP 4.0, this single line no longer works. Instead, the user is logged into the site but can no longer publish a post or page, nor update a plugin etc. Whereas the same user would be able to do all those things in 3.9.2 and below. I've come across this issue for three different bridges. The change is the addition of the token. [Suggestion] Maybe there needs to be some instruction in the documents on how WP developers want the external authorization to happen for login plus capabilities to post. Is this a bug with just the single line (wp_set_auth_cookie) not functioning as intended or do devs expect plugin developers to use other lines of code to get the user logged in .. and authorized to publish, post, etc. ?" LPH2005 9 Needs Patch 50252 Capability issue with admin menu Role/Capability 5.4.1 normal normal Awaiting Review defect (bug) new 2020-05-26T04:20:02Z 2023-06-24T05:55:23Z "An answering of a question on Stack Exchange ([https://wordpress.stackexchange.com/questions/367518/how-do-i-code-access-to-the-built-in-ui-of-a-cpt-when-its-placed-as-submenu-of]) led to the reporting of this bug. Please refer to it for further explanation and coding examples. When a custom post type is registered, the {{{show_in_menu}}} option allows for the UI link of the custom post type to be nested under the menu of a second custom post type. However, if the user is authorized to view/edit the first post type, the UI of said nested post type is unavailable if the user does not also possess the capabilities required of the post type represented in the parent menu. The bug is this: the admin menu is properly displaying the links to pages which the user is capable of viewing, but the user is not permitted to access those pages. The same can be said of any page whose link is nested in the admin menu under a page which the user does not possess the required capabilities of that parent." mort1305 2 Needs Patch 26807 Comments on private posts should also be private in admin depending on role Role/Capability 3.1 normal normal defect (bug) new 2014-01-10T14:54:51Z 2019-06-04T21:10:07Z "Repro: 1. As user X, create a private post. 2. As user X, add a comment to the private post. 3. As user Y with Contributor role, go to the comment listing screen. Actual Result: Contributor user Y can see the post in the listing. Expected: Comments on private posts should not be visible to users who don't have elevated capabilities. There's a potential here for information disclosure, as when a comment quotes content from the private post. There's already a cap check in `WP_Comments_List_Table::single_row()`, so it seems like we could suppress display as well based on that check (in fact, I did so to test), though working out the counts for display above the table and for pagination will likely be a little more involved." dllh 2 Needs Patch 54966 Inconsistent checking of read permission for singular vs non-singular queries Role/Capability normal normal Awaiting Review defect (bug) new 2022-01-28T04:42:50Z 2022-02-03T02:21:12Z "Apologies if this has already been reported, as I wasn't sure exactly what to search for, but I expect it's a very old behaviour. When performing a singular query, the `read_post` meta capability is [https://github.com/WordPress/WordPress/blob/5.9/wp-includes/class-wp-query.php#L3190 checked] and the post not returned if the user is not allowed to read it. The same does not happen for non-singular queries. Instead, a primitive capability is [https://github.com/WordPress/WordPress/blob/5.9/wp-includes/class-wp-query.php#L2593 checked], which may not always yield an accurate result if the post type is using some non-standard capability mapping. It would be good if `read_post` could be checked individually on each of the posts being returned." manfcarlo 1 Needs Patch 16808 Insufficient permissions for custom post type management and custom role/caps Role/Capability 3.1 normal normal defect (bug) reopened 2011-03-09T19:54:04Z 2023-01-27T05:59:30Z "I asked a question over at [http://wordpress.stackexchange.com/questions/11508/permission-error-on-custom-post-type-add-new-action StackExchange] about this. Went into their chat room to talk to a few people and came to the conclusion I need to post this ticket. --- When accessing an admin page located at post-new.php with a custom post type on a user that's in a custom role that has the available permission to ""Add New"", you get ""You do not have sufficient permissions to access this page."" {{{ $post_caps = array( 'delete_post' => 'argus_admin', ); $visitor_caps = $post_caps; $visitor_caps = array_merge( $visitor_caps, array( 'edit_post' => 'argus_visitors', 'read_post' => 'argus_visitors', 'edit_posts' => 'argus_visitors', 'edit_others_posts' => 'argus_visitors', 'publish_posts' => 'argus_visitors', 'read_private_posts' => 'argus_visitors', )); $v_args = array( 'labels' => array ( 'name' => 'Visitors', 'singular_name' => 'Visitor', 'add_new_item' => 'Register New Visitor', ), 'public' => true, 'publicly_queryable' => false, 'exclude_from_search' => true, 'show_ui' => true, 'show_in_menu' => 'argus', //'show_in_menu' => false, 'hiearchical' => false, 'supports' => array( '' ), 'capabilities' => $visitor_caps, 'register_meta_box_cb' => array ( &$this, '_wp_visitor_meta_box_cb' ), ); register_post_type( 'visitor', $v_args ); }}} I've tested it with 3.0.4 and it worked flawlessly. However, when in 3.1, it doesn't want to work." Genesis2001 11 Needs Patch 47897 Introduce method to introduce new roles and caps independently of db upgrades. Role/Capability normal normal Awaiting Review defect (bug) new 2019-08-18T22:42:27Z 2019-08-18T22:42:27Z "Presently adding new roles and caps is avoided to guarantee backward compatibility with sites that don't update the database schema. This has resulted in: * a bunch of capabilities being used for purposes other than their original purpose * abuse of meta caps of faux primitives * filters added to the `user_has_cap` to introduce faux capabilities (three and counting) It's a little confusing and these hard coded capabilities make it more complex for sites with custom roles to manage granular capabilities. Additionally, it has lead to problems in which custom roles that should be given the capability are not. For example a custom role with page editing permissions but no post editing permissions should probably be allowed to add shared blocks. For the majority of sites which run database upgrade routines, it would be helpful to upgrade the roles and capabilities in the database. For sites which do not, faux capabilities can be added to the `user_has_cap` filter in a single function, based on the database version. For sites with hard coded arrays, the presence of the new capability can be detected and added as a faux capability if it is not. As an initial construct, a faux capabilities function can be added: {{{#!php data->id)) { This is a strange bug... it didn't effect my staging boxes running on 7.0.8 but it did effect all my boxes running 7.0.15+ It seems to me very unbeliavable that such little change can do harm, but I can reproduce it everytime I try to move the project to a box. Sorry I'm not a WP boy but do move sites requllary and I haven't experienced such behavior with 4.6 or earlier." dffnbfee Needs Patch 38714 Taxonomy meta boxes do not work right with Custom Post Types that use custom capabilities Role/Capability 4.6 normal normal Awaiting Review defect (bug) new 2016-11-08T18:42:31Z 2019-03-25T23:52:11Z "Category and tag taxonomies have the capability required for ""assign_terms"" set to ""edit_posts"", as in the global `$wp_taxonomies['category']->cap->assign_terms` for example. This becomes a problem with custom post types that define a custom capabilities array specifying a different edit capability and the usual ""edit_posts"" capability for particular roles is removed, though they have the proper edit CPT capability. Then the corresponding meta box on the CPT edit screen is not properly interactive. For example, I create a CPT called ""Contributions"" and map the ""edit_posts"" capability to ""edit_contributions"". I also create a ""Contributor"" role that has all the expected capabilities for Contributions posts, including ""edit_contributions"" This role does not have the usual ""edit_posts"" and other default post and page capabilities, other than ""read"". The role also has ""manage_categories"" capability. When logged in as a user with only the Contributor role, when I go to the edit contributions screen, I can see the categories meta box, but cannot assign any terms to the current contributions post. The checkboxes are inactive. Similarly for tags, I can see the tags meta box, but it has no content. This issue was brought up in this forums post: https://wordpress.org/support/topic/custom-post-type-with-categories-and-tags-checkbox-disabled/" bcworkz 1 Needs Patch 51651 The `read_post` meta capability returns an incorrect result for the inherit post status. Role/Capability 3.4 normal normal Awaiting Review defect (bug) new 2020-10-27T23:29:33Z 2021-02-02T23:51:03Z "When an attachment is uploaded via an edit post screen, it is given the inherit post status to determine whether it is published, private, etc. The key definition within the post object are as follows: {{{ post_type: attachment post_status: inherit post_parent: 1 }}} The `inherit` post status is registered as `internal`, and is therefore not considered `public`. As the `read_post` meta capability gets the post status object without checking if it is inherited, it returns the incorrect result for logged in users able to read the post: {{{#!php post_status /* 'inherit' */ ); }}} To correctly determine if a user can read the post, the post status string ought to use `get_post_status()`: {{{#!php has_cap(‘create_users')) return true; // line added return $current_user->has_cap( $capability, ...$args ); } }}} " malamiao Needs Patch 49287 Users with no page deletion capabilities can delete homepage in multisite Role/Capability normal normal Awaiting Review defect (bug) new 2020-01-24T16:37:27Z 2020-01-24T16:40:17Z "To recreate: - Set up a vanilla multisite. On one of the sites, set a static page as the homepage. Create a second page for comparison purposes. - Create a standard administrator user on that site. By default, they have permission to delete both the pages referred to above (expected behaviour). - Add the following to the theme's `functions.php`: {{{ add_action('init', function () { $role = get_role('administrator'); $role->remove_cap('delete_pages'); $role->remove_cap('delete_others_pages'); $role->remove_cap('delete_published_pages'); }); }}} The administrator role is now unable to delete pages EXCEPT the page that is set as the homepage, which they are still able to trash. It appears this bug exists in v4.7 onwards. In 4.6.1 I see the expected behaviour: this code prevents an administrator from trashing any pages, including the page set as the homepage." robdxw 1 Needs Patch 46440 WP_Roles data doesn't load correctly when 'switch_to_blog' is called in a multisite. Role/Capability 5.1 normal normal Awaiting Review defect (bug) new 2019-03-08T03:07:08Z 2019-03-08T16:35:38Z On `switch_to_blog` call, eventually it will come to `get_roles_data` method of `WP_Roles` through `switch_blog` hook. Then this method checks `is_multisite() && $this->site_id != get_current_blog_id()`, but `$this->site_id != get_current_blog_id()` will always be false, because the current blog id is already set in `switch_to_blog`, hence it fails to load the data. syammohanm 2 Needs Patch 45879 WP_User::set_role() does not remove previous roles Role/Capability normal normal Awaiting Review defect (bug) new 2019-01-09T14:28:45Z 2019-01-09T14:39:00Z "If a user has a role that has been removed from WordPress by using remove_role() this role is not removed when using WP_User::set_role() on the user. Example: remove_role('subscriber') has been used on the install removing the subscriber role from available roles. A new user is created with wp_create_user() The new user is automatically assigned the role subscriber (which does not exist) The new users role is set using WP_User::set_role() In the database, the usermeta row with capabilities for the new user still contains the subscriber role and the new role is given an index of 1 instead of 0 in the $user->roles array. Expected result: WP_User::set_role() should effectively remove all previous roles from the user even if they have been removed from WordPress with remove_role(). " fried_eggz Needs Patch 36056 When saving a post for an other author, the current_user_can() check is not passing the post ID with the edit_others_posts capability Role/Capability 4.4.2 normal normal defect (bug) new 2016-03-03T01:48:29Z 2019-06-04T21:20:50Z "The scenario: we're using a custom role that is locked down to only being able to edit a single page titled 'About Us'. We've added an 'edit_about' capability to the role, and use the map_meta_cap filter to return 'edit_about' if that's the page being edited for the role. {{{ if ( in_array( $cap, $cap_needed ) && user_can( $user_id, 'edit_about' ) && ! empty( $args ) ) { $post_id = $args[0]; $page = get_post( $post_id ); $parent = get_post( $page->post_parent ); $caps = array(); if ( 'page' === $page->post_type && ( 'about us' === strtolower( $page->post_title ) || ( null !== $parent && 'about us' === strtolower( $parent->post_title ) ) ) ) { $caps[] = 'edit_about'; } else { $caps[] = 'do_not_allow'; } } }}} WP_Posts_List_Table and wp-admin/post.php is doing a simple check just on edit_post. {{{ current_user_can( 'edit_post', $post->ID ); }}} Because we're getting the post ID, we can allow any user with that role to see the Edit link and get to the edit page, and it's turned off for every other page. When trying to save the post, wp-admin/includes/post.php checks to see if the author is different than the current user, but is not passing the post ID in the check: {{{ if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] ) && ! current_user_can( $ptype->cap->edit_others_posts ) ) { if ( $update ) { if ( 'page' == $post_data['post_type'] ) { return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); } }}} Because we don't have the post ID, we don't have any context of the post being saved and are not able to tell WordPress that saving this others post is allowed. Changing the code in core above to: {{{ current_user_can( $ptype->cap->edit_others_posts, $post_data['ID'] ) }}} fixes the issue and allows the page to be saved. Giving the role the edit_others_pages capability also fixes the issue. I'm not 100% sure this is a bug or by design, and may be related to #30452, but would like some input from the core team. " GunGeekATX 4 Needs Patch 47338 is_super_admin() should check a different capability Role/Capability normal normal Awaiting Review defect (bug) new 2019-05-21T14:07:18Z 2019-09-23T09:56:35Z "Currently is_super_admin() returns true in case the user has the delete_users cap (in case of a single site). Since admins may want to delegate users managemente capability, IMHO a more appropriate capability to check is 'activate_plugins' or, better, check more than a single capability." lllor 2 Needs Patch 42136 manage_links should be a custom capability not a default Role/Capability 4.8.2 normal minor Awaiting Review defect (bug) new 2017-10-07T19:36:23Z 2017-10-07T20:05:55Z "I just noticed the capability manage_links still gets added to the default administrator capabilities upon a clean install. If you check that with current_user_can it returns as false, even when a user has this capability, like an administrator. This is when the plugin link manager is not installed. If you have the plugin link manager installed, it returns as true (as expected). So I think it should be removed out of the core and inserted into the https://wordpress.org/plugins/link-manager/." Beee 1 Needs Patch 53848 'is_feed was called incorrectly' notice if `wp_styles()` is called before the query Script Loader 5.8 normal normal Awaiting Review defect (bug) new 2021-07-31T17:20:16Z 2021-12-14T23:59:40Z "WordPress 5.8 introduced the `wp_should_load_separate_core_block_assets` (https://developer.wordpress.org/reference/functions/wp_should_load_separate_core_block_assets/) function which calls `is_feed()` internally as part of its preliminary checks that guard the application of its filter. Since `wp_should_load_separate_core_block_assets` is now called within `wp_default_styles()`, this has the potential to raise a ""doing it wrong"" notice if `WP_Styles` is initialized before the query runs for non-admin requests. `wp_styles()` has never imposed such timing restrictions on when it is called, this is somewhat of a breaking change. Ideally a different condition that does not impose the same limitation could be used in the place of `is_feed` here." aaemnnosttv 1 Needs Patch 37362 @font-face errors with dashicons in Microsoft Edge Script Loader normal normal Awaiting Review defect (bug) new 2016-07-14T12:08:36Z 2017-12-11T23:04:04Z "I encountered the following errors in Microsoft Edge console when enter admin dashboard: CSS3113:@font-face font format not recognized dashicons.eot CSS3120: No fonts available for @font-face rule load-styles.php (0,37) This is the following explanation of error code https://msdn.microsoft.com/query/dev12.query?appId=Dev12IDEF1&l=EN-US&k=k%28VS.WebClient.Help.CSS3113%29#cssCodes " jevuska 4 Needs Patch 59780 Add functionality to dequeue a block style added via wp_enqueue_block_style Script Loader normal normal Awaiting Review defect (bug) new 2023-10-31T19:53:29Z 2023-10-31T19:53:29Z "Currently there is no API to remove a block style that has been enqueued with `wp_enqueue_block_style`. This makes it harder than neccessary for a child theme to override a blockstyle from a theme. See the discussion in this core thread: https://wordpress.slack.com/archives/C02RQBWTW/p1698774094584149" jorbin Needs Patch 43900 Add hint about blocked Javascript as possible error reason in script-loader.php Script Loader normal normal Awaiting Review defect (bug) new 2018-04-29T18:52:58Z 2018-05-02T09:41:14Z "When trying to do various things with a new site, I got the same error message over and over: {{{Connection lost or the server is busy. Please try again later.}}} I even reinstalled, but the error didn't go away. When I revisited the issue next day, finally realized what silly mistake i had made. In order to help other people with same issue, we only need to change the string above in /wp-includes/script-loader.php (around row 840) into: {{{Connection lost, the server is busy, or you may have blocked JavaScript. Please try again later.}}} " tobifjellner 8 Needs Patch 30036 Add some escaping to $handle when printing styles. Script Loader normal normal defect (bug) new 2014-10-18T22:58:04Z 2019-06-04T21:12:39Z "There's a number of instances where we're currently printing out the dependency handle without any sort of escaping. We should probably do something about that. https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class.wp-styles.php#L87 `WP_Styles::do_item()` Things can currently get somewhat mucked up if someone enqueues a script or style with a single quote in it, that breaks out of the id attribute. I'm not sure what the best fix for this is, attached are some starting point unit tests to demonstrate the varied types of handles that work currently, that we'll want to at least take into consideration." georgestephanis 2 Needs Patch 55485 Clarify `wp_should_load_separate_core_block_assets()`, `block.json` script expectations Script Loader normal normal Awaiting Review defect (bug) new 2022-03-30T00:49:10Z 2023-10-25T10:27:44Z "In the `block.json` [https://github.com/WordPress/gutenberg/blob/45a8e6be0eb7fca87d64ce8140792b30e6bc4a20/schemas/json/block.json schema], the `script` property is described as: > ""Block type frontend and editor script definition. It will be enqueued both in the editor and when viewing the content on the front of the site."" From that description, I expect the `script` set in my block's `block.json` to load in the editor and on the front-end when my block is in use. I do not expect the script to load on the front-end when my block is not in use. If I activate TwentyTwentyTwo, everything works as expected. If I activate TwentyTwentyOne, my script appears on every front-end view, whether or not the block is loaded. The cause of this can be tracked to `wp_should_load_separate_core_block_assets()`, which has a short description of: > Checks whether separate styles should be loaded for core blocks on-render This implies at the beginning of the function documentation that the function will only apply to **core** blocks. The longer description helps a bit, but is muddied up in talking about core and third-party blocks separately when in reality it seems that they are treated the same. It mentions `block-library/style.css`, which itself implies this _might_ be talking about styles rather than all assets. The filter inside the function, `should_load_separate_core_block_assets`, defaults to `false` for themes that are not FSE and has a short description of: > Filters whether block styles should be loaded separately. The longer description refers only to ""core block assets"". ----- == Proposal My guess is that we can't just change the filter to default to `true`, though that would be ideal. :) I think the function docs could be clarified with something like: {{{ /** * Checks whether block assets should always load or only on-render. * * When this function returns true, block assets defined by the `script` and * `style` properties in `block.json` are loaded on-render. * * When this function returns false, these block assets are always loaded, * regardless of whether the block is rendered in a page. * * This only affects front end and not the block editor screens. }}} And the filter docs with something like: {{{ * Filters whether block assets should always load or load only on-render. * * Returning false loads all block assets, regardless of whether they are rendered * in a page or not. Returning true loads block assets only when they are rendered. }}} Previously #53505 " jeremyfelt 1 Needs Patch 24713 Compression in load_styles.php does not always work, causing inability to use the admin Script Loader 3.5.2 normal normal defect (bug) new 2013-07-08T22:59:05Z 2019-06-04T21:08:47Z "I think this is quite important, because it sometimes prevents using wp-admin pages altogether. Server environment: Debian Linux 6.0.5, apache 2.4.2, mysql 5.5.27, php 5.4.5. I have discovered that sometimes my admin Console pages are not rendered properly, as though a style sheet is not loaded. This does not depend on a browser and client operating system. I tried IE, Firefox, Chrome, Opera, I tried client browser in Windows XP, Windows Vista, Android 4.1.2, and the problem could be seen in all these cases. The problem is random. Through some magick and without any special activity on my side, wp-admin pages sometimes stop working as described, and after 10 minutes it randomly fixes itself (or does not), again without any action on my side. Further investigation showed that when I manually try to open a link containing load-styles.php as referred to from the console page (I copy and paste the link including all GET request variables into a new browser window), then sometimes garbage is shown for the load-styles.php. Encoding is UTF-8 (I have added .htaccess just in case to make sure this is not an issue). But when garbage is shown, then admin pages do not work (their stylesheet obviously does not get loaded). When there is no garbage in load-styles.php (i.e. normal stylesheet, good visible text), then all is good. I had a faint idea that this was because I mechanically moved my site from one URL (approx. localhost) to a ""production-level"" URL (copied all files + database), I thought this could be related (even though I changed all URLs in Settings/General afterwards), but this did not hold water. So looked into load-styles.php and noticed there is some conditional content encoding out there. What I did I disabled this content encoding altogether like this: {{{ if ( $compress && ! ini_get('zlib.output_compression') && 'ob_gzhandler' != ini_get('output_handler') && isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) { header('Vary: Accept-Encoding'); // Handle proxies if ( false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { // header('Content-Encoding: deflate'); // $out = gzdeflate( $out, 3 ); } elseif ( false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { // header('Content-Encoding: gzip'); // $out = gzencode( $out, 3 ); } } }}} and now everything works. All fine and all good, problem solved. No garbage anymore. Would please bother to disable this worse than useless content compression in load-styles.php for the time being before you find a solution that works for all? I believe I might be not the only one to experience these random issues with Console stylesheet. I expect that 99% of website admins have fast connections to manage their websites, and for those who do not, Opera Mini is still there and still working. And I also mean that the problem, once it shows up, is persistent, i.e. it does not disappear through a trivial full page reload (Ctrl-Shift-R in FF, for instance). If pages (stylesheet) stop working, then nothing helps: not clearing the browser cache, not restarting the browser, not starting a new instance of the browser, not starting another browser from another vendor. So the problem is not on the client side, it is on the server side." cfeet77 1 Needs Patch 45106 Concerns related to moving mce_external_plugins filter to WP_Scripts::__construct Script Loader 5.0 normal normal Awaiting Review defect (bug) new 2018-10-17T13:19:26Z 2019-01-16T22:59:17Z "In r43723 the `mce_external_plugins` filter was moved to a function called via `wp_default_scripts` which, in turn, is called from `WP_Scripts::__construct` (via `WP_Scripts::init`). While the `wp_default_packages_inline_scripts` function calling the `apply_filters( 'mce_external_plugins'` is only triggered in case the `did_action( 'init' )` returns true, there might be cases when the `WP_Scripts` object is being reinitialised after the `init` and thus code hooked to `mce_external_plugins` trying to enqueue or register a script causes an infinite loop, since the constructor of the `WP_Scripts` class is calling the filter, which calls the constructor again. This does not feel like something what would matter in 99% of time, but, for instance, this breaks core unit tests which are reinitialising the WP_Scripts object, eg.: `Test_WP_Customize_Selective_Refresh::test_register_scripts`. in case such a piece of code is being used. An example of a code used in a mu-plugin and breaking the mentioned test: {{{#!php jQueryWP = jQuery;` Then in my JS, I do: {{{ ;(function (w) { var jQ = w.jQueryWP || w.jQuery; // my jQuery code here, using jQ })(window); }}} I think that having a dependable reference to WP's jQuery object would be quite useful. One way to solve it would be to just add the line to our copy of jQuery. But that will cause issues with people who use well-behaved CDN plugins to swap out WP's jQuery for a Google-hosted copy of jQuery (note: THE SAME VERSION). So maybe a better way to do it would be to create a way to append inline JS code immediately after the inclusion of a particular script handle. We could then do what I'm doing in my plugin, but without the nasty PHP output buffers. " markjaquith 2 Needs Patch 55184 Custom style handle attached to a custom block style is never load even if the block is in the page. Script Loader 5.9 normal normal Awaiting Review defect (bug) new 2022-02-17T11:12:39Z 2024-01-30T05:12:10Z "== Description I have a custom block based theme running on WP 5.9 that declares custom styles for certain blocks via the register_block_style function, but when I specify a style_handle the style is never enqueue even though the block is present in the page content (and core block assets are only loaded when they are rendered). This issue ref to ticket #54457 https://core.trac.wordpress.org/ticket/54457 == Step-by-step reproduction instructions 1. Create a theme 2. Register a custom ""Display"" block style for the ""Heading"" block via register_block_style with ""my-theme-block-style-css"" style_handle 3. Register a ""my-theme-block-style-css"" style via wp_register_style 4. Add ""Heading"" block in page content with our ""Display"" style 5. Check CSS, ""my-theme-block-style-css"" is not loaded == The relevant code It seems that the render_block filter callback in enqueue_block_styles_assets from script-loader.php never fire. script-loader.php [https://github.com/WordPress/wordpress-develop/blob/master/src/wp-includes/script-loader.php#L2463-L2477] [https://core.trac.wordpress.org/changeset/52262] " alexandrebuffet 5 Needs Patch 52320 Empty entries in WP_Scripts 'extra' field Script Loader 4.5 normal trivial Awaiting Review defect (bug) new 2021-01-18T08:55:06Z 2021-02-23T18:56:23Z "When WordPress registers all the scripts in `wp_default_scripts()` the `add_inline_script()` will often add `false` to the extra field of the script. That `false` value does not do anything and can be easily removed by comparing against empty data from `get_data()` in `add_inline_script()`. Doesn't look like this has any effect on anything, as `false` values will later on be ignored. But this will save a few extra bytes of memory. Steps to verify: * Get the `$wp_scripts` global * Check some registered scripts, for example `$wp_scripts->registered->editor->extra['after']`. It will have two array values - one is `false` and one is the actual data `window.wp.oldEditor = window.wp.editor;` Or via debugging by putting a breakpoint in `wp-includes/class.wp-scripts.php` in `add_inline_script()` for `$script = (array) $this->get_data( $handle, $position );`" vanyukov Needs Patch 59114 Infinite loop after upgrading from WordPress 6.1.3 to 6.2 Script Loader 6.3 normal normal Awaiting Review defect (bug) new 2023-08-15T20:20:09Z 2023-08-30T18:10:34Z "Regeristing a function with the 'wp_video_shortcode_library' filter hook that enqueues a script causes an infinite loop, resulting in WordPress running out of memory. It seems that the $wp_scripts global is being set to null at some point and being reinitialized, which causes this loop since the 'wp_video_shortcode_library' filter is called as part of the wp_default_scripts function in script-loader.php. This is my theory anyways. I'm not familiar enough with the WordPress codebase to say for sure. To recreate this issue, you can make a basic theme with an empty index.php, only the theme definition inside the style.css, an empty js file (to try to enqueue), and a functions.php that registers the hook. {{{#!php 'my-theme-buttons', 'src' => get_theme_file_uri( 'assets/blocks/buttons.css' ), ); // Add ""path"" to allow inlining asset if the theme opts-in. $args['path'] = get_theme_file_path( 'assets/blocks/buttons.css' ); // Enqueue asset. wp_enqueue_block_style( 'core/buttons', $args ); } ); }}} === Result Output inline. {{{ }}} The path /wp-content/themes/abc/assets/blocks/ is not needed. I want to delete it. Is there any solution? Or is it a bug? " s56bouya Needs Patch 40134 Invalid data for scripts in footer Script Loader normal normal Awaiting Review defect (bug) new 2017-03-12T16:37:24Z 2017-03-12T16:37:24Z "During register scripts via wp_register_script in last param I can choose that script should be in footer. In function we see: {{{#!php add_data( $handle, 'group', 1 ); } }}} so footer scripts I should check use this code: {{{#!php get_data( $handle, 'group' ) ) { echo 'in footer'; } else { echo 'in header'; } }}} I check for this: admin-bar and I have false -> `in header`. We can see this code: {{{#!php add( 'admin-bar', ""/wp-includes/js/admin-bar$suffix.js"", array(), false, 1 ); }}} This should be in footer (and is, but I can't check it via my script). I think that this is bug." sebastian.pisula Needs Patch 36779 Move /wp-admin/load-scripts.php and /wp-admin/load-styles.php to /wp-includes Script Loader 4.4.2 normal normal defect (bug) new 2016-05-06T18:26:45Z 2019-06-04T21:22:41Z "Basically these files are inside /wp-admin directory, but you can hit them and get an output without being authenticated, examples: http://somedomain.usingwp.com/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,svg-painter,heartbeat,wp-auth-check&ver=4.4.2 http://somedomain.usingwp.com/wp-admin/load-styles.php?c=0&dir=ltr&load=dashicons,admin-bar,wp-admin,buttons,wp-auth-check&ver=4.4.2 If these scripts are for use inside admin, why authentication isn't required?, if these scripts are for general use on the admin, themes, etc, why these aren't on wp-includes? This was pointed to me on a security scan, and apart from that if the idea is general use for this, I think hosting these on /wp-admin is misleading. " SaulNunez Needs Patch 47789 "NGINX: Request for media-view.js leads to ""zero size buf in writer""" Script Loader normal normal Awaiting Review defect (bug) new 2019-07-28T13:14:52Z 2019-10-20T11:56:28Z "I do currently have an issue loading the media-view.js file in backend, which leads to multiple js errors on pages or media grid. Checking the logs show an ""zero size buf in writer"" error for these requests. The error occurs even on deactivated plugins and default theme. So I tried to debug this down. I am running multiple WordPress sites locally over NGINX (laravel) in development mode, where SCRIPT_DEBUG is true; so it tries to load the unminidfied version of the file. Replacing it´s content with the minified version solves the bug. I do currently not know, what causes the empty buffer." d.sturm 4 Needs Patch 49742 No longer able to enqueue multiple Google Fonts with wp_enqueue_style Script Loader normal normal Awaiting Review defect (bug) new 2020-03-31T16:03:07Z 2021-11-10T00:04:08Z "I'm using wp_enqueue_style to enqueue this Google Font file. Here is my code: wp_enqueue_style( 'google-fonts', 'https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,700;1,400&family=Neuton:ital,wght@0,300;0,400;0,700;1,400&display=swap', [] ); This is in my functions.php file. However, when I view source on my loaded page, the URL for that font file is cut down to: https://fonts.googleapis.com/css2?family=Neuton%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C700%3B1%2C400&display=swap&ver=5.3.2 As you can see, the first family param has been removed after being outputted through wp_enqueue_style. Is there a way to fix this without doing anything hacky? I think there may be an outdated way to build the URL to both to come through, but I'd rather be able to use what Google now provides. My original URL inside wp_enqueue_style is the URL generated by Google Fonts for me to embed. SO post here: https://stackoverflow.com/questions/60953810/why-cant-i-enqueue-multiple-google-fonts-in-wordpress-functions-php/60954323#60954323" tannerm 8 Needs Patch 21520 Prevent recursive script dependencies in wp_enqueue_script Script Loader normal normal defect (bug) new 2012-08-08T17:21:43Z 2019-06-04T21:07:42Z "If a script sets itself as a dependency, we should catch that, strip out the dependency, and throw a {{{_doing_it_wrong}}}: {{{wp_enqueue_script( 'my-script', '/path/to/file.js', array( 'my-script' ) );}}} This may need to be done at the lowest level possible, i.e. {{{_WP_Dependency}}}" batmoo 11 Needs Patch 15833 Script concatenation fails to take external dependencies into account. Script Loader 3.0 normal normal Future Release defect (bug) new 2010-12-15T17:35:17Z 2019-05-21T10:42:05Z "Script concatenation places the concatenated script include first, before any scripts loaded separately. If one of the scripts in the concatenation relies on a script outside the concatenation the dependency order is ignored. When the dependencies are all internal to the concatenation things work fine (for example script4 relies on script3): * concat=script1,script2,script3,script4,script5 But when script3 is loaded externally, script4 will break: * concat=script1,script2,script4,script5 * external-script3 This becomes apparent if jQuery is loaded from a non-standard location (via a plugin or the [http://codex.wordpress.org/Function_Reference/wp_enqueue_script#Load_a_default_WordPress_script_from_a_non-default_location code from the Codex]) in that the visual editor fails to function correctly because source:/trunk/wp-admin/js/editor.js uses jQuery (which it fails to register as a dependency, see ticket:15830, but when I fixed that locally the results were the same). I'm working around this in [http://wordpress.org/extend/plugins/use-google-libraries/ Use Google Libraries] by globally disabling concatenation, but it would be nice if this was fixed. If possible, it would be nice if the loader was smart enough to do something like: * concat=script1,script2 * external-script3 * concat=script4,script5 Or at least flagged the script with the dependency as unsafe for concatenation: * concat=script1,script2,script5 * external-script3 * script4 " jczorkmid Needs Patch 49470 Script loader: simplify maintenance Script Loader 5.0 normal normal Future Release defect (bug) new 2020-02-18T22:11:18Z 2020-07-21T19:03:13Z "The main functionality of script-loader is to provide a list of all WordPress scripts and stylesheets together with their dependencies, translation objects and extra/inline code. During the WP 5.0 development a few (shorthand) functions were introduced that output hard-coded data used to ""construct"" that list by running several loops instead of the simpler, one-line definitions like in the pre-existing list. This makes it harder to ""see"" and maintain the entries in the list, and doesn't bring any benefits (all data is still hard-coded, but is now in separate places). It also makes it harder to ""dynamically"" extract and construct the scripts list like in #48154. For best results and easier maintenance the ""helper functions"" introduced in WP 5.0 should be removed and the list of scripts in `wp_default_scripts ()` should include all entries." azaozz 5 Patch Needs Refresh 52879 The SCRIPT_DEBUG constant is ignored when concatenating scripts Script Loader 2.8 normal minor Future Release defect (bug) new 2021-03-22T03:39:16Z 2022-04-27T04:53:22Z Happens because `SCRIPT_DEBUG` is usually defined in `wp-config.php` however that file is not used in `load-scripts.php` and `load-styles.php`. This results in non-minified files being concatenated and outputted when SCRIPT_DEBUG is false and WP runs from /src. azaozz 11 Needs Patch 42440 Uncaught TypeError: $(...).wpColorPicker is not a function Script Loader 4.8.3 normal normal Awaiting Review defect (bug) new 2017-11-05T23:30:56Z 2017-11-06T00:56:47Z "I can't edit my page using Page Builder because the next Error {{{ gdlr-admin-panel-html.js?ver=f63693efb5b9a5e10ac3abbd57323a6b:192 Uncaught TypeError: $(...).wpColorPicker is not a function at HTMLDocument. (gdlr-admin-panel-html.js?ver=f63693efb5b9a5e10ac3abbd57323a6b:192) at i (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,plupload&ver=f63693efb5b9a5e10ac3abbd57323a6b:2) at Object.fireWith [as resolveWith] (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,plupload&ver=f63693efb5b9a5e10ac3abbd57323a6b:2) at Function.ready (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,plupload&ver=f63693efb5b9a5e10ac3abbd57323a6b:2) at HTMLDocument.K (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,plupload&ver=f63693efb5b9a5e10ac3abbd57323a6b:2) }}} Can you help please?" shamstarek 1 Needs Patch 36448 When concatenating scripts in script-loader dependencies may not be honoured. Script Loader 4.4.2 normal normal defect (bug) new 2016-04-08T09:33:59Z 2019-06-04T21:21:36Z "This is a follow on from [https://core.trac.wordpress.org/ticket/36392#comment:13 36392#comment:13]. Ticket #15833 looks to be related. When concatenating scripts, dependencies may not be honoured for scripts that trigger the use of `$print_html` (ie those outside the default directories or having conditionals or (if available!) inline scripts). For instance this test where `three` depends on `one` and `one` has a conditional: {{{#!php do_concat = true; $wp_scripts->default_dirs = array( '/directory/' ); $wp_scripts->default_version = 1; wp_enqueue_script( 'one', '/directory/one.js', array(), 1 ); wp_enqueue_script( 'two', '/directory/two.js', array(), 1 ); wp_enqueue_script( 'three', '/directory/three.js', array( 'one' ), 1 ); wp_script_add_data( 'one', 'conditional', 'blah' ); $wp_print_scripts = get_echo( 'wp_print_scripts' ); $print_scripts = get_echo( '_print_scripts' ); $expected = ""\n""; $expected .= ""\n""; $this->assertEquals( $expected, $print_scripts ); $this->assertEquals( '', $wp_print_scripts ); } }}} will fail, as the conditional stuff will always be outputted after the concatenated scripts, resulting in `one` appearing after `three`: {{{ }}} The same is also true, ''mutatis mutandis'' (ahem), for styles, but I'll open a separate ticket for that." gitlost 1 Needs Patch 36449 When concatenating styles in script-loader dependencies may not be honoured. Script Loader 4.4.2 normal normal defect (bug) new 2016-04-08T09:43:07Z 2019-06-04T21:21:41Z "This is the (not-really) evil twin of the scripts issue [https://core.trac.wordpress.org/ticket/36448 36448]. When concatenating styles, dependencies may not be honoured for styles that trigger the use of `$print_html` (ie those outside the default directories or having conditionals or alts). For instance this test where `three` depends on `one` and `one` has a conditional: {{{#!php do_concat = true; $wp_styles->default_dirs = array( '/directory/' ); $wp_styles->default_version = 1; wp_enqueue_style( 'one', '/directory/one.js', array(), 1 ); wp_enqueue_style( 'two', '/directory/two.js', array(), 1 ); wp_enqueue_style( 'three', '/directory/three.js', array( 'one' ), 1 ); wp_style_add_data( 'one', 'conditional', 'blah' ); $wp_print_styles = get_echo( 'wp_print_styles' ); $print_styles = get_echo( '_print_styles' ); $expected = ""\n""; $expected .= ""\n""; $this->assertEquals( $expected, $print_styles ); $this->assertEquals( '', $wp_print_styles ); } }}} will fail, as the conditional stuff will always be outputted after the concatenated styles, resulting in `one` appearing after `three`: {{{ }}} " gitlost 1 Needs Patch 54777 passing empty object to wp_localize_script will convert it to empty array instead of empty object Script Loader normal normal Awaiting Review defect (bug) new 2022-01-10T10:44:36Z 2022-01-10T12:56:47Z "This will correctly converted to js object: {{{ wp_localize_script( $handle, $object_name, array( ""foo"" => ""Foo value"", ""bar"" => ""Bar value"" ) ); }}} the value will be: {{{ {""foo"":""Foo value"",""bar"":""Bar value""} }}} But passing empty array will be converted to js empty array: {{{ wp_localize_script( $handle, $object_name, array() ); }}} the value will be: {{{ [] }}} We want to pass empty array because we want to prepare the global js variable to be used later. But because of the inconsistency it can cause problem if we want to loop it for later use. since we use different method to loop object and array in javascript." erikdemarco 1 Needs Patch 47322 scenario based-bug in the file load-style.php Script Loader 5.2 normal normal Awaiting Review defect (bug) new 2019-05-20T01:29:27Z 2019-05-20T12:04:06Z "Technically the file load-style.php has a bug, however it is a scenario based-bug so it rarely occurred. Not going in to so much details of PHP the problem is with the variable $out concatenation of ""$contents"" used in the foreach loop, i.e., O(n) complexity issue - the allocated buffer is exhausted assigned by PHP during the single http request execution. The better and optimized way is: move the ""header"" just the above ""foreach ( $load as $handle )"" loop statement. remove ""$out"" , i.e., echo $content rather concatenating into $out. I had this issue during installing app on my local machine, and solved it happily by doing changes that way." asimbaki Needs Patch 55030 wp_enqueue_script( 'jquery-ui-autocomplete' ) - is enqueueing a bunch of extra scripts I don't need Script Loader normal normal Awaiting Review defect (bug) new 2022-02-01T16:56:14Z 2022-02-18T11:57:05Z "When I enqueue default scripts located in WP, specifically {{{#!php 'list') ); } add_action( 'wp_enqueue_scripts', 'theme_enqueue_scripts', 12 ); }}} Since my page have a variable appear almost end of the page so I need to localize it in later time and considered ""wp_print_footer_scripts"" hook, so I tried like this: Adding the handle first and localize it in later time. {{{#!php 'list') // tried also putting here but not working as well, the handle is also being queued but gone in output // wp_enqueue_script( 'handle_name_js', SOMEWHERE . '/js/custom.js', array( 'jquery' ), false, true); // did not output anything wp_localize_script( 'handle_name_js', 'memberMeta', $team_member_meta ); } add_action( 'wp_print_footer_scripts', 'set_member_meta', 20 ); }}} I have traced through core, the handle data is added actually. But it is out of my ability to trace the exact point of problem because it is pointing from a to b and b to c with many checking or modifiers, I am not familiar enough with the core nor have enough debugging technique in dealing with wordpress hooks. I run the above code inside functions or functions required php files in theme folder. Because it is not working as expected nor as suggested in the document and the trace of the code is also showing that the handle is finally gone before using it. So I think it is possibly a bug. " simongcc Needs Patch 59539 wp_register_style and wp_register_script adds ver incorrectly Script Loader 6.3.1 normal major Awaiting Review defect (bug) assigned 2023-10-04T11:57:47Z 2023-10-04T11:57:47Z "Hello, I'm sorry to report but it seems that function wp_enqueue_style adds ver incorrectly in case of existence some url parameters in src. **For example:** **Style example:** {{{#!php }}} (you see '&' instead of just '&') **Script example (from contact-form-7):** {{{#!php $service->get_sitekey(), ), $url ), array(), '3.0', true ); }}} adds: {{{ }}} (again, you see ‘&‘ instead of just ‘&’) You can find these issues on: https://forcesail.ru/" forcesail Needs Patch 59725 About test users who constantly register Security normal normal Awaiting Review defect (bug) new close 2023-10-25T06:22:23Z 2023-10-26T18:49:19Z Hello, I noticed that test users with admin role are constantly opening on my website. Anyone can register was open and it was always opening test users automatically. Is this a security vulnerability? 2itekofood 1 Needs Patch 60090 Double login with cloned wordpress instance Security 6.4.2 normal major Awaiting Review defect (bug) new 2023-12-18T08:21:22Z 2023-12-22T01:13:05Z "We use Flatsome theme, from cPanel, use WordPress Manager by Softaculous feature to clone a ""live"" wordpress to new ""staging"" website. ""live"" one is in domain: something.edu.vn ""staging"" one is in domain: stage.something.edu.vn Both websites use single hosting, i.e no CDN installed. As they are cloned from another, two sites have same config salf keys (SECURE_AUTH_SALT, AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY,AUTH_SALT,LOGGED_IN_SALT,NONCE_SALT) Open staging site, log in with an admin user (e.x ''adminuser'') Open same browser new tab. Browse ""live"" site, just refresh few times then we see that ''adminuser'' as logged in the ""live"" site. " vchn 6 Needs Patch 41391 Links to media in password protected pages Security 4.7.5 normal normal Awaiting Review defect (bug) new 2017-07-20T21:38:59Z 2017-07-24T09:06:28Z "I was able to see a google search and view a pdf that was housed on a password protected page. This was one of 2 pages I found: http://www.mspcommercial.net/wp-content/uploads/2012/07/4-tessar-14.pdf. Please confirm that the other PDFs we have stored on pages that are set up the exact same way are safe. Thank you. Samantha Doffing" sdoffing 1 Needs Patch 53618 Nonce use for AJAX calls interferes with page caching Security normal normal Awaiting Review defect (bug) new 2021-07-07T11:52:49Z 2021-07-07T22:57:49Z "There are many plugins, most notably Contact Form 7, that use nonce values to secure AJAX calls to the server. Since nonce values expire after 24 hours at the most, cached pages that contain nonces stop working if the page is not refreshed during that time. This is a serious limitation of the nonce mechanism. Sorry I don't have a better idea, but I'm hoping that others will put their heads together and come up with one, because there are MANY people discussing this on the web." galbaras 1 Needs Patch 59824 PHP Warning raised in pluggable.php when passing NULL instead of a string Security 6.3.3 normal normal Awaiting Review defect (bug) new 2023-11-07T07:53:48Z 2023-11-07T07:53:48Z "The error message is related to the **hash_equals()**: Expected ''known_string'' to be a string, ''null'' given in /var/www/../wp-includes/pluggable.php on line 2577 Hackers often pass NULL when attempting to trigger a leaked server warning message while accessing **wp-login.php**. This can be easily fixed by introducing type checking in pluggable.php: {{{ function wp_check_password( $password, $hash, $user_id = '' ) { global $wp_hasher; // If the hash is still md5... if (is_string($hash) && strlen( $hash ) <= 32 ) { $check = hash_equals( $hash, md5( $password ) ); //$hash is the **known_string** and it must be of type string //The rest of the function }}} " budiony Needs Patch 37559 Password protected pages require the password only once Security 4.5.3 normal normal Awaiting Review defect (bug) new 2016-08-03T20:58:26Z 2019-06-04T18:12:30Z after entering the password for a password protected page it does not ask for the password again to see the page after logging out of wordpress and logging in again. This could be a security vulnerability and a bug because the password for Wordpress and the password for the Password protected page are different. ctienshi 2 Needs Patch 53994 REST API requests with session cookies but an invalid/missing nonce are considered authenticated for most of the request Security normal normal Awaiting Review defect (bug) new 2021-08-24T17:29:07Z 2021-08-24T17:29:07Z "**Note: the security team reviewed this and asked that I post a public report as a hardening issue.** If a REST API request has valid session cookies but does not include a nonce, there is a significant portion of the process where the user is considered validly authenticated and signed in until the nonce is finally checked and the user account is nulled out. This period of the request is, practically speaking, the entire portion of the request where a plugin or theme would perform any operations before the REST response was sent (the obvious exception is if the REST endpoint were a custom one created by the theme or plugin, in which case, any code in direct service of dispatching the response would be after the nonce was checked). Therefore, if a request contains valid session cookies but an invalid or absent nonce, plugins and themes will almost always treat the request as if the user were validly authenticated, potentially voiding the purpose of the nonces. In WordPress Core, the first place the user account is accessed is in `\WP::init()`. After that, the init action fires, which of course, is a common hook for plugins and themes. In addition, there is nothing stopping a plugin or theme from accessing the user account well before `\WP::init()`, e.g. immediately as it is loaded. In other words, a user session is validated as early as an mu-plugin loading. Out-of-the-box, WordPress does make some decisions based on the user's logged-in status and capabilities, e.g. which mime types are allowed for an attachments REST request and how widget content is processed. In fact, even the REST API code itself decides whether or not to send nocache headers based on the user's authentication state before the nonce is checked. The request isn't de-authenticated again until the nonce is checked when `\WP_REST_Server::check_authentication()` runs, which is immediately before the response is dispatched in `\WP_REST_Server::serve_request()`. === Steps To Reproduce: 1. Sign into a WordPress site 2. Add the following code to your theme/plugin to confirm that you are considered ""signed in"", even though you didn't provide a nonce {{{#!php (.../wp-includes/js/wp-auth-check.min.js:2:655) at HTMLDocument.dispatch(.../wp-admin/load-scripts.php:2:39997) at v.handle(.../wp-admin/load-scripts.php:2:37968) at Object.trigger(.../wp-admin/load-scripts.php:2:70063) at HTMLDocument.(.../wp-admin/load-scripts.php:2:70665) at Function.each(.../wp-admin/load-scripts.php:2:3129) at e..each(.../wp-admin/load-scripts.php:2:1594) at e..trigger(.../wp-admin/load-scripts.php:2:70640) at Object.(https://wednesdaynighthop.com/wp-includes/js/heartbeat.min.js:2:2186) at c(.../wp-admin/load-scripts.php:2:25266) }}} " chamois_blanc 1 Needs Patch 48955 WP 5.3.1 changes cause potential backwards compatibility breakage with kses Security 5.3.1 normal normal Future Release defect (bug) new 2019-12-12T22:49:11Z 2020-08-12T09:15:43Z "Kses used to allow an array to be (incorrectly) passed in, and would just return the same array. Now it will return an empty string. Before: {{{#!php $test = ['this', 'is', 'an', 'array', 'but', 'shouldnt', 'be']; // Returns the above array wp_kses_post( $test ); }}} After 5.3.1: {{{#!php $test = ['this', 'is', 'an', 'array', 'but', 'shouldnt', 'be']; // Returns empty string wp_kses_post( $test ); }}} Now to be clear, passing an array and not a string into wp_kses is wrong and in the past wouldn't do anything for you. But this kind of just ""worked by accident"" I guess. So while it is incorrect usage, this release does change behavior. This stems from the changes with the new `wp_pre_kses_block_attributes` filter I believe that is hooked onto `pre_kses`. Looking at the changes, I don't think it technically needed to cause this break, was more of a side effect. At a minimum, I'm thinking maybe we should add some tests around this behavior to catch this sort of change in the future?" iCaleb 28 Needs Patch 58916 Wrong User Password Reset Security 6.2 normal normal Awaiting Review defect (bug) new 2023-07-26T15:29:38Z 2023-07-29T00:28:47Z "We have a lot of users in our database. We occasionally have users in our database that have similar usernames, for instance: 'user 1' and 'user1'. When a password needs to be reset via the e-mail reset link, sometimes the user_activation_key is populated for the wrong user when it was intended for 'user 1', it will be populated for 'user1' or the other way around. They all have different user nicenames and e-mail addresses, but there must be some sanitizing going on with the username and password resets that is making similar but different usernames not technically unique. " dappelman 3 Needs Patch 34852 fix broken re-auth loop (due to expired session) Security 4.3.1 normal normal Awaiting Review defect (bug) new 2015-12-06T04:04:26Z 2019-06-04T18:12:28Z "Happened today. Was writing a post. A lightbox popped up saying my session was expired. Filled in my creds, submitted and got a 406 error. Tried closing the lightbox - it just popped up again. Tried submitting again. Eventually, had to login into the admin area in a different tab, and only then the login lightbox stopped popping up. What scares me is there wasn't even an option to save my edit. Luckily nothing got lost." rothschild86 1 Needs Patch 58679 meta key field in usermeta table should NOT use accent insensitive collations Security normal major Awaiting Review defect (bug) new 2023-06-30T09:09:50Z 2023-10-30T18:22:48Z "Looking at the latest string of vulnerability issues that came up related to the [Ultimate Member plugin](https://wordpress.org/plugins/ultimate-member/) I discovered that the usermeta table has an accent insensitive collation for the `meta_key` field. This results in queries for `wp_cãpăbilitiës` to return the actual `wp_capabilities` row! See `update_metadata()` function in wp-includes/meta.php Imagine the attack surface this brings. In fact, don't imagine, just look at the recent attacks in the wild. Fix: use accent insensitive collations (or even ASCII BINARY)" madhazelnut Needs Patch 57447 "wp_ajax_inline_save function does not check if post has ""public"" or ""show_ui"" enabled" Security normal normal Awaiting Review defect (bug) new 2023-01-11T17:45:20Z 2023-01-11T17:45:20Z "The Security Team has already reviewed this report on the WordPress HackerOne Program, and I was requested to create the ticket here as well. Both the `public` and `show_ui` aren't checked by the `wp_ajax_inline_save` function, which is a UI-intended function. The documentation for both params explains that having them as ""false"" should prevent the UI management for the custom post type: show_ui bool Whether to generate and allow a UI for managing this post type in the admin. Default is value of $public. public (boolean) (optional) Controls how the type is visible to authors (show_in_nav_menus, show_ui) and readers (exclude_from_search, publicly_queryable). For the ""public"" param, the docs also say that it hides the CPT from authors, which can be bypassed, as seen below in the proof-of-concept. Since the ""_inline_edit"" nonce value is valid for all inline edits, regardless of the post type, it's possible to get this nonce on any post listing page and exploit this function to access a CPT that was not intended to be accessible. PoC: {{{#!php __( 'Example' ), 'description' => __( 'Example' ), 'labels' => $labels, 'supports' => array( 'title', 'editor' ), 'taxonomies' => array(), 'hierarchical' => false, 'public' => false, // <-- False 'show_ui' => false, // <-- False 'show_in_menu' => false, 'show_in_admin_bar' => false, 'show_in_nav_menus' => false, 'can_export' => false, 'has_archive' => false, 'exclude_from_search' => true, 'publicly_queryable' => false, 'rewrite' => false, 'show_in_rest' => false, ); register_post_type( '...', $args ); }}} What looks like a ""protected"" and ""hidden"" CPT can actually be accessed and edited by using this security issue on ""wp_ajax_inline_save"": {{{ curl 'http://SITE_URL/wp-admin/admin-ajax.php' \ -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \ -H 'Cookie: COOKIES_HERE' \ -H 'Origin: SITE_URL' \ --data-raw 'post_title=Something&_inline_edit=NONCE_HERE&post_view=list&screen=edit-page&action=inline-save&post_type=POST_TYPE&post_ID=POST_ID&edit_date=true&post_status=all' \ --compressed }}} The ""show_ui"" parameter has been enforced in the core's past versions when accessing **some** places, but the ""wp_ajax_inline_save"" function was not affected: 4.4.0 The show_ui argument is now enforced on the post type listing screen and post editing screen. 3.0.0 The show_ui argument is now enforced on the new post screen. " lucius0101 Needs Patch 60347 wp_kses breaking text fragments links Security normal normal Awaiting Review defect (bug) new 2024-01-25T17:20:18Z 2024-01-25T19:36:08Z "Hello. It seems that wp_kses() (probably wp_kses_bad_protocol()) is breaking text fragments links (https://developer.mozilla.org/en-US/docs/Web/Text_fragments). For example: Link This issue became more prominent as recently ACF started escaping HTML using the wp_kses() function (https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/). I confirmed the issue with ACF's support. " asafm7 1 Needs Patch 58174 A shortcode block that evaluates to nothing, renders as a space in the HTML Shortcodes normal normal Awaiting Review defect (bug) new 2023-04-22T13:07:07Z 2023-10-26T17:53:33Z "A shortcode block that evaluates to nothing renders as a space in the HTML. A screenshot: https://drive.google.com/file/d/1wjDAXVgrqE5L5pzTJDKuTo606XzuTZ4k/view?usp=drivesdk I've noticed it while using an [acf] shortcode referencing an empty field, but it also happens with an empty [audio] core shortcode. This makes styling with CSS cumbersome. For example, the :empty selector can't be used. When I remove the shortcode block, leaving the column block completely empty, the redundant space isn't being rendered (so it isn't a browser issue). I've tried to reverse-engineer it really hard, even trying to catch the HTML at the last minute in the get_the_block_template_html() function, but I couldn't find the culprit spaces." asafm7 3 Needs Patch 58469 Changeset 55832 broke shortcodes saved in block attributes and rendered serverside Shortcodes 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-06T21:31:53Z 2023-06-07T16:29:15Z "simply put, if a shortcode is saved to a block attribute and rendered as part of its `render_callback`, it no longer parses the shortcode as `do_shortcode` is now called before `do_blocks` see [55832]" brumack 1 Needs Patch 33134 Complex Nested Shortcodes Inside of Attributes Are Not Processed Left-to-Right Shortcodes 4.2.3 normal normal defect (bug) new 2015-07-27T02:30:38Z 2019-06-04T21:16:00Z "Given the following input pattern, the 4.2.3 update alters the flow of control very slightly, which could give the appearance that shortcodes are ""not working"". {{{[myloop][/myloop]}}} The preferred input pattern is the one in which the shortcodes output their own HTML, and this is unchanged by the update to 4.2.3: {{{[myloop][dependent][/myloop]}}} Additional considerations: The Shortcode API does not process nested shortcodes. This only happens when plugins run do_shortcode() recursively. Core devs have not yet considered whether this is a bug, nor to which Milestone it might be assigned. Algorithm required for do_shortcode to partially restore left-to-right processing: 1. Parse HTML. 1. Replace all shortcodes found in attributes with unique, non-shortcode, non-HTML placeholders. 1. Implode HTML. 1. Run shortcode regexp. 1. Before calling each custom handler, the placeholders would have to be undone inside of each wrapping shortcode. 1. Call custom handler. At this point, the custom handler is able to get left-to-right recursion. 1. Escape all shortcodes and placeholders in shortcode output (callback abstraction needed?) 1. Undo all remaining placeholders. 1. Parse HTML (again, from the top) 1. Do shortcodes in attributes. (Not inside wrapping shortcodes). 1. KSES filters the shortcode output. 1. Implode HTML. " miqrogroove 7 Needs Patch 43725 Multiple instances of opening / closing shortcode only works when closing tag is provided Shortcodes normal normal Future Release defect (bug) new 2018-04-09T20:23:15Z 2020-07-16T17:49:08Z "Given the following example: {{{ [url]Now this is wrapped[/url] [url] This one is standalone [url]Now this is wrapped too[/url] }}} The middle shortcode instance doesn't render unless you close it with `[url/]`. Attached is a patch with the unit tests. I'm unsure whether this is a fixable issue though." danielbachhuber 1 Needs Patch 34814 "Presence of ""Less than sign"" < adds additional closing shortcode tag." Shortcodes 4.2.3 normal normal defect (bug) new 2015-11-29T06:31:24Z 2019-06-04T21:18:09Z "If a `<` is used in shortcode content without a reciprocating `>` the shortcode closing tag will be duplicated. This was introduced in 4.2.3 as part of [33360]. For example, assuming `[my_shortcode]` simply returns it's content. This... `[my_shortcode]One < Two[/my_shortcode]` Should output this: `One < Two` But instead, we get this: `One < Two[/my_shortcode]` Consequently, a unit test somewhat like this won't pass: {{{ array( '[caption]Hello < World[/caption]', 'Hello < World' ) }}} I'm not 100% sure, but I suspect it's due to this regex: https://core.trac.wordpress.org/browser/branches/4.2/src/wp-includes/shortcodes.php?rev=33360#L346 By continuing to match all input, perhaps that also grabs the shortcode's closing tag, causing it to be duplicated." alexander.rohmann 1 Needs Patch 37238 Right-aligned captions with embedded iframes get removed in Visual mode Shortcodes 4.5.3 normal normal defect (bug) new 2016-06-29T20:43:13Z 2019-04-19T21:12:30Z "This has affected a client site a couple of times now so I thought I'd better share it and see if this is a bug or if there is something we are doing fundamentally wrong. If you are working in Text mode and you end up creating a caption, right-aligning it and embedding an iframe within the caption shortcode, as follows... {{{ [caption width=""350"" class=""alignright"" caption=""Ria Ritchie's latest video on YouTube""][/caption] }}} ...if anyone comes along in Visual mode they can see the embedded iframe right-aligned and with the caption below it. If they make a change to any part of the post and hit 'Update', the caption and iframe get removed, but the caption text remains (without any surrounding markup)." ChrisBAshton 1 Needs Patch 49955 Shortcode escaping not correctly handled when followed by enclosing shortcodes Shortcodes normal normal Awaiting Review defect (bug) new 2020-04-19T17:44:36Z 2020-07-16T17:48:56Z "There are some special situations when shortcode escaping is not correctly handled. This code will reproduce the error: {{{#!php }}} This is the code of the shortcode function {{{#!php
    }}} and the pattern: {{{

    }}} Expected output: `PHP version 7.4 or greater.` Actual output: `PHP version [recommended_php] or greater.` This caused [https://wordpress.slack.com/archives/C02QB8GMM/p1684947553359749 an issue with the WordPress.org download page]. This might be a duplicate of #58386, not sure if this should be handled differently for the pattern block vs 3rd party blocks." ryelle Needs Patch 52567 Shortcodes in separate

    tags appear on same line in browser Shortcodes 5.6.1 normal normal Awaiting Review defect (bug) new 2021-02-18T11:52:53Z 2023-05-25T06:18:59Z "Please see the posts at the link below: https://wordpress.org/support/topic/shortcodes-in-separate-tags-appear-on-same-line-in-browser/#post-14065192 This problem: - ONLY occurs with

    tags - Only when no other item is between the tags except the shortcode. - It does NOT occur when using other tags, such as headings, lists, etc. - It does NOT occur if there is something before or after the shortcode in the same tag that is non-whitespace." pawanahluwalia 1 Needs Patch 35545 Unexpected behavior of wp.shortcode.regexp Shortcodes 4.4.1 normal normal defect (bug) new 2016-01-20T14:09:51Z 2019-06-04T21:19:46Z "Using the _.memoize-Function for wp.shortcode.regexp (defined in /wp-includes/js/shortcode.js) leads to somewhat surprising behavior of the returned Regexp-Object: {{{ > wp.shortcode.regexp(""foo"").exec(""[foo]bar[/foo]"") -> [""[foo]bar[/foo]"", """", ""foo"", """", undefined, ""bar"", ""[/foo]"", """"] > wp.shortcode.regexp(""foo"").exec(""[foo]bar[/foo]"") -> null > wp.shortcode.regexp(""foo"").exec(""[foo]bar[/foo]"") -> [""[foo]bar[/foo]"", """", ""foo"", """", undefined, ""bar"", ""[/foo]"", """"] > wp.shortcode.regexp(""foo"").exec(""[foo]bar[/foo]"") -> null ... }}} I would expect the call to return the same result every time and not ""null"" every second time. This happens because the Regexp-Object is recycled and Regexp just seems to behave this way. However when using wp.shortcode.regexp-Function without knowing the internal behavior of the Regexp-Object, this comes rather surprising. Maybe not caching this object might be a better choice here. For example, the Shortcode-UI-Plugin (https://wordpress.org/plugins/shortcodes-ui/) seems to have a problem because of this." TobiasHoessl Needs Patch 45377 Video Shortcode Ajax Issue Shortcodes 5.0 normal minor Future Release defect (bug) new 2018-11-19T13:34:23Z 2018-12-06T10:59:35Z "Hi guys, I have the problem with wp_video_shortcode element settings on ajax trigger, where defaults_atts variable override settings I forward to shortcode. Because is_admin() conditional inside shortcode function return true on ajax calling. Example code {{{

    1300, // Aspect ration is 16:9 'height' => 731, 'loop' => true ) ); // Init video player echo wp_video_shortcode( array_merge( array( 'src' => esc_url( $video_meta ) ), $settings ) ); ?>
    }}} When I call ajax to load the new content on frontend, video player element is loaded with my settings but on rendering video, wp_video_shortcode function override my settings with default because function enters inside this conditional {{{ if ( is_admin() ) { // shrink the video so it isn't huge in the admin if ( $atts['width'] > $defaults_atts['width'] ) { $atts['height'] = round( ( $atts['height'] * $defaults_atts['width'] ) / $atts['width'] ); $atts['width'] = $defaults_atts['width']; } } }}} Is there any solutions to skip this check, or if you add some filter around defaults_atts so I can be able to change that values? Thanks for your solutions Best regards, Nenad " Nenad Obradovic 5 Needs Patch 25820 [embed] shortcode can't be escaped like others Shortcodes normal minor defect (bug) new 2013-11-04T21:36:58Z 2019-06-04T21:09:30Z "WordPress allows the use of double brackets to escape shortcodes, so that entering `[[foo]]` in your page or post displays `[foo]`. This works great for most shortcodes, and is used in the following way on enclosed shortcodes: `[[foo]Hello![/foo]]` However, this feature fails when trying to use it with core's 'embed' shortcode. To replicate: Enter the following in a page or post: `[[embed]http://www.youtube.com/watch?v=YLO7tCdBVrA[/embed]]` What I expect to see: `[embed]http://www.youtube.com/watch?v=YLO7tCdBVrA[/embed]` What I really see: `(null)` (Apologies for the weird mix of [, ], and special characters here. had a hard time with getting the markup to render as I wanted.)" MadtownLems 9 Needs Patch 43456 `wp_html_split`

    Welcome

    }}} Expected: {{{ array( '', '', '' ) }}} Got: {{{ array( '', '', '' ) }}} Somewhat related but invalid cases: #39153, #40191" soulseekah Needs Patch 44571 force_balance_tags breaks JavaScript Shortcodes 4.9.7 normal normal Awaiting Review defect (bug) new 2018-07-11T21:11:07Z 2018-07-14T18:42:18Z "Input: {{{ console.log(""extest:"", 0<=1);') ?> }}} Output: {{{ }}} (no longer valid JavaScript) Context: I use tiny (<20KB) JS programs for interactive illustrations inside tutorials on a WP blog. These would most commonly break on pages where excerpts are shown (post list, search) and it took a little while to narrow this down to force_balance_tags running for !--more splitter in get_the_content. Workarounds: enclosing JS code in a comment {{{ }}} which is a legacy part of spec https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements Could the script-tags be treated like the comments in this regard? This is a rather unobvious behaviour." yellowafterlife 1 Needs Patch 40958 force_balance_tags breaks Ninjaforms and probably other plugins that output html within js. Shortcodes 4.7.4 normal normal Awaiting Review defect (bug) new 2017-06-08T21:16:48Z 2017-06-13T21:05:23Z "If you have a shortcode for Ninjaforms and use the post in a context that runs force_balance_tags() it seriously breaks the script. For example if you have a form id=14, add this : {{{#!php "", 'abc' ) ); var_dump( do_shortcode( """" ) ); var_dump( has_shortcode( """", 'abc' ) ); var_dump( do_shortcode( """" ) ); var_dump( has_shortcode( """", 'abc' ) ); var_dump( do_shortcode( """" ) ); var_dump( has_shortcode( ""
    Hello.
    "", 'abc' ) ); var_dump( do_shortcode( ""
    Hello.
    "" ) ); var_dump( has_shortcode( ""[abc]"", 'abc' ) ); var_dump( do_shortcode( ""[abc]"" ) ); }}} result(4.3 RC1): {{{ bool(true) string(14) """" bool(true) string(19) """" bool(true) string(23) """" bool(true) string(29) ""
    Hello.
    "" bool(true) string(3) ""abc"" }}} (1).I think $ignore_html parameter is also necessary to the has_shortcode function. {{{ function has_shortcode( $content, $tag, $ignore_html = false ) }}} (2).Shouldn't a result of the has_shortcode function make the specification of the do_shortcode function identical? " tmatsuur 3 Needs Patch 34983 shortcodes not working in input fields Shortcodes 4.4 normal normal defect (bug) new 2015-12-10T16:59:09Z 2019-06-04T21:18:27Z "So here's the gist of it... Won't work: `` Works: `` At first I thought it's because the shortcode is enclosed in quotes but apparently that's not the case as the both the following work just fine. `` `` Narrowed down the issue to `do_shortcodes_in_html_tags()` where I found this: {{{ if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) { // $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html. // In this specific situation we assume KSES did not run because the input // was written by an administrator, so we should avoid changing the output // and we do not need to run KSES here. $attr = preg_replace_callback( ""/$pattern/s"", 'do_shortcode_tag', $attr ); }}} What bothers me is the part where it says ""assumes KSES did not run because the input was written by an administrator"". Why not really check if an admin did write the input, at least for posts? Attached is a patch that I did which possibly needs improvement from the WP gods :) Thanks. Mike" mikelopez 3 Needs Patch 6984 wpautop() formats the the contents of shortcodes Shortcodes 2.6 normal normal Future Release defect (bug) new 2008-05-17T10:34:02Z 2019-04-01T10:04:10Z "`wpautop()`, the bane of my existence as a plugin developer, is at it again. Here's an example of some PHP wrapped in a valid shortcode in a post of mine: {{{ [code lang=""php""]$text = str_replace( array('

    ', '

    '), array('

    ', '

    '), $text);[/code] }}} The content that gets passed to my shortcode function is this: {{{ $text = str_replace( array('

    ', '

    '), array('

    ', '

    '), $text); }}} Expected result: it shouldn't touch the insides of valid shortcodes (like adding line breaks or anything as it is doing now)." Viper007Bond 18 Needs Patch 58518 """More info about performance optimization"" links in Site Health go to 404 error on WordPress.org" Site Health normal normal Awaiting Review defect (bug) new 2023-06-12T14:03:56Z 2023-06-13T06:47:37Z "On the Site Health page, at least under the ""Enqueued scripts"" improvements, the links for ""More info about performance optimization"" go to a broken link on wordpress.org (https://wordpress.org/support/article/optimization/). According to archive.org, it looks like that link was live as late as May 16, 2023. Not sure if there is now a new page. The only optimization page is https://wordpress.org/documentation/article/search-engine-optimization/." jeffgreendesign 10 Needs Patch 49923 "Change ""Critical Issue"" to ""Recommendation""" Site Health 5.4 normal critical Awaiting Review defect (bug) new close 2020-04-16T13:26:40Z 2021-12-08T08:29:49Z "Why do you call this a critical Issue? (see screenshot please) I know, this is not new, but since 5.4 and the site health dashboard widget my clients get panic. Someone who knows how to write and set the WP_AUTO_UPDATE_CORE constant usually also knows, what this does. And it's a very conscious decision to disable the automatic updates and do the manual updates instead. And if this would be really critical, why all [https://wordpress.org/support/article/configuring-automatic-background-updates/ these constants and filters] do exist? This should be changed to a hint = ""Background updates are disabled"" or a recommendation = ""To receive background updates, enable ..."" But never ever this should be a **critical issue**. [[Image(https://p216.p3.n0.cdn.getcloudapp.com/items/jkuloA5w/Image%202020-04-16%20at%203.25.01%20PM.png)]]" La Geek 10 Needs Patch 58819 Critical error on this website Site Health 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-17T08:48:21Z 2023-07-18T08:28:00Z "Hi, recently we (and our clients) are receiving more and more ""critical error"" messages. Looking at the message in detail we see, that the message (and the whole error detection) refers to an outdated PHP version (e.g. 7.0). Yet the monitored WP implementation works with PHP version 8.0 Question: why does the routine use an outdated and unused PHP version for the monitoring? It would be fine if the error detection routine would use the same PHP version for its monitoring as the website uses. Or if these particular messages could be stopped, as they are not only useless but confusing. " ewerkstatt 4 Needs Patch 50895 False information about writable files in Site Health Info Site Health 5.4.2 normal normal Awaiting Review defect (bug) new 2020-08-11T15:06:18Z 2022-05-27T11:04:54Z "If you set the file permissions to 777 (FTP/Server) and if you have the wrong user (www-/ftp-run issue) the site health info shows all files as writable. In my opinion this is ""not true/false"" and sets a wrong signal for the users. It is not possible for me to reproduce this because I do not have this server environment at the moment. I refer to https://de.wordpress.org/support/topic/wordpress-installations-fehler/#post-88589 [this thread in the support forum] and trust here completely in the long lasting experience of @pixolin." La Geek 1 Needs Patch 48399 Recovery mode can stick the admin in a bad state Site Health 5.2 normal normal Awaiting Review defect (bug) new 2019-10-22T16:18:42Z 2019-11-21T10:54:55Z "I got an error because a local class hadn't been copied to test wp directory, and got the ''Your Site is Experiencing a Technical Issue''. I tried the enter_recovery_mode link in the email and got a different looking login, and the frontend site is blank. Even after the issue is fixed and all theme files are copied over, no fatal errors in the log, it still is blank. When I open in new container tab or different browser, the site is fine, seems like this could cause more confusion than help since this recovery-mode can make the site blank and it is cookie-based, it probably should mention this in the email that they will be seeing not what everyone else sees, even if issue is fixed?" programmin 1 Needs Patch 51088 Site Health Status widget displays incorrect or inconsistent number of issues Site Health 5.5 normal normal Awaiting Review defect (bug) new 2020-08-21T01:11:15Z 2021-05-17T22:53:20Z "I have observed that the Site Health Status widget on the admin dashboard sometimes displays an incorrect or inconsistent number of issues. When I log into the dashboard (on several different WordPress sites), the Site Health Status widget will often say ""Take a look at the ''n'' items on the Site Health screen"" where ''n'' is typically 5 or even 6. When I click on the Site Health screen and give it a moment or two to run, the number of issues shown is usually no more than 1 or 2 (generally trivial things, like not having a default theme). Once I've visited the Site Health screen and given it time to load, the dashboard widget will generally update to display that same number. However, if I don't, the widget will continue to display the incorrect total. My very tentative theory is that this might be a processing speed issue. My sites use shared hosting, so they can be laggy. I wonder if perhaps areason for this behavior could be that certain Site Health tests are not completing within a specified interval and that is causing the widget to list those tests as failed rather than incomplete. However, I don't know enough about how the Site Health processes work to judge how likely that may be." Ate Up With Motor 7 Needs Patch 51830 Site Health Themes checkout isn't correct about automatic usage of default theme or themes condition in case of a broken theme Site Health 5.2 normal normal Future Release defect (bug) new 2020-11-20T06:33:33Z 2020-11-21T20:07:58Z "1. In absence of a default theme Site Health says: ""Your site does not have any default theme. Default themes are used by WordPress automatically if anything is wrong with your chosen theme."" https://yadi.sk/i/mP_59ss-3AsCCQ It does not work this way: a. PHP error in an active theme: https://yadi.sk/i/MuqOAQ0kjldWPw b. Absence of an active theme: https://yadi.sk/i/Bzpy1icVk1Csiw c. Absence of style.css — theme continues to work And default theme is only activating automatically if you go to ""Appearance > Themes"" and formally something is wrong with theme, like an absence of style.css, but even if the theme can work fine but user after opening this page has no chouse what to do. It is not a convenient solution for a user not to see what was wrong and not to have a choice of what to do. More to the subject: #51479 2. Site Health don't tell about the absence of style.css which is causing the switch to default theme if you are visiting ""Appearance > Themes"". So, it does not run the same check what is doing this Themes page. https://yadi.sk/i/XeoY3c1x4rG_IA" oglekler 2 Needs Patch 54598 Site Health makes downright wrong and dangerous suggestions Site Health normal normal Awaiting Review defect (bug) new 2021-12-08T00:40:03Z 2022-11-30T21:41:17Z "1. ""Background updates are not working as expected"" We absolutely do not want background updates to run. We want to carefully manage updates by performing them in a test environment before we then deploy the changes to staging and finally production. Too much breakage otherwise. White screen of death anyone? 2. ""Some files are not writable by WordPress:"" The wordpress files are served from a read-only store and having the web application have access to modify itself is a *terrible* recommendation from a security point of view. 3. ""Inactive plugins are tempting targets for attackers."". How is an inactive plugin special in terms of attackability? Surely ""Code that runs on an internal accessible is a tempting target for attackers"". Whether they are active or not, plugins *in general* should be kept to a minimum to minimize the attack surface. Also, how is an inactivate plugin a target in the first place? If it's deactivated, surely it doesn't run. If there is a way to execute code in a deactivated plugin surely *that* needs to be addressed. 4. ""You should remove inactive themes"" Same as with plugins. 5. Some plugins will also detect that auto-updates are disabled and add to the noise One example is ""MonsterInsights"" that reports ""Automatic updates are disabled"". See item 1. " peterhoegsg 13 Needs Patch 47428 Site Health: Remove duplicate code in VCS test Site Health 5.2 normal normal Future Release defect (bug) new 2019-05-29T14:05:53Z 2019-08-11T23:33:49Z "In `WP_Site_Health_Auto_Updates::test_vcs_abspath()`, almost the entire `WP_Upgrader::is_vcs_checkout()` function is duplicated. This test should be updated to use `WP_Upgrader::is_vcs_checkout()` instead. There are a few issues with this that would need to be solved, though. In the message to the user, the directory under version control and the type of version control used are specified. This currently can't be determined without duplicating the logic. Also, in order to determine if the `automatic_updates_is_vcs_checkout` filter is overriding the function's result to allow updates, the filter would need to be run twice. Props @johnbillion for the suggestion in #47388." desrosj 3 Needs Patch 57347 Site health reporting issues that aren't actually problems. Site Health normal normal Awaiting Review defect (bug) new 2022-12-17T21:03:09Z 2022-12-17T21:03:09Z "Site health is reporting problems that do not exist and should have a ""Do not show this again"" option. ""Have a default theme available Security"" is ridiculous for sites that run custom themes. If my theme is broken, so is my business. Falling back to a different theme is useless. ""You should use a persistent object cache Performance"". This is a one-size fits all response that isn't applicable everywhere. ""Page cache is not detected but the server response time is OK"" This is another one. A site that has excellent response times should not be prompted to install more plugins that won't make a difference. These messages desensitize users to actual problems. After a few months of ""Not this again"", users will ignore all the messages. " tcarmen Needs Patch 47266 Template of shutdown handler for fatal errors should not be displayed for CLI scripts Site Health 5.2 normal normal Awaiting Review defect (bug) new 2019-05-14T17:27:13Z 2019-06-24T16:10:01Z "When running a CLI script that has a syntax error, the template's raw HTML and CSS are output to the command line. I don't think that the shutdown handler for fatal errors should be loaded in a CLI context; instead, the default PHP behavior should be used instead. This should handle the case where the CLI script is being run through WP-CLI, and also older scripts that were built before WP-CLI existed, which just load WP manually (i.e., check `'cli' === php_sapi_name()` rather than `defined( 'WP_CLI' )` )." iandunn 3 Needs Patch 55280 Unsupported operand types in Site Health Site Health 5.9.1 normal normal Awaiting Review defect (bug) new 2022-03-01T09:30:26Z 2024-02-27T09:04:35Z "I get the following error: {{{ AH01071: Got error 'PHP message: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string - int in [..]/wp-admin/includes/class-wp-site-health.php:2521 Stack trace: 0 [..]/wp-admin/includes/class-wp-site-health.php(1728): WP_Site_Health->has_missed_cron() 1 [..]/wp-admin/includes/class-wp-site-health.php(192): WP_Site_Health->get_test_scheduled_events() 2 [..]/wp-admin/includes/class-wp-site-health.php(137): WP_Site_Health->perform_test() 3 [..]/wp-includes/class-wp-hook.php(307): WP_Site_Health->enqueue_scripts() 4 [..]/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters() 5 [..]/wp-includes/plugin.php(474): WP_Hook->do_action() 6 [..]/wp-admin/admin-header....', referer: https://[..]/wp-admin/ }}} This is on a WordPress 5.9.1 multisite running on PHP 8.0.13 which was just upgraded from WP 5.5.8/PHP 7.3.33." lw5 7 Needs Patch 51230 WP_DEBUG is flagged when using the development environment type Site Health 5.5 normal normal Awaiting Review defect (bug) new 2020-09-03T12:43:59Z 2020-09-03T18:21:29Z "This was a request from the comments of the New `wp_get_environment_type() function in WordPress 5.5 post from @robertreiser: > Setting the environment to development also sets WP_DEBUG, which makes sense and I had WP_DEBUG enabled anyway on my development site. > > But the site health tool still shows an error regarding the use of WP_DEBUG: > > Your site is set to display errors to site visitors > > In case if setting the environment to development, this should no longer be shown as an error in the site health tool. " desrosj 3 Needs Patch 60388 WordPress Core error message in my Website Site Health normal normal Awaiting Review defect (bug) new 2024-01-30T22:00:14Z 2024-01-30T22:45:13Z "Hello, Can you help me to fix this problem (see below). I tried several fixes but none worked... Thanks JP Fernandes {{{ Fatal error: Uncaught TypeError: Unsupported operand types: string - int in /.../wp-admin/includes/class-wp-site-health.php:2985 Stack trace: #0 /.../wp-admin/includes/class-wp-site-health.php(1764): WP_Site_Health->has_missed_cron() #1 /.../wp-admin/includes/class-wp-site-health.php(194): WP_Site_Health->get_test_scheduled_events() #2 /.../wp-admin/includes/class-wp-site-health.php(139): WP_Site_Health->perform_test() #3 /.../wp-includes/class-wp-hook.php(324): WP_Site_Health->enqueue_scripts() #4 /.../wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() #5 /.../public_html/wp-includes/plugin.php(517): WP_Hook->do_action() #6 /.../wp-admin/admin-header.php(118): do_action() #7 /.../wp-admin/site-health.php(96): require_once('/.../...') #8 {main} thrown in /.../wp-admin/includes/class-wp-site-health.php on line 2985 }}}" JPTF 1 Needs Patch 60552 Add hook to WP_Sitemaps::render_sitemaps() Sitemaps normal normal Awaiting Review defect (bug) new 2024-02-15T18:53:14Z 2024-02-15T18:53:14Z "Currently, we cannot tweak the sitemap's content parameters or headers. To allow this without having to test whether the sitemap is outputting (there's currently no proper way, see #51543 and #56954), in `WP_Sitemaps::render_sitemaps()`, after the `sitemaps_enabled()` defense clause, add a hook `wp_doing_sitemap`. For example {{{#!php if ( ! $this->sitemaps_enabled() ) { $wp_query->set_404(); status_header( 404 ); return; } // Render stylesheet if this is stylesheet route. if ( $stylesheet_type ) { ... }}} Becomes {{{#!php if ( ! $this->sitemaps_enabled() ) { $wp_query->set_404(); status_header( 404 ); return; } do_action( 'wp_doing_sitemaps' ); // Render stylesheet if this is stylesheet route. if ( $stylesheet_type ) { ... }}}" Cybr Needs Patch 54010 Redirect from /sitemap.xml to /wp-sitemap.xml needs to be 301 and not 302 Sitemaps 5.5 normal normal Awaiting Review defect (bug) new 2021-08-25T21:05:27Z 2022-03-01T15:29:35Z "/sitemap.xml is the standard naming nomenclature for XML sitemaps submitted to search engines. It is widely accepted in the search community and is the defacto default for most automated sitemap tools. Because of the term's popularity when a user accesses this file off of the WordPress root they are automatically redirected via 302 to WordPress' builtin XML site map at /wp-sitemap.xml This redirect should be a 301 not a 302, because 302's are ignored by search engines as they are meant to only be temporary. This issue is causing confusion for users that aren't familiar with the WordPress default and submitting /sitemap.xml instead to search engines who then ignore the redirect because it is a 302. " RedBMedia 5 Needs Patch 51117 Sitemap & XSL requests execute main query for home page. pbiron* Sitemaps 5.5 normal normal Awaiting Review defect (bug) accepted 2020-08-24T06:09:49Z 2023-05-04T23:11:06Z "When requesting a sitemap, the main query is run with the parameters for the `is_home()` request by default. The same is true for the stylesheet. * On a site without posts this can return a false 404 error for the sitemap * On a site without a persistent cache, this can result in 10 unneeded database queries. Database log for requesting the first page of the posts sitemap is attached, other sitemap requests look similar up until the sitemap specific DB query is reached, Proposal: * Prevent main query on sitemaps * Move stylesheet to a hard coded xsl file if possible" peterwilsoncc 8 Needs Patch 56671 Sitemaps not working with almost pretty permalinks Sitemaps 5.5 normal normal Awaiting Review defect (bug) new 2022-09-27T21:21:54Z 2022-09-27T21:21:54Z "As the documentation states, WordPress supports 3 types of permalinks: https://wordpress.org/support/article/using-permalinks/#permalink-types-1. - Plain per(malinks: `https://example.org/?sitemap=index` - Pretty permalinks: `https://example.org/wp-sitemap.xml` - Almost pretty permalinks: `https://example.org/index.php/wp-sitemap.xml` The 3rd solution is provided for servers with rewrite engine off. The first 2 options are working as expected, not the third one. To reproduce: Tested on an Apache server: - Select `index.php/%postname%/` in permalinks settings. - Delete the file `.htaccess` (this deactivates rewrite engine). - Check that you can navigate on frontend, visiting posts, pages, categories, etc... with urls all including `index.php`. - Attempt to visit `https://example.org/index.php/wp-sitemap.xml` (which I expect to be the sitemap index). => You are redirected to `https://example.org/wp-sitemap.xml` which is a server 404 page. You are also redirected to the same 404 if you attempt to visit `https://example.org/?sitemap=index`" Chouby Needs Patch 51542 is_home() returns true for any component of an XML Sitemap Sitemaps normal normal Awaiting Review defect (bug) new 2020-10-15T21:41:38Z 2023-04-24T08:16:07Z "It seems that any component of the core wp-sitemap.xml implementation returns true for the conditional tag is_home() (regardless even of if the homepage is set to display ""Your Latest Posts"" or ""A static page""). For example, www.site.com/wp-sitemap-posts-page-1.xml will return true. This can easily cause problems with themes and plugins that use filters and the is_home() conditional tag to control which posts appear on the homepage." MadtownLems 5 Needs Patch 55848 wp-sitemap.xml fails to load with large number of URLs Sitemaps normal normal Awaiting Review defect (bug) new 2022-05-26T18:30:36Z 2022-11-05T04:56:06Z "benim site de wp-sitemap.xml 50000 den fazla url var fantaziescort.com site haritasına ulaşamıyorum ayarlayamıyorum resim haritasında resimleri ekleyebiliyorum yada kapada biliyorum diyer gönderileri nereden ayarlayabilirim site 50000 den fazla url alıyormu bunun ayarlarını nereden yapabilirim başka url olduğunda site hata verirmi wp-sitemap.xml kontrol yapabilecek ne yapabilirim bana yardım edermisiniz my site also has wp-sitemap.xml there are more than 50000 urls I can't access fantaziescort.com sitemap I can't set it I can add images in the image map or it's closed I know, where can I set the posts? Does the site get more than 50000 urls, where can I set it up, will the site give an error when there is another url, what can I do to check wp-sitemap.xml, can you help me?" bakiyisite 1 Needs Patch 51280 wp_register_sitemap_provider() breaks sitemap functionality if provider name contains a dash (-) pbiron Sitemaps 5.5 normal minor Future Release defect (bug) assigned 2020-09-09T16:32:32Z 2023-07-12T09:47:19Z "The announcement post for the functionality (https://make.wordpress.org/core/2020/07/22/new-xml-sitemaps-functionality-in-wordpress-5-5/) includes the following snippet: wp_register_sitemap_provider( 'awesome-plugin', $provider ); However, I believe that the name doesn't work in practice. From my experiences, using a dash in the sitemap provider name causes the following: The map is listed on the index, but when trying to view it, you just view your site's home page (not a 404, and not anything sitemappy). If you register the provider with the name 'awesome-plugin', render_sitemaps() sees the following data: $sitemap => 'awesome' (Expected: 'awesome-plugin' ) $object_subtype => 'plugin' (Expected: null ) and then it returns early due to if ( ! $provider ) As another test, I tried simply changing the name of Core's User Sitemap from 'users' to 'foo-users' and got the same result. The map was listed on the index, but when trying to browse it, you just see your site's home page (not a 404). Doing some debugging, render_sitemaps sees the following data: $sitemap => 'foo' $object_subtype => 'users' and then it returns early due to if ( ! $provider ) " MadtownLems 3 Needs Patch 42422 'unique' index not removed from the 'slug' column of the 'wp_terms' table Taxonomy 4.8.3 normal normal Awaiting Review defect (bug) new 2017-11-02T19:07:15Z 2017-11-11T18:10:02Z "This is a follow-up to #22023. It appears that on one of my older installations of wordpress the unique index was never removed from the 'slug' column of the 'wp_terms' table. The latest update 4.8.3 must have stirred something up with wp cron, conflicting with the unique status of the column. This has caused thousands of the following errors to be logged which in turn caused our server to 503 due to hitting the PHP FcgidMaxProcessesPerClass limit. Note: this installation has had regular updates since being installed years ago. {{{ stderr: WordPress database error Duplicate entry 'category-slug' for key 'slug' for query INSERT INTO `wp_terms` (`name`, `slug`, `term_group`) VALUES ('Category Name', 'category-slug', 0) made by do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, _wp_batch_split_terms, _split_shared_term }}}" joellisenby 6 Needs Patch 52975 "Add ""states"" to terms list table (for WP_Taxonomy::$default_term)" Taxonomy normal normal Awaiting Review defect (bug) new 2021-04-05T22:26:56Z 2021-04-05T22:26:56Z "The Terms list table (`WP_Terms_List_Table`) should include support for the ""states"" concept that currently also exists for Posts, Media, and Sites. Specifically, I'd like to see ""– Default"" added to the default term. I want this because WordPress Admin does not offer any explanation why the ""Uncategorized"" Category has no ""Delete"" link in the list-table UI and also has no checkbox for bulk-actions. See: `_post_states()`, `_media_states()`, and `WP_MS_Sites_List_Table::site_states()` Mock-up screenshot imminent." johnjamesjacoby Needs Patch 54819 "Adding Taxonomy with word ""media"" not showing list in Edit/Create Post" Taxonomy normal normal Awaiting Review defect (bug) new 2022-01-14T11:53:43Z 2023-03-20T16:37:08Z "Wordpress Version 5.8.3 PHP version 7.4.27 (Supports 64bit values) {{{ esc_html__( 'Media Classes', 'your-textdomain' ), 'singular_name' => esc_html__( 'Media Class', 'your-textdomain' ), 'menu_name' => esc_html__( 'Media Classes', 'your-textdomain' ), 'search_items' => esc_html__( 'Search Media Classes', 'your-textdomain' ), 'popular_items' => esc_html__( 'Popular Media Classes', 'your-textdomain' ), 'all_items' => esc_html__( 'All Media Classes', 'your-textdomain' ), 'parent_item' => esc_html__( 'Parent Media Class', 'your-textdomain' ), 'parent_item_colon' => esc_html__( 'Parent Media Class', 'your-textdomain' ), 'edit_item' => esc_html__( 'Edit Media Class', 'your-textdomain' ), 'view_item' => esc_html__( 'View Media Class', 'your-textdomain' ), 'update_item' => esc_html__( 'Update Media Class', 'your-textdomain' ), 'add_new_item' => esc_html__( 'Add new media class', 'your-textdomain' ), 'new_item_name' => esc_html__( 'New media class name', 'your-textdomain' ), 'separate_items_with_commas' => esc_html__( 'Separate media classes with commas', 'your-textdomain' ), 'add_or_remove_items' => esc_html__( 'Add or remove media classes', 'your-textdomain' ), 'choose_from_most_used' => esc_html__( 'Choose most used media classes', 'your-textdomain' ), 'not_found' => esc_html__( 'No media classes found', 'your-textdomain' ), 'no_terms' => esc_html__( 'No Media Classes', 'your-textdomain' ), 'filter_by_item' => esc_html__( 'Filter by media class', 'your-textdomain' ), 'items_list_navigation' => esc_html__( 'Media classes list pagination', 'your-textdomain' ), 'items_list' => esc_html__( 'Media Classes list', 'your-textdomain' ), 'most_used' => esc_html__( 'Most Used', 'your-textdomain' ), 'back_to_items' => esc_html__( 'Back to media classes', 'your-textdomain' ), ]; $args = [ 'label' => esc_html__( 'Media Classes', 'your-textdomain' ), 'labels' => $labels, 'description' => '', 'public' => true, 'publicly_queryable' => true, 'hierarchical' => true, 'show_ui' => true, 'show_in_menu' => true, 'show_in_nav_menus' => true, 'show_in_rest' => true, 'show_tagcloud' => true, 'show_in_quick_edit' => true, 'show_admin_column' => true, 'query_var' => true, 'sort' => true, 'meta_box_cb' => 'post_tags_meta_box', 'rest_base' => '', 'rewrite' => [ 'with_front' => true, 'hierarchical' => true, ], ]; register_taxonomy( 'media-class', ['post', 'comunidad'], $args ); } }}} " auriel2017 1 Needs Patch 57419 Adding terms to a taxonomy with non-latin characters results in PHP notice Taxonomy normal normal Awaiting Review defect (bug) new 2023-01-03T22:21:36Z 2023-01-10T16:20:29Z "When adding terms to a taxonomy that was registered with a name that contains non-latin characters, adding any terms to the taxonomy will produce a PHP notice. This, due, to taxonomy names being light in sanitization vs screen code being too harsh. We, on the WooCommerce team, encountered this in the context of product attributes, which are just a product taxonomy. We then confirmed this happens to all taxonomies having non-latin characters in their name. [https://core.trac.wordpress.org/ticket/54521 A similar issue], but for quick edit of terms, was also reported. The code involved is different, but the core of the issue is again the discrepancy in sanitization of taxonomy names. ==== Steps to reproduce 1. Register a taxonomy with non-latin characters. For example: `register_taxonomy( 'tamaño', 'post', array( 'labels' => array( 'name' => 'tamaño' ) ) );` 2. Create a term in inside this new taxonomy. 3. Term creation succeeds. 4. Confirm that: - The error log contains a PHP notice along these lines: `PHP Notice: Trying to get property 'show_ui' of non-object in [...]/wp-admin/includes/class-wp-terms-list-table.php on line 573`. - Alternatively, test with the [https://wordpress.org/plugins/query-monitor/ Query Monitor plugin] active and confirm that the PHP notice is displayed in the JS console after the AJAX request. ==== Technical details 1. Despite [https://developer.wordpress.org/reference/functions/register_taxonomy/#parameters what the codex says], taxonomy names are actually not sanitized when registering taxonomies with `register_taxonomy()`. 2. When a term is added to a taxonomy, [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/ajax-actions.php#L1069 wp_ajax_add_tag()], which handles the AJAX request, uses the `$_POST['screen']` to get an instance of the terms list table and initialize its screen to that value. 2. `_get_list_table()` in turn calls `convert_to_screen()` on this arg to obtain the screen object. 3. `WP_Screen::get()`, which is called by `convert_to_screen()`, sanitizes the passed value [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-screen.php#L252 using sanitize_key()] which removes all non-latin characters. 4. Other checks in `WP_Screen` now fail as the sanitized taxonomy name obviously doesn't exist. " jorgeatorres 2 Patch Needs Refresh 14691 Allow commas in tag names Taxonomy 3.0.1 normal normal Future Release defect (bug) new 2010-08-25T09:51:09Z 2023-11-27T09:58:10Z "Adding tags to posts via the web interface involves a lot of what boils down to {{{ explode( ',', join( ',', array( $tag_name, ... ) ) ); }}} both in PHP and JS. We settled on commas so we could have tags with spaces in them (see #10320, for example). It'd be nice if tags (and other taxonomies) could have commas in them, though. Example use case: normalized locations (""Portland, OR""). Admittedly, commas in tag names is an edge case. The attached treats tag inputs as ""real"" CSV strings instead of just exploding by commas. That way, you can enter: {{{ hello, ""hello, world"" }}} in the tags input field and the following tags would be added to the post. * hello * hello, world This addresses commas in tag names but makes entering double quotes in tag names more annoying. If you wanted a tag named {{{double""quote}}}, you'd have to enter the following. {{{ ""double""""quote"" }}} This may also help with #7897." mdawaffe 28 Needs Patch 52726 Allow default term when a user does not have assign_terms capability Taxonomy 5.5 normal normal Awaiting Review defect (bug) new 2021-03-05T18:21:04Z 2021-03-05T18:21:04Z "After #43517, it is possible to register a default term along with a custom taxonomy, similar to how WordPress has long supported a default category. If I set the `assign_terms` capabilities on the `category` taxonomy to be `manage_categories` (admin/editor) and set a default category, authors are able to create new posts and those posts are assigned a default category. Authors are not able to adjust the categories. If I adjust the `assign_terms` capabilities on a custom taxonomy to be `manage_categories` and set a default term, authors are able to create new posts, but **no** default term is assigned. The current assignment of the default term is wrapped in the same logic as the assignment of non-default terms and happens within `current_user_can( $taxonomy_obj->cap->assign_terms )`. I would expect that default term assignment should happen outside of that `current_user_can()` check if no other terms are assigned." jeremyfelt Needs Patch 50294 Ampersand and other symbols in term_exists do not get encoded properly Taxonomy 5.4.1 normal normal Awaiting Review defect (bug) new 2020-06-01T14:59:23Z 2022-05-25T17:10:47Z "When calling term_exists as follows: {{{ $matchingterms = term_exists('Nice Hotels & Apartments, 'customtaxonomy', 0); }}} I noticed the resulting term name query looks like this: {{{ SELECT tt.term_id, tt.term_taxonomy_id FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON tt.term_id = t.term_id WHERE t.NAME = 'Nice Hotels & Apartments' AND tt.parent = 0 AND tt.taxonomy = 'customtaxonomy' ORDER BY t.term_id ASC LIMIT 1 }}} This then fails to return any results even though it is in the database. But in the database the ampersand is encoded &: wp_terms: term_id | name | slug 11851 | Nice Hotels & Apartments | nice-hotels-apartments-different-slug My code then decides the term does not exist yet, but creation of a new term using wp_insert_term with the same term name ""Nice Hotels & Apartments"" then fails (correctly) with the message ""A term with the name provided already exists in this taxonomy."" I believe the behavior between the two functions term_exists and wp_insert_term is not consistent. Can someone take a look at this?" SeBsZ 1 Needs Patch 42572 Can't delete custom taxonomy tags from a post Taxonomy 4.9 normal normal Awaiting Review defect (bug) new 2017-11-16T07:17:40Z 2017-11-16T07:17:40Z "Symptoms are the same as #39388: I can add terms in my custom taxonomy to a post, but I can't remove them. I'm not using any of the filters mentioned in that ticket. Based on logging all SQL queries on saving a post, it looks like removing a category triggers a query like: {{{ DELETE FROM wp_term_relationships WHERE object_id = 1470 AND term_taxonomy_id IN ('7') }}} No DELETE query at all is running when I try to remove the custom taxonomy, so it's not a malformed query. Same problem whether I'm using the classic editor, the quick editor, or Gutenberg. As a further wrinkle, in the classic editor, my terms don't even show up in the checkboxes in the sidebar (all of them are unchecked), though they do show up on the front end, in the quick editor, and in Gutenberg. This didn't always happen, but I don't recall the version it started with. Disabling all plugins doesn't fix it, neither does clearing out my functions.php entirely, and neither does changing 'hierarchical' to false. My arguments for registering the taxonomy are as follows: {{{ $args = [ 'labels' => [ /* a bunch of strings */ ], 'public' => true, 'hierarchical' => true, 'show_in_rest' => true, 'rewrite' => ['hierarchical' => true], 'query_var' => 'idea' ]; }}}" thrica Needs Patch 51666 Cannot unselect terms for a taxonomy with a default_term Taxonomy normal normal Awaiting Review defect (bug) new 2020-10-29T17:54:51Z 2020-11-24T18:10:24Z "I've created a custom post type and assigned a custom taxonomy. When registering the taxonomy I have defined the new `default_term` parameter. I see the default term I've defined in the taxonomy metabox [[Image(https://p119.p3.n0.cdn.getcloudapp.com/items/NQu15w0W/Image%202020-10-29%20at%2011.44.17%20AM.png?v=3163339b0d409341ca55c50a8c06282d)]] If I save a term, and then next time decide to remove that term, it cannot be removed. Whatever term was checked stays checked after save. Here is a video: https://share.getcloudapp.com/rRuom70d Here's my test code for setting up a CPT and a taxonomy. {{{#!php /** * Register a custom post type called ""book"". * * @see get_post_type_labels() for label keys. */ function kia_codex_book_init() { $args = array( 'public' => true, 'label' => __( 'Books', 'textdomain' ), 'supports' => array( 'title', 'editor', 'author', 'thumbnail' ), ); register_post_type( 'book', $args ); } add_action( 'init', 'kia_codex_book_init' ); /** * Book Taxonomies */ function kia_create_book_taxonomies() { $args = array( 'hierarchical' => false, 'label' => __( 'Genres', 'textdomain' ), 'show_ui' => true, 'show_in_rest' => true, 'show_admin_column' => true, 'query_var' => true, 'rewrite' => array( 'slug' => 'genre' ), 'default_term' => array( 'name' => 'My default genre', 'slug' => 'default-genre' ), ); register_taxonomy( 'genre', array( 'book' ), $args ); } add_action( 'init', 'kia_create_book_taxonomies' ); }}} " helgatheviking 1 Needs Patch 53756 Can’t Change Tags’ Letter Case Taxonomy 5.8 normal normal Awaiting Review defect (bug) new 2021-07-23T03:28:05Z 2021-11-28T08:24:15Z "Dear WordPress.org: I love using your CMS, but I think I found my first bug tonight. Here it is: Once I create a tag for a post, I can’t change its letter case — even if I delete the tag and add it again. For example, I want my site to use a standard where the tags of proper nouns and the like have the first letter capitalized or are all capitalized (e.g., Denmark, COVID-19). All other tags can be all lowercase (e.g., coronavirus, gray matter). The problem is once I create a tag, it seems that tag and its case are permanently in the system and they can’t be changed. I hope you fix this bug, because the little stuff like this matters to English majors like myself and probably many other writers and bloggers. Please reply to this ticket if you fix this bug or are planning to fix it. Sincerely, Nicholas" pugs 2 Needs Patch 48220 Category Dropdown Layout Issue Taxonomy 5.2.3 normal major Awaiting Review defect (bug) new 2019-10-05T09:17:39Z 2019-10-05T09:17:39Z "I have 2 websites. One is using WordPress 5.2.3 and another one is WordPress 4.9.10. So now problem is with category Dropdown layout. If you will check below code on both versions with nested subcategories you will see the difference. {{{#!php

    }}} so this filter is working in term.php. Another thing is that, adding custom columns in edit-terms.php screen forces Screen options to show in term.php. edit-tags.php [[Image(http://s32.postimg.org/igwy86u2t/image.jpg)]] term.php [[Image(http://s32.postimg.org/7ddc2l8sl/image.jpg)]]" szaqal21 2 Needs Patch 30379 Creating multiple Categories with same name under 1 parent Taxonomy 3.9 normal normal defect (bug) new 2014-11-18T05:50:40Z 2019-06-04T21:12:53Z "At present this structure is allowed: {{{ Parent - C (slug: c) - C++ (slug: c-parent) }}} Attempting to add another 'C' category will fail with `A term with the name and slug already exists with this parent.`. However, you can create this structure: {{{ Parent - C (slug: c) - C++ (slug: c-parent) Parent2 - C (slug: c-parent2) }}} and then move the term: {{{ Parent - C (slug: c) - C (slug: c-parent2) - C++ (slug: c-parent) Parent2 }}} without issue. The question that remains here, is this what is expected?" dd32 2 Needs Patch 47029 Custom Taxonomies, with no post_type association and custom submenu location, UX experience is broken when on Taxonomy management page Taxonomy 5.1.1 normal normal Awaiting Review defect (bug) new 2019-04-24T14:52:15Z 2019-04-24T14:52:15Z "When creating a custom taxonomy with no `post_type` association, then adding a `add_submenu_page` option for it under any specific menu, the link will show in the proper location. The problem is when you view the taxonomy management page, the UX is not as expected. One would expect the main menu location to be open and the submenu to be bolded (normal nav UX). e.g. - Posts - Custom Main Menu Item - Add New - **Custom Taxonomy** What actually happens is that the Posts main menu is open and nothing is highlighted. e.g. - Posts - All Posts - Add New - Categories - Custom Main Menu Item When you do go to the main menu location that the taxonomy is assigned to, you do see what is expected. Meaning, the submenu option is bolded, the main menu just is closed and not opened. Only the Posts main menu item is open. The issue appears to be that when there is no post_type association, the Posts main menu is always the open main menu item. I provided an example below. This example adds a new taxonomy to the plugin: [https://wordpress.org/plugins/query-wrangler/] (This was a quick way to duplicate the issue but to be honest, I have this exact issue on every custom taxonomy with no `post_type` association. ) It creates the menus structure: - Query Wrangler - Add New - Import - Settings - Content Groups When I click on the Content Groups taxonomy, I am taken to the taxonomy management page as expected. The issue is the admin nav now shows: - Posts - All Posts - Add New - Categories - Custom Main Menu Item Instead of: - Query Wrangler - Add New - Import - Settings - **Content Groups** {{{ false, 'labels' => [ 'name' => _x('Content Groups', 'taxonomy general name', 'text-domain'), 'singular_name' => _x('Content Group', 'taxonomy singular name', 'text-domain'), 'menu_name' => _x('Content Groups', 'menu_name', 'text-domain'), 'all_items' => _x('All Content Groups', 'all_items', 'text-domain'), 'edit_item' => _x('Edit Content Group', 'edit_item', 'text-domain'), 'view_item' => _x('View Content Group', 'view_item', 'text-domain'), 'update_item' => _x('Update Content Group', 'update_item', 'text-domain'), 'add_new_item' => _x('Add New Content Group', 'add_new_item', 'text-domain'), 'new_item_name' => _x('New Content Group Name', 'new_item_name', 'text-domain'), 'parent_item' => _x('Parent Content Group', 'new_item_name', 'text-domain'), 'parent_item_colon' => _x('Parent Content Group:', 'parent_item_colon', 'text-domain'), 'search_items' => _x('Search Content Groups', 'search_items', 'text-domain'), 'popular_items' => _x('Popular Content Groups', 'popular_items', 'text-domain'), 'separate_items_with_commas' => _x('Separate content groups with commas', 'separate_items_with_commas', 'text-domain'), 'add_or_remove_items' => _x('Add or Remove Content Groups', 'add_or_remove_items', 'text-domain'), 'choose_from_most_used' => _x('Choose from the most used content groups', 'choose_from_most_used', 'text-domain'), 'not_found' => _x('No content groups found', 'not_found', 'text-domain'), ], 'capabilities' => [ 'manage_terms' => ""manage_{$capability_type}"", 'edit_terms' => ""edit_{$capability_type}"", 'delete_terms' => ""delete_{$capability_type}"", 'assign_terms' => ""assign_{$capability_type}"", ], 'show_ui' => true, 'show_menu_ui' => true, 'query_var' => true ); // Register the taxonomy \register_taxonomy(self::TAX_NAME, NULL, $args); } /** * Builds the menu */ public function add_sub_menu() { $capability_type = str_replace('-', '_', self::TAX_NAME); \add_submenu_page( self::MENU_SLUG, _x('Content Groups', 'menu_name', 'text-domain'), _x('Content Groups', 'menu_name', 'text-domain'), ""manage_{$capability_type}"", 'edit-tags.php?taxonomy=' . self::TAX_NAME ); } } }}} " son9ne Needs Patch 41035 Don't return if WP_Error object return by wp_insert_term() from foreach() loop in wp_set_object_terms() Taxonomy 4.7 normal normal Awaiting Review defect (bug) new 2017-06-13T20:57:30Z 2018-05-02T14:32:39Z "Recently, I'm trying to restrict tag creation for some user roles. I tried with using roles and capabilities but it's not possible. So I hook function to `pre_insert_term` filter which returns WP_Error object if condition match. {{{ add_action( 'pre_insert_term', 'prevent_terms', 1, 2 ); function prevent_terms ( $term, $taxonomy ) { if ( 'post_tag' !== $taxonomy ) { return $term; } // Only administrator can create tag. $allowed_roles = array( 'administrator' ); $user = wp_get_current_user(); if ( ! empty( $user->roles ) && empty( array_intersect( $allowed_roles, $user->roles ) ) ) { return new WP_Error( 'term_addition_blocked', 'You are not allowed to create new tags.' ); } return $term; } }}} Now, a restricted user goes to the edit post and trying to assign existing tags to the post and its work fine. But when a user adds a tag which does not exist along with existing tags then existing tags also not assigned to that post. Because `wp_set_object_terms()` function will create new tag if it's not exists and I've return WP_Error object using `pre_insert_term` hook. So once it get WP_Error object then it returns from the `wp_set_object_terms()` function and it's also not execute for other terms. See https://core.trac.wordpress.org/browser/tags/4.8/src/wp-includes/taxonomy.php#L2237 To complete my functionality I hook into `admin_init` action and remove new tags from $_POST so that remaining existing tags can assign to the post. I believe, instead of returning, it should continue execution for other terms. Also, I'm not sure whether it's valid use case or not. So main question is, do we need to return if there is WP_Error while creating term or don't return and continue execution for other terms. I hope, I'm able to explain it properly. :) " chandrapatel 5 Needs Patch 37975 Duplicate tag names aren't supported Taxonomy normal normal Future Release defect (bug) new 2016-09-07T20:32:16Z 2019-04-05T19:06:19Z "WP has an inherent requirement on unique tag names, if there are multiple tags with the same name, there is no way to pick which tag to assign. Repro steps: Create three tags name = test, slug = test-1 name = test, slug = test-2 name = test, slug = test-3 Open the post editor and try and search for test, you will have three tags with the name test, if you try and add more than 1, you will not be able to pick which of the three you're assigning. The search: /wp-admin/admin-ajax.php?action=ajax-tag-search&tax=post_tag&q=test will only return tag names, and those are used to assign the tag to a post. wp_insert_posts() calls: {{{#!php if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $post_type, 'post_tag' ) ) { wp_set_post_tags( $post_ID, $postarr['tags_input'] ); } }}} https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/post.php#L3238" ivankk 4 Needs Patch 58748 Duplicate tags we can't select under post edit page. even slug are different. Taxonomy 6.3 normal major Awaiting Review defect (bug) new 2023-07-07T10:08:53Z 2023-07-07T10:30:42Z "Post tags, we are able to create duplicate tag items but we are not able to select both tags under post edit. so either we should disallow to create of duplicate tags or allow to select of both tags under post edits" chiragrathod103 2 Needs Patch 58109 Fatal Error when changed Taxonomy from hierarchical False to True Taxonomy 6.2 normal normal Awaiting Review defect (bug) reopened 2023-04-10T07:30:26Z 2023-04-26T19:41:33Z "When we changed hierarchical False to True for Taxonomy then we received Fatal Error. {{{ taxonomy_meta_box_sanitize_cb_checkboxes [11:39 AM] Uncaught exception 'TypeError' with message 'array_map(): Argument #2 ($array) must be of type array, string given' in /var/www/wp-admin/includes/post.php:2091 }}} This is happening because of **taxonomy_meta_box_sanitize_cb_checkboxes** function. This function not has the checked if the **$term** is array or not which is causing fatal error. We can use is_array condition for this like already done in **taxonomy_meta_box_sanitize_cb_input** function. " narenin 4 Needs Patch 59785 Fatal error: Attempt to assign property “object_id” on bool in class-wp-term-query.php Taxonomy 6.3.3 normal normal Awaiting Review defect (bug) new 2023-11-01T15:47:12Z 2023-11-03T11:16:34Z "The populate_terms() function in this class still throws a PHP fatal error on the get_term() query. Why? In special circumstances, get_term() returns NULL and the variable $term is not checked to see if it is still an object or already boolean. $term = NULL and this leads to a fatal PHP error and the page loading is aborted because $term->object_id does not work with NULL. NULL->object_id More to read here: https://wordpress.org/support/topic/fatal-error-attempt-to-assign-property-object_id-on-bool/" Faar 1 Needs Patch 53591 Firts