';
}}}
These ""all bold"" admin notices should be adjusted to remove the all-bold effect.
Worth also reminding the CSS class `class=""error""` is legacy and should be replaced with `class=""notice notice-error""`.
",afercia
Unpatched Enhancements,50409,REST API about links should be embeddable.,,REST API,5.5,normal,normal,Future Release,enhancement,new,,2020-06-17T13:11:47Z,2020-10-15T15:33:45Z,"Currently the `about` links in the REST API aren't embeddable using the `?_embed=true` parameter.
Most likely cause I can think of is that, by default, this route ( `wp/v2/types/$post_type` ) doesn't contain much information and as such there's likely no need for it.
However plugins can add their own custom fields to post types that would be added to this route. Currently if one wishes to fetch that data an additional request would have to be made as it's not possible to embed the data in a previous request.
Making the about link embeddable would give the option to consumers of the REST API to also easily fetch custom fields on post types without requiring an additional request.
This change would be extremely minimal as it'd only require adding `'embeddable' => true`, on line 1864 in `wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php`.",herregroen
Tickets with Patches,50418,Twenty Twenty: Inline Images displaying as block,,Bundled Theme,5.4.2,normal,normal,Future Release,defect (bug),new,dev-feedback,2020-06-17T23:51:12Z,2023-06-06T22:43:17Z,"Inline images (those added inside a paragraph block) will display on top of each other (as blocks) instead of next to each other (inline or inline-block).
https://d.pr/i/13DtBl
This will not happen in the editor, only on the public page/post:
https://d.pr/i/vkV9vC
I tried to reproduce this with several themes such as Rockwell, Brandsbury and Coutoire, but they all seem to work fine.",mrfoxtalbot
Tickets Awaiting Review,50423,The expand icon at the bottom of the collapsed admin menu is not easily discoverable.,,Administration,,normal,normal,Awaiting Review,defect (bug),new,,2020-06-18T17:03:28Z,2020-08-03T17:03:32Z,"I had a long-standing client who has been using WordPress for years recently complain to me that the admin menu was collapsed on one of their sites. They told me that they would like it to be expanded like it is on their other site.
They seemed to think that it was something that I would need to change as a developer or in some advanced setting somewhere. When I went to tell them how to do it, I realized that the process is less than ideal for these reasons:
1. The expand icon is hidden at the bottom of the menu, so it is really hard/unlikely to discover, especially if you've accidentally collapsed the menu and then scrolled or navigated away.
2. The expand icon is literally a play button. It's a right pointing triangle inside a circle. I might expect this icon to manage a video or audio plugin given the context.
3. The expand icon blends in with all of the icons representing menu items. It looks like just another menu item. It is the exact same size and color. There is not even a separator between the expand icon and the last item's icon, so the icon is lumped in with whichever menu item's icon is last (see attached screenshot).
The expand icon does not look like a control for the menu, it looks like another icon in the menu. And due to its appearance and location, it is not easily discoverable, especially for someone who may have accidentally collapsed the menu months ago during their first tutorial using WordPress. ",dmatamales
Tickets Awaiting Review,50435,In some cases wp_get_post_parent_id() = get_post_ancestors,,"Posts, Post Types",5.4.2,normal,normal,Awaiting Review,defect (bug),new,,2020-06-19T21:00:44Z,2020-06-19T21:06:23Z,"Using wp_get_post_parent_id() while parsing gutenberg blocks in a save_post action, I found out, that when a parent page exists, and parent_id is the actual published post wp_get_post_parent_id() gives back the post_id of the parent page.
A turn around seems to be ($postParent == $postId) ? $post_current_ID : $postId;
",chvon7thal
Candidates for Closure,50438,item_ labels do not work once registered in a post type,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,close,2020-06-20T09:38:42Z,2023-10-04T11:02:23Z,"Labels starting with prefix item_ from here:
https://developer.wordpress.org/reference/functions/get_post_type_labels/
Are not used in the dashboard when registering them in a custom post type.
{{{#!php
_x( 'Cars', 'Post Type General Name', 'abcde' ),
'singular_name' => _x( 'Car', 'Post Type Singular Name', 'abcde' ),
'menu_name' => __( 'Cars', 'abcde' ),
'name_admin_bar' => __( 'Car', 'abcde' ),
'archives' => __( 'Car Archives', 'abcde' ),
'attributes' => __( 'Car Attributes', 'abcde' ),
'parent_item_colon' => __( 'Parent Car:', 'abcde' ),
'all_items' => __( 'All Cars', 'abcde' ),
'add_new_item' => __( 'Add New Car', 'abcde' ),
'add_new' => __( 'Add New', 'abcde' ),
'new_item' => __( 'New Car', 'abcde' ),
'edit_item' => __( 'Edit Car', 'abcde' ),
'update_item' => __( 'Update Car', 'abcde' ),
'view_item' => __( 'View Car', 'abcde' ),
'view_items' => __( 'View Cars', 'abcde' ),
'search_items' => __( 'Search Car', 'abcde' ),
'not_found' => __( 'Not found', 'abcde' ),
'not_found_in_trash' => __( 'Not found in Trash', 'abcde' ),
'featured_image' => __( 'Initial Image', 'abcde' ),
'set_featured_image' => __( 'Set initial image', 'abcde' ),
'remove_featured_image' => __( 'Remove initial image', 'abcde' ),
'use_featured_image' => __( 'Use as initial image', 'abcde' ),
'insert_into_item' => __( 'Insert into Car', 'abcde' ),
'uploaded_to_this_item' => __( 'Uploaded to this Car', 'abcde' ),
'items_list' => __( 'Cars list', 'abcde' ),
'items_list_navigation' => __( 'Cars list navigation', 'abcde' ),
'filter_items_list' => __( 'Filter Cars list', 'abcde' ),
'item_published' => __( 'Car published', 'abcde' ),
'item_published_privately' => __( 'Car published privately', 'abcde' ),
'item_reverted_to_draft' => __( 'Car reverted to draft', 'abcde' ),
'item_scheduled' => __( 'Car scheduled', 'abcde' ),
'item_updated' => __( 'Car updated', 'abcde' ),
);
$capabilities = array(
'edit_post' => 'update_core',
'read_post' => 'update_core',
'delete_post' => 'update_core',
'edit_posts' => 'update_core',
'edit_others_posts' => 'update_core',
'delete_posts' => 'update_core',
'publish_posts' => 'update_core',
'read_private_posts' => 'update_core'
);
$args = array(
'label' => __( 'Car', 'abcde' ),
'description' => __( 'Post Type Description', 'abcde' ),
'labels' => $labels,
'supports' => array( 'title', 'thumbnail' ),
'hierarchical' => false,
'public' => false,
'show_ui' => true,
'show_in_menu' => true,
'menu_position' => 40,
'menu_icon' => 'dashicons-businessman',
'show_in_admin_bar' => true,
'show_in_nav_menus' => false,
'can_export' => true,
'has_archive' => false,
'exclude_from_search' => true,
'publicly_queryable' => false,
'rewrite' => false,
'capabilities' => $capabilities,
'show_in_rest' => false,
);
register_post_type( 'abcde_car', $args );
}}}
e.g. on post update the notice is Post updated. Not Car updated.
",ninetyninew
Tickets Awaiting Review,50441,Allow CORS for RSS feed,,Feeds,,normal,normal,Awaiting Review,enhancement,new,,2020-06-20T18:22:19Z,2021-10-08T06:59:23Z,"I'm developing an in-browser RSS reader and want to get an RSS feed from my blog on WP.com but browser (both Chrome and FF) shows me the error:
{{{
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://wordpress.com/blog/feed/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
}}}
Here is a small example to reproduce:
{{{
}}}
This is quite popular thing that a lot of peoples tries to do:
https://www.google.com/search?q=wordpress+feed+cors
That's one of the main reasons why most browser JS RSS readers requires to use a dedicated proxy server that will make a server to sever call to retrieve the RSS:
* https://github.com/sdepold/jquery-rss proxies RSS fetch via Feedr.
* https://github.com/enginkizil/FeedEk proxies RSS fetch via Feed API
* https://github.com/rbren/rss-parser uses https://cors-anywhere.herokuapp.com
The fix is easy:
{{{
add_action( 'pre_get_posts', 'add_header_origin' );
function add_header_origin() {
if (is_feed()){
header( 'Access-Control-Allow-Origin: *' );
}
}
}}}
But I wan't the fix to be added into WP trunk because my reader will mostly consume RSS from wordpress.com or many other WP blogs.
It should be fine to allow CORS requests to feed. The only one problem is a security concern. Hacker can make a DDoS by pasting on some popular site an
tag with src to WP feed and this will produce a big load to WP instance.
But here we can add a simple check: when browser requests an image it sends the header `Accept: image/webp,image/apng,image/*,*/*;q=0.8` while JS RSS headers can set the `Accept` header manually to `application/rss+xml`.
Actually the rss-parser already sends the `Accept: application/rss+xml`. So on the server side we can just check that client requested exactly the feed and only then try to generate it.
As far I see this is something really important (because already used workarounds) and it should be easy to implement and safe to enable by default. So I'll set Major severity.
",stokito
Slated for Next Release,50442,"Add prefixes to all admin notices (Warning, Error, Success, Info)",joedolson*,Administration,,normal,normal,6.6,enhancement,accepted,,2020-06-21T14:39:17Z,2024-02-06T15:13:03Z,"This is a continuation #47656
From @afercia comment (ticket:47656#comment:47)
- Make sure all the Error and Warning notices use respectively an ""Error:"" and ""Warning:"" text prefix
- Further discuss whether also the ""Success"" and ""Info"" notices should use a similar text prefix
- Update documentation related to admin notices, for example: https://codex.wordpress.org/Plugin_API/Action_Reference/admin_notices and https://developer.wordpress.org/reference/hooks/admin_notices/
- Create a new issue on the Gutenberg GitHub to add text prefixes for the editor notices: right now, none of them uses a prefix (see screenshot below)
I would like to add
- Combine strings constructed like `__('Error:') . __('any string')` into one string for better context for translators.",kebbet
Tickets Awaiting Review,50444,Issue by taxonomy terms in quick edit,,Taxonomy,5.4.2,normal,normal,Awaiting Review,defect (bug),new,,2020-06-22T08:17:48Z,2020-06-24T20:03:20Z,"When a taxonomy is registered and the paramters are:
show_ui => false
show_in_quick_edit => true
The terms in the admin post quick edit will not be filled out.",markusfroehlich
Tickets Awaiting Review,50467,Search results not displaying all entries in Admin > Posts in certain conditions,,"Posts, Post Types",5.4.2,normal,minor,Awaiting Review,defect (bug),new,,2020-06-24T20:54:20Z,2021-08-23T20:41:55Z,"**''Limitations of my bug report''**
I observed that bug in a live wordpress site, not even mine, so, my apologies, I cannot experiment with it as I would have liked otherwise. No deactivating plugins, no switching to another theme.
Thus: I report the issue, explain it the best I can, but I'm leaving it at that.
Either (a) it's affecting all wordpress installs, I'm glad I could help by reporting it, or (b) for some reason, it's only the blog on which I've seen it that has it, and then I'm perfectly fine with it, it's just that, me, I cannot tell at all on my side.
**''Context of the bug report''**
A wordpress blog, latest stable, on which the admins are preparing a number of posts that will be posted while they're away on holidays, with a schedule of 2 posts a day.
Those blog posts are written in advance, their title starts with ""READY TO POST ++"" or ""READY TO POST --"" (that part will be removed in the final scheduling phase, when dates are assigned).
Those blog posts are saved as Drafts for now.
**''Nature of the bug:''**
In blog administration > Posts > All Posts, I was reported there was an issue, and indeed,
- if I type ""READY TO POST"" in the upper-right search box, run the search,
- it returns the text ""12 items"", and that's the right number of posts that are currently called ""READY TO POST"", currently in Draft state...
- however in the listing of posts below, only 7 posts are listed, and there is no ""next page"" navigation to browse to a second page of posts listing
Here's a screenshot: https://imgur.com/a/qG4Awo8
I think I may have found either the origin, or a factor in the problem:
In Screen options (horizontal menu, in the admin, in the same Posts page), there is an entry called ""Number of items per page:"", with the value ""20"".
Screenshot: https://imgur.com/a/e3oDjBq
And that's wrong, it says ""20"", but there are only 7 posts listed in Admin > Posts > All Posts, be it the default listing, or a search.
I don't know if there's a relation, but the blog is configured to display 7 posts on the home page.
I tested something, in Admin > Posts > All Posts, I replaced that ""20"" by other numbers.
- If those numbers are above the number of search results, the current bug remains, telling there are 12 results, but only showing 7.
- If I replace ""Number of items per page"" by 11 or a smaller number, this time it still lists 7 posts only, but I get the missing pagination buttons, screenshot: https://imgur.com/a/fLBv7PL
Summary of what I tried: with a search, what I write on ""Number of items per page"" actually does NOT affect the number of displayed results, it's always 7, but depending on whether I choose a number lower, or above or equal to the expected number of results, I have, or haven't, the pagination buttons that allow to view the rest of the results posts.
*
I could partially reproduce the issue with another query.
Simply searching ""ready to"" returns 168 results among the posts.
- If I configure Number of items per page to 170, I get no navigation buttons: https://imgur.com/a/DKC70ZZ
- If I configure Number of items per page to 167, I get navigation buttons: https://imgur.com/a/HF3cLjN
... oh, damnit, I just realized. It's only a second page of results. No more. Even going into the URL of the page, trying replacing &paged=2 with something like &paged=3, did nothing, still listing the contents of &paged=2.
The only workaround is to choose to display 7 posts per page, screenshot: https://imgur.com/a/r2qwRqu
*
I forgot to list the plugins on the blog, namely: Add Browser Search, Akismet anti-spam, Antispam bee, Classic editor, Custom Smilies, Dave's wordpress live search, disable emojis (gdpr friendly), Display php version, Enhanced text widget, Inline spoilers, ManageWP- Worker, Nextscripts: social networks auto-poster, Php Code widget, Post-plugin library, Random Posts, Scheduled Post Trigger, Seemore, Shortcoder, Term Management Tools, ThreeWP Activity Monitor, User lLocker, WordPress editorial calender, Wp Editor (that one, with a community php fix to make it php7 compatible), Wp super cache, Wp-dbmanager, WP-pagenavi, Wp-polls, Wp-postratings, Wp-sweep, Wpdiscuz, WPS Hide Login, Yoast SEO, ZigWidgetClass
*
I checked the site's apache error log (I'm the host, it's on my dedi, and I help when there are issues), and I can tell there are zero events appearing in the error log while searching in the list of posts, or changing the number of display results.
*
I also helped last year, same period of time, and there wasn't that bug at that time.
*
Well, I don't see what else I could do here, hopefully it's only that blog that has that problem.
Apologies, also, that it's not a standard bug report, I'm not used to doing it at all. Good evening!",Sabinooo
Slated for Next Release,50486,Improve the admin notices accessibility,joedolson*,Administration,,normal,normal,6.6,defect (bug),accepted,dev-feedback,2020-06-27T12:53:09Z,2024-02-20T15:22:45Z,"Follow-up to #47656. See also #50442/
The admin notices accessibility has room for improvements.
Currently, all the admin notices are just text printed out on the admin pages. They have no special semantics. There are no mechanisms to inform users some important information is printed on the page other than visuals. There are no methods to navigate directly to admin notices nor established standards on their placement.
This way, users with accessibility needs will likely miss important information, as they may have no clue whether and where these messages are printed out.
Depending whether the admin notices are PHP-generated notices that appear after a page load or JavaScript-generated ones that are ""injected"" into the DOM, there are ways to improve their accessibility. At the very least, the following improvements should be considered, some of them were mentioned in #47656.
== All notices
- establish standards for the admin notices placement in the page: there should be one, well defined, area where notices are printed out (recommended: after the main H1)
- establish standards for the admin notices content: see the discussion related to the ""text prefix"" on #47656 and #50442
- the above item should apply to the whole WordPress UI, including the block editor
- ""inline"" notices (the ones printed out in the middle of the page): make a decision whether to keep them or allow only notices at the top of the page
- if ""inline"" notices are kept, explore ways to make them more accessible
- worth considering admin notice should be visually prominent and appear within the initial viewport anyways
- consider the introduction of a dedicated PHP class with methods to get / print admin notices and additional features, also keeping into consideration [https://make.wordpress.org/core/2019/08/05/feature-project-proposal-wp-notify/ the WP Notify project] and the recent [https://make.wordpress.org/core/2020/06/15/call-for-feedback-wp-notify-v1-requirements-document/ call for feedback on the WP Notify v1 requirements document]
== PHP notices
- prepend to the document title a short text to inform users there are notices and their number: the document title is the first thing screen readers announce after a page load
- the notices should be printed out after the main H1 heading as that's the part of the content with higher chances to be navigated to
- define the page area where notices are printed out with an ARIA role that's also a landmark role, e.g. `complementary` (an `
` element) or other role that is a landmark
- add a new ""skip link"" after the ""Skip to main content"" one to allow all keyboard users to jump to the notices area: this skip link should only be printed out when there are notices
== JavaScript notices
- all notices injected in the DOM should have an ARIA role `alert` or `status` depending on their ""politeness"" level, so that they're automatically announced by screen readers
Any additional suggestion and/or technique to improve the admin notices accessibility is very welcome.",afercia
Tickets with Patches,50493,more detailed notice for register_rest_route,,REST API,5.4.2,normal,normal,Future Release,defect (bug),new,has-patch,2020-06-28T10:27:20Z,2020-07-26T22:29:53Z,"After a few plugins on my website have received updates recently, I started seeing hundreds of these notices on my backend:
{{{
Notice: register_rest_route was called incorrectly. Namespace must not start or end with a slash. Please see Debugging in WordPress for more information. (This message was added in version 5.4.2.) in /var/www/vhosts/bibleget.io/httpdocs/wp-includes/functions.php on line 5167
}}}
Sure I can try disabling the plugins one at a time to find which one is the culprit, but it would be helpful to know who is trying to call register_rest_route() , it would make life that much easier and I can contact the plugin author to let them know.
Would it be possible to give a little bit more of a stacktrace when giving these notices? ",Lwangaman
Tickets Awaiting Review,50498,"Change ""html"" to ""HTML"" in atomlib.php",,Feeds,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-06-28T16:47:35Z,2021-01-22T11:18:44Z,"Follow #50473, there is a string in {{{wp-includes\atomlib.php}}}
https://core.trac.wordpress.org/browser/tags/5.4/src/wp-includes/atomlib.php#L217
{{{
Invalid content in element found. Content must not be of type text or html if it contains markup.
}}}
",man4toman
Tickets Awaiting Review,50511,Update is not always shown live,,Upgrade/Install,5.4.2,normal,normal,Awaiting Review,defect (bug),new,,2020-06-29T16:18:59Z,2023-03-12T21:53:50Z,"Hello,
I have several WordPress websites running. It always strikes me when I import updates that the update process is not always displayed. The page just stays gray at that moment. At the end, when everything is ready, the actual content is shown, which is otherwise always displayed live.
Why is that?
It's not just one side, sometimes all, sometimes one, then sometimes another, I don't see any system behind it. The updates work wonderfully, but this process is not always 100% the same. Does someone know the behavior?
I think it would be good if the page shows where WordPress is located step by step, because sometimes I think the system hangs, which is not the case.
Here is an example from just now, the page was gray for almost 20 seconds (1st screenshot) and then everything came with one swing (2nd screenshot).
Screenshot 1: https://ibb.co/2g8NThd
Screenshot 2: https://ibb.co/GcCWB9B
The browser doesn't seem to matter, I have already observed this with both the new Edge and Firefox.
Maybe someone has an idea 🙂
Thank you!
Translated from https://de.wordpress.org/support/topic/updatevorgang-wird-nicht-immer-angezeigt/",vincenz17
Tickets Needing Feedback,50522,"stop setting ""older"" cookies with multiple path prefixes",,Login and Registration,5.4.2,normal,normal,Future Release,defect (bug),new,dev-feedback,2020-07-01T13:38:23Z,2024-02-01T20:47:17Z,"According to `wp_clear_auth_cookie()`,
{{{#!php
How to make Chocolate
}}}
Since the image and the link name are both wrapped in the same anchor tag, this violates accessibility guidelines. It's redundant and would be annoying when using a screen reader.
If a Link Description is added, it will use that for the alt text instead, which is a little bit better, since it's at least not redundant.
However, I think a better solution would be to use an empty/null alt text instead, since in this case the image is decorative. https://www.w3.org/TR/WCAG20-TECHS/H2.html
Another option might be to add `aria-hidden=""true""` to the if both the alt and link text are the same?",eatingrules
Tickets with Patches,50568,Improve WP_Term's sanitization calls,,Taxonomy,5.5,normal,normal,Future Release,defect (bug),new,needs-unit-tests,2020-07-06T07:04:45Z,2024-03-12T17:49:50Z,"Akin to `WP_Post::filter()`, I think `WP_Term::filter()` should have a bypass, too. This will significantly improve performance wherever terms are used (list edit screens, category widgets, blocks) because the bypass prevents redundant re-sanitization.
The attached patch will shave off a 30% load time at `wp-admin/edit.php` after #50567's implementation. This patch tests for the `WP_Term` object's `::$filter` state, and only re-sanitizes the term when the state differs from the input argument.
You'll also find that `sanitize_term()` now looks a lot like `sanitize_post()`--the same goes for `get_term()`'s resemblance to `get_post()`. Overall, it seems posts have received a lot more love over the years, and this patch steals some of that.
There are a few issues with terms, however. For example, `update_term_cache()` caches terms regardless of being shared, while `WP_Term::get_instance()` tries to prevent that. The `$filter = 'display'` argument is used in contexts where `raw` would do fine, too (e.g. @ `WP_Terms_List_Table::single_row()`). If we iron those issues out, we can fully phase out the re-sanitization of terms.",Cybr
Tickets Awaiting Review,50575,Reconsider some admin scheme colors.,,Administration,,normal,normal,Awaiting Review,enhancement,new,,2020-07-06T19:03:41Z,2020-08-21T14:10:58Z,"In #50537 we explicitly excluded the ocean and coffee admin schemes from the colored buttons because the default button color there don't meet the contrast guidelines.
Also, the buttons in the midnight admin scheme are red and too close to buttons meaning ""danger"" or ""error"".
Instead of trying to fix this by tweaking the styles specifically for these admin schemes, I think we should address the root issue and potentially alter the highlight color for these admin scheme colors issue.
Alternatively, we consider consider retiring some of these admin scheme colors.",youknowriad
Tickets Awaiting Review,50615,Editor: Create standalone JSON schema for block type definition,,Editor,,normal,normal,Awaiting Review,feature request,new,,2020-07-08T16:34:50Z,2022-04-30T04:59:05Z,"There is an existing schema for block type definition embedded in the new REST API endpoint:
https://github.com/WordPress/wordpress-develop/blob/c3993eb19dee52dfd6ca9f9ef7cec785538e361d/src/wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php#L363-L569
There is also another schema being developed for Block Directory that will take part in `block.json` file validation:
https://github.com/tellyworth/plugin-directory/blob/25388b9c12193194a16db5264ed84f2f3965552e/block-json/class-validator.php#L36-L182
It would be great to consolidate efforts and make such schema publicly accessible as it would benefit other projects in the WordPress ecosystem like WP-CLI. There is a related discussion related to translatable strings extraction, see https://github.com/wp-cli/i18n-command/pull/210#issuecomment-634107470
> This kind of schema would need to live somewhere outside of WordPress context, where WP-CLI and other tools can easily assess which fields in `block.json` are translatable and which aren't.
All that would make it also possible to easily extend the schema in one place and related tools consuming it could automatically adjust their behavior based on the changes applied.",gziolo
Unpatched Enhancements,50623,Discoverability of plugin and themes autoupdates,audrasjb,Upgrade/Install,5.5,normal,normal,Future Release,enhancement,assigned,,2020-07-09T20:52:34Z,2020-10-19T19:40:55Z,"The new auto updates feature for plugins and themes is very useful, but I found it was not easy to discover after updating to 5.5 beta. The feature doesn't have a place where it ""pops"" into users eyes. At least it didn't in mine.
== Plugins
- Great: Having everything in one column
- Not so great: Not having a clear differentiator between plugins I opted in and plugins I have opted out.
== Themes
- Not so great: having to go into each single theme
- Bad: having a text with the same color of the theme author name (and in smaller font) right under it.
== Ideas
- Have the design team review the UI
- Have a call-out widget in the Dashboard
- Have a call-out widget in the Updates screen
- Have a call-out widget in the Theme screen, potentially with a button to bulk enable/disable
- Turn the theme ""Enable/Disable Auto-Updates"" into a button in the lower part of the theme modal where ""Activate/Live Preview/etc..."" buttons live.",francina
Tickets Awaiting Review,50627,CSS Build process: Consider removing autoprefixer from the source folder.,,Build/Test Tools,,normal,normal,Awaiting Review,enhancement,new,,2020-07-10T19:07:15Z,2021-03-09T07:35:32Z,"Right now, the CSS build process is a bit unclear to me. It seems like there's a precommit hook to apply postcss autoprefixer to the CSS fils in src folder. This results in ""source code"" and ""built code"" to be mixed together.
The issue becomes more apparent as we explore using new techologies list CSS custom properties. If we continue with the current setup it means we'd have to include in the source code both the CSS variables used, and the necessary fallback for IE11 (as CSS variables are not supported there). So whenever we want to change the value of the CSS variable, we'd have to update all the fallback values, diminishing the value of the CSS variable in the first place.
Autoprefixer and CSS Custom properties are the examples I have in mind right now, but this can be problematic for any similar CSS feature we'd be interested in.
I think we should consider only applying the PostCSS tweaks (autoprefixer) to the build folder only. The downside is that the source ""css"" files won't have the necessary fallbacks for legacy browsers but they will still continue to work in most recent browsers.
In an ideal world, source and dist are completely different but it's too soon for that as a lot of core developers still use the ""src"" folder.",youknowriad
Candidates for Closure,50636,"Theme not uploading, Theme Details not opening",,Themes,5.5,normal,normal,Awaiting Review,defect (bug),assigned,reporter-feedback,2020-07-12T16:19:08Z,2020-07-12T22:32:21Z,"Hi there,
I am playing with 5.5 and seeing what is new and good about the latest version. I am trying to upload a theme, Page Builder Framework and it just will not upload. On the other hand there are a large number of themes added and when you click on theme details to delete the theme it will not work. Here is the list of plugin that are on the build.
Advanced Custom Fields PRO
Deactivate
Customize WordPress with powerful, professional and intuitive fields.
Version 5.8.12 | By Elliot Condon | Visit plugin site
Enable auto-updates
Select Akismet Anti-Spam
Akismet Anti-Spam
Activate | Delete
Used by millions, Akismet is quite possibly the best way in the world to protect your blog from spam. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
Version 4.1.6 | By Automattic | View details
Enable auto-updates
Select Beaver Builder Plugin (Pro Version)
Beaver Builder Plugin (Pro Version)
Deactivate | Change Log
A drag and drop frontend WordPress page builder plugin that works with almost any theme!
Version 2.3.2.6 | By The Beaver Builder Team | Visit plugin site
Enable auto-updates
Select Beaver Themer
Beaver Themer
Deactivate
Easily build Themer layouts for your archives, posts, 404 pages and more!
Version 1.3.1 | By The Beaver Builder Team | Visit plugin site
Enable auto-updates
Select Custom css-js-php
Custom css-js-php
Deactivate
Write custom code for php, html, javascript or css and insert in to your theme using shortcode, actions or filters.
Version 2.0.7 | By flippercode | View details
Enable auto-updates
Select Disable Comments RB
Disable Comments RB
Settings | Deactivate
Easy tool to disable comments for your blog posts, pages. Admin can disable comments in just few clicks. Delete comments from blog post.
Version 1.0.9 | By rbPlugins | View details
Enable auto-updates
Select iThemes Security Pro
iThemes Security Pro
Settings | Deactivate | License
Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
Version 5.3.3 | By iThemes | Visit plugin site | Get Support
Enable auto-updates
Select PowerPack for Beaver Builder
PowerPack for Beaver Builder
Deactivate
A set of custom, creative, unique modules for Beaver Builder to speed up your web design and development process.
Version 2.8.2.1 | By IdeaBox Creations | Visit plugin site
Enable auto-updates
Select ShortPixel Image Optimizer
ShortPixel Image Optimizer
Settings | Deactivate
ShortPixel optimizes images automatically, while guarding the quality of your images. Check your Settings > ShortPixel page on how to start optimizing your image library and make your website load faster.
Version 4.19.2 | By ShortPixel | View details
Enable auto-updates
Select Swift Performance Lite
Swift Performance Lite
Settings | Deactivate
Boost your WordPress site
Version 2.1.3 | By SWTE | View details
Enable auto-updates
Select Ultimate Addons for Beaver Builder
Ultimate Addons for Beaver Builder
Deactivate
Ultimate Addons is a premium extension for Beaver Builder that adds 55+ modules, 250+ templates and works on top of any Beaver Builder Package. (Free, Standard, Pro & Agency) You can use it with any WordPress theme.
Version 1.27.0 | By Brainstorm Force | Visit plugin site
Enable auto-updates
Select WordPress Beta Tester
WordPress Beta Tester
Deactivate
Allows you to easily upgrade to Beta releases.
Version 2.2.10 | By Peter Westwood, Andy Fragen | View details
Enable auto-updates
Select WP Compress | Image Optimizer
WP Compress | Image Optimizer
Settings | Deactivate
",TLCJohn
Tickets Awaiting Review,50654,Fix the filter docs in sanitize_post_field(),,"Posts, Post Types",,normal,normal,Awaiting Review,enhancement,new,,2020-07-13T22:38:49Z,2020-07-13T22:41:23Z,"The `sanitize_post_field()` function calls nine separate filters on its data depending on various conditions. The documentation for these need improving, and documentation for the missing filters need adding.
Need to be careful about accuracy here because of the very general names of these filters and their dynamic portions.",johnbillion
Tickets Awaiting Review,50667,New attachment size is created even the source is smaller,,Media,5.4.2,normal,normal,Awaiting Review,defect (bug),new,,2020-07-15T09:42:55Z,2022-10-19T20:37:30Z,"When you upload a very optimized image sometimes the created attachment size's file size is larger than the source image. When a new size is created its filesize should be checked whether it's really smaller or not. Now it just allocates extra space and uses extra bandwidth.
Sample image: [https://ibb.co/x8LhGC0]",adam.radocz
Candidates for Closure,50672,Login Mask jerks when I define Privacy Policy page in Chrome Browser,,Login and Registration,5.4.2,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2020-07-15T19:50:30Z,2023-08-21T11:55:44Z,"Login Mask jerks when define Privacy Policy page. The problem occurs only in Chrome Browser and /wp-login.php
[https://dl.dropbox.com/s/8a7gqtakajn7ey6/Login%20jerks.gif]
",Frank Noack
Unpatched Enhancements,50673,"Create ""Accessibility Statement"" tool with features equivalent to Privacy Policy Tools",audrasjb,General,,normal,normal,Future Release,feature request,reviewing,dev-feedback,2020-07-15T22:42:16Z,2023-07-21T17:14:16Z,"All websites should have an accessibility statement along with their privacy statements. Building on the privacy policy tools, creating a nearly identical set of tools for creating and managing an accessibility statement would be fabulous! That include:
- Ability to auto-create a draft page with draft language
- Ability for plugins to add relevant information about their accessibility impacts to the statement draft
- Function to get accessibility statement page
The W3C has an excellent [policy generator](https://www.w3.org/WAI/planning/statements/) that could potentially provide the outline for the draft statement.",mrwweb
Tickets Awaiting Review,50681,default-filters.php contains non-tweakable parameters,,Media,5.3,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-07-16T13:43:50Z,2020-09-26T01:02:19Z,"'default-filters.php' should NEVER use the ""plugins-loaded"" hook.
The reason being that this removes EVERY THEME DEVELOPER any kind of power around that setting.
Those ""default filters"" becomes ""definitive and non editable filter"" for theme developers.
For me this breaks my custom image size workflow
The best hook to replace ""plugins-loaded"" (according to wordpress's own documentation) would be ""init""
------ The Faulty line is in default-filters.php (l-526)-----------------
add_action( 'plugins_loaded', '_wp_add_additional_image_sizes', 0 );
---------------------------------------------------------------------
Also I don't understand why image sizes can't be more simple and centralized.
""thumbnail, medium, large"" are treated as wordpress option and are user editable
""medium_large"" is treated as an non-user-editable invisible wordpress option
NEW ""big_image_size_threshold"" which is a filter and basically a new image size (messes up the different image sizes names by the way)
NEW ""1536x1536 and 2048x2048"" that are hooked before any theme developers can access it which makes them non-editable for users and theme developpers.
The latest two (1536 and 2048) are indeed ""plugin developpers"" editable IF those plugin developers are willing to use bad practice and go for the ""plugins-loaded"" hook instead of the ""init"" hook.
This is breaking change for EVERY THEME DEVELOPPER and encourages bad practice for plugins developpers to interract with it.
This is very bad because EVERY DEVELOPPER should manages and have full control over his image sizes pipeline and avoid the default one at all costs. It's getting clunkier, less functionnal and more bloated with each update. It is really simple to fix but wordpress is really going the other way around and now preventing developers from working with it.",rsepierre
Tickets Awaiting Review,50682,Set theme information popup in vertically middle.,,Themes,5.5,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-07-16T14:49:18Z,2021-10-03T04:32:08Z,When we open theme info popup has more space on top. It should be vertically middle.,chetan200891
Tickets Needing Feedback,50684,Font/font-size change on login screen,,Login and Registration,,normal,normal,Future Release,defect (bug),new,,2020-07-16T19:29:59Z,2023-08-19T09:45:51Z,"On Windows 10, when a user logs in, the font and the font-size in the input boxes change.
To be more precise, the wrong font and font-size is initially displayed. Only after clicking, the correct font and font-size appear.
A recording:
[[Image(https://i.imgur.com/siMssM6.gif)]]
",superpoincare
Tickets with Patches,50692,WordPress v5.4.2 Escaping Problem in the Edit Media Screen,,Media,5.4.2,normal,normal,Future Release,defect (bug),new,has-patch,2020-07-18T02:04:24Z,2023-01-31T13:35:59Z,"**Summary**:
WordPress v5.4.2 escapes the content of the Description field in the Edit Media screen if the filter {{{'user_can_richedit'}}} returns {{{false}}}.
**How to Replicate**
1) Upload an attachment and open the Edit Media screen
2) Add a simple HTML markup to the Description field. Example: {{{Hello World!
}}}
3) Save changes and check that the content of the field is not HTML escaped
4) Add the following line to the current theme
{{{add_filter('user_can_richedit', '__return_false', 999, 0);}}}
5) Go back to the Edit Media screen and save changes again
6) Problem: The content of the field Description is HTML escaped
**Context**
I administer a WordPress website since many years ago and I disabled the WYSIWIG editor setting the value of the filter {{{'user_can_richedit'}}} to {{{false}}}. I like to enter HTML code directly. Now I am unable to use HTML code in the Description field as I did previously.
Probably other users are also facing this problem. ",rafaelcardero
Tickets Awaiting Review,50694,Impossible to add user to network site when username / email are both emails and different values,,Networks and Sites,,normal,normal,Awaiting Review,defect (bug),new,,2020-07-18T16:03:14Z,2020-07-18T16:03:14Z,"If you have a network site and create a user where the username is an email address (myemail@example.com) and your email address is different (otheremail@differentdomain.com) you cannot add a user to the network site. Under the Add Existing User section it will find the user you're trying to add and autofill it, but when you try to actually add it, it tells you it's not a valid user.
Steps to reproduce:
- Create a network site
- Add a new user where their username is one email address and the email address is a different one
- Add a new network site under your main one
- Try to add your user to that newly created main one
I ran into this issue because I created some users initially using their email address as a username, and then their email address changed. We can't change username so the only thing I could do was update their email on their account which I did. Then this bug popped up.",elrae
Unpatched Bugs,50696,UI issue in customizer menus section,,Customize,5.5,normal,normal,Future Release,defect (bug),new,,2020-07-19T05:42:31Z,2021-06-01T03:13:09Z,"I have found 2 issues in customizer menu section
1) Input box-shadow issue if the input is invalid.
2) Add button properly not display
I have attached an image for better understanding.",dilipbheda
Unpatched Enhancements,50699,Fix and improve arranging metaboxes,azaozz,Administration,,normal,normal,Future Release,enhancement,assigned,,2020-07-19T17:32:37Z,2022-06-03T20:04:33Z,"Follow-up to #49288.
In 5.5 the drop-areas when dragging/arranging of metaboxes on the Dashboard and the old Edit Post screen were fixed/improved. However that introduced an always visible drop-area on the Dashboard when only one metabox is visible.
Seems better to fix that bug and at the same time improve/enhance how metaboxes are dragged/moved/arranged in general.",azaozz
Unpatched Bugs,50703,WordPress classic editor accessibility issues for insert/edit links list,joedolson*,Editor,5.4.2,normal,normal,Future Release,defect (bug),accepted,,2020-07-20T13:02:44Z,2021-06-24T19:16:09Z,"We are facing some keyboard accessibility issues with Insert/edit link list from the editor.
We are not able to access the items from the list using up arrow, down arrow, enter and space keys.
Please find the below image for reference.
[[Image(http://meedev.westus.cloudapp.azure.com/dev-old/Wp_editor_issue.png)]]",fornandakishore
Tickets Awaiting Review,50735,Plugins Screen: introduce plugin types,,Plugins,,normal,normal,Awaiting Review,feature request,new,,2020-07-22T15:21:02Z,2020-07-22T15:33:07Z,"> The Plugin Block Directory is a new feature coming in WordPress 5.5 that allows specially-written Block Plugins to be instantly and seamlessly installed in the editor, without ever leaving the page.
-- https://make.wordpress.org/plugins/2020/07/11/you-can-now-add-your-own-plugins-to-the-block-directory/
WordPress 5.5 will make it easier for folks to install block plugins, as they edit their posts and pages. As a result, and as the block directory becomes more and more popular, I assume the average number of plugins installed on a WordPress site will increase. On the Plugins screen UI we know, we'll see a mix of ""regular"" plugins as well as block plugins.
I wonder if we should consider making some changes to the Plugins Screen UI to clearly separate the 2 plugin types.
- This would help site owners quickly skim through their plugin list.
- It would help them understand how a specific plugin was added to the site.
- It may help them manage their plugin autoupdates (one could imagine a scenario where you'd want block plugins, including little PHP, to be automatically updated while ""regular"" plugins would require a manual update).",jeherve
Tickets Awaiting Review,50745,Visualisation of site health could be better,,Site Health,,normal,normal,Awaiting Review,enhancement,new,,2020-07-23T19:41:18Z,2020-09-21T19:34:04Z,"Currently the colored circle in the dashboard widget and in the top of the Site Health-page is quite vague in my opinion. Why is it so small, and what does the thin color border communicate? It does not communicate the grade of health for me.
Just an idea: could we use a more direct way to communicate the health with better graphics? I tried a thermomether/scale with an arrow and three colors exposed all the time. With it you get an idea of where your are, and where you could be.
Thanks!
",kebbet
Tickets Awaiting Review,50754,REST updating a post without author support updates the author to the current user,,Editor,5.0,normal,normal,Awaiting Review,defect (bug),new,,2020-07-24T10:53:26Z,2021-12-27T20:56:40Z,"When updaing a post using the REST API, if the post belongs to a post type that does not support post author, then the database entry for the post gets updated and the current user is set as author.
Steps to reproduce, using the Blocks editor as REST API cover:
* Register a post type and make sure you do not declare support for post author.
* Create a new post for that type using the blocks editor, and notice that the databse entry for it sets the author to be the current user.
* Switch to another user with proper editing capabilities, and edit the post again also using the post editor.
* Upong saving, confirm that the database entry for the post states that th author is this second user.
This does not happen when updating a post manually using the legacy classic editor: in this case, the author set when first creating the post is respected on following edits.
Although this might be considered a minor thing (the post type should not be supporting author logic, right?), the implications reach deeper. Users set as the post author in the database get notifications on new comments, for eample, despite the author support for their post type. Having them modified inconsistently based on the editor used to adjust the content copy introduces a major editorial flow nightmare in sites maintained by multiple users.
Probably related: #47041",jadpm
Tickets with Patches,50773,Merge duplicate strings in bulk actions and row actions for list tables,SergeyBiryukov,I18N,,normal,normal,Future Release,defect (bug),reviewing,has-patch,2020-07-26T12:15:17Z,2022-05-02T01:00:32Z,"Backround: #40244, #50747.
As noted by @ramiy in comment:25:ticket:40244 and me in comment:5:ticket:50747, as part of the changes in [48352] and [48595] some strings were duplicated with a different case:
* `_x( 'Not Spam', 'comment' )`
* `_x( 'Not spam', 'comment' )`
* `_x( 'Not Spam', 'site' )`
* `_x( 'Not spam', 'site' )`
Additionally, some strings kept title casing and should be switched to sentence casing for consistency with others:
* `__( 'Enable Auto-updates' )`
* `__( 'Disable Auto-updates' )`
* `__( 'Network Activate' )`
* `__( 'Network Deactivate' )`
* `__( 'Network Enable' )`
* `__( 'Network Disable' )`
The problem is that some of these strings are not only used in bulk actions, but also in row actions.
While most of bulk action strings appear to be switched to sentence casing across the admin now, row actions are not. It seems like that would be the next step to bring some consistency here.",SergeyBiryukov
Unpatched Enhancements,50787,Consolidate the logic for displaying WP & PHP compatibility messages for themes,SergeyBiryukov*,Site Health,,normal,normal,Future Release,task (blessed),accepted,,2020-07-27T15:29:23Z,2021-02-22T15:04:43Z,"Background: #48491
As part of the changes on [48636-48638,48640], these messages are duplicated in at least seven different places:
* ""This theme doesn’t work with your versions of WordPress and PHP. Please update WordPress, and then learn more about updating PHP.""
* ""This theme doesn’t work with your version of WordPress. Please update WordPress.""
* ""This theme doesn’t work with your version of PHP. Learn more about updating PHP.""
See comment:36:ticket:48491 for the list of relevant areas.
It would be nice to consolidate the logic in one place.",SergeyBiryukov
Tickets Awaiting Review,50789,Improve WPDB logic around information_schema,,Database,5.5,normal,normal,Awaiting Review,defect (bug),new,,2020-07-27T17:43:37Z,2021-06-11T16:29:40Z,"WooCommerce uses a query on `information_schema.table_constraints` to determine whether it needs to add a foreign key constraint to one of its tables.
{{{
SELECT
COUNT(*) AS fk_count
FROM
information_schema.TABLE_CONSTRAINTS
WHERE
CONSTRAINT_SCHEMA = ''
AND CONSTRAINT_NAME = 'fk_wp_12345_wc_download_log_permission_id'
AND CONSTRAINT_TYPE = 'FOREIGN KEY'
AND TABLE_NAME = 'wp_12345_wc_download_log'
}}}
`$wpdb->get_table_from_query` returns `information_schema` which is not a table, it is a database containing the table `TABLE_CONSTRAINTS`. So it seems there is room to improve this method to extract the table name in cases where it is preceded by a database name. However, this is not the goal of this ticket. In the specific case of `information_schema` tables, we're more interested in the table referenced in the `WHERE` clause.
My use case involves a `wpdb` drop-in, WordPress.com's hyperdb, which was the original source of this method when it was added in [30345]. We use hyperdb to map queries to database servers using table names as map keys. Given a table like `wp_12345_posts` we connect to the right database.
The database `information_schema` exists in all database servers. When WooCommerce queries the table `table_constraints` it's looking for information about the table `wp_12345_wc_download_log`. To route the query to the appropriate database server, we are interested in this table name.
I would propose adding this before the first `preg_match` in `get_table_from_query`:
{{{
// SELECT FROM information_schema.* WHERE TABLE_NAME = 'wp_12345_foo'
if ( preg_match('/^\s*'
. 'SELECT.*?\s+FROM\s+`?information_schema`?\.'
. '.*\s+TABLE_NAME\s*=\s*[""\']([\w-]+)[""\']/is', $q, $maybe) )
return $maybe[1];
}}}
This returns `wp_12345_wc_download_log` which allows us to route the query to the correct database server.
I am able to patch WordPress.com's drop-in to check this pattern before calling the parent method in core's `wpdb`. So there is no need to rush on our behalf.
Does anyone know of a use case that relies on the existing implementation?
It might be argued that a caller of this function would expect the return to be `TABLE_CONSTRAINTS` in this case. However, I was unable to find any tickets requesting a fix for the current behavior. I believe the best fix would be to return the table name from the `WHERE` clause.",andy
Tickets Awaiting Review,50797,Maintenance file path should be configurable,,Upgrade/Install,,normal,normal,Awaiting Review,enhancement,new,,2020-07-28T11:42:29Z,2020-09-16T18:02:59Z,"The maintenance file path is hardcoded to:
{{{#!php
ABSPATH . '.maintenance'
}}}
In other words, it is assumed to be in the **WordPress root directory**.
When working on high availability environments with **N WordPress replicas**, it's common to use NFS to sync data across every replica. For instance, you can mount a NFS volume at **wp-content**.
To ensure the maintenance mode is simultaneously activated/deactivated on every replica, we also need to ensure the maintenance file is synced between replicas. That's why we need its path to be configurable, so we can change its location to a different directory where a NFS volume is mounted.",juanariza131
Tickets Awaiting Review,50803,Button link missing from block settings,,Editor,,normal,normal,Awaiting Review,enhancement,new,,2020-07-29T13:22:52Z,2021-03-09T17:37:03Z,"When making a new post, adding a link to a button from the right side Block settings doesn't work, but adding it from the quick settings that appear next to block works.
Here is a video regarding the problem https://www.loom.com/share/6cf1f260edb7441d8a46f6bab0cfe804",irinelenache
Tickets Awaiting Review,50811,Widget title box and text content not proper align.,,Widgets,5.5,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-07-29T16:00:32Z,2020-11-17T16:10:49Z,"The widget title box and text content alignment is not proper. it needs to align.
http://localhost/src/wp-admin/widgets.php
",vinita29
Tickets Awaiting Review,50814,Success Message Displays on Failure to Update Site Address,,Networks and Sites,5.4.2,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-07-29T21:03:51Z,2022-02-11T15:36:32Z,"There's a misleading success message, ""Site info updated"" that displays on page refresh after you attempt to update an individual site's address to one that is already in use.
(I'll attach a screen recording of an example!)",megabyterose
Unpatched Bugs,50815,Use consistent checks for displaying the Filter button in different list tables,SergeyBiryukov,Administration,,normal,normal,Future Release,defect (bug),reviewing,,2020-07-29T23:01:05Z,2021-06-08T22:08:04Z,"As an extension of #40188, let's bring some consistency to `class-wp-posts-list-table.php` and `class-wp-ms-sites-list-table.php` to check `$this->has_items()`, instead of `! empty( $output )`.
",whyisjake
Unpatched Enhancements,50817,TinyMCE: default_link_target is ignored,,TinyMCE,,normal,minor,Future Release,enhancement,new,,2020-07-30T10:56:21Z,2021-06-02T23:49:28Z,"I use the following filter, to set the default_link_target for TinyMCE to _blank:
{{{#!php
{
console.log(editor.getParam('default_link_target'))
})
// output is: ‘_blank’
}}}
The problem is, that the default_link_target-setting is never taken into account inside the wplink-Plugin of WordPress:
{{{
src/wp-includes/js/tinymce/plugins/wplink/plugin.js
}}}
I have a Bugfix ready on a cloned repository of https://github.com/WordPress/wordpress-develop
Unfortunately there is the following inside the .gitignore-file of the repository:
{{{
/src/wp-includes/js
}}}
Is there any other place, where I could commit changes to the JavaScript code? Did I miss something? How could I create a pull-request on the github-repository with changed JS-Code?
",utoppo
Candidates for Closure,50820,Admin side menu items hover doesn't work on version 5.5-RC1-48687,,Menus,5.5,normal,critical,Awaiting Review,defect (bug),new,reporter-feedback,2020-07-30T16:47:12Z,2020-08-11T19:08:07Z,"When in admin, the hover doesn't work on the menu items on the main left menu. If I click an item, its floating submenu appears instantly but then disappears as the clicked page loads. ",theogk
Unpatched Enhancements,50823,Miss button add new post on page edit post (editor guttenberg),audrasjb*,Editor,5.4.2,normal,major,Future Release,feature request,accepted,dev-feedback,2020-07-31T03:04:15Z,2022-10-20T05:40:29Z,"Hey guys,
In the classic Editor when you were adding a post, you already had the button to add another one on the same screen and it speeds up the process a lot, please bring it back! (in red: add new)[[Image(https://prnt.sc/tpkyp8)]]",welitonmartins
Tickets Awaiting Review,50850,"When the deactivate_plugins() function is called in the ABSPATH/wp-admin/includes/plugin.php file, the is_plugin_active_for_network() conditional tag always returns true when the active_sitewide_plugins sitemeta option is set to 1",,Plugins,5.4.2,normal,normal,Awaiting Review,defect (bug),new,,2020-08-05T01:28:10Z,2020-09-08T21:11:46Z,"On multisite during the process of activating a plugin across the network (sitewide plugin activation), I noticed that if the activation process is not successful or if errors are triggered, the `active_sitewide_plugins' sitemeta option will be set to 1 and this causes the **is_plugin_active_for_network()** conditional tag to return true when called within the **deactivate_plugins** function, which is so untrue.
Also, when on the admin or network `plugins.php` screen, the **deactivate_plugins()** function triggers the following error becuase the **$plugins = get_site_option( 'active_sitewide_plugins' )** code doesn't return the correct type (array):
{{{
Fatal error: Uncaught Error: Cannot unset string offsets in ABSPATH\wp-admin\includes\plugin.php on line 779
}}}
Futhermore, after exploring the error, I found that since the **active_sitewide_plugins** sitemeta option is set to 1 and the **array_keys()** function is used to extract the plugin basenames into a new array and merged with non-sitewide activated plugins, then when used in the **foreach()** loop, this will always return true.
{{{#!php
error,,Formatting,5.4.2,normal,normal,Awaiting Review,defect (bug),new,needs-unit-tests,2020-08-06T02:49:55Z,2020-08-06T13:41:14Z,"There is a bug that is very simple to reproduce -
if you create a [playlist] and then add some text, such as
[playlist ids=""1,2,3""] Hey everyone, check out my new songs!
it will produce an html parsing error where element is closed, but never opened.
Thank you",hvar
Tickets Needing Feedback,50866,Media Uploader Blows Up File Sizes,antpb,Media,5.4.2,normal,major,Future Release,defect (bug),assigned,dev-feedback,2020-08-06T03:06:49Z,2022-04-27T05:49:21Z,"Dear Developers,
this is a flaw in the media uploader that is very simple to reproduce:
create a 512x512 PNG image with best compression,
make sure that your wordpress is set to create small, medium, and large versions of that image,
set one of those versions to be also 512x512px, so when you upload a 512x512px image the media manager will create a copy of that image with the same size.
upload the image.
wordpress's uploader will not use the original 512x512px PNG image when this size is requested by a page, but instead it will use its own 512x512px image that it has created, and
compare sizes - the media uploader's PNG image file is at least 3x-4x times bigger, and wordpress will use that bigger image file instead of the smaller original of the same dimensions, and better compression.
Please, could you fix that?
Thank you",hvar
Tickets Awaiting Review,50873,Search query parameter causes 404 on pagename match rules,,Query,5.4.2,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-08-07T14:55:32Z,2024-02-15T06:36:19Z,"With permalinks turned on, visit a post or page. Then append `?s=test` to the url. It should look like this: `https://example.com/post-slug/?s=test`. You will probably hit the 404 page.
The expected behavior is to get to the post or page you hit, ie `https://example.com/post-slug/`
Instead, you hit a 404 page.
This is due to both the search query and post slug query getting combined instead of one taking priority over the other.
The resulting query is a combination of a search query and post slug query which results in no posts being found, unless the search term is also in the post slug. See below:
{{{
SELECT wp_posts.*
FROM wp_posts
WHERE 1=1
AND wp_posts.post_name = 'post-slug'
AND (((wp_posts.post_title LIKE '%test%')
OR (wp_posts.post_excerpt LIKE '%test%')
OR (wp_posts.post_content LIKE '%test%')))
AND wp_posts.post_type = 'post'
ORDER BY wp_posts.post_title LIKE '%test%' DESC, wp_posts.post_date DESC
}}}
This is using `https://example.com/post-slug/?s=test` as the example url.
I would expect the search query string to be ignore unless the visitor is on the search page (front/home page by default).",MikeNGarrett
Tickets Awaiting Review,50885,Setting a pre_get_posts query post_type to array results in broken wp-admin filters,,Query,5.4.2,normal,normal,Awaiting Review,defect (bug),new,,2020-08-10T12:46:14Z,2020-08-11T01:27:00Z,"I have a in-house plugin which creates a few extra alternate post types (eg. `post_custom`), and one of its requirements is that these post types are queried together with normal posts.
To do this, I've implemented a function which converts any queries for the `post` post type into `array( 'post', 'post_custom', ... )` and it works as it should, but when on wp-admin, if one tries to go into the default ""Posts"" menu and filter by author or even search for anything, it will return a message saying ""Invalid post type"".
Checking the URL, it will contain the `post_type` query string as ""Array"" instead of ""post"", and changing it manually to ""post"" fixes the issue. I guess the wp-admin interface is not handling the array of post types correctly?",matpratta
Unpatched Enhancements,50921,Consider adding title attributes for metabox order buttons,joedolson*,"Posts, Post Types",5.5,normal,normal,Future Release,enhancement,accepted,,2020-08-12T04:48:33Z,2021-05-26T09:02:02Z,It's obvious but I feel the title attribute for new metabox indicators will be helpful for some users to know what will these indicator buttons do by browser's tooltip.,ibachal
Tickets with Patches,50980,Extra query to get WPLANG option on each page-load when the option doesn't exist in the db,SergeyBiryukov,I18N,5.0,normal,normal,Future Release,defect (bug),reviewing,has-patch,2020-08-13T12:00:16Z,2021-06-01T20:28:57Z,"On each page-load we call `determine_locale()` which in turn tries to get the `WPLANG` option using `get_option`.
When the site language is `en_US` and has never been changed, the `WPLANG` option doesn't exist in the options table in the database.
As a result, `get_option` doesn’t find it autoloaded and then triggers a query.
If the language is changed to something else and then back to `en_US`, the option is saved as an empty string and gets autoloaded.
Proposed solution:
The simplest solution that comes to mind (which also wouldn't interfere with the way multilingual plugins work) would be to check if the row exists in the table, and if not just create it and save as empty string. It can then get picked-up by the object-caches and spare us the extra query.",aristath
Unpatched Bugs,51004,New sitemaps feature work only on root site in a multisite subdirectory setup,,Sitemaps,5.5,normal,normal,Future Release,defect (bug),reopened,has-patch,2020-08-14T13:18:24Z,2020-10-15T22:22:14Z,"Hello everyone,
I have a multisite subdirectory network installation, I can only access /wp-sitemap.xml in the “main site”, subsites shows me a 404 not found error. I don't have a subdomain setup so I can't verify if the same issue happens on this kind of setup.
**To exemplify my problem, today I have:**
{{{
example.com/wp-sitemap.xml (Found)
example.com/my-sub-site1/wp-sitemap.xml (Not Found)
example.com/my-sub-site2/wp-sitemap.xml (Not Found)
}}}
**But I want this instead:**
{{{
example.com/wp-sitemap.xml (Found)
example.com/my-sub-site1/wp-sitemap.xml (Found)
example.com/my-sub-site2/wp-sitemap.xml (Found)
}}}
I think we have a bug here, right ?
Also robots.txt lists only the main site sitemap, already found a ticket for this here: #50456
Thanks for this great addition to WordPress.",edemir206
Slated for Next Release,51006,Add a mechanism for accessible tooltips in core,joedolson*,General,,normal,normal,6.6,enhancement,accepted,dev-feedback,2020-08-14T14:56:32Z,2024-02-12T14:59:51Z,"While we've worked hard to eliminate usage of the title attribute across most of WordPress core, there is still an occasional need for that type of contextual information, and the lack of it is a barrier to resolving some issues (e.g. #50921) and removing some of the last instances of the title attribute.
An accessible tooltip will need to meet these criteria:
1) Be available either via the mouse, via the keyboard, or via touch.
2) Be persistent until dismissed
3) Support primary & auxiliary usage, dependent on whether the tooltip is the sole name of the control or an elaboration of existing text.
Useful reference on accessible tooltips: https://inclusive-components.design/tooltips-toggletips/
",joedolson
Tickets Awaiting Review,51008,Issue with multisite new user registration,,Login and Registration,5.5,normal,critical,Awaiting Review,defect (bug),new,,2020-08-14T18:51:00Z,2020-08-14T19:01:50Z,"I replicated this issue with a brand new install.
I am using multisite setup. I updated to WP 5.5 and noticed it no longer allows you to register for the individual site. In this example(testsite1 is the sub-site), When a user clicks register -> test.com/testsite1/wp-login.php?action=register It'll redirect the user to the main site -> test.com/wp-signup.php
When you sign up using that page, the user is not connected to any site within the network. However, the user does appear in wp-admin/network/users.php",onehare
Tickets Awaiting Review,51039,Enhancement: Show a prompt in dashboard to recruit more translators,,I18N,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2020-08-17T07:15:11Z,2023-08-18T05:09:24Z,"Problem: Out of 204 available locales teams, around 130 are behind by more than one major version in releasing their core language pack, and considered to be “inactive.” The common issue among them is that they don't have enough contributors to suggest and approve translations. Also, once the team becomes inactive, it's very hard to find and onboard new contributors.
In the [https://make.wordpress.org/polyglots/handbook/plugin-theme-authors-guide/#generating-community-contributions Polyglots Team handbook], we suggest plugin authors who are looking for translators of their product to show a dismissible message in the dashboard. How about core also adopts that method for core?
* Only show suggestions to users whose browser language is not English AND it matches one of the inactive locales ([https://make.wordpress.org/polyglots/teams/#major-behind-many behind by more than one major version] or no language pack is ever created).
* Link to a polyglots handbook page where the new contributor can get more info (I suggest [https://make.wordpress.org/polyglots/handbook/translating/first-steps/ First Steps] page for now)
The message could look like this:
**Translate WordPress to LOCALE_NAME:** It looks like you understand LOCALE_NAME. Did you know you can help translate WordPress in your language? [https://make.wordpress.org/polyglots/handbook/translating/first-steps/ Visit this page] to get started.
After some time, polyglots global mentors can check and promote new contributors based on our [https://make.wordpress.org/polyglots/handbook/translating/expectations/translation-editor-locale-manager-vetting-criteria/ GTE/Locale Manager] vetting criteria and provide mentorship to help them stay active.
",Nao
Unpatched Enhancements,51072,Add action hook after theme skip links,sarahricker,Themes,5.5,normal,normal,Future Release,feature request,assigned,,2020-08-20T01:48:13Z,2020-10-16T14:42:38Z,"Not sure if this is the right place. My feature request is to add a default hook in themes that is after skip links. I was recently working on a code project where I had a widget loaded in wp_footer but had no idea how to dynamically add a trigger link in the header for screen readers. If I used jQuery to add it before the first link, it could come before skip links and this is bad UX. If I added it after the first link, there could be multiple skip links creating a mess or maybe the theme doesn't have skip links, it could insert after a logo. There are also themes with top navigation, etc. that makes this rather difficult to figure out how to dynamically insert a trigger link.
If theme guidelines were updated to require a hook after skip links, I could simply add my trigger link like this.
{{{#!php
Trigger Link';
}); ?>
}}}
In the header.php file, it might look something like this.
{{{#!php
Skip to main content';
do_action( 'theme_after_skip_links' );
?>
}}}
Hopefully others will agree that there are situations this could be really useful to plugin and even child theme developers.
Thanks.",alexstine
Unpatched Enhancements,51086,Add native support for tabbed settings pages in WP Admin,joedolson*,Administration,,normal,normal,Future Release,enhancement,accepted,,2020-08-20T20:07:36Z,2021-12-17T16:46:26Z,"There are a lot of plugins out there handling tabbed setting screens in different ways, so it may be time to introduce a standard API for this pattern.
This patch adds a new `do_tabbed_settings_sections()` function which works just like the Settings API's `do_settings_sections()` function, but prints each section heading as a tab/panel combination. In situations where there's only one section to render, the new function will fall back to its un-tabbed sibling.
The patch also includes a standard script for tabbing between different setting sections, with support for linking directly to a particular tab via the URL hash (e.g. !https://example.com/wp-admin/options-general.php?page=some-settings-page#some-tab-ID).",stevegrunwell
Unpatched Enhancements,51092,Create a JSON schema for Privacy and Other Related Disclosures,,Privacy,,normal,normal,Future Release,feature request,new,dev-feedback,2020-08-21T09:20:52Z,2020-10-07T18:41:45Z,"**Background:**
The Disclosures Tab is an initiative that is underway in the Core Privacy Team.
The aim is to help site owners / admins better understand what information their site (plugins, themes and Core) collects, where the information is stored and where it is sent - and in particular, who it is shared with.
We hope to help site owners / admins make more informed privacy choices (e.g. when choosing which plugin to install) and to better understand their risk profile when it comes to privacy.
For the most part, the actual ""controlling"" is planned for a sibling plugin, the Permissions Tab, which is not currently intended to be merged into Core, as this will contain more advanced settings.
You can read more about the various privacy initiatives here: https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-meeting-19-august-2020/
**The Challenge:**
Free-form disclosures in the readme.txt would create a lot of additional work for the plugins review team.
Moreover, it makes it near impossible to compare across plugins, or to use the information in any sort of automated process.
The Disclosures Tab seeks to standardize the way that plugin, theme authors and Core can disclose privacy and other related concerns to site owners / admins, by creating quasi-""headers"" and limiting the acceptable values for each.
**The Solution:**
Each plugin, theme and core component can have a file called disclosures.json that could be read by Core (and Meta) using relatively simple REST API functionality.
In its current form, the JSON schema does not set any fields as ""required"".
As URLs are not one of the six data types accepted by JSON, these types have been set as ""string""s.
The format for internal URLs has been set to ""uri-reference"" to allow for relative URLs.
Items are not marked as ""uniqueItems"" because we would rather warn (after validation in PHP) than reject the file because of duplicates.
**Scope:**
This ticket proposes the schema.
[] will be created for the validation of the schema by Core (particularly the URLs using PHP).
[] will be created for internationalization (WP CLI and WordPress.org).
#51156 creates developer documentation.
#51144 proposes a UI for site-level privacy disclosures and related settings.
{{{#!php
Your Privacy
While logged in:
}}}
''Plugins should be able to filter paragraph:''
{{{#!php
Your privacy choices while logged in are saved in the database and will persist until you change them.
You may be prompted to update your consent from time to time.
For example, you may be asked whether you still consent to marketing if you have previously opted in
and the site added a new cookie.
This is merely an example, as legislative requirements differ between jurisdictions.
Consent categories:
}}}
''User_meta values should only be created once a user saves their privacy preferences, not once a new user is created, to not unnecessarily strain large sites.
Plugins should be able to update the default values for the checkboxes (i.e. for when no user_meta value exists), as well as whether the checkboxes should be edit-able by the user or not, as obligations may vary depending on the jurisdictions involved.''
{{{#!php
While logged out:
}}}
''Plugins should be able to filter this paragraph:''
{{{#!php
Your privacy choices while logged out are saved in a cookie
and will only persist until the cookie expires, or is deleted.
If this happens, these values will reset to the website's defaults.
5 checkboxes with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing.
}}}
''There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.''
{{{#!php
Website defaults
5 checkboxes (not select-able) with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing. These should display the site's default values, which should be edit-able by plugins.
}}}
''There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.''
Ideally, there would be a mechanism (e.g. two buttons) to request data export or erasure here.
Thanks a lot to Ronnie Burt for bringing this up on Slack!
It is important to note that the user should need to log again to make either an export or erasure request.
Also, the request needs to be confirmed via e-mail for registered users.
I imagine this would work best if it was similar to how password resets work at the moment.
More background here: https://core.trac.wordpress.org/ticket/43437
Suggested text for buttons:
{{{#!php
}}}
`json_encode()` serializes data into a string that can be used as a JavaScript literal* (e.g., `null`, `true`, `false`, `1234` (numbers), `""strings""`, `[ ""arrays"" ]`, and `{ ""objects"": ""oh my""}`.)
JSON serialization, though, has nothing to do with HTML, and so does not treat characters that are special in HTML (`<`, `>`, `&`, `'`, `""`) in any special way: essentially, the code above is as bad as `echo $_GET['foo']`.
Securing the above code is as simple as it always is in WordPress. We’re echoing data inside an HTML text node, so we use `esc_html()`:
{{{
OK:
}}}
Unfortunately, while secure 😀, this code is not actually correct ☹️. For historical reasons, `esc_html()` will not touch HTML entities (`&`):
|| Input || `htmlspecialchars()` || `esc_html()` ||
|| `&` || `&` 😀 || `&` 😀 ||
|| `&` || `&` 😀 || `&` ☹️ ||
In the example above, if there are any HTML entities in $_GET, they will be echoed verbatim to the page, which means they will appear unescaped to the page’s visitor.
=== In an HTML Text Node ===
To faithfully represent the contents of a JSON blob in an HTML text node, the following code must be used:
{{{
GOOD:
`&`
); ?>
}}}
This code is only appropriate for outputting JSON in HTML text nodes. There are several other contexts where we would like to output JSON, and each of those different contexts requires different treatment.
=== As an HTML Attribute Node ===
Though the HTML5 `.dataset` API only accepts string values for `data-*` attributes, jQuery will automatically parse `data-*` attribute values that are JSON serializations. So, when using jQuery, the following pattern is often handy:
{{{
BAD:
}}}
Handy but, as we should know by now, insecure 😀. We need to HTML-escape the output.
Like `esc_html()`, `esc_attr()` also leaves HTML entities untouched, so, again, the solution is to “manually” use `_wp_specialchars()`:
{{{
GOOD:
`&`
); ?>'>
}}}
It’s important to note that this code snippet is suitable for whole HTML attributes. It is not appropriate for use on part of an HTML attribute.
In general, when we want to output a JSON blob as part of an HTML attribute, it’s because we’re trying to use it as a JavaScript literal:
{{{
BAD:
)"">
}}}
We’ve seen that using json_encode() by itself in this context is not secure, but neither is using the above HTML attribute code (`_wp_specialchars( json_encode(), … )`). In the `data-foo` case above, we’re outputting JSON. In the `onclick` case, we’re outputting a JavaScript literal. `_wp_specialchars()` does enough to the JSON blob to make it safe for use as an HTML attribute, but it does not do anything to make it safe for use within JavaScript.
Despite claiming above that `json_encode()` outputs JavaScript literals, it’s more complicated than that.
In a `
}}}
There are multiple ways in which this is insecure.
First, for some pages, HTML entities and the characters they represent are one and the same in the `
}}}
Exactly how HTML entities are interpreted in
}}}
If we’re outputting a string, we can URL-encode it in PHP and URL-decode it in JavaScript. (We do have to make sure we use the right functions: `rawurlencode()` is slightly better than `urlencode()` here, and `decodeURIComponent()` is required over JavaScript’s deprecated `unescape()`.)
The useful property of URL-encoding that we’re exploiting is that the transformed string is guaranteed not to have any characters in it that are regarded as special in the HTML context (`<`, `>`, `&`, `'`, `""`), so there’s no way to output `""` or an HTML Comment Opener.
For non-scalar data, this can be extended via json_encode():
{{{
GOOD:
}}}
Rather than using the output of `json_encode()` as a JavaScript literal, the code above URL-encodes the whole serialization (braces, quotation marks and all), and we URL-decode and parse the resulting string in JavaScript to get back the structured data.
This URL-encoding is a bit tedious and results in some ugly looking JavaScript. (Ugly JavaScript is better than vulnerable JavaScript!) We can instead use JavaScript’s Unicode-escaping:
HTML Special Characters:
{{{
}}}
PHP’s `json_encode()` has an `$options` parameter, which can be used to always Unicode-escape these HTML special characters:
{{{
ALMOST (PHP 5.3+):
}}}
These constants are only available as of PHP 5.3.
Also, just replacing those characters isn’t good enough. We also need to Unicode-escape ``` and `$` because of their special meanings in JavaScript template literals.
{{{
GOOD (PHP 5.3+):
}}}",whyisjake
Tickets Awaiting Review,51167,Document the $update_results parameter in auto-update email filters,,Upgrade/Install,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-08-28T02:50:23Z,2022-12-15T23:24:00Z,"In a similar way to #51126, the structure of the `$update_results` parameter added to auto-update email filters in [48888] should be documented.
The filters in question:
* `auto_plugin_update_send_email`
* `auto_theme_update_send_email`",SergeyBiryukov
Tickets Awaiting Review,51200,Consider a better way to deprecate JavaScript code,,Script Loader,,normal,normal,Awaiting Review,enhancement,new,,2020-08-31T20:56:32Z,2020-08-31T21:30:53Z,"Background: #51123
At the moment, we have some established functions for deprecating PHP functionality:
* `_deprecated_function()`
* `_deprecated_constructor()`
* `_deprecated_file()`
* `_deprecated_argument()`
* `_deprecated_hook()`
As well as some files to move deprecated functions to:
* `wp-admin/includes/deprecated.php`
* `wp-admin/includes/ms-deprecated.php`
* `wp-includes/deprecated.php`
* `wp-includes/ms-deprecated.php`
* `wp-includes/pluggable-deprecated.php`
We don't, however, have a similar way to deprecate JavaScript functionality, sometimes leading to more breakage than necessary when removing global objects or properties without backward compatibility considerations.
[48923] attempted to improve things a bit introducing `deprecatedProperty()`.
Some ideas previously suggested to further make sure we have a way to deprecate JavaScript code properly:
* Have a clear deprecation policy of when the affected code should be removed.
* Use the [https://developer.wordpress.org/block-editor/packages/packages-deprecated/ @wordpress/deprecated] package (suggested by @ocean90 in comment:33:ticket:51123).
* Create a `deprecated.js` file for the code to be moved to (suggested by @desrosj on Slack).",SergeyBiryukov
Tickets Awaiting Review,51227,Update paginate_links dots to account for total pages,,General,5.5.1,normal,trivial,Awaiting Review,enhancement,new,has-patch,2020-09-03T00:06:12Z,2020-09-03T00:08:51Z,"Currently, under certain conditions the pagination shows dots when it would make more sense to show a number.
Example:
If you have the following variables:
{{{
Mid size: 2
End size: 1
Total pages: 5
Current page: 1
}}}
Then it will visually output as follows:
{{{
Prev 1 2 3 ... 5 Next
}}}
With current changed to 5 then it will show dots at 2 instead.
In this case, it would make more sense to show the number instead of dots.
",mikeybinns
Candidates for Closure,51235,Insert Media from URL: blank screen,,Media,5.5.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2020-09-03T18:17:10Z,2020-09-05T12:39:31Z,"When trying to add media to a page. If the option ""Insert from URL"" is selected, a blank screen is presented with no ability to enter a url. This is present in Single and multisite versions of WordPress 5.5.1 and has been persistent for the last several versions. the PHP version is 7.4.9 but has also been an issue with earlier versions.",jbb0906
Unpatched Bugs,51236,Twenty Sixteen: Quotes don't inherit group color settings,,Bundled Theme,,normal,normal,Future Release,defect (bug),new,,2020-09-03T20:41:20Z,2021-11-03T07:42:15Z,"If you have a quote inside of a group block, the group block's text color settings are not carried into the quote.",melchoyce
Tickets Awaiting Review,51243,[JS] Exception when setting or trying to upload a featured image in a post,,Media,5.5.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-09-04T09:43:43Z,2020-10-30T07:15:30Z,"I'm getting the following JS exception when trying to set or upload a featured image in a post. The editor then exits with an error message.
{{{
TypeError: this.obj._listeners is undefined
Backbone 5
t https://ig-klettern.org/wp-includes/js/media-views.min.js?ver=5.5:2
dispose https://ig-klettern.org/wp-includes/js/media-views.min.js?ver=5.5:2
dispose https://ig-klettern.org/wp-includes/js/media-views.min.js?ver=5.5:2
remove https://ig-klettern.org/wp-includes/js/media-views.min.js?ver=5.5:2
Underscore 3
Backbone 2
remove https://ig-klettern.org/wp-includes/js/media-views.min.js?ver=5.5:2
Underscore 3
Backbone 2
remove https://ig-klettern.org/wp-includes/js/media-views.min.js?ver=5.5:2
value https://ig-klettern.org/wp-includes/js/dist/media-utils.min.js?ver=9ad24b42cc69f241229ded4dc61409fb:2
Ii https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:104
$g https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:105
bh https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:105
ah https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:109
Ti https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:145
unstable_runWithPriority https://ig-klettern.org/wp-includes/js/dist/vendor/react.min.js?ver=16.9.0:26
Ma https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
Ia https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:140
ze https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:118
mg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:53
unstable_runWithPriority https://ig-klettern.org/wp-includes/js/dist/vendor/react.min.js?ver=16.9.0:26
Ma https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
mg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
V https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
Sb https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:213
Mg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:85
e https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
t https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
o https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
o https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
b https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
p https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
s Redux
I https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
N https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
default https://ig-klettern.org/wp-includes/js/dist/block-editor.min.js?ver=6d92bbc61845b6652c64f83c59aee1f0:12
t https://ig-klettern.org/wp-includes/js/dist/block-editor.min.js?ver=6d92bbc61845b6652c64f83c59aee1f0:7
s https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
he https://ig-klettern.org/wp-includes/js/dist/rich-text.min.js?ver=a4056cfcb2aec8ceb3c8e8935dfd0bc4:7
react-dom.min.js:103:487
ve https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:103
callback https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:114
yg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:62
xg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:61
Ti https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:148
unstable_runWithPriority https://ig-klettern.org/wp-includes/js/dist/vendor/react.min.js?ver=16.9.0:26
Ma https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
Ia https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:140
ze https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:118
mg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:53
unstable_runWithPriority https://ig-klettern.org/wp-includes/js/dist/vendor/react.min.js?ver=16.9.0:26
Ma https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
mg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
V https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:52
Sb https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:213
Mg https://ig-klettern.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0:85
e https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
t https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
o https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
o https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
b https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
p https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
s Redux
I https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
N https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
default https://ig-klettern.org/wp-includes/js/dist/block-editor.min.js?ver=6d92bbc61845b6652c64f83c59aee1f0:12
t https://ig-klettern.org/wp-includes/js/dist/block-editor.min.js?ver=6d92bbc61845b6652c64f83c59aee1f0:7
s https://ig-klettern.org/wp-includes/js/dist/data.min.js?ver=75f90354ddff4acd5b0b4026454037ca:2
he https://ig-klettern.org/wp-includes/js/dist/rich-text.min.js?ver=a4056cfcb2aec8ceb3c8e8935dfd0bc4:7
Uncaught TypeError: r is null
Ce https://ig-klettern.org/wp-includes/js/dist/rich-text.min.js?ver=a4056cfcb2aec8ceb3c8e8935dfd0bc4:7
fe https://ig-klettern.org/wp-includes/js/dist/rich-text.min.js?ver=a4056cfcb2aec8ceb3c8e8935dfd0bc4:7
he https://ig-klettern.org/wp-includes/js/dist/rich-text.min.js?ver=a4056cfcb2aec8ceb3c8e8935dfd0bc4:7
rich-text.min.js:7:29619
}}}
The following patch fixes the issue for me:
{{{
diff -u wp-includes/js/backbone.js.orig wp-includes/js/backbone.js
--- wp-includes/js/backbone.js.orig 2020-09-04 11:34:27.333611546 +0200
+++ wp-includes/js/backbone.js 2020-09-04 11:35:31.813714069 +0200
@@ -374,7 +374,7 @@
// Cleans up memory bindings between the listener and the listenee.
Listening.prototype.cleanup = function() {
delete this.listener._listeningTo[this.obj._listenId];
- if (!this.interop) delete this.obj._listeners[this.id];
+ if (!this.interop && this.obj._listeners) delete this.obj._listeners[this.id];
};
// Aliases for backwards compatibility.
}}}
",cryptomilk
Tickets Needing Feedback,51249,design issue under customize input box for Schedule in 5.5.1,,Customize,,normal,normal,Future Release,defect (bug),new,dev-feedback,2020-09-05T09:43:54Z,2020-11-17T16:08:13Z,"I have found a design issue in Schedule your customization changes to publish.
Need improvement for design under the customize input box of Schedule.
",rkradadiya
Tickets with Patches,51258,Fire an action when `replace_editor` is filtered to true,,Editor,4.9,normal,normal,Future Release,enhancement,new,has-patch,2020-09-05T23:30:22Z,2021-11-04T23:11:38Z,"The `replace_editor` filter was added during the development of Gutenberg to make it possible to implement multiple editor options. See [41829].
Gutenberg [https://github.com/WordPress/gutenberg/blame/08da64b407e95683946b34cf6ebca5d52ac28227/gutenberg.php previously used this filter] to inject necessary hooks and markup before returning `true` to indicate that the editor had been replaced.
The `replace_editor` filter is no longer used by the block editor or the Gutenberg plugin—as it has become the editor. Instead, we rely on `use_block_editor_for_post()` to determine whether the block or classic interface should load.
In the current state, if `true` is returned via `replace_editor`, the current screen is set and the admin footer markup is loaded. There is no clean opportunity to add markup or other logic. This can be done during the filter, but that does not provide a clean pattern, especially if one or more pieces of code may be making a decision on editor replacement. See #50216 for a description of how it may fire multiple times.
The patch attached to this ticket adds a `replaced_editor` action in the `post-new.php` and `post.php` files so that plugins can cleanly inject replacement editor code. ",jeremyfelt
Tickets Awaiting Review,51275,Auto logout loses your content if not saved,,Users,5.5.1,normal,normal,Awaiting Review,enhancement,reopened,,2020-09-09T15:15:33Z,2020-10-02T12:48:33Z,"Not sure if this is a bug or by design, but it's annoying.
I was in the middle of building (actively working on) up a large menu when the ""Are you human"" modal popped up, followed by the login form. After login, I went to save the menu and I got the ""Link no longer valid"" error. So my only option was to refresh the page which meant losing all my work.
I'd imagine that this would happen if I was in the middle of writing a post/page also - which would have been even more frustrating.
I know that this is done for security reasons, which is fine, but there should be mechanism to stop you looking you unsaved content when it happens.",cucocreative
Tickets Needing Feedback,51278,Update return types to reflect the real return types. Remove mixed.,,General,,normal,major,Future Release,enhancement,reviewing,dev-feedback,2020-09-09T16:10:51Z,2021-05-31T23:59:17Z,"In the DocBlocks, we document return values with `mixed` only.
That is no good practice as it does not show the real available and possible return types.
A better approach is to declare and document explicitly return values separated by a pipe character like this `@return bool|string`
That is much clearer because developers do not need to check the return values by reading the entire docBlock, reading the whole code of a method, or reading the (lengthy) function description under developer.wordpress.org.
A simple`mixed` is outdated and makes it hard for every severe developer to start with coding for WordPress as he has to continually check the expected return values when there is a `mixed`.
As a bonus, the documentation under developer.wordpress.org will be updated as well by this change automatically. It will help developers getting know the correct return values immediately from the docs without reading all the extra special explanations that we added to our docs whenever we use `mixed`.
That is a huge time saver and makes it much faster for every developer to write solid and better code faster.
If this is accepted for core, I will offer to work on this on all other methods as well.
That will be a long-lasting process due to the number of functions, but it's definitely worth the effort. We should make this change to all methods where we use`mixed` and make it to our daily little take-care moment when we add new methods to WordPress.
Sample Patch by using `get_option()` as an example for all methods that use `mixed`:
https://github.com/WordPress/wordpress-develop/pull/523
`get_option()` is a special case, though as it automatically unserializes. So it supports all non-scalar types. Most other methods in WordPress uses `mixed` with only two return types like `bool|string` representation, which makes the updates easier.
",ReneHermi
Tickets Awaiting Review,51282,Select element does not honor admin color scheme on hover,,Administration,5.5.1,normal,minor,Awaiting Review,defect (bug),new,has-patch,2020-09-09T18:56:21Z,2020-09-23T23:54:09Z,"When select elements are hovered, the text color changes to the ""default color scheme"" and not to the color scheme selected bu the user.
For example, the user has selected ""sunrise"" color scheme the hover color on the select element should be from the ""red/orange"" palette. But it has the default color scheme's blue color.
Since all other inputs honor the color scheme color select element should also follow the same.
The fix should be that below selector should be added in color scheme CSS files with the respective scheme color.
{{{
.wp-core-ui select:hover {
color: #007cba;
}
}}}
[[Image(https://i.snipboard.io/RMaoLd.jpg)]]",vaakash
Tickets with Patches,51284,Update style for side meta boxes,azhiyadev,Editor,5.5.1,normal,normal,Future Release,enhancement,assigned,has-patch,2020-09-10T02:56:22Z,2021-12-19T07:29:07Z,"In the latest version 5.5.1, WordPress adds the arrows to the meta box handles to allows users to move a meta box up or down.
That works nicely for meta boxes below the content area. However, for the side boxes, the arrows takes a lot of space and reduce the space for the meta box title.
The 2nd problem is that the toggle icon (collapse/expand) is different from the Gutenberg panel icon.
I attach a screenshot to see the problems clearer.
",rilwis
Tickets Awaiting Review,51287,Administrators & Editors can't create localfile links in a multisite installation,,Formatting,,normal,major,Awaiting Review,defect (bug),new,,2020-09-10T11:08:31Z,2020-09-24T00:02:56Z,"Steps to reproduce:
Clean WordPress Multisite installation.
Create a user with Administrator (or Editor) capabilities, not Super Admin.
Login as the new user.
Create a new page, and create a local file link in the visual editor.
Enter a local file URL, e.g. **localfile:E:\foobar\**
Publish and refresh the page.
The link has now been stripped into a **\foobar\.**
Note, if you try this with a Super Admin user it works as expected, and the link is correctly created.
Why does WP strip the **localfile:E:** part of the link if the user is not an admin?
",peikgabriel
Tickets with Patches,51289,Documentation issue: get_post_time is getting the time when published not when created,SergeyBiryukov,Date/Time,,normal,normal,Future Release,defect (bug),reviewing,has-patch,2020-09-10T19:50:39Z,2022-02-13T22:08:35Z,"I'm having a doubt with https://developer.wordpress.org/reference/functions/get_post_time/ (probably the same with https://developer.wordpress.org/reference/functions/get_the_date/)
They both say 'Retrieve the date on which the post was written.', but from some programming I'm doing now it looks more like 'Retrieve the date on which the post was PUBLISHED.'.
Test: create a post in draft or pending and check that date using the function. (I'm doing it with a CPT)
",casiepa
Tickets with Patches,51299,Remove the title attribute from Walker_Nav_Menu,Hareesh Pillai,Menus,,normal,normal,Future Release,defect (bug),assigned,has-patch,2020-09-13T07:43:17Z,2021-08-05T00:29:59Z,"As highlighted in [https://make.wordpress.org/accessibility/2020/08/25/accessibility-teams-goals-for-wordpress-5-6-and-beyond/#comment-73002 one of the comments] for the `Accessibility Team’s goals for WordPress 5.6 and beyond` post, the title attribute has to be removed from nav walker menus. This creates repetitive screen reader announcements for some screen reader/browser combinations.
",Hareesh Pillai
Tickets Awaiting Review,51306,Add inline documentation for atomlib.php,,Feeds,5.5,normal,normal,Awaiting Review,defect (bug),new,,2020-09-14T08:09:30Z,2021-06-29T17:34:38Z,Doc: Add $msg parameter entry for _p($msg) function,anonymized_18274256
Tickets Awaiting Review,51307,"Document title broken when ""Homepage"" isn't set in Settings > Reading",,General,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2020-09-14T09:10:22Z,2021-03-08T12:28:46Z,"Steps to reproduce the bug
1. Go to Settings > Reading
2. For ""Your homepage displays"" select ""A static page""
3. Do not set ""Homepage""
4. Set ""Posts page"" to a page you have already created
5. Save
Visit the homepage and check the document title. For example `The document title is here `
Instead of the expected {blogName} - {blogDescription} you will get just {blogName}
",henry.wright
Unpatched Enhancements,51317,Remove deprecated JavaScript i18n globals,,Script Loader,5.5.1,normal,normal,Future Release,enhancement,new,early,2020-09-16T00:35:58Z,2021-05-25T22:55:27Z,"Background: #51123
[48923] added backward compatibility for JavaScript i18n globals and properties deprecated in WordPress 5.5.
Per the corresponding [https://make.wordpress.org/core/2020/09/01/deprecated-javascript-globals/ dev note on make/core], the plan is to remove this fallback code in two major versions, so it should be deleted in WordPress 5.7. This gives plugin and theme developers ample time to remove the conflicting code and switch to using `wp.i18n`.
This ticket serves as a reminder to address this in 5.7.",SergeyBiryukov
Tickets Awaiting Review,51323,Multiple Reference Id backend issue in Inner block component,,Editor,,normal,normal,Awaiting Review,defect (bug),new,,2020-09-16T11:44:19Z,2020-09-18T14:45:52Z,"We want to show multiple inner blocks on backend in same block. For example, If we have one widget and in to that, If we want to use two reusable blocks. We need to add two values. But, Currently, It shows just one value in backend. In frontend, It works fine because we have PHP based rendering. In backend, It show same reusable multiple times, even if we have selected different reusable blocks.
You can check in screenshot about reference id. https://ibb.co/R0Pw6wK",posimyththemes
Tickets Awaiting Review,51343,Move Current Submenu to top of Admin Menu,,Administration,,normal,minor,Awaiting Review,enhancement,new,,2020-09-18T12:48:11Z,2022-09-09T07:29:48Z,"I propose moving the **current open submenu** to the **top of the adminmenu** so users can more easily navigate to submenu items without having to scroll. This would be especially helpful when using smaller viewports and/or sites with large/numerous submenus.
The following CSS accomplishes this:
{{{
#adminmenu {
display: flex;
flex-flow: column;
}
.wp-has-current-menu {
order: 1;
}
.wp-not-current-submenu {
order: 2;
}
#collapse-menu {
order: 3;
}
}}}
",markpraschan
Tickets Awaiting Review,51350,mysql nosql feature request,,Database,,normal,normal,Awaiting Review,defect (bug),new,,2020-09-18T16:51:58Z,2023-04-20T12:51:47Z,"WordPress cover 37% of the web, with plugins sites go heavy and NoSQL is best in performance and nowadays all hosting platform supports MySQL 8 if it upgrades it will be great.",nabi009
Slated for Next Release,51358,Add a clearer warning message before deleting a site from a network,joedolson*,Networks and Sites,3.0,normal,normal,6.6,enhancement,accepted,has-patch,2020-09-19T20:52:28Z,2024-02-21T16:38:05Z,"Deleting a site from the Network Admin -> Sites screen is the most destructive single action that a user can take on a WordPress installation.
After clicking the `Delete` link the user is shown a screen requesting confirmation, but this screen doesn't convey the permanence of the action they're about to take.
There is no trash or undo when deleting a site. It drops the database tables for the site, empties its uploads directory of all files, and removes the roles for that site from all users.
Let's add an extra warning to this confirmation screen which explains this.",johnbillion
Tickets Awaiting Review,51374,The initial revision of an imported post goes missing,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,,2020-09-22T09:58:24Z,2020-09-22T09:58:24Z,"There are two problems relating to revisions when making a change to an imported post.
1. The first change does not cause the Revisions meta box to appear. A second change is required.
2. The first change gets ""lost"" and appears as if it was part of the first version of the post.
Steps to reproduce:
* Import a published post
* Make a change to it
* Observe that the ""Revisions"" meta box does not show up even after reloading the editing screen
* Make a second change to the post
* Click the ""2 Revisions"" link and observe that the second revision is recorded correctly, but that the first revision shows the entire contents of the post being added. The first change made ""disappears"" as it's incorrectly included in the entire contents of the first revision.
I think the root cause here is that imported posts do not create an initial revision.
A possible solution might be to create an initial revision at the point where a user makes a change to a post and there isn't an existing revision.
I assume this can also be reproduced by deleting all the revisions from your database and then making changes to a post.",johnbillion
Tickets Awaiting Review,51381,ZIP replacement asks to network activate even when activated,,Plugins,,normal,normal,Awaiting Review,defect (bug),new,,2020-09-23T15:12:09Z,2021-02-01T17:05:49Z,"If you replace the zip of a network activated plugin in a multisite install, it will give you the ""Network Activate"" button, which is confusing.",stormrockwell
Tickets Awaiting Review,51403,Add filter for _post_states as it outputs raw HTML,,"Posts, Post Types",5.5.1,normal,normal,Awaiting Review,enhancement,new,,2020-09-28T07:39:47Z,2020-09-28T07:39:47Z,"Currently this function can't be overridden with a filter, so it outputs raw HTML separators and such directly into the post title in the edit screen. However it should be suggested to make it possible to display the post states in your own custom function, e.g. remove the separators and the divider with the title, which are currently hard-coded at the moment in the function as raw HTML?",brandbrilliance
Tickets with Patches,51407,Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility,adamsilverstein,Security,4.8,normal,normal,Future Release,enhancement,assigned,dev-feedback,2020-09-28T13:34:53Z,2023-12-26T18:36:00Z,"Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripting. It is enabled by setting the Content-Security-Policy HTTP response header.
An application can add a critical defense-in-depth layer against markup injection attacks by adopting a strict policy that prevents the loading of untrusted scripts or plugins.
A basic policy (nonce + strict-dynamic + unsafe-eval) would block more than [https://speakerdeck.com/lweichselbaum/csp-a-successful-mess-between-hardening-and-mitigation?slide=16 40%] of the XSS sinks.
To make an application compatible with strict CSP, it is necessary to make changes to HTML templates and client-side code and add the policy header:
1. Add nonces to
}}}
If i put a breakpoint and reload the page will return thousandsSeparator undefined
I dont know much about this function and the idea behind it but any ideas how to prevent this would be great.
",snuffybg
Tickets Awaiting Review,52558,Menu items need more classes,,Menus,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-02-17T15:50:43Z,2021-02-17T17:36:21Z,"As a front end engineer I have found that it is a pain to style menus. Especially if there are dropdowns.
To target top level menu items you currently need to do nav > ul > li, and even then there can be issues.
I would love to see a class on top level menu items. This way we can also style things with :not(.top-level-items) etc...
Submenus have classes. Why cant top menu items have some too?
Till now I have been able to get around it with filters like this. Unfortunately sometimes I am not given the ability to add this.
{{{#!php
menu_item_parent == 0 ) { //Count top level menu items
$classes[] = 'top-level-item';
}
if ( $depth >= 2 ) { //Count top level menu items
$classes[] = 'nested-menu-item';
}
return $classes;
}
add_filter( 'nav_menu_css_class', 'ign_nav_menu_css_class', 10, 4 );
}}}
At this point though it would be nice to have something like this in core.
(I would also love to change the markup of the submenus so they can be easily turned into megamenus but I know thats not happening...)
So...Thoughts?
",ericgreenfield
Tickets Awaiting Review,52559,When doing JOINs for meta queries the meta_key should be in the ON clause whenever possible.,,Query,,normal,normal,Awaiting Review,defect (bug),new,needs-unit-tests,2021-02-17T17:17:35Z,2021-04-26T07:45:57Z,"Currently when doing `JOIN`s for meta queries the meta_key is only included in the `ON` clause if the meta compare is `NOT EXISTS`. In all other cases only the `post_id` is included.
This means that the meta key is only filtered after the JOIN is done.
Case in point, a meta_query that with 5 different keys generates the following query:
{{{#!sql
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts
LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id )
LEFT JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id )
LEFT JOIN wp_postmeta AS mt2 ON ( wp_posts.ID = mt2.post_id )
LEFT JOIN wp_postmeta AS mt3 ON ( wp_posts.ID = mt3.post_id )
LEFT JOIN wp_postmeta AS mt4 ON (wp_posts.ID = mt4.post_id AND mt4.meta_key = 'events_time_frame_end' )
WHERE 1=1 AND (
( wp_postmeta.meta_key = 'events_date_till' AND wp_postmeta.meta_value >= '20210217' )
AND
(
( mt1.meta_key = 'events_date_till' AND mt1.meta_value > '20210217' )
OR
(
( mt2.meta_key = 'events_date_till' AND mt2.meta_value = '20210217' )
AND
( mt3.meta_key = 'events_time_frame_end' AND mt3.meta_value >= '14:59:19' )
)
OR
mt4.post_id IS NULL
)
) AND wp_posts.post_type = 'events' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled' OR wp_posts.post_status = 'dp-rewrite-republish') GROUP BY wp_posts.ID ORDER BY wp_postmeta.meta_value ASC LIMIT 0, 10;
}}}
This query takes 60 seconds on very well provisioned database with posts that each have 50 postmeta rows in a database with 50 million total postmeta rows.
In contrast the following query:
{{{#!sql
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts
LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id AND wp_postmeta.meta_key = 'events_date_till' )
LEFT JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id AND mt1.meta_key = 'events_date_till' )
LEFT JOIN wp_postmeta AS mt2 ON ( wp_posts.ID = mt2.post_id AND mt2.meta_key = 'events_date_till' )
LEFT JOIN wp_postmeta AS mt3 ON ( wp_posts.ID = mt3.post_id AND mt3.meta_key = 'events_time_frame_end' )
LEFT JOIN wp_postmeta AS mt4 ON (wp_posts.ID = mt4.post_id AND mt4.meta_key = 'events_time_frame_end' )
WHERE 1=1 AND (
( wp_postmeta.meta_value >= '20210217' )
AND
(
( mt1.meta_value > '20210217' )
OR
(
( mt2.meta_value = '20210217' )
AND
( mt3.meta_value >= '14:59:19' )
)
OR
mt4.post_id IS NULL
)
) AND wp_posts.post_type = 'events' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled' OR wp_posts.post_status = 'dp-rewrite-republish') GROUP BY wp_posts.ID ORDER BY wp_postmeta.meta_value ASC LIMIT 0, 10;
}}}
Takes 400ms and returns identical results.
I believe the cause here is that because in the first query filtering is only done after the join and each event has 50 postmeta fields MySQL is first creating a virtual table with 50^4^ ( 4 because the last JOIN does include the meta_key ) rows joined resulting in 60.000.000 total that are then filtered back down.
Adding the meta_key condition to the `ON` clause means we're only joining 1 ( or a small number in the case of the meta_key existing in multiple rows ) rows for each JOIN meaning the virtual table being created is significantly smaller thus having much better query performance.
At the very least when there is any LEFT JOIN occurring then ALL `meta_key` conditions should be moved in the `ON` clause. Although it may be simpler to always have the `meta_key` condition in the `ON` clause.",herregroen
Candidates for Closure,52582,wp_cache_* duplicate/redundant storage and insufficient clearing of cache,,Comments,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-02-21T14:32:09Z,2021-02-21T16:07:12Z,"This is something I'm currently encountering, but have not been able to fully investigate myself (yet).
**Summarized backstory; **
Using Redis, sometimes maxes memory > needs flush. Started investigating whats taking up soo much memory (relatively simple sites).
~42,000/67,000 records stored are for `get_comment_child_ids` and `get_comments`.
(By far not that many comments on my sites)
Looking for a single specific comment ID it is repeated between 30-50 times, while in theory it should be just once (unless using it in different contexts? (->query_vars))
**Possible cause; **
For the methods `get_comments` and `fill_descendants` the `wp_cache_get_last_changed( 'comment' );` is used to create a cache key for the comments / childs.
https://core.trac.wordpress.org/browser/tags/5.6.1/src/wp-includes/class-wp-comment-query.php#L432
https://core.trac.wordpress.org/browser/tags/5.6.1/src/wp-includes/class-wp-comment-query.php#L998
When a new comment is inserted for example, there is a attempt to delete the comment cache by calling `clean_comment_cache()`, but it seems this is based on the comment ID, which is not the same as the key / doesn't target the childs.
The 'last_changed' is however changed at the same time in that function;
https://core.trac.wordpress.org/browser/tags/5.6.1/src/wp-includes/comment.php#L3195
Which I think makes it impossible for the prior cached data to be found because it uses that in the key.
This causes it to store the same data over and over (redundant), even when it hasn't changed for those comments, with new cache keys without clearing the old ones (duplicate).
Could be I'm completely off, but wanted to get another pair of eyes on it. If whats described is actually happening it looks pretty major for caching efficiency. ",sormano
Tickets Awaiting Review,52589,Twenty Twenty-One: Paragraph padding isn’t inherited in some div,,Bundled Theme,5.6.1,normal,major,Awaiting Review,defect (bug),new,,2021-02-22T06:41:08Z,2021-03-08T08:20:00Z,"Take a look at [https://xn--qucu-hr5aza.cc/hien-tuong-dong-am-khac-nghia-3/?utm_source=WordPress%20Trac%20Ticket%20%C2%BB%20Twenty%20Twenty-One%20no%20padding&utm_medium=Hi%E1%BB%87n%20t%C6%B0%E1%BB%A3ng%20%C4%91%E1%BB%93ng%20%C3%A2m%20kh%C3%A1c%20ngh%C4%A9a%3A%203&utm_campaign=Get%20help this post]. The gaps between paragraphs in the colored boxes are diminished. They are perfectly fine in the editor though. One fix is to inject the class `wp-block-template-part` into the containing div, but that would be too much work to fix each individual post. I suppose that it’s because they are not inherited.
First asked in the theme support: https://wordpress.org/support/topic/paragraph-padding-isnt-inherited-in-some-div/#post-14081433
",ooker
Tickets Awaiting Review,52590,Consider increasing the limit of the perPage argument in paginated requests.,,REST API,,normal,normal,Awaiting Review,enhancement,new,,2021-02-22T07:57:02Z,2021-02-22T07:57:02Z,"In some situations where we fetch a small number of fields, clients might want to fetch a big number of items at once. For instance in Gutenberg, while selecting parent pages or selecting authors, ideally we should be able to fetch more than 100 elements at once.
I understand that the current limits are there to avoid memory issues but clients can make informed decisions by fetching a small number of fields instead to avoid said memory issues. Most issues seems to happen when you fetch the ""content"" field in the posts end point.
After some discussion on slack. it was suggested that we could consider increasing that limit depending on a the requested fields.
Another option that was shared was to rely on the ""embed"" context.
https://wordpress.slack.com/archives/C02RQC26G/p1613382691029000",youknowriad
Tickets Needing Feedback,52593,default user and woocommerce bug,,Users,5.6.1,normal,normal,,defect (bug),reopened,reporter-feedback,2021-02-22T09:16:39Z,2023-04-28T17:45:01Z,"Good morning,
we have a problem with the graphical arrangement of native WP elements and products created via WooCommerce.
We can't understand why, but if you log into WP via the default admin user or via a new admin user, there are some substantial differences, as you can see from the images below.
The pictures are taken from the same product.
We tried to disable plugin and theme but the problem persists.
We have no idea how the problem came out or how we can do to replicate it.
For the moment we are using the new user instead of the default user, but we would still like the problem to be fixed.
[[Image(https://www.caffecarlito.ch/wp-content/uploads/2021/02/caffecarlito_admin.png)]]
[[Image(https://www.caffecarlito.ch/wp-content/uploads/2021/02/caffecarlito_andrea.png)]]",variante
Tickets Awaiting Review,52610,Consider removing many of the default test group exclusions,,Build/Test Tools,,normal,normal,Awaiting Review,task (blessed),new,dev-feedback,2021-02-22T19:57:39Z,2021-04-29T15:46:12Z,"When the tests are run with `composer test`, the following groups are excluded:
* `ajax`
* `ms-files`
* `ms-required`
* `external-http`
When the tests are run with Multisite enabled with `composer test -- -c tests/phpunit/multisite.xml`, the following groups are excluded:
* `ajax`
* `ms-files`
* `ms-excluded`
* `external-http`
* `oembed-headers`
The `ms-required` and `ms-excluded` group exclusions are needed so that the Multisite-specific tests and single-site-specific tests don't run when they don't need to.
It's less clear why the other groups in these lists are excluded by default.
The `ajax` and `ms-files` groups are not slow, so excluding them for performance reasons doesn't make sense. I think the `ajax` exclusion should be removed from both the single site and Multisite configuration. The `ms-files` exclusion should be removed too because the tests in the `ms-files` group don't get registered on a non-Multisite test run so the exclusion is redundant.
The `external-http` tests are excluded because they are somewhat slow, taking around 10-15 seconds on GitHub Actions and around 40 seconds on my local, highly dependent on network connection speed. Let's keep these excluded by default.
The `oembed-headers` group is excluded by default because it requires Xdebug, however this is already covered by the `@requires function xdebug_get_headers` tag on the only test in this group, along with being in the `debug` group which runs separately on GitHub Actions. The `oembed-headers` group exclusion can be removed as it's redundant.
Here's my proposed new config for `phpunit.xml.dist`:
{{{
ms-required
external-http
}}}
and for `multisite.xml`:
{{{
ms-excluded
external-http
}}}",johnbillion
Tickets with Patches,52613,Add testing setup instructions on wordpress-develop repository readme,,Build/Test Tools,,normal,minor,Future Release,enhancement,new,has-patch,2021-02-22T21:13:59Z,2021-11-10T02:05:46Z,"While setting up my environment, I was surprised by running unit tests and seeing an error about a missing config file.
{{{
Error: wp-tests-config.php is missing! Please use wp-tests-config-sample.php to create a config file.
child_process.js:655
throw err;
}}}
While I do expect configuration setup when trying to run tests against a different local instance, seeing this error when trying to run this against the docker env made me question if I was doing something wrong.
I have a pull request that makes some suggested changes in the readme to help guide others:
https://github.com/WordPress/wordpress-develop/pull/1033",gwwar
Tickets Awaiting Review,52616,Admin Taxonomy Search returns only 10 results max and no pagination,,Menus,,normal,normal,Awaiting Review,defect (bug),new,,2021-02-23T00:51:16Z,2021-02-23T10:37:57Z,"In Admin : /wordpress/wp-admin/nav-menus.php
In the 'Add menu items' section.
When you search for products or categories or other taxonomies, it returns maximum of ten 10 results and with no option of pagination.
Looked for a solution but found nothing.
Can this be fixed somehow?",aristotelisj
Unpatched Bugs,52621,Leave site? / Save alert,,Editor,5.6.2,normal,normal,Future Release,defect (bug),new,,2021-02-23T09:09:57Z,2021-06-02T05:00:57Z,"The pop up alert for ""Changes may not be saved"" is still present in 5.6.2
Site example:
The classic editor plugin is installed on the site,
Gutenberg is disabled completely
Custom post types which don't have the WYSIWYG editor on still have this message appearing.
This bug was introduced in 5.6.1 and said to be fixed in 5.6.2 - it's still in the codebase
",garbagedisco
Tickets Awaiting Review,52626,Block editor doesn't paginate parent page results,,Editor,5.6.2,normal,major,Awaiting Review,defect (bug),new,,2021-02-23T17:10:15Z,2023-11-08T05:05:24Z,"Conditions:
More than 100 pages.
Use gutenberg editor.
Edit a page.
Result:
Parent page dropdown is broken / does not contain all pages.
Expected result:
Should be able to see all the 100+ pages in the parent page dropdown.
Reason:
rest api ajax request only fetches the first 100 pages. The response headers does contain the corrent headers:
X-WP-Total: 1040 (i have 1040 pages)
X-WP-TotalPages: 11 (yes it's 11 x 100 pages)
I see only one ajax request for the first 100 pages.
After that i would see 10 more requests in older versions of wordpress.
Now it's only one.
I have tried reading the javascript but it's not easy to read.
This breaks my companies internal website. Would be nice to have a fix. We can't switch away from gutenberg.
This is also related to an older unfixed bug: https://core.trac.wordpress.org/ticket/46294
",hobzhobz
Tickets Awaiting Review,52630,Add Validation/Security to Password Reset,,Users,,normal,normal,Awaiting Review,enhancement,new,,2021-02-23T20:23:56Z,2021-02-23T20:23:56Z,"One of the issues that came up with #34281 (allowing admins to send users a Reset Password link) is that there is no real way to validate that the request is legit. We removed the IP address in order to protect privacy, however we should loop back and consider ways to make it more secure that it's a real password reset link and not a phishing attempt.
The first thought I had was to add in a feature with single use keys. When **anyone** uses a password-reset link, we set a random key as user-meta for the person being reset. The email to reset passwords includes would include that key (either in the link or as a 'paste this in to validate your user...' or even just ""Your authentication code is X""). That key is required to use to reset. If it's wrong or missing, you get kicked back out.
We could also make that check filterable so people could enhance it even more with 2FA if they wanted, or to be able to log who made the reset requests in general.",Ipstenu
Candidates for Closure,52634,Twenty Twenty: Child Theme Search Modal Safari Throws Error in Parent asset/index.js,,Bundled Theme,5.3,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-02-24T02:39:40Z,2021-10-28T04:00:39Z,"Twenty Twenty child theme, search modal on safari throws error in parent asset/index.js when search toggle clicked. Works fine in all other browsers.
TypeError: null is not an object (evaluating 'modal.querySelectorAll')
elements = modal.querySelectorAll( selectors );
null is not an object (evaluating 'modal.querySelectorAll')",wp89mkt
Tickets Awaiting Review,52637,"Loading issue with ""popular plugin"" tab - twice the same page.",,Plugins,5.6.2,normal,minor,Awaiting Review,defect (bug),new,,2021-02-24T11:05:41Z,2021-03-10T09:40:04Z,"Quite often when I scroll through the ""popular"" section of the plugin page, I get duplicate pages. As in, two pages that are the EXACT same.
At the moment of writing, I started at page 1470 out of 1470 and went back using the arrows. Page 1468 and 1469 duplicated.
I thought this was a cache issue, so I cleaned my cache... And the problem came back.
I thought it was a browser enigne issue so I switched from Opera (Chromium) to Firefox (Gecko) and still found the same issue.
On same pages, sadly I can't give an example but I often notice that the first two or three plugins of the list are the same as the last two on the previous page.... ",NekoJonez
Candidates for Closure,52639,Add proper Security Attributes to the Cookies set by WordPress,,Security,,normal,normal,Awaiting Review,enhancement,new,reporter-feedback,2021-02-24T13:17:12Z,2022-06-20T14:43:17Z,"Hi,
I have come across this security matter while we were developing a project using WordPress as the CMS for the Government. As Government sites go through a strict security audit that's is where I came across this matter.
Apparently, all the cookies that are set by WordPress don't have any of the security attributes like `secure`, `HttpOnly`, `SameSite=Strict` in them. This means these cookies can be accessed any way a script wants.
Not just WP Core but even almost all popular plugins like WooCommerce doesn't follow these security practices, I don't know why. Just adding a few extra parameters to a Cookie can make it quite secure and stop it from being accessed however a script wants.
But here I'm focusing on the WP Core as other plugins look at the coding standards of WP Core and try to follow that. So, implementing these basic security practices in WP Core will lead to many other plugins following the same path and creating a more secure system.
**Now if we focus on a very basic `/wp-login.php` page:**
We can see only the `wordpress_test_cookie` has `secure` attribute in them while every other cookie simply has Cookie Name, Value, Expiration Date, Max-Age & Path; i.e. only the bare necessary things for that cookie to work and ignoring all other security features. Here is a screenshot:
[[Image(https://i.imgur.com/zbyvDBo.png)]]
Instead, WP Core can take advantage of `is_ssl()` function to check whether or not to add the `secure` attribute. But the rest, i.e. `HttpOnly`, `SameSite=Strict` should be part of each cookie.
**Take a look at WooCommerce cookies now:**
I know WooCommerce issue is out of context here as here we are only focusing on WP Core, but I am showing this just to show how widespread this issue is.
[[Image(https://i.imgur.com/ekz8Qr8.png)]]
So, maybe if WP Core implements these security features it will push others to do the same.
Please note that this is not specific to WP Admin login page but almost all cookies added by WordPress. Would love to see these security attributes get added into cookies added by WP Core.",isaumya
Tickets Awaiting Review,52651,$option_group argument in settings_fields() function is misdescribed,,"Options, Meta APIs",2.7,normal,normal,Awaiting Review,defect (bug),new,,2021-02-25T10:59:49Z,2021-02-28T10:52:51Z,"The settings_fields() function in plugin.php takes a single argument described as $option_group. However this argument is then used to populate the 'option_page' hidden element.
The docBlock param description says ""This should match the group name used in register_setting()"" but if you follow this advice, your option group will not be included in $allowed_settings and you will get an error.
{{{#!php
/**
* Output nonce, action, and option_page fields for a settings page.
*
* @since 2.7.0
*
* @param string $option_group A settings group name. This should match the group name
* used in register_setting().
*/
function settings_fields( $option_group ) {
echo "" "";
echo ' ';
wp_nonce_field( ""$option_group-options"" );
}
}}}
It seems a common fix for this on the internet is to pass the 'option_page' value instead.
https://wordpress.stackexchange.com/questions/376785/wordpress-error-options-page-setting-not-found-in-the-allowed-options-list
if the argument name could be changed to $option_group and the docBlock updated accordingly, that would correct the issue without breaking existing implementations
{{{#!php
"";
echo ' ';
wp_nonce_field( ""$option_page-options"" );
}
}}}
",pe01b6
Tickets Awaiting Review,52659,Insert Link tool should not apply anchor tag before anchor has been applied,,Editor,,normal,normal,Awaiting Review,enhancement,new,,2021-02-25T16:42:37Z,2021-02-25T18:27:21Z,"With the anchor around the text before any link is applied, the user sees the text as underlined and can mistakenly believe the link is already applied. If the user believes the link is already applied s/he may hit the escape key to hide the insert-link tool and they of course lose their work as the text reverts to its pre-linked state.",stevesicherman
Tickets Awaiting Review,52663,Twenty Twenty-One: Possible bug on primary navigation,,Bundled Theme,,normal,minor,Awaiting Review,defect (bug),new,has-patch,2021-02-25T21:27:42Z,2021-02-27T05:44:02Z,"The primary navigation menu can get stuck in a vertical list view under specific circumstances.
This bug seems to be affecting vanilla Twenty Twenty-One installations, and can even be replicated on the official theme preview page:
[https://wordpress.org/themes/twentytwentyone/]
In order to replicate, please follow these steps:
1) Load the Twenty Twenty-One theme preview, or a website based on the theme.
2) Force responsive design mode on your web browser, or resize the browser window to the appropriate dimensions, so that the hamburger (mobile) menu icon is displayed.
3) Open the mobile menu by clicking on the hamburger icon.
4) While the mobile menu remains open, exit responsive design mode, or maximize your browser window.
5) Now, the navigation bar links do not revert to their original positions - aka horizontally placed on the navigation bar. Instead, they are now placed in vertical order and overflow to the content area.
Refreshing the page allows the navigation bar elements to return to their original locations.
Exiting responsive design mode, or resizing the browser window, after closing the mobile hamburger menu, won't trigger the bug.
Tested on Chrome, Chromium, Firefox, Edge and Opera. Could replicate on all of these browsers.
The following CSS code seems to alleviate the issue:
{{{
.primary-navigation-open .primary-navigation > .primary-menu-container {
position: relative;
}
}}}
",nek285
Tickets with Patches,52699,Flash is dead,,General,,low,normal,Future Release,task (blessed),reopened,has-patch,2021-03-03T06:08:42Z,2022-07-29T16:39:21Z,"Hello,
since Adobe does not support Flash anymore and nearly all browsers and OS too, I think it does not make sense to include follow things:
- swfobject
- flash fallback for upload
- pupload flash
",mkeck
Tickets Awaiting Review,52716,Twenty Seventeen: consider style updates for box-shadow on linked images,justinahinon,Bundled Theme,5.0,normal,minor,Awaiting Review,defect (bug),assigned,has-patch,2021-03-04T20:32:41Z,2021-04-08T20:07:58Z,"== Origin
User report: https://github.com/WordPress/gutenberg/issues/22187
That report was only about the Media & Text block specifically but looking into I recognized it as a general issue with the styles from Twenty Seventeen and applicable to other blocks.
== Steps to replicate
1. Add any block that supports inner blocks and background colors (Group, Columns)
2. Add a background color to the block
3. Inside the block, add any/all of the following blocks: Image, Gallery or Media & Text
4. Add a link to the inner block (Gallery block gets links via a setting the Inspector (block settings sidebar)
== Results
* In each block there is a box-shadow on the images
* In the Gallery block the box-shadows double-up between images
* In a Media & Text block with a background-color of its own, the box-shadow expands beyond the block background area
== Expected
Consistency between what is seen in the Block Editor and the frontend (i.e. Either without box-shadows on the frontend or with box-shadows in the Editor).
== Screenshots
=== Blocks with linked images
||= Block editor =||= Frontend =||
|| image pending || image pending ||
=== Inline images with links
Inline images are also styled differently between editor/frontend.
||= Block editor =||= Frontend =||
|| image pending || image pending ||
",presstoke
Slated for Next Release,52723,"Admin options.php default value to NULL for option_value may lead to MySQL Integrity constraint violation error, potential other bugs",,"Options, Meta APIs",2.7,normal,normal,6.6,defect (bug),new,needs-unit-tests,2021-03-05T14:26:35Z,2024-02-27T12:01:48Z,"It looks like `wp-admin/options.php` set a `null` value by default for any unchecked option:
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/options.php#L306
Now, this leads to execute queries like this by `update_option`:
UPDATE `wp_options` SET `option_value` = NULL WHERE `option_name` = 'default_pingback_flag'
Which is wrong, given the schema explicitly set `option_value` to `NOT NULL`:
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/schema.php#L144
This would trigger an integrity constraint violation error by MySQL when in (default) strict mode:
Error! SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'option_value' cannot be null
To get around this (and for other reasons too, I presume), WordPress currently tries to disable any MySQL strict mode in the `$wpdb` class, with the effect that MySQL silently ""fix"" the error itself:
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/wp-db.php#L567
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/wp-db.php#L826
But **not every environment support this**, so there are people out there who cannot save options and they are confused about the reason why, for example:
https://www.reddit.com/r/Wordpress/comments/l61rvs/cannot_disable_avatars/
https://wordpress.org/support/topic/discussion-comment-settings-saved-changes-are-not-taking-effect-at-all/
https://wordpress.org/support/topic/wordpress-database-error-column-option_value-cannot-be-null/
A simple solution would be to set a different default value (`0` or even an empty string) in `wp-admin/options.php` and, ''better yet'', **cast any `NULL` value to the same different default value in both `update_option` and `add_option`**.
Please note that, without a fix, **this bug may also lead to other nasty side effects**.
As a quick fix/test, I successful got around this with this simple filter:
{{{#!php
}}}
The new filter
{{{#!php
(media-views.min.js?ver=5.8-alpha-50521:2)
at f (underscore.min.js?ver=1.8.3:2)
}}}
and the trace:
{{{
(anonymous) @ media-views.min.js?ver=5.8-alpha-50521:2
f @ underscore.min.js?ver=1.8.3:2
setTimeout (async)
(anonymous) @ underscore.min.js?ver=1.8.3:2
p @ backbone.min.js?ver=1.4.0:2
f @ backbone.min.js?ver=1.4.0:2
c @ backbone.min.js?ver=1.4.0:2
n.trigger @ backbone.min.js?ver=1.4.0:2
(anonymous) @ media-models.min.js?…r=5.8-alpha-50521:2
c @ load-scripts.php?c=0…r=5.8-alpha-50521:2
fireWith @ load-scripts.php?c=0…r=5.8-alpha-50521:2
(anonymous) @ wp-util.min.js?ver=5.8-alpha-50521:2
c @ load-scripts.php?c=0…r=5.8-alpha-50521:2
fireWith @ load-scripts.php?c=0…r=5.8-alpha-50521:2
l @ load-scripts.php?c=0…r=5.8-alpha-50521:2
(anonymous) @ load-scripts.php?c=0…r=5.8-alpha-50521:2
load (async)
send @ load-scripts.php?c=0…r=5.8-alpha-50521:2
ajax @ load-scripts.php?c=0…r=5.8-alpha-50521:2
s.ajax.s.ajax @ load-scripts.php?c=0…r=5.8-alpha-50521:5
(anonymous) @ wp-util.min.js?ver=5.8-alpha-50521:2
s.Deferred.s.Deferred @ load-scripts.php?c=0…r=5.8-alpha-50521:5
send @ wp-util.min.js?ver=5.8-alpha-50521:2
sync @ media-models.min.js?…r=5.8-alpha-50521:2
fetch @ backbone.min.js?ver=1.4.0:2
more @ media-models.min.js?…r=5.8-alpha-50521:2
more @ media-models.min.js?…r=5.8-alpha-50521:2
edit @ media-editor.min.js?…r=5.8-alpha-50521:2
edit @ mce-view.min.js?ver=5.8-alpha-50521:2
edit @ mce-view.min.js?ver=5.8-alpha-50521:2
onclick @ plugin.min.js?wp-mce-49110-20201110:1
c.fire @ tinymce.min.js?ver=49110-20201110:2
fire @ theme.min.js?wp-mce-49110-20201110:1
o @ theme.min.js?wp-mce-49110-20201110:1
C @ tinymce.min.js?ver=49110-20201110:2
d @ tinymce.min.js?ver=49110-20201110:2
}}}
",Chouby
Tickets with Patches,52780,Twenty Twenty-One: Code tag shows outside of section area,,Bundled Theme,5.6,normal,normal,Future Release,defect (bug),new,has-patch,2021-03-11T15:37:45Z,2023-02-07T07:36:35Z,"Code tag formatting issue, text show outside of section area
[[Image(https://i.ibb.co/Jpym68L/1.png)]]
[[Image(https://i.ibb.co/G0Z18Wc/2.png)]]",ravipatel
Tickets Awaiting Review,52828,Twenty Twenty-One: Custom HTML Block Doesn't Align in Content,,Bundled Theme,5.6,normal,normal,Awaiting Review,defect (bug),new,,2021-03-16T17:59:04Z,2021-03-23T00:58:57Z,"The Custom HTML block doesn't align to the content section of the theme, having no left margin.
Using the core Custom HTML block to add an iframe embed code seems to be missing the
div that would centre the content within the body of the post, resulting in the embedded object to be aligned to the far left margin.
This doesn’t affect the editor, but does rear its head in the published post.
Steps to reproduce:
Add a Custom HTML Block to a new post
Paste an iFrame embed code in the resulting Field
Publish Post.
Here's a link to an example: [https://hwdsb.staging.boreal321.com/2021/03/12/test-embed/]
It's also an issue with the version of 2021 running on wordpress.com: [https://mrjarbenne.wordpress.com/2021/03/16/test/]
[[Image(https://cldup.com/Lq8jxLMSE2.png)]]",mrjarbenne
Candidates for Closure,52829,Getting some code when Update failed plugin,,Plugins,5.7,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-03-17T04:55:36Z,2021-03-17T17:51:16Z,"Hi,
When i ma trying to update plugin then got script return n the page. So it is WordPress issue?
You can see mentioned screenshot.",sumitsingh
Tickets with Patches,52840,Include filesize information in REST API response for all media types,rachelbaker*,REST API,,normal,normal,Future Release,enhancement,accepted,needs-unit-tests,2021-03-17T21:50:29Z,2023-01-13T21:45:46Z,"Requesting the `/media` REST API endpoint, only **audio** attachments include filesize information in the response data (in `media_details->filesize`).
I suggest to check for each item if `filesize` is present, or else fill it in using the actual file. This would be pretty much in line with what is done in [https://github.com/WordPress/wordpress-develop/blob/fa05e5e7336a18c19fe6a94d68d30351876ee090/src/wp-includes/media.php#L3972-L3980 wp_prepare_attachment_for_js].
Making the information available locally, when creating the response data, is much more performant than having to request the file in one or more follow-up requests.",tfrommen
Tickets Awaiting Review,52847,"Admin Improvement: Filter posts, pages and media by date range or year",,Administration,,normal,normal,Awaiting Review,enhancement,new,,2021-03-18T12:38:51Z,2021-04-06T05:38:51Z,"In wp-admin it is possible to filter posts, pages or media only by month. When the blog or is very old, dozens of months are shown to filter, it becomes complicated.
If there was an option to filter by date range or year, management would be much easier.
These plugins that are not being updated serve as an example:
- https://wordpress.org/plugins/filter-posts-by-date-range/
- https://wordpress.org/plugins/admin-filter-posts-by-year/
I think it is something that could be part of the core.
Thanks!",ricjcs
Tickets Awaiting Review,52865,Strip 'enclosed' trailing spaces in URLs,,Canonical,,low,normal,Awaiting Review,enhancement,new,,2021-03-19T10:32:40Z,2021-03-19T10:42:06Z,"#20383 made improvements that strip trailing punctuation from URLs. E.g., https://ma.tt/2012/03/productivity-per-square-inch%20 redirects correctly to the canonical URL.
However, URLs like https://ma.tt/2012/03/productivity-per-square-inch%20/ (which 'enclose' the trailing space with a trailing slash) are ''not'' redirected. It, and others like it, typically return a 404 error.
This kind of 'broken link' pattern is ''extremely'' common on the web; particular as a trailing slash is often appended to a malformed URL ''before'' WP runs (e.g., via a server/htaccess/nginx configuration).
We should refine the canonical redirect logic (in `redirect_canonical`) to also consider and redirect these types of requests.
**Considerations**
- The ""''Remove trailing spaces and end punctuation from the path''"" section of `redirect_canonical` doesn't consider the presence of trailing slashes in the URL. This could/should be adapted to catch those.
- There might be cases where a user 'legitimately' has a permalink structure (or slug) that ends in `%20` or `%20/`. That might(?) make a fix more complicated than just sniffing for whether the permalink structure ends with `/`.
- It looks like it's inconsistent in WP where `%20` (and/or `%20/` ) can be added to slugs or structures. It's stripped in some places, but not in others.
- ''Should'' a permalink or slug be 'allowed' to contain, or end in, a space character? If this is being stripped in some parts of WP, maybe that's a good argument to prevent it elsewhere/everywhere. In which case, fixing this becomes a lot simpler.
",jonoaldersonwp
Candidates for Closure,52871,"Space added after the ""option"" tag on the options-writing.php file",,Administration,,normal,normal,Awaiting Review,enhancement,new,close,2021-03-20T13:00:07Z,2023-05-29T15:44:27Z,"Space added after the ""option"" tag on the options-writing.php file as a standard workflow.",Laxman Prajapati
Tickets Awaiting Review,52874,"Activating plugins on Install page randomly errors with ""The plugin does not have a valid header"" message.",,Plugins,,normal,normal,Awaiting Review,defect (bug),new,,2021-03-21T01:09:33Z,2021-03-22T22:10:18Z,"This seems to be something that has been occurring for some time without resolution in core.
Just started seeing a lot more reports of it recently for one of my plugins, which lead me to dig and see that it has been occurring in the same way to other plugins for years.
Issue: On Plugin Installer page, if you install and activate plugins it can show the following message: ""The plugin does not have a valid header"".
Most users get around it by going to the All Plugins page and activating without issue.
Plugin that currently seems affected include:
- Content Control
- [W3 Total Cache](https://www.pixelwars.org/forums/topic/the-plugin-does-not-have-a-valid-header/)
- [Zapier](https://wordpress.org/support/topic/the-plugin-does-not-have-a-valid-header-198/)
And some from the past few years with same issue:
- [Etsy Shop](https://wordpress.org/support/topic/the-plugin-does-not-have-a-valid-header-150/)
- [Jotform](https://www.jotform.com/answers/2975729-jotform-wp-plugin-plugin-does-not-have-a-valid-header-error)
That was only what I found on first page of google.",danieliser
Candidates for Closure,52875,If a post is in trash related comments cannot be removed or trashed,,Comments,,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-03-21T08:27:43Z,2023-03-29T18:53:32Z,Comments to trashed or removed posts need to be visible with a clear note in the 'In response to' column that they are related to the trashed/removed post. ,oglekler
Unpatched Bugs,52879,The SCRIPT_DEBUG constant is ignored when concatenating scripts,,Script Loader,2.8,normal,minor,Future Release,defect (bug),new,,2021-03-22T03:39:16Z,2022-04-27T04:53:22Z,Happens because `SCRIPT_DEBUG` is usually defined in `wp-config.php` however that file is not used in `load-scripts.php` and `load-styles.php`. This results in non-minified files being concatenated and outputted when SCRIPT_DEBUG is false and WP runs from /src.,azaozz
Tickets Awaiting Review,52885,Twenty Twenty-One: wrong drop cap alignment in RTL context,,Bundled Theme,5.6,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-03-22T16:33:30Z,2021-06-22T23:35:58Z,"Drop cap is not correctly aligned when using RTL context along with Gutenberg editor (e.g. using WordPress in Arabic language. It's specific to the twenty twenty-one theme. There's [https://github.com/WordPress/gutenberg/issues/11756 an issue] open for it in Gutenberg's repo.
From what we found, the culprit might be here: https://github.com/WordPress/twentytwentyone/blob/trunk/assets/css/ie-editor.css#L3220
Steps to discover:
1. Set WordPress language to Arabic;
2. Create a new post and add a new paragraph block (using Gutenberg);
3. When you enable drop cap, the alignment is wrong - it aligns left instead of right.
Gutenberg has an implementation for handling RTL, basically replacing all ""right"" rules' values for ""left"". Not sure if this can be applied here, though.
There's also the `float: inline-start` [https://developer.mozilla.org/en-US/docs/Web/CSS/float#browser_compatibility solution], but it's in draft state in MDN.",rafaelgalani
Unpatched Enhancements,52887,Docs: Clarify why register_meta is necessary,Shital Patel*,"Options, Meta APIs",,normal,minor,Future Release,enhancement,accepted,,2021-03-22T19:46:18Z,2021-05-26T22:13:43Z,"When I was reading register_meta documentation I was confused why register_meta is necessary and where it is used, so I added some clarification. ",ribaricplusplus
Tickets Needing Feedback,52888,Docs: Update get_children function,SergeyBiryukov,"Posts, Post Types",,normal,minor,Future Release,enhancement,reviewing,dev-feedback,2021-03-23T01:38:42Z,2022-09-20T00:31:17Z,"get_children documentation is very confusing to read, an entire essay for what could be said in a single paragraph, so I've rewritten it.",ribaricplusplus
Tickets Awaiting Review,52903,Consent Management within WordPress Core,,Privacy,,normal,normal,Awaiting Review,feature request,new,,2021-03-24T15:31:29Z,2022-10-14T19:56:55Z,"**Website visitor / user Privacy choices:**
a. Users who are not registered on a site, or who choose not to log in when prompted, can set their consent preferences via a simple banner (Gutenberg block) on the front end, which will set a (functional) cookie value for consent.
It should be possible for plugins to filter the banner contents and to change the appearance.
b. Registered users can set their consent preferences via an interface in wp-admin, after logging in.
The interface should extend the ""Edit Profile"" page.
Once a registered user logs out, the consent cookie value should be updated to reflect their preferences as per the database (sync).
**(Sane) Defaults:**
Five default consent categories have been proposed: Functional; Preferences; Anonymous Analytics; Analytics and Marketing.
Website owners / admins should be able to set site-wide defaults by setting a site option value, or by using a plugin to do so.
[An alternative would be to allow them to do so via filter.]
It should be possible for site owners / admins to add additional consent categories, or to add nested sub-categories, or to allow a plugin to do so.
As privacy legislation varies across the globe, I believe that WordPress should default to TRUE for each category, if not overridden, to maintain backwards compatibility and avoid unexpected behaviour.
**Proposed Consent Management hierarchy:**
1. If the user is logged in and has set consent preferences, obtain their preferences via an extension of the REST API.
Using the REST API will allow us to cater for cookies that are set in JavaScript, rather than in PHP.
The basic logic:
{{{#!php
TRUE, ""preferences"" => TRUE, ""anon_stats"" => TRUE, ""stats"" => TRUE, ""marketing"" => TRUE);
return $consent;
}}}
**How to integrate all of this into the Developer community:**
This would require a number of approaches and mechanisms, including:
New functions:
Creating a wp_setcookie(); function in PHP and a corresponding function in JavaScript that checks for consent before placing a cookie;
Use of wp_setcookie(); can then be required for new plugin submissions to the WordPress.org repository.
Updating existing functions:
Updating other functions like wp_mail(); and the HTTP and REST APIs to check for the appropriate consent.
In the case of wp_mail(); for example, this can be done by adding a new parameter variable for $consent_purpose.
We can add a _doing_it_wrong(); if this variable is not present.
In the case of the REST API, consent could possibly be integrated into a permission callback, but that is something we'd need Timothy's (and others) input on.
Education drive:
Voluntary compliance is preferred. By providing documentation, resources and discussing with as many stakeholders as we can (primarily on Slack), we can encourage adoption through education.
**Related tickets:**
I will be closing #51188 in favour of this ticket to make it easier for new contributors to get involved. Please do feel welcome to read the closed ticket if you need / want background.
#51110 deals with the design of a wp-admin interface.
There is not a ticket for the design of a Gutenberg block (as a front end ""interface"") yet.",carike
Tickets Awaiting Review,52916,can_perform_loopback() should not rely on wp-cron.php check,,Site Health,5.7,normal,minor,Awaiting Review,enhancement,new,,2021-03-26T05:21:18Z,2021-04-06T18:13:32Z,"It is quite often that users would want to prevent/hide access to /wp-cron.php.
For example, they want to use the real Linux cron scheduler, and invoke /wp-cron.php only interactively; all while returning ""404"" on purpose when /wp-cron.php is requested.
[https://www.getpagespeed.com/server-setup/nginx/best-practice-secure-nginx-configuration-for-wordpress Here] you can find an NGINX config that purposely does not list /wp-cron.php as an allowed endpoint, and thus returning 404 when wp-cron.php is accessed via web, which is fine. The WP Cron is suggested there to be run via CLI only.
So while the site is still fully functional, WP Admin shows a false-positive error for the health check: ""Your site could not complete a loopback request"".
I propose to:
* use a different endpoint for loopback requests check, something that is less likely to be disabled by users. wp-json?
* check wp cron being valid using other means, like last run time of a task.
At the very least, not use /wp-cron.php for any checks when DISABLE_WP_CRON constant is true.
",dvershinin
Tickets Awaiting Review,52919,Dashboard tabs issue on focus,,Administration,5.7,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-03-26T09:27:49Z,2023-05-25T19:26:58Z,"Dashboard tabs issue on focus, it needs to be the vertical center.",muhammadbux
Tickets Awaiting Review,52924,Fix input annoyance when editing Menus in Safari,,Menus,,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-03-26T22:36:34Z,2021-03-26T23:42:01Z,"In Safari only when you edit a menu's e.g. Title Attribute and enter e.g. ""something autofill"" and save the menu and then change it to ""Something autofill"" and save again... then try to change it to e.g. ""something autofill"" Safari will autofill it with Something autofill for you, which is annoying.
See [https://aubrey.pw/d/2021/4UlG5p8iiKEn.gif] to see it in action. I think these fields should have autocomplete=""off"" by default.",aubreypwd
Tickets Awaiting Review,52926,mobile compatibility library sortable list input field ignores touch event,,External Libraries,5.7,normal,normal,Awaiting Review,defect (bug),new,,2021-03-27T03:54:44Z,2021-05-26T02:22:35Z,"The ability to edit a WP backend menu item custom url input field has not worked on my iPad iOS 14.4.1 using Safari and Chrome. Any text input field simply doesn't respond. Select choice list controls recognize touch.
I am using Admin Menu Editor Version 1.9.9 plugin.
On Mar 26, 2021, at 08:56, Janis Elsts wrote:
Unfortunately, it looks like it's currently not feasible to fix this issue.
It appears that problem is in one of the JS libraries that is part of WordPress itself. It's a mobile compatibility library that's supposed to translate touch events into simulated mouse events. It doesn't seem to work correctly when you tap an input field that's inside a sortable list, like the menu item list in Admin Menu Editor.
I don't have enough mobile development experience to replace the existing JS library with something better, so this bug may remain unfixed until/unless WordPress core developers fix the underlying issue.",edtorrey
Tickets Awaiting Review,52930,Can't close Insert/Edit Link Pop Up when Editting a Comment,,Comments,5.7,normal,normal,Awaiting Review,defect (bug),new,,2021-03-28T07:25:12Z,2021-03-28T07:44:01Z,"Hi! Today I tried to insert a link using the link button while editing a comment of mine on my own website, using the back end.
I can add as many links as I want, but I can't close the pop up with mouse or keyboard, by clicking on the X or Cancel. ",thesimarchitect
Unpatched Bugs,52933,Error in browser console when newly published post is previewed a second time,,Editor,,normal,normal,Future Release,defect (bug),new,,2021-03-29T05:11:07Z,2021-11-08T14:24:48Z,"Summary of Problem:
When a new post or page is created then published, then [Preview] | [Preview in new tab] is selected, no problem occurs the first time. However if [Preview in new tab] is clicked a second time then the the console records this error (assuming post id 15):
Failed to load resource: the server responded with a status of 400 (Bad Request) https://example.com/wp-json/wp/v2/posts/15/autosaves?_locale=user
The error continues to occur every second time [Preview] | [Preview in new tab] is clicked.
I have reproduced this on a fresh install of 5.7 both on local system and on hosted web server.
Steps to Reproduce:
1) Login and create a new Post by clicking New | Post
2) Give the post a name and click Publish | Publish | x
3) Open the browser's javascript console
4) Click [Preview] | [Preview in new tab]
5) When the preview window appears, close it or tab back to the edit post screen (at this stage no error in console)
6) Click [Preview] | [Preview in new tab] again (error appears in console)",garethhadfield
Tickets with Patches,52939,Frontend toolbar CSS conflict with some themes,,Toolbar,,normal,normal,Future Release,defect (bug),new,has-patch,2021-03-30T13:33:34Z,2021-11-13T22:24:04Z,"There are themes available that add some global styling that could interfere with the WP toolbar on the frontend.
This could be fixed by adding some reset/basic CSS for the toolbar.
Example theme: Mesmerize https://wordpress.org/themes/mesmerize/
This theme adds various CSS in the toolbar that might affect some menu items.
For example `::before` CSS for all items that sets the display as a table. This could cause some indentation issues when adding elements like form types or icons to menu items.
Same with text color.
A simple `color: inherit` for the `#wpadminbar * {}` selector would fix any color overwrites for global elements like `label` etc.",keraweb
Candidates for Closure,52964,Video On Login Page,,Login and Registration,,normal,normal,Awaiting Review,enhancement,new,reporter-feedback,2021-04-03T12:12:29Z,2023-08-16T16:43:16Z,"So I was wondering about how can I add a video as a background of the login form by editing the login form's code.
Turns out we cannot as there is no vector to do so.
Can we add a hook to do so..?",wparslan
Tickets Awaiting Review,52975,"Add ""states"" to terms list table (for WP_Taxonomy::$default_term)",,Taxonomy,,normal,normal,Awaiting Review,defect (bug),new,,2021-04-05T22:26:56Z,2021-04-05T22:26:56Z,"The Terms list table (`WP_Terms_List_Table`) should include support for the ""states"" concept that currently also exists for Posts, Media, and Sites.
Specifically, I'd like to see ""– Default"" added to the default term.
I want this because WordPress Admin does not offer any explanation why the ""Uncategorized"" Category has no ""Delete"" link in the list-table UI and also has no checkbox for bulk-actions.
See: `_post_states()`, `_media_states()`, and `WP_MS_Sites_List_Table::site_states()`
Mock-up screenshot imminent.",johnjamesjacoby
Tickets Awaiting Review,52978,Feature Request: option to show full images in Media Library,,Media,5.7,normal,normal,Awaiting Review,feature request,new,,2021-04-06T04:58:27Z,2021-09-02T14:20:14Z,"It would be very helpful to have an option (perhaps in Settings/Media) to have the Media Library show the full image even if it’s not square, instead of cropping everything to square.
There are a lot of reasons why some of us (perhaps many or even most) don’t like the images shown cropped to square – here are three: (1) the full content is not visible, (2) searching for items you know are a certain aspect ratio is much more difficult, (3) multiple images that are the same in the center but cropped differently (or extended with additional background to make a certain shape) look identical.
I would be perfectly happy if the CSS was simply changed to always show the full image, but I suppose some people might be used to the squares (although I don’t see what advantage that would have other than looking tidy), so I’m suggesting a setting to allow the user to choose.
Currently I’m using a workaround on some of my sites – I installed the “Add Admin CSS” plugin and added this CSS:
{{{
.wp-core-ui .attachment .portrait img { max-height: 100%; }
.wp-core-ui .attachment .landscape img { max-width: 100%; }
}}}
But it would be better if WordPress could do this natively.
Here are two screenshots of the same Media Library before and after using my workaround:
[[Image(https://imgur.com/a/Vt5hX9H)]]",OsakaWebbie
Tickets Awaiting Review,52990,Account for single quoted attributes when lazy loading images and iframes.,,Embeds,5.5,normal,normal,Awaiting Review,defect (bug),new,needs-unit-tests,2021-04-07T00:24:58Z,2021-06-11T00:22:11Z,"`wp_iframe_tag_add_loading_attr()` and `wp_img_tag_add_loading_attr()` includes a check to ensure the elements have a `src`, `width` and `height` attribute before adding the lazy loading attribute.
In both functions the check only considers attributes using double quotes so the lazy loading tag is not added for elements using single quoted attributes. [https://github.com/WordPress/wordpress-develop/blob/895d6a691d7ccdfe80cdf999bc0c8a78d11ad55a/src/wp-includes/media.php#L1893-L1895 img ref], [https://github.com/WordPress/wordpress-develop/blob/895d6a691d7ccdfe80cdf999bc0c8a78d11ad55a/src/wp-includes/media.php#L2012-L2015 iframe ref].
As WordPress does not normalize attribute tags to use double quotes, single quoted attribute tags ought to be considered.
Image version 5.5, iframe version 5.7.
Follow up to #50756, #52768.",peterwilsoncc
Tickets Awaiting Review,52998,Add a filter to paginate_links to allow bypassing merging query params,,General,,normal,normal,Awaiting Review,enhancement,new,,2021-04-08T10:36:11Z,2022-04-05T15:03:15Z,"The [https://core.trac.wordpress.org/browser/tags/5.7/src/wp-includes/general-template.php#L4154 paginate_links] function constructs the HTML markup used in archive pagination.
As part of this, any parameters present in the requesting URL are merged into the pagination links ([https://core.trac.wordpress.org/browser/tags/5.7/src/wp-includes/general-template.php#L4197 ref]).
This is a safeguard to ensure that any logic which relies on `$_GET` parameters in a paginated series still functions as expected as the user navigates through paginated states. E.g., a plugin may use query parameters to describe a date range in an archive; such as `/archive/page/2/?date_from=2001-12-20&date_to=2020-05-14`.
I'd like for theme/plugin authors to be able to disable/bypass this 'merging' process.
**The problem(s)**
The current behaviour makes it possible to request (paginated) archive templates with arbitrary, meaningless query parameters (e.g., https://wordpress.org/support/topic-tag/iframe/page/5/?cats=yes&dogs=no&cake=please&utm_tracking=broken). Those parameters persist through all subsequent paginated requests.
This bypasses caches, breaks digital analytics, and inflates crawling from third party systems (search engines, social media, etc), as it 'creates' many additional URLs.
Furthermore, because WordPress doesn't natively output canonical URL tags on paginated archives, this can be ''extremely'' destructive from an SEO perspective; particularly on large sites, where the 'existence' of many such URLs compounds the problems above. And whilst the presence of a canonical tag would mitigate ''some'' of that damage, it wouldn't address those other problems.
**A potential solution**
I propose that we should introduce a new filter into [https://github.com/WordPress/WordPress/blob/master/wp-includes/general-template.php#L4154 paginate_links] which allows theme/plugin authors to bypass the code block which merges in query parameters.
This could be used by sites/themes/plugins when they're confident that they don't need to persist queries.
The filter should accept a simple boolean value, which acts as a switch to skip the merging logic.
Alternatively:
- The filter could define a list of allowed/expected query params, or;
- The filter could restrict valid params to only include ''registered'' query vars.
** A note on the existing `paginate_links` filter**
Note that [https://github.com/WordPress/WordPress/blob/master/wp-includes/general-template.php#L4302 a paginate_links filter already exists] at the end of the function, but this only allows for manipulating the `href` attribute of the link. Whilst this could ''technically'' be used to ''strip'' parameters via brute force, this is cumbersome, and requires knowledge of the correct canonical URL (which WordPress doesn't natively/reliably have).",jonoaldersonwp
Tickets Awaiting Review,53008,Creating an anonymous comment with custom fields via REST API,,REST API,4.7,normal,normal,Awaiting Review,defect (bug),new,,2021-04-09T14:16:40Z,2021-04-12T08:04:40Z,"Hi!
When `rest_allow_anonymous_comments` filter is enabled, I'm able to successfully create anonymous comments via REST API POST /comments method, without any authorization. Unfortunately, when trying to create a comment with a registered, non-protected meta field, I got a 401 error (details below). Even when `auth_callback` is forced to return true for that field, things don't change. I think that by default, when `rest_allow_anonymous_comments` is enabled, one should be able to create a comment with meta fields.
Field definition:
{{{#!php
true,
'type' => 'string',
'show_in_rest' => true,
]);
}}}
Request:
{{{
curl --request POST \
--url 'http://example.com/wp-json/wp/v2/comments' \
--header 'Content-Type: application/json' \
--data '{
""post"": 1,
""content"": ""Lorem ipsum"",
""author_name"": ""Dawid"",
""author_email"": ""example@example.com"",
""meta"": {
""twitter_handle"": ""dmgawel""
}
}'
}}}
Response:
{{{
{
""code"": ""rest_cannot_update"",
""message"": ""Sorry, you are not allowed to edit the twitter_handle custom field."",
""data"": {
""key"": ""twitter_handle"",
""status"": 401
}
}
}}}
I got the same response for the following meta field definition:
{{{#!php
true,
'type' => 'string',
'show_in_rest' => true,
'auth_callback' => function(){ return true; }
]);
}}}
",dawgawel
Tickets with Patches,53010,Tests: introduce namespacing for the test classes,hellofromTonya,Build/Test Tools,,normal,normal,Future Release,task (blessed),assigned,dev-feedback,2021-04-09T15:51:13Z,2024-03-21T06:37:50Z,"Introducing namespaces in the production code for WordPress Core is a hot topic, so I very purposely do NOT want to touch that in this ticket.
However, for the test suite, which doesn't get shipped with the WordPress production code, it's a whole other matter.
== Benefits
Using namespaces in the test suite provides us with the following benefits:
1. If used consistently and providing they follow a set pattern (more about this below), they will make it very easy for contributors to find the test files/classes they are looking for.
2. It will allow for shorter file and test class names, while those will still be descriptive.
3. And... it will allow for mocking PHP native functions by declaring a namespaced version of that same function in the test class.
4. It will also allow more easily for multiple test classes to be created to test one particular feature/function, which the current naming scheme does not allow for. This will allow for tests for the same functionality, but which need different fixtures (setup/teardown) to be encapsulated in their own test classes.
== Caveats:
As the WordPress Core test suite is used not only by Core, but also by plugins and themes for integration tests, the test class namespacing should be reserved for actual test classes and - for now - not be applied to test utility classes / Abstract base test classes (i.e. the `tests/phpunit/includes` directory should NOT be touched for now).
== Proposed pattern
The current directory structure for tests is, to put it mildly, confusing and inconsistent.
To solve that, I would like to propose the following pattern:
* File paths: `tests/phpunit/tests/wp-[includes|admin]/[SubFolder/]*Class_Under_Test/FunctionUnderTest[OptionalSubsetIndicator]Test.php`
* Namespace: `WordPress\Tests\WP_[Includes|Admin]\[SubFolder\]*Class_Under_Test`
* Classname: `FunctionUnderTest[OptionalSubsetIndicator]Test`
For WP Core files which only contain functions outside of a class structure, the following pattern is proposed:
* File paths: `tests/phpunit/tests/wp-[includes|admin]/[SubFolder/]*Functions_FileName/FunctionUnderTest[OptionalSubsetIndicator]Test.php`
* Namespace: `WordPress\Tests\WP_[Includes|Admin]\[SubFolder\]*Functions_FileName`
* Classname: `FunctionUnderTest[OptionalSubsetIndicator]Test`
The pattern I'm proposing does imply a re-organisation of the test suite directory and file structure, but that IMO is for the better.
It also follows a PSR4-like pattern which will be more intuitive for new contributors to work with, as well as follow the PHPUnit recommended test class name pattern with having the `Test` as the end of the class name.
This will also allow for using PSR-4 autoloading for the tests classes and adding the `autoload-dev` directive to the `composer.json` file.
== Planning
This should be regarded as a small project and not all renaming needs to be done at the same time.
New tests should start following the above proposed pattern as soon as consensus has been reached about this proposal.
Existing tests can be gradually switched over to the new pattern over time.
== Additional tasks associated with this project
- [ ] Updating the contributors handbook for Core.
- [ ] Verify that the WordPressCS sniffs will validate this pattern correctly.
- [ ] Write a Make post about the decision once consensus has been reached.",jrf
Tickets Awaiting Review,53011,Tests: review all setUp() and tearDown(),,Build/Test Tools,,normal,normal,Awaiting Review,task (blessed),new,has-patch,2021-04-09T16:21:16Z,2022-06-04T15:32:27Z,"The `setUpBeforeClass()`, `setUp()`, `tearDown()` and `tearDownAfterClass()` (and the WP test suite native variants of these) methods in test classes are used to set up fixtures which will be used by all tests in the test class.
Also see: https://phpunit.readthedocs.io/en/9.5/fixtures.html
For tests to properly be able to test just and only that which is being tested, we need to make sure that changes to the ""global state"" are undone after each test.
This includes:
* Changes to variables in `$GLOBALS`, changes to global variables via `global $var_name`.
* Changes to superglobals, like `$_GET`, `$_POST` or `$_REQUEST`.
* Filters being hooked or ''un''hooked to WordPress using `add_filter()`, `remove_filter()`, `add_action()`, `remove_action()` (and all their variations) calls in `setUp()` methods - or in the tests themselves.
* Changes in the file system - file being created by a test should be deleted after the test.
* And more contentiously: changes in the database ought to be undone after a test as well. This doesn't mean that any posts being created for a test and only being used by that test need to be deleted, but it does mean that any schema changes, any new tables created etc ''should'' be undone after the test.
At this time, the WP Core test suite does not consistently ""undo"" changes to the global state for each test, as @hellofromTonya and me found while reviewing tests for an unrelated patch.
We would like to recommend a full review of the test suite for best practices regarding global state resetting after each test.
Note: if a ""reset"" action is being done within the code of a test ''function'', it may not get executed when the tests fails. To that end, these type of ""reset""s should generally be done in the `tearDown()`, even when they only apply to one test in the test class.
The ""reset"", in that case, should be accompanied by a comment pointing to the test to which it applies.",jrf
Tickets Awaiting Review,53012,"Change Status of ""Hello World"" to Draft as Default",,Upgrade/Install,,normal,normal,Awaiting Review,feature request,new,has-patch,2021-04-09T16:39:19Z,2023-07-03T21:08:18Z,"We've done an amazing job with starter text for our default themes.
As someone who works with small business owners, however, they often don't realize they should not delete or rewrite ""Hello World."" Instead, it's published.
Searching for the string shows over 5,000 results.
> This is the first post in your new blog. To add another or delete this one click the Blog option on the toolbar above.
https://www.google.com/search?q=%22This+is+the+first+post+in+your+new+blog.+To+add+another+or+delete+this+one+click+the+Blog+option+on+the+toolbar+above.%22&oq=%22This+is+the+first+post+in+your+new+blog.+To+add+another+or+delete+this+one+click+the+Blog+option+on+the+toolbar+above.%22&aqs=chrome..69i57j35i39l8.1457j0j1&sourceid=chrome&ie=UTF-8
I think a simple solution is to set it as a draft instead of published.
I searched Trac and couldn't find this ticket so I thought, why not submit it?
Thanks, y'all.
Bridget ",bridgetwillard
Unpatched Enhancements,53013,Improve media library grid management tools,joedolson*,Media,,normal,normal,Future Release,enhancement,accepted,,2021-04-09T19:07:03Z,2023-10-18T16:18:07Z,"The list view & the media modal both support bulk selection tools that aren't available in the media library's grid view.
We should explore ways of moving the media grid view towards greater feature equivalence with these other views, including options such as:
- One-click deletion
- Select multiple items
- View attachment titles (helps differentiate between two versions of an image)
- Copy URL for attachment
Prompted by #51363. While a custom context menu is not something we consider to be viable for accessibility reasons, the intent of that ticket is definitely worthwhile. ",joedolson
Unpatched Enhancements,53014,Health check should list all feature flags in core and show which features the current theme supports,,Site Health,5.8,normal,normal,Future Release,feature request,new,,2021-04-09T19:58:43Z,2023-01-27T14:11:14Z,"It would be nice to be a see what features your theme supports and to have links to core docs To explain what each feature flag does.
I see this as list of all features globally available (core and others) with ticks for each feature the current theme supports
",pbearne
Tickets Awaiting Review,53019,The _sanitize_text_fields function removing the octets that incorrectly work with Arabic RTL languages.,,Security,,normal,normal,Awaiting Review,defect (bug),new,,2021-04-12T10:08:05Z,2023-03-14T02:52:03Z,"`%10` - `%99` are valid percents for the Arabic languages. [https://ar.wikipedia.org/wiki/%D9%86%D8%B3%D8%A8%D8%A9_%D9%85%D8%A6%D9%88%D9%8A%D8%A9 The Arabic percentage usage].
As I can see [here]https://core.trac.wordpress.org/browser/tags/5.7/src/wp-includes/formatting.php#L5409, removing all octets, but I'm not sure that it's really for security reasons. Anyone could approve that this code really important here?",wppunk
Tickets Awaiting Review,53023,_wp_json_convert_string type mismatch: returns string on success; false on failure,,Formatting,4.1.4,normal,normal,Awaiting Review,defect (bug),new,,2021-04-12T21:07:07Z,2021-04-12T21:07:07Z,"The private function `_wp_json_convert_string` (which converts a string to UTF-8) also returns `false`, though its `@return` specifies only `string`.
How? [https://www.php.net/manual/en/function.mb-convert-encoding.php `mb_convert_encoding`] returns a `string` on success and a `false` on failure.
Is this a bug or docs fix? It's both.
Reviewing its context, it's used by `_wp_json_sanity_check` to convert IDs and data value. The IDs are the problem. How so? Each ID is used as either a key or project for referencing the data value.
What happens if the conversion to UTF-8 fails? The key or property would either be an empty string or `false`. That's problematic as it can cause unexpected JSON encoding results.
For example, this [https://3v4l.org/n4qT6 3v4l snippet] simulates the convert encoding failure to view the results through the JSON encoding process. Notice how the returned JSON is invalid when it fails. (Note: This snippet is forcing a failure.)",hellofromTonya
Unpatched Enhancements,53024,List https functionality health check failures as critical,,Site Health,5.7,normal,normal,Future Release,enhancement,assigned,,2021-04-12T23:36:30Z,2021-11-10T14:06:47Z,"In #52783 site health check https failures were reduced to warnings pending some documentation improvements due to false negatives increasing the load on hosting companies' tech support teams.
This follow up ticket is to return the warning level to critical with the following considerations:
* Fine tune when failures should report warnings or critical errors
* Improve documentation on WordPress.org to avoid overburdening hosting support teams
* Link to WordPress.org documentation as a primary call to action rather than contacting the user's host.
",peterwilsoncc
Tickets Awaiting Review,53034,Overflowing text on Update WordPress screen,,Upgrade/Install,,normal,normal,Awaiting Review,defect (bug),new,,2021-04-15T06:08:26Z,2021-04-15T09:16:25Z,"Hi,
I am facing issue and UI issue on update page. More information see mentioned screenshot.
Thank you.",sumitsingh
Tickets Awaiting Review,53035,Copy suggested policy text to clipboard on click success message is not showing,,Administration,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-04-15T06:29:49Z,2021-04-16T04:47:18Z,"Hi,
I have updated 5.7.1. and lot's of time success message is not showing. more information you can see mentioned quick video link.
https://www.loom.com/share/6d051f6236134b6eb6aff20fba228b9e",sumitsingh
Tickets Awaiting Review,53036,Require title or content before allowing save of Quick Draft,,Administration,5.7.1,normal,normal,Awaiting Review,defect (bug),new,,2021-04-15T06:42:39Z,2021-04-16T15:29:58Z,"Hi,
I have updated WP version. i think we need to add validation on create add Quick Draft post in dashboard. what you think all guys?
See mentioned quick video link.
https://www.loom.com/share/49926bf12af5404f9d3ff3877dce400e",sumitsingh
Candidates for Closure,53037,Post Attributes UI issue in page list,,Editor,5.7.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-04-15T06:51:35Z,2022-05-25T10:25:02Z,"Hi
Add new page in UI issue.So how we can fixed this? Also i think we need to update ""Post Attributes"" to ""page Attributes"" . like post type name with Attributes.
you can think about last suggestion.
Thank you.",sumitsingh
Tickets Awaiting Review,53040,Prune IP and Email Addresses from Comments After X Days,,Comments,5.7.1,normal,normal,Awaiting Review,feature request,new,,2021-04-15T07:49:35Z,2021-04-17T21:19:05Z,"In order to aid compliance with new data privacy laws (e.g. GDPR in the EU / UK etc.) we would like a new feature, which when enabled would automatically prune the IP and email address details attached (privately) to anonymous comments after X days.
A simple settings field to set the number of days would be all that is required to enable it, while leaving the field blank would be akin to disabling the feature.
I am conscious, from my own website, that retaining such details can be helpful when tackling spammers/bots. But I also tend to find that, after a few months, there is no longer any real benefit to retaining that data and in our legal privacy policy we'd like to reflect a time period for its retention.
The site we have currently has a decade worth of email and IP details associated to past comments and much of that could really do with being removed. Sadly, there is no easy approach for this, without wiping the comment and display names out too. In an ideal world we'd probably set a 365-day (1 year) timer and comments older than that would lose their IP and email details.
Alternatively, a way to partially obfuscate old IP and email address details would be another option. But retaining such data indefinitely is legally something that has become difficult to support.",ispreview
Tickets Awaiting Review,53041,colors.css is using the old blue.,,Formatting,5.7.1,normal,minor,Awaiting Review,defect (bug),new,dev-feedback,2021-04-15T12:51:29Z,2021-04-15T12:51:29Z,"I love the new color pallet, but I noticed that colors.css overrules the new link color in common.css.
colors.css is still using hex 0073aa, while common.css is using hex 2271b1.
",DuisterDenHaag
Tickets Awaiting Review,53044,Issue on mobile device when try to post QUICK EDIT.,,"Posts, Post Types",5.7.1,normal,normal,Awaiting Review,defect (bug),new,,2021-04-15T18:24:10Z,2021-05-13T16:00:24Z,"Hi,
I have setup updated WP latest version 5.7.1. and some UI issue on mobile device when i am trying to quick edit Post on mobile. More information you can see mentioned screenshot.
Thank you",sumitsingh
Tickets Awaiting Review,53046,Scrollbars Broken in latest visual editor,,Editor,5.7.1,normal,minor,Awaiting Review,defect (bug),new,,2021-04-15T23:34:48Z,2021-05-18T06:14:18Z,"Not only is the mouse disabled from scrolling using its scroll wheels, but the scroll bars on the side of the screen also are disabled except for the thumbs. You can drag the thumbs to scroll the content, but you can't click the arrows or scroll with the mouse. Rather clicking the arrows shows the clicked state of the arrow icons, but nothing scrolls.
Also, from within a block, a new set of full-screen scrollbars appears inside the outermost scrollbars (which make no sense and do nothing--mostly because the box is 1 unit high and doesn't need to stroll)",WhirledPress
Tickets Awaiting Review,53057,Added AJAX_DEBUG Constant for better ajax debugging,,General,,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-04-19T06:45:00Z,2021-04-23T15:09:16Z,"AJAX_DEBUG = true will added action as url parameter debug=AJAX_ACTION. This will help developers to filter out the ajax requests from Browser Developer Tools Network tab, without having to click every ajax request to check what it is for.
Its been bothering me a lot and i think it bothered lot or other developers too. for every ajax call I have to click on each request ( in case there are multiple network request listed ) and have to check the request data or the request parameters to figure out which is my request.
This will help developers to just use search filter from network tab for filtering out their own request or any other request he/she want to check.
",parroty
Tickets Awaiting Review,53060,Data Deletion - comments,,Query,,normal,normal,Awaiting Review,feature request,new,,2021-04-19T16:44:31Z,2021-04-20T17:59:19Z,"**Data Deletion - comments**
Can we add a WP_Query parameter so that we can pull comments by author email or author user_id?
**Why?**
For better user privacy, I am creating a profile page for users where they can see all the comments they have made and easily delete those comments -- but in a post loop so that they have the context of the comments that they have made.
**Reference**
https://developer.wordpress.org/reference/classes/wp_query/#comment-parameters
It seems there is no WP_Query parameter for pulling posts by comment author. I think there should be for privacy.
Of course, I can make it happen the other way round with a custom DB query to find all comments by author and then get the post_id and loop the ids in_array but maybe it should be easier and more standard as to encourage user privacy respect.
",megphillips91
Tickets with Patches,53063,Add batch support to core REST resources,TimothyBlynJacobs,REST API,5.6,normal,normal,Future Release,enhancement,assigned,has-patch,2021-04-20T15:15:58Z,2021-11-09T02:26:20Z,"#50244 introduced batch operation functionality to the WordPress REST API, but it remains disabled in WordPress' core endpoints. It would be great to see this functionality available on core endpoints for manipulating core resources.
Due to some [https://make.wordpress.org/core/2020/11/20/rest-api-batch-framework-in-wordpress-5-6/#comment-40916 complexity around GET requests which may spin off expensive queries], a first step may be to only enable batch processing for creatable/editable/deletable requests.",chrisvanpatten
Tickets Awaiting Review,53066,Trigger errors when non-existent methods are called on objects.,,General,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-04-21T07:40:24Z,2021-04-23T04:27:45Z,"Numerous WordPress classes include a `__call()` function for back-compat, however, simply return false on invalid calls.
For example, the following code outputs 'No' even though it should be a fatal error.
{{{
$wp_query = new WP_Query();
echo $wp_query->delete_all_posts() ? 'Yes' : 'No';
}}}
This can cause logic errors, where someone were to use something like: `WP_User::has_role( 'something' )` and expect to receive true/false, but only ever get false. (Note that `has_role()` doesn't exist and won't exist: [comment:10:ticket:22624])",dd32
Tickets Awaiting Review,53070,Establish a Core CSS deprecation path,,General,,normal,normal,Awaiting Review,enhancement,new,,2021-04-22T03:31:47Z,2021-12-16T21:18:33Z,"Problem: Core CSS is a public API, and gets used as such by plugins. This means that when a selector is no longer used in wp-admin, deleting any related CSS rules can still break third party code. However, the cautious approach of not deleting any CSS leads to bloated files, with a negative impact on performance.
Solution: define a clear deprecation path for Core CSS, announcing in advance when any selector and related rules are being deprecated. This allows third parties to update their code in a timely manner.
What will this look like in practice? As discussed in the CSS meeting: [https://make.wordpress.org/core/2021/04/13/css-chat-summary-08-april-2021/],
* When a selector is no longer used in Core, move related CSS to a `deprecated.css` file.
* This file can be optionally enqueued by plugins that require any of its CSS.
* Deprecation is announced in the release dev notes.
* Linters and other automated tools can help enforce non-use of deprecated selectors.
",isabel_brison
Tickets Awaiting Review,53089,multisite uploads not working on windows 10/xampp after change blog_upload_space,,Upload,5.7.1,normal,normal,Awaiting Review,defect (bug),new,,2021-04-26T13:58:37Z,2021-04-26T13:58:37Z,"If i modify the ""blog_upload_space"" at /wp-admin/network/settings.php, then media uploads not working nowhere.
Environment: php 7.4.16 / windows 10 / XAMPP / WP 5.7.1.
PDF returns with ""unexcepted response"", Images returns ""the post-process error"".
I check on a fresh install too (no plugins), everything worked until I switched it to custom value.
If i clear ""blog_upload_space"" and uncheck the settings, not working.
Also tested on Ubuntu, fresh install, works well.
",er2es
Unpatched Bugs,53094,Twenty Twenty-One: Dark mode issue with cover block colors,,Bundled Theme,5.7.1,normal,normal,Future Release,defect (bug),new,,2021-04-27T00:41:38Z,2022-06-22T04:03:39Z,"Dear team, I had chosen cover block from block editor, selected background color as cover color, select border for the cover block, add heading. Now, when I see this page in dark mode, the cover block is not converting the dark background. kindly try et your en[alakh.co.in]d see",kpdaa
Tickets Awaiting Review,53117,"Post types which are not public, but which are show_in_rest and publicly_queryable and not exclude_from_search, do not appear in REST API search endpoint",,REST API,5.0,normal,normal,Awaiting Review,defect (bug),new,,2021-04-30T14:39:32Z,2021-04-30T15:40:44Z,"I have a custom post type ""tease"" which is registered with the following code:
{{{
register_post_type(
'tease',
array(
'menu_icon' => 'dashicons-update',
'exclude_from_search' => false, // allow us to include these in query results.
'publicly_queryable' => true,
'show_in_nav_menus' => false, // Don't allow to slot in nav.
'show_ui' => true, // Show in admin UI.
'has_archive' => false,
'show_in_rest' => true,
'supports' => array( 'title', 'editor', 'custom-fields' ),
'map_meta_cap' => true, // Set to true, so that default capabilities are mapped from posts to Teases.
'capability_type' => 'post',
'taxonomies' => array( 'category', 'post_tag' ),
)
);
}}}
Given that it is publicly queryable, shows in the REST API, and is not excluded from search, I would expect to be able to perform a search using the REST API for posts of this type.
However, a search for posts or teases matching the word ""patience"" returns an error message: /wp-json/wp/v2/search?search=patience&subtype=post,tease
{“code”:“rest_invalid_param”,“message”:“Invalid parameter(s): subtype”,“data”:{“status”:400,“params”:{“subtype”:“subtype[1] is not one of post, page, category, post_tag, and any.“},“details”:{“subtype”:{“code”:“rest_not_in_enum”,“message”:“subtype[1] is not one of post, page, category, post_tag, and any.“,”data”:null}}}}
I get the same error message when I replace ""tease"" in that URL with a nonexistent post type.
If I modify the post-type registration with 'public' => true, then the search completes.
I'd like to credit @delipeelia for finding the potential cause: WP_REST_Post_Search_Handler only looks for post types which are public or show_in_rest: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-api/search/class-wp-rest-post-search-handler.php#L32
Changing /wp-includes/rest-api/search/class-wp-rest-post-search-handler.php to the following allows the search to work as I would expect it to, but I'm not sure that this is the right way to handle it.
{{{
get_post_types(
array(
'exclude_from_search' => false,
'show_in_rest' => true,
),
'names'
)
}}}
It does seem kind of weird to want to be able to search a non-public post type; the use case here is building a post-picker in the Block Editor that can pick posts or teases, without exposing the existence of teases to visitors to the site. For now, I've marked the post type as public, but that the REST API doesn't allow searching of posts which are marked as searchable does seem like a bug.",benlk
Tickets Awaiting Review,53118,Tests: review of correctly setting output expectations,,Build/Test Tools,,normal,minor,Awaiting Review,task (blessed),new,,2021-04-30T15:32:35Z,2021-04-30T15:32:35Z,"While looking at the tests in the context of another ticket, @hellofromTonya and me came across various tests doing things like:
{{{#!php
assertRegExp( $regex, $contents );
}}}
PHPUnit has dedicated functionality build-in to set output expectations which will then automatically test that the output conforms to those expectations.
When using those, the above code would become:
{{{#!php
expectOutputRegex( $regex );
// Do something which generates output...
}}}
I suspect that in most cases were `ob_*()` functions are being used to ""catch"" output before testing it, this can (and should) be replaced with using the PHPUnit native `expectOutputString()` and `expectOutputRegex()` functions.
Note: each test can only have **ONE** output expectation when using the PHPUnit native functionality.
Also see: https://phpunit.readthedocs.io/en/9.5/writing-tests-for-phpunit.html#testing-output
I'd recommending a complete review of the test suite to verify whether output expectations are tested correctly.
To find all instances of this code pattern a search should be done for the use of `ob_*()` functions in the `tests/phpunit` directory.",jrf
Tickets Awaiting Review,53119,Tests: introduce naming conventions for data providers and use named test cases,,Build/Test Tools,,normal,normal,Awaiting Review,task (blessed),new,,2021-04-30T15:58:51Z,2023-10-24T01:46:08Z,"A number of tests use dataproviders - functions which return a multi-level array of test cases, where each sub-array is a set of parameters to pass to the actual test function -.
Also see: https://phpunit.readthedocs.io/en/9.5/writing-tests-for-phpunit.html?#data-providers
Currently there are:
* No naming conventions for data providers - the functions are called whatever the author wanted to call them.
* No placement conventions for data providers - sometimes the functions are at the top of a file, sometimes at the bottom, sometimes just before or after the test function using them.
I'd like to recommend streamlining this a little more to:
1. Make it more obvious which functions are data providers.
2. Make the data providers easier to find.
With that in mind, I'm proposing:
1. That the function name of all data provider functions starts with `data_`, similar to how all test functions are prefixed with `test_`.
2. That data providers when used by only one test are placed directly after that test.
3. That data providers when used by multiple tests which directly follow each other, are placed directly after the last test using the data provider.
4. ~~That data providers used by multiple tests throughout a test file are placed at the bottom of the class.~~ **Updated**: That when a data provider is used by multiple tests throughout a test file, that the tests using the data provider are grouped together and that the data provider is then placed directly after the last of the tests using it, as per 3.
Additionally, there is an awesome, but little known feature in PHPUnit which allows to ""name"" each test case in a data provider by adding an index key for each test data set.
This will make test failure information more descriptive and will make the test case which is causing the failure easier to find than having the default numeric indexes for test cases.
And when coupled with the `--testdox` feature, especially when selectively running a filtered set of tests will make it much more obvious what is being tested.
So I'd also like to recommend implementing the use of named test cases when using data providers.
To illustrate the difference:
Screenshot of a test run with a dataprovider and `--testdox` without using named test cases:
https://speakerdeck.com/jrf/my-top-10-phpunit-tips-and-tricks-e6ea54ce-2515-4ea9-aacf-9bf7ab3b3141?slide=26
Screenshot of a test run with a dataprovider and `--testdox` WITH named test cases:
https://speakerdeck.com/jrf/my-top-10-phpunit-tips-and-tricks-e6ea54ce-2515-4ea9-aacf-9bf7ab3b3141?slide=28
Code sample of how to implement this:
https://speakerdeck.com/jrf/my-top-10-phpunit-tips-and-tricks-e6ea54ce-2515-4ea9-aacf-9bf7ab3b3141?slide=27
Once this ticket has been actioned, I'd like to recommend that the conventions applied will be added to the Core contributors handbook.
/cc @hellofromTonya",jrf
Tickets Awaiting Review,53128,Simplify Widget Management,,Widgets,,normal,normal,Awaiting Review,enhancement,new,,2021-05-01T16:59:45Z,2021-05-01T16:59:45Z,"Idea ... separate the drag and drop ordering to a small icon to the left of the widget name. Opens up the space to the right for functionality. To the left of the open/close toggle, please consider one of the following:
A delete icon. Stop opening each widget, just to delete it.
A checkbox. Treat the widgets like posts listing. Even add a ""select all"" at the top.
This idea came as I was setting up a theme demo for someone, and I want to dump all the widgets which came with the demo import.",craigtommola
Tickets Awaiting Review,53132,MU/Network > Plugins: plugins (only) activated in subsite could be marked as such,,Plugins,,normal,minor,Awaiting Review,enhancement,new,,2021-05-02T08:46:27Z,2022-02-26T15:56:13Z,"This is a suggestion/request:
In a multisite setup I have plugins which are not network-activated, but activated on a subsite. They are, correctly I suppose, listed as “inactive” in the Network > Plugins table.
Plugins listed there have two actions “Network Activate” and “Delete”.
The later is what brought me here.
I can delete a plugin a subsite relies on without additional warning.
Would it be feasible to either:
1. add a third action “Deactivate on subsites” while the network-deactivated plugin is still activated somewhere further down and have “Delete” disabled until the new action has been triggered or
2. have a new column above the table
“All” “Active (network)” “Active (subsites)” …
and plugins in “Active (subsites)” have “Network Activate” and “Deactivate on subsites”
",retrovertigo
Tickets Awaiting Review,53134,Keep current URL domain for View Post on View Post link,,Editor,5.7.1,normal,minor,Awaiting Review,defect (bug),new,,2021-05-02T19:53:25Z,2021-07-24T17:43:12Z,"Hello,
I am using BrowserSync to proxy my remote site to https://localhost:3000 on my local machine through ssh forwarding. I have noticed that the localhost domain name is reverted to my site real domain on the backend for the 'View Post' link, when updating a post using Gutenberg. This behavior does not happen with the classic editor.
It would be great if the 'View Post' link could retain the localhost domain on post update.
Steps to reproduce:
1) Run BrowserSync or equivalent as proxy
2) Open post for edit on backend on localhost domain
3) Check 'View Post' link, it should have localhost as domain
4) Click 'Update' or 'Publish'
5) Check 'View Post' link again and it will now have the site domain instead
Classifying as bug as the behavior deviates from what the classic editor does.",chamois_blanc
Candidates for Closure,53139,Password Reset on user edit,,Users,5.7.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-05-03T17:52:07Z,2021-05-03T23:56:43Z,"Whenever I edit a user, I get an error at the top saying that the password is already in use. I am ''not'' editing any passwords. I'm editing permissions for a user, which is not related to the password in any way.
What's more annoying is that every time I attempt to make an edit, the user who's account it is gets an email saying that their password changed, which isn't even the case.
I'm using a few plugins, some big ones which are WooCommerce, Elementor and LearnDash. It doesn't seem like any of these are causing conflicts though, since I have tried disabling them and trying again.",xaaf
Candidates for Closure,53146,Bundled Themes: More consistent styling of the search block,,Bundled Theme,5.7.1,normal,normal,Awaiting Review,defect (bug),assigned,reporter-feedback,2021-05-04T00:39:10Z,2023-07-11T04:26:12Z,"The search block is missing styling from the theme. The search widget in the footer has the styles in the stylesheet. The search block used on pages and posts does not have styles.
The unstyled attributes are:
{{{
.wp-block-search
.wp-block-search__input
.wp-block-search__button svg
}}}
Image of the search block on a page vs the search bar widget in the footer.
[https://t2.dhostingsites.com/wp-content/uploads/2021/05/Screenshot-2021-05-03-5.36.53-PM-e1620088694646.png]
[https://t2.dhostingsites.com/search-block-doesnt-have-styles/]",deborah86
Tickets with Patches,53158,Twenty Twenty: Pullquote block editor styling does not match front,,Bundled Theme,,normal,normal,Future Release,defect (bug),assigned,has-patch,2021-05-05T00:10:48Z,2021-11-05T05:34:47Z,"Twenty Nineteen has a similar discrepancy reported on #53112
When the pullquote has default alignment, the text is still Garamond italic in the editor.
Also, quotes aligned Wide or Full are not the larger font size.",sabernhardt
Unpatched Bugs,53161,Twenty Twenty-One: Navigation block has a permanent theme-imposed background color,,Bundled Theme,5.7.1,normal,normal,Future Release,defect (bug),new,,2021-05-05T14:28:25Z,2023-01-31T06:46:29Z,"Twenty Twenty-One provides a default background color to the navigation block. If the block appears inside of a differently-colored container block, this looks incorrect:
[[Image(https://cldup.com/fb8OTHJzQG.png)]]
[[Image(https://cldup.com/U6GLVRtEAG.png)]]
If a user attempts to modify this color via the Navigation block controls, only the menu item backgrounds are updated. The theme-provided background persists:
[[Image(https://cldup.com/kQ8nkqUATP.png)]]
The theme should leave this block transparent by default, so that it will work on a variety of different backgrounds.
",kjellr
Slated for Next Release,53167,upload_filetypes should map to get_allowed_mime_types,adamsilverstein,Networks and Sites,3.0,normal,normal,6.6,enhancement,assigned,has-patch,2021-05-06T14:20:11Z,2024-03-27T15:55:16Z,Currently in multisite `upload_filetypes` site option is massively out of date with mime / ext allowed in `get_allowed_mime_types`. ,spacedmonkey
Tickets Awaiting Review,53170,Reduce the transient size of WordPress Events and News feeds,,Widgets,5.7.1,normal,normal,Awaiting Review,enhancement,new,,2021-05-07T17:34:48Z,2024-02-23T11:03:51Z,"If we export the database created in a clean WordPress installation that blocks external connections with `WP_HTTP_BLOCK_EXTERNAL`, the exported file size is just **34kb**.
Without blocking external connections, the exported SQL file size is **746kb**.
This whopping difference of 712kb comes from WordPress Events and News feeds: https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/dashboard.php#L1490
That downloads these feeds and stores them as transients in the database:
- https://wordpress.org/news/feed/ (125kb~)
- https://planet.wordpress.org/feed/ (550kb~)
This seems to be unnecessary, given that the content that is actually displayed in the widget is just the event/news name and a link:
[[Image(https://i.imgur.com/0vWVwE0.jpg)]]
With this ticket, I would like to suggest reducing the transient size of the WordPress News and Events widget feed to the minimum possible.",lucasbustamante
Candidates for Closure,53172,React-dom mistake,,Editor,,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-05-08T21:05:40Z,2021-05-13T14:36:24Z,"http://prntscr.com/12isc2j
react-dom.js?ver=16.13.1:1680 Warning: Failed prop type: You provided a value prop to a form field without an onChange handler. This will render a read-only field. If the field should be mutable use defaultValue. Otherwise, set either onChange or readOnly.
Its not whole time, its happening sometimes.
I don’t understand why does this mistake appear",andrewpolnikov
Candidates for Closure,53184,Toolbar Enhancements: turn off labels / disable plugins / auto-hiding,,Toolbar,,normal,normal,Awaiting Review,feature request,new,dev-feedback,2021-05-11T16:48:44Z,2021-07-14T00:10:19Z,"Something that can get pretty crowded quickly is the Toolbar. I have three suggestions for improving this:
- The option to turn on/off text labels next to the icons
- The option to disable / enable certain plugins to add things to the toolbar
- The option to enable / disable auto-hiding, where the toolbar hides until you move your mouse up (similar to what lots of people use with their Mac's dock)
I'd love to hear your thoughts.",tomjdevisser
Tickets Awaiting Review,53186,Site Health plugin extension for the performance score,,Site Health,,normal,normal,Awaiting Review,feature request,new,,2021-05-11T19:00:03Z,2021-05-19T05:29:06Z,"To make users able to check the impact of plugins and themes and see if their usage is worth it or not we need an additional plugin with a connection to the repo, like an **extension for Site Health** (Jeff Paul suggested that it looks like a Site Health related).
== The ""message"" of the Site Health extension can be:
1. Check your site performance
2. Get results (and act)
3. Share information (purely related to plugins execution without any personal or domain-related data) with the repository to give plugins you are using a performance score.
== Why we need to check performance:
Plugins (and themes) can be heavy and make a huge impact on site performance for small enhancement site owner wants.
I proposed to add a performance index to plugins and themes on the repo:
https://meta.trac.wordpress.org/ticket/5731
But there is no way to get actual data, especially for plugins, without real websites, so, it looks like the only way to get real information about plugins' performance is from sites owners and their own free will.",oglekler
Tickets Awaiting Review,53191,"When upgrading translations and destination does NOT exist all files end up in ""wp-content/plugins""",,Upgrade/Install,5.7.1,normal,major,Awaiting Review,defect (bug),new,,2021-05-12T04:57:56Z,2021-05-12T04:57:56Z,"Hi
**Current install:**
Using the LATEST version of WordPress, the line numbers in this bug report relate to that version number.
**Problem Discription:**
I noticed a huge (220+) amount of .json, .mo and .po files in the ""wp-content/plugins"" directory. They shouldn't be there, in fact they should be in ""wp-content/languages/plugins"".
**Overview of Fix:**
I researched why that maybe the case and found the problem: if the directory ""wp-content/languages/plugins"" does NOT exist, all json/po/mo files are placed into ""wp-content/plugins"" - which in itself is a ""no no"" as the directory belongs to the ""protected"" directory set (I get to that later).
If the directory exists, there is no problem and all files end up in the correct directory and NOT in the ""wp-content/plugins"".
**Where I think the error comes from:**
For every language file that is updated the function ""install_package()"" in ""class-wp-upgrader.php"" is called. The parameter passed is an array containing the SOURCE and DESTINATION of the file needing an update.
The DESTINATION is correct when passed to the function ""install_package()"" but gets altered when the DESTINATION does not exist on line 501:
{{{
$remote_destination = $wp_filesystem->find_folder( $local_destination );
}}}
If the directory ""wp-content/languages/plugins"" exists, there is NO problem.
If the directory ""wp-content/languages/plugins"" DOES NOT exist, there is a problem and
{{{
$remote_destination
}}}
is set to ""wp-content/plugins"" - which in fact belongs to the ""protected directories""
**What steps should be taken to consistently reproduce the problem?**
Delete the directory ""wp-content/languages/plugins"" and update translations.
All *.json, *.po and *.mo files will end up in ""wp-content/plugins""
**Does the problem occur even when you deactivate all plugins and use the default theme?**
Not related, as issue is MISSING PATH related.
**In case it's relevant to the ticket, what is the expected output or result?**
I would assume that the directory ""wp-content/languages/plugins"" should be created if it is missing and not place all files in ""wp-content/plugins""
I for now have created the directory, but I saw on the Internet that MANY people seeing large amount of files in the plugins directory ""wp-content/plugins"".
Also ""wp-content/plugins"" belongs to the group of ""protected directories"" as seen on line 545 in file class-wp-upgrader.php:
{{{
$protected_directories = array( ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes' );
}}}
so for that reason alone no file SHOULD end up in there.
Also, it's ugly to have 200+ language files in the plugin folder where you should only find directories for plugins.
",jobst
Tickets Awaiting Review,53193,chmod(): Operation not permitted in class-wp-image-editor-imagick.php,,Media,5.7.1,normal,normal,Awaiting Review,defect (bug),new,,2021-05-12T05:49:17Z,2021-05-12T13:15:24Z,"Hi
**Current install:**
Using the LATEST version of WordPress, the line numbers in this bug report relate to that version number.
The system is running on CENTOS with APACHE as the server.
**Problem Discription:**
PHP Warning: chmod(): Operation not permitted in ""wp-includes/class-wp-image-editor-imagick.php"" on line 710
**Explanation why this is a problem**
Every security conscious system administrator will have the following settings:
On directories e.g.
drwxr-x---. 10 editor apache 4096 Feb 19 2019 wp-content
drwxr-x---. 25 editor apache 12288 Mar 29 13:26 wp-includes
drwxr-x---. 4 editor apache 4096 Dec 11 17:10 themes
drwsrws---. 2 editor apache 4096 May 12 15:09 upgrade
drwsrws---. 20 editor apache 4096 Jan 1 00:00 uploads
On files e.g.
-rw-r-----. 1 editor apache 31328 Mar 29 13:25 wp-signup.php
-rw-r-----. 1 editor apache 4747 Dec 11 15:27 wp-trackback.php
While the apache server can READ every file, it cannot WRITE every file abd that is good! I have NEVER had a problem with these settings, ever.
Where the apache server NEEDS to write, it can (e.g. uploads/upgrade/cache)
I can happily update core/plugins/themes using FS_METHOD ssh2 with ssh keys set for the editor.
Also it is nearly IMPOSSIBLE to have the system being taken over as the apache server cannot write core files.
**Does the problem occur even when you deactivate plugins, use default theme?**
N/A
File system permission issue
**In case it's relevant to the ticket, what is the expected output or result?**
There needs to be an additional check whether the line SHOULD/CAN be executed.
On my system the editor is NOT the same as the user running the http server. The server user is MOSTLY (and should) restricted to reading (other that the upload/upgrade/cache/etc directories).
This will lead to errors on Linux based systems.
",jobst
Tickets Awaiting Review,53195,Add $post or $post_id to the quick_edit_custom_box hook,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,,2021-05-12T11:17:34Z,2021-05-12T11:17:34Z,"Right now when you're adding a custom box to quick edit, you can't set an existing value without using JavaScript, cause you don't have acces to the post. For a more elaborate explanation, see the User Contributed Notes, top one by stevenlinx: https://developer.wordpress.org/reference/hooks/quick_edit_custom_box/
It would be more elegant if we could just use the post within the hook I think.",tomjdevisser
Tickets Awaiting Review,53202,Twenty Twenty: Buttons Are Not Responsive on Mobile Devices,,Bundled Theme,5.7.2,normal,normal,Awaiting Review,enhancement,new,,2021-05-13T15:31:52Z,2021-05-15T04:05:02Z,"On mobile devices and tablets, the buttons are not responsive. They appear like they would on the desktop website. The buttons should be responsive so users have enough area to click on. They are too small on the mobile and tablet versions of the website.
This is what Google says about using buttons:
> BE THUMB-FRIENDLY
> People use their fingers to operate mobile devices—especially their thumbs. Design your site so even large hands can easily interact with it.
> - Use large, centered buttons and give them breathing room to reduce accidental clicks.
> - Pad smaller buttons to increase the clickable area.
> - Pad check boxes by making the text clickable
[https://services.google.com/fh/files/blogs/GoMo_Best%20Practices_GoMo%20Branded.pdf]
This is how the page looks on desktop devices.
[[Image(https://core.trac.wordpress.org/raw-attachment/ticket/53202/Web-capture_13-5-2021_75816.jpeg)]]
This is how the exact page looks on mobile
[[Image(https://core.trac.wordpress.org/raw-attachment/ticket/53202/Web-capture_13-5-2021_75945.jpeg)]]
As you can see, the buttons are not responsive and do not take up the view so they can easily be clicked on by someone using the mobile device.
[[Image(https://core.trac.wordpress.org/raw-attachment/ticket/53202/Web-capture_13-5-2021_8542.jpeg)]]
If you change the width settings, this only changes the width of how the buttons will appear on desktop and mobile devices but it does not make them responsive.
You can tell the buttons are not responsive because the size of the text within the buttons does not change.
Here is a link to the page where I did the test: http://t2.dhosting.network/buttons-not-responsive-on-mobile
''Note: The images are from a desktop computer using the dev tools to change to the mobile view but I get the same result on my mobile device.''",deborah86
Tickets Awaiting Review,53208,WordPress editor documentation: a few suggested changes,,Editor,,normal,normal,Awaiting Review,defect (bug),new,needs-docs,2021-05-14T15:05:09Z,2021-05-14T15:06:52Z,"These videos are not working (tested on Firefox and Safari):
https://wordpress.org/support/article/wordpress-editor/#how-does-the-block-editor-work
https://wordpress.org/support/article/wordpress-editor/#adding-a-block
Here it says ""three sections"" and then only mentions ""1)"":
https://wordpress.org/support/article/wordpress-editor/#the-anatomy-of-a-block",tomjdevisser
Tickets Awaiting Review,53210,PHP 7.2: Can update WP core in wp-cli but not admin GUI,,Upgrade/Install,,normal,normal,Awaiting Review,defect (bug),new,,2021-05-14T19:33:59Z,2021-05-14T23:31:11Z,"When we attempt to update WordPress core from the admin area, it gets a critical error, but when we update it with wp-cli, it updates successfully, with the following output (warnings):
{{{
$ vendor/bin/wp core update
Updating to version 5.7.2 (en_US)...
Warning: Declaration of WP_CLI\CoreUpgrader::download_package($package) should be compatible with WP_Upgrader::download_package($package, $check_signatures = false, $hook_extra = Ar
ray) in C:\inetpub\[...]\vendor\wp-cli\wp-cli\php\WP_CLI\CoreUpgrader.php on line 14
Warning: Declaration of WP_CLI\UpgraderSkin::feedback($string) should be compatible with WP_Upgrader_Skin::feedback($string, ...$args) in C:\inetpub\[...]\vendor\wp-cli\wp-
cli\php\WP_CLI\UpgraderSkin.php on line 30
Downloading update from https://downloads.wordpress.org/release/wordpress-5.7.2-no-content.zip...
Unpacking the update...
Success: WordPress updated successfully.
}}}
To reproduce the GUI issue:
1. Go to Dashboard > Updates
2. Click 'Update Now' or 'Reinstall...'
Using the Health Check plugin's 'troubleshooting mode', I get a slightly more verbose error (but otherwise it's missing the line beginning ""Fatal Error""):
Downloading update from https://downloads.wordpress.org/release/wordpress-5.7.2-no-content.zip…
The authenticity of wordpress-5.7.2-no-content.zip could not be verified as no signature was found.
Unpacking the update…
Fatal error: Maximum execution time of 30 seconds exceeded in C:\inetpub\[...]\wp-admin\includes\class-wp-filesystem-direct.php on line 82
There has been a critical error on this website. Please check your site admin email inbox for instructions.
Using a Windows server, but not sure if that matters.",danicholls
Tickets Needing Feedback,53216,A Gutenberg Block repo,,General,,normal,normal,WordPress.org,feature request,new,dev-feedback,2021-05-16T09:26:52Z,2023-04-20T13:38:47Z,"Right now the plugin has it's repository, and the themes have one. The Gutenberg blocks are now often shipped in a plugin (and sometimes even in a theme). These plugins often ship many blocks when only one or a few are needed. This can cause bloated websites, and takes away flexibility.
My suggestion is, why not an extra repo for Gutenberg blocks, or maybe even extensions in general (custom post types as well, but not super sure about that). You'd have a super easy separation of concerns:
- Theme repo for styles
- Plugin repo for functionality
- Gutenberg(/Add-on) repo for added blocks(/types)
It would then be amazing if you could choose from a few separate blocks, or if you really like a company/developer, maybe a small set of blocks that go well together. I know it sounds like a big change, but I like thinking big and I think that's what we're doing with Gutenberg anyway. We could also just clone the system for the plugin repo and only make a few adjustments.
Thoughts?",tomjdevisser
Tickets with Patches,53229,"""Alt Text"" label misaligned in French",audrasjb*,Gallery,,normal,normal,Future Release,defect (bug),accepted,has-patch,2021-05-19T07:50:05Z,2021-06-08T17:11:12Z,"Hello,
In French, in a post edit when adding an image or a gallery block, the ""Alt Text"" label is misaligned with the input field.
We can see this behaviour on Ubuntu20.04/Firefox88.0.1 and Chrome 90.0.4430.212.
**Step to reproduce**
- be sure to have French as language in your profile
- in a post add an ""Image block""
- click on ""mediathèque"" to add an existing image
- Check an image and see the sidebar
",sebastienserre
Tickets Awaiting Review,53230,Allow nested arrays to be displayed in site health.,,Site Health,5.2,normal,normal,Awaiting Review,enhancement,new,,2021-05-19T08:55:29Z,2022-08-28T13:37:14Z,"Site health info, if the value is an array, it formats this as a ul / li list. This is nice, but if in the array, are other nested arrays, these are not rendered as expects. This screen should be changed to check if the value is an array and to iterate through it. ",spacedmonkey
Tickets Awaiting Review,53236,Nonce lifespans are inaccurate and unintuitively affected by timezones,,Date/Time,2.5,normal,minor,Awaiting Review,defect (bug),new,needs-unit-tests,2021-05-20T09:51:46Z,2021-06-02T04:37:01Z,"The docs on [[https://developer.wordpress.org/reference/functions/wp_verify_nonce/|wp_verify_nonce()]] specify that nonces are either 0-12 or 12-24 hours old by default, but this isn't true. In reality, the value `1` means < 12 hours old, but `2` means anywhere from 1 second to < 24 hours old.
Observe what happens to the nonce tick value over a day:
||=local time=||=seconds since epoch=||=tick=||
||2021-05-20T00:00:00+03:00||1621458000||37534||
||2021-05-20T01:00:00+03:00||1621461600||37534||
||2021-05-20T02:00:00+03:00||1621465200||37534||
||2021-05-20T03:00:00+03:00||1621468800||37534||
||2021-05-20T04:00:00+03:00||1621472400||37535||
||2021-05-20T05:00:00+03:00||1621476000||37535||
||2021-05-20T06:00:00+03:00||1621479600||37535||
||2021-05-20T07:00:00+03:00||1621483200||37535||
||2021-05-20T08:00:00+03:00||1621486800||37535||
||2021-05-20T09:00:00+03:00||1621490400||37535||
||2021-05-20T10:00:00+03:00||1621494000||37535||
||2021-05-20T11:00:00+03:00||1621497600||37535||
||2021-05-20T12:00:00+03:00||1621501200||37535||
||2021-05-20T13:00:00+03:00||1621504800||37535||
||2021-05-20T14:00:00+03:00||1621508400||37535||
||2021-05-20T15:00:00+03:00||1621512000||37535||
||2021-05-20T16:00:00+03:00||1621515600||37536||
||2021-05-20T17:00:00+03:00||1621519200||37536||
||2021-05-20T18:00:00+03:00||1621522800||37536||
||2021-05-20T19:00:00+03:00||1621526400||37536||
||2021-05-20T20:00:00+03:00||1621530000||37536||
||2021-05-20T21:00:00+03:00||1621533600||37536||
||2021-05-20T22:00:00+03:00||1621537200||37536||
||2021-05-20T23:00:00+03:00||1621540800||37536||
…and over the boundary of a tick:
||=local time=||=seconds since epoch=||=tick=||
||2021-05-20T14:59:58+03:00||1621511998||7535||
||2021-05-20T14:59:59+03:00||1621511999||7535||
||2021-05-20T15:00:00+03:00||1621512000||7535||
||2021-05-20T15:00:01+03:00||1621512001||7536||
||2021-05-20T15:00:02+03:00||1621512002||7536||
In this example, you can see that a nonce generated at 3pm and verified one second later will return 2 because of the tick change. The ticks do not align with timezones due to their basis in universal time, so nonces will always appear “old” to your code at certain times of the day, as touched on in ticket:33635#comment:2.
I haven't thought of a way to reduce the huge variance in ages that have equal nonce values, but I did think of a way to make them more predictable. I've attached a patch that would align ticks to WP's timezone so there would be a predictable two ticks per calendar day, a.m. and p.m., starting at 00:00.",lev0
Candidates for Closure,53242,Potential private information leak in REST API doing it wrong,,REST API,,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-05-21T01:40:07Z,2021-05-21T15:58:16Z,"In the REST API, when I set `show_in_index` to false, I expect that endpoint to not be shown to people without knowledge of it.
The problem is, if that endpoint does not have `permission_callback` setup, then `\rest_handle_doing_it_wrong` can leak the existence of that endpoint in the header if WP_DEBUG has been set.
I would expect one of two things to happen, either:
A) I only receive the `X-WP-DoingItWrong` header for the endpoint that I'm accessing; or
B) I only receive the `X-WP-DoingItWrong` header for endpoints that are visible in `show_in_index`, or accessed directly.
I'm partial to the former.",anubisthejackle
Tickets Awaiting Review,53243,X-WP-DoingItWrong has limited usefulness,,General,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-05-21T01:46:15Z,2021-05-21T16:06:49Z,"There is only ever a single X-WP-DoingItWrong header, which means it has limited usefulness. It would be much more useful if all alerts could be seen in the response.",anubisthejackle
Tickets Awaiting Review,53244,PHP Warning on non-existent multisite wp-cron.php,,Networks and Sites,,normal,normal,Awaiting Review,defect (bug),new,,2021-05-21T04:33:52Z,2021-05-21T04:33:52Z,"A PHP warning can be triggered when a HTTP request is made to `wp-cron.php` on a non-existent multisite site.
For example:
{{{
GET https://foobar.example.org/wp-cron.php
PHP Warning: Cannot modify header information - headers already sent in wp-includes/ms-settings.php on line 79
PHP Stack trace:
PHP 1. {main}() wp-cron.php:0
PHP 2. require_once() wp-cron.php:44
PHP 3. require_once() wp-load.php:55
PHP 4. require_once() wp-config.php:125
PHP 5. require() wp-settings.php:141
PHP 6. header($header = 'Location: https://example.org/wp-signup.php?new=foobar') wp-includes/ms-settings.php:79
}}}
While the error doesn't define why it's being triggered, but it's because [44488] ends the request when `wp-cron.php` is requested prior to the multisite bootstrap.
Initial thoughts say that this is probably a ""good enough"" fix:
{{{
#!diff
Index: wp-includes/ms-settings.php
===================================================================
--- wp-includes/ms-settings.php (revision 50552)
+++ wp-includes/ms-settings.php (working copy)
@@ -73,7 +73,7 @@
if ( true === $bootstrap_result ) {
// `$current_blog` and `$current_site are now populated.
- } elseif ( false === $bootstrap_result ) {
+ } elseif ( false === $bootstrap_result || headers_sent() ) {
ms_not_installed( $domain, $path );
} else {
header( 'Location: ' . $bootstrap_result );
}}}
While this warning will never be seen by users, it can end up in the PHP logs, especially when a vulnerability scanner is trying every subdomain under the sun.",dd32
Tickets Awaiting Review,53255,WordPress multisite allows you to delete plugins which are active on some subdomains,,Plugins,4.6,normal,critical,Awaiting Review,defect (bug),reopened,,2021-05-21T22:40:52Z,2021-05-22T14:56:21Z,"Hello,
I remember in the past, WordPress was not allowing you to delete a plugin that is active at least on one website. ",denisflorin197
Candidates for Closure,53279,Widgets.php returning 500 when using php 8.0.3,,Widgets,5.7.2,normal,normal,Awaiting Review,defect (bug),assigned,reporter-feedback,2021-05-26T09:45:22Z,2021-06-02T14:31:42Z,"I am not a developer. I switched from php 7.4 to php 8.0.3. The widgets do load at the front end but I cannot make any edits in appearance - widgets. /widgets.php is returning 500 error when using php 8.0.3. I reverted back to php 7.4 for testing and widgets.php functioned as normal.
I hope I contributed something.",Dan14
Tickets Awaiting Review,53298,Checking if wp-config-sample.php file exists before checking if wp-config.php exists,,Upgrade/Install,5.7.2,normal,trivial,Awaiting Review,defect (bug),new,dev-feedback,2021-05-29T20:34:43Z,2023-07-12T06:17:11Z,"Currently in WordPress core, wp-admin/setup-config.php checks if wp-config-sample.php file exists before checking if wp-config.php exists. If the sample file exists, it then checks if the wp-config.php file exists, and if so, suggests deletion if necessary. For security, some WordPress users may delete the sample file, and restrict open_basedir for directory above that of the web root directory. Because of these two cases, the current order produces the follow error:
`PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/example/wp-config-sample.php) is not within the allowed path(s): (/var/www/example/web:/var/www/example/private:/var/www/example/tmp:/tmp:...) in /var/www/example/web/wp-admin/setup-config.php on line 46`
If the check for existence of sample file could be moved after checking if wp-config.php exists, we could avoid this error and avoid checking if sample file exists if wp-config.php does and not checking both if they both do.
i.e. Moving the section commented `Support wp-config-sample.php one level up, for the develop repo.` to after the section commented `Check if wp-config.php exists above the root directory but is not part of another installation.` in `wp-admin/setup-config.php`",machineitsvcs
Tickets Awaiting Review,53314,Add Themes page in UI issue,,Themes,5.7.2,normal,normal,Awaiting Review,defect (bug),reopened,,2021-06-01T05:06:10Z,2022-01-08T05:09:35Z,"Hi ,
i have found some small issue on IPhone on add new theme page on admin side.
More information you can see mentioned screenshot.
Thank you ",sumitsingh
Tickets Awaiting Review,53320,Why delete_metadata and update_metadata slow performance?,,Database,,normal,normal,Awaiting Review,defect (bug),new,,2021-06-02T11:11:06Z,2024-03-26T18:30:14Z,"I’ve been doing some investigating on the overall performance of a local WordPress with WooCommerce build and something doesn’t seem to be making sense, I’m not sure if I’m missing something or if it’s an oversight in the development.
WooCommerce has ways of checking if meta keys and values need to be updated, for example update_post_meta in class-wc-order-data-store-cpt.php
The plugin also has a method update_or_delete_post_meta for handling the meta of posts integration with the WordPress Core.
Here’s where the confusion comes in,
1. [delete_metadata](https://github.com/WordPress/WordPress/blob/21cf92796123e98bcc9cc7981d80472977673fab/wp-includes/meta.php#L335)
Why does delete_metadata by default query to see if it exists before running the DELETE operation? I understand the DELETE operation is expensive but in this instance, we know the keys that are going to be removed. I understand we could hook into the delete_{$meta_type}_metadata
filter, return false and run the query ourselves but this doesn’t future proof things. I propose an additional filter and/or argument that allows you to bypass the initial lookup.
2. [update_metadata](https://github.com/WordPress/WordPress/blob/21cf92796123e98bcc9cc7981d80472977673fab/wp-includes/meta.php#L159)
There is a similar problem here too. [Every update queries the database](https://github.com/WordPress/WordPress/blob/21cf92796123e98bcc9cc7981d80472977673fab/wp-includes/meta.php#L220) to see if a row already exists and if so, then use the add_metadata. If we know the meta key 100% exists, why go to the expense of then querying the database again? Once again, I appreciate this is added as a fail-safe to ensure the data gets stored but this leaves the developer with no “official” way of updating the meta without having to do a lookup first. Again, we can hook into update_{$meta_type}_metadata but this has the same problem as before.. breaking future changes. I propose the same as above for this method too.
Has anybody else experienced this or found any solutions to excessive SQL lookups (other than relying on cache)?",cjj25
Tickets Awaiting Review,53325,Automated Update Failed Notice After Update is Done,,Administration,5.7.2,normal,minor,Awaiting Review,defect (bug),new,,2021-06-03T03:58:36Z,2021-06-30T09:29:26Z,"Hello Folks,
In my WordPress instance, it showed me the core update for version 5.7.2
I have started updating WordPress but it took longer. I don't know if it was a network issue or any other. But somehow, my update was done.
Now, when I am opening the WordPress Admin Dashboard, it gives me constant warning **""An automated WordPress update has failed to complete""**
I guess when the update was in progress, in the file: update.php, Line number 804, the option s not getting updated for **""auto_core_update_failed""**
",malavvasita
Tickets Awaiting Review,53338,Determine when there is an error submitting the wp-signup.php form,,Networks and Sites,,normal,normal,Awaiting Review,enhancement,new,,2021-06-05T15:07:19Z,2021-06-05T15:07:19Z,"For both the wp-signup.php user and blog forms there doesn't seem to be a way to determine if an error occurred in the form submission aside from error text being displayed above the form.
If a body class of something like `error` is added or something like `error=true` is appended to the query string then developers will be able to perform actions or style the page easier.",henry.wright
Tickets with Patches,53341,Edit user: Error notice for failed password reset strips HTML for support article link,,Users,5.7,normal,normal,Future Release,defect (bug),new,has-patch,2021-06-06T11:43:41Z,2021-06-07T19:53:48Z,"Related: #34281, #52573
See the attached screenshot, in case of a failure while sending the password reset email, the Ajax response includes a link to https://wordpress.org/support/article/resetting-your-password/ which is currently not visible in the UI.",ocean90
Tickets Awaiting Review,53346,get_permalink( $post->ID ) returns plain permalink instead of pretty permalink for CPT registered on subsite,,Permalinks,5.7,normal,normal,Awaiting Review,defect (bug),new,,2021-06-07T10:39:15Z,2021-06-07T11:09:34Z,"I have a multisite network with CPTs that are registered individually by subsite.
The main site provides an overview of these, using
{{{
get_permalink( $post->ID );
}}}
to link to the pretty permalink location in each subsite.
After the introduction of
{{{
wp_force_plain_post_permalink()
}}}
in WP 5.7.0
#52373 #5272
**get_permalink()** returns plain permalinks due to failing to pass the test in **wp_force_plain_post_permalink()**:
{{{
$post_type_obj = get_post_type_object( get_post_type( $post ) );
}}}
**get_post_type_object()** returns null, as the CPT is not present in the global **$wp_post_types** of the main site (even after trying switch_to_blog( $post->blog_id );",1theo
Tickets with Patches,53355,"wp-signup.php with `new` in the query string results in a ""site does not exist"" message even if the site does exist",SergeyBiryukov,Networks and Sites,,normal,normal,Future Release,defect (bug),reviewing,has-patch,2021-06-07T21:37:07Z,2022-10-07T21:30:03Z,"Steps to reproduce:
1. Visit example.com/wp-signup.php?new=sport where `sport` is the address of an existing site in your network. Note I'm using `sport` as an example. You should replace `sport` with the address of an existing blog in your network.
You will get the following message appear on the page:
> The site you were looking for, https://sport.example.com/, does not exist, but you can create it now!",henry.wright
Unpatched Enhancements,53356,"Themes admin page: make theme details, active, and preview links always visible",Travel_girl,Themes,,normal,normal,Future Release,enhancement,assigned,,2021-06-07T23:21:42Z,2024-01-29T20:21:48Z,"Follow up from #52649
In ticket 52649, we fixed a number of accessibility issues in the theme navigation. In the course of discussing that, there was a proposal to modify the layout so that the three action buttons for a theme were always visible, without obscuring the theme screenshot.
Since it was beyond the scope of the original ticket, we opted to complete that ticket and open the design issue as a new ticket.
See:
https://core.trac.wordpress.org/ticket/52649#comment:15
https://core.trac.wordpress.org/ticket/52649#comment:27
",joedolson
Tickets with Patches,53372,Loose type check against dates in rest_validate_value_from_schema causes invalidation for valid timestamp,,REST API,,normal,minor,Future Release,defect (bug),new,has-patch,2021-06-09T18:51:41Z,2021-06-10T16:47:19Z,"When validating dates, `rest_validate_value_from_schema` assumes a falsy return value from `rest_parse_date` always means that the date is invalid (see [wp-includes/rest-api.php@L2138](https://github.com/WordPress/wordpress-develop/blob/5.7/src/wp-includes/rest-api.php#L2138). This is correct in all but one case (to my knowledge).
A perfectly valid date would be `1970-01-01 00:00:00`. However, since that date would produce a return value from `rest_parse_date` of `0`, `rest_validate_value_from_schema` assumes it is invalid.
Since `rest_parse_date` returns the return value of `strtotime`, checking that the return value is `false` — rather than falsy — would be sufficient to resolve.",jonmcpartland
Unpatched Bugs,53381,Events and News Widget: Multi-day event placeholders are not replaced with dates in some languages,,I18N,,normal,normal,Future Release,defect (bug),assigned,,2021-06-11T02:12:29Z,2021-11-16T20:15:54Z,"When the user profile language is set to Korean or Japanese, the multi-event WordCamp dates are not correctly displayed in the dashboard widget. This only reproducible only in a certain environment (see how to reproduce section below):
The placeholders are not replaced with numbers and the exact translation is shown, such as `%4$d年%1$s月%2$d日〜%3$d日` (Japanese) and `%4$d년 %1$s %2$d일–%3$d일` (Korean).
The strings in question: [https://translate.wordpress.org/projects/wp/dev/admin/ja/default/?filters%5Bterm%5D=%251%24s+%252%24d%E2%80%93%253%24d%2C+%254%24d&filters%5Bterm_scope%5D=scope_any&filters%5Bstatus%5D=current_or_waiting_or_fuzzy_or_untranslated&filters%5Buser_login%5D=&filter=Apply+Filters&sort%5Bby%5D=priority&sort%5Bhow%5D=desc Japanese] / [https://translate.wordpress.org/projects/wp/dev/admin/ko/default/?filters%5Bterm%5D=%251%24s+%252%24d%E2%80%93%253%24d%2C+%254%24d&filters%5Bterm_scope%5D=scope_any&filters%5Bstatus%5D=current_or_waiting_or_fuzzy_or_untranslated&filters%5Buser_login%5D=&filter=Apply+Filters&sort%5Bby%5D=priority&sort%5Bhow%5D=desc Korean]
How to reproduce:
If you have access to any WordCamp site's dashboard, go to Users > Profile and set your language to 日本語 (Under ""Italiano""). Go to /wp-admin/ and check the Events and News widget.
Depending on the server the site is on, there are at least 3 variations: garbled date, correct translation, or incorrect word order (for all dates, not just multi-day events).",Nao
Tickets Awaiting Review,53383,"bug: pre_get_posts modify vs posts (pages, etc) found numbers",,"Posts, Post Types",5.7.2,normal,normal,Awaiting Review,defect (bug),new,,2021-06-11T13:22:50Z,2021-06-11T13:22:50Z,"Dear WP!
I'm pretty sure I've just found a bug. I want to hide certain posts, pages, media elements and custom post type posts from users. These posts are filtered by their IDs with a pre_get_posts action. The filter itself works well, but the displayed found numbers (on the top of the page) are invalid. On the bottom it's ok again.
{{{#!php
set('post__not_in', array(5800));
}
}
}
add_action('pre_get_posts', 'mod_func', 999);
}}}
Screenshot:
[https://webgeek.hu/wp-bug-post-counter.jpg]
Hope you can understand me, I'm not the best in English.
If you have questions, feel free to ask me.
Thanks for helping in advance (and thanks for working hard for years),
Sincerely,
Somogyi Balázs
",err
Tickets Awaiting Review,53384,"External plugins who can auto-update are always listed under ""auto-updates"" disabled",,Plugins,5.7.2,normal,normal,Awaiting Review,defect (bug),new,,2021-06-11T13:57:21Z,2021-12-10T17:46:55Z,"On my site, I have four plugins who can auto-update yet in the plugin screen they are shown under ""auto-updates disabled"".
I think it would be better if those come under a list that has the name: ""external updating"" or something of that nature. OR a way for devs to tell WP their plugins can auto update so it doesn't appear on that list...?
In it's current implementation, it can give the wrong idea to a site admin. ",NekoJonez
Tickets Awaiting Review,53385,"When adding a plugin/theme via ""add new plugin/theme"" it should show if the plugin/theme is translated or not",,Plugins,5.7.2,normal,normal,Awaiting Review,enhancement,new,,2021-06-11T14:08:02Z,2021-09-27T14:18:56Z,"When you add a new plugin via the plugin menu and click on ""Add new plugin"" it should show if that plugin is translated to the site language.
Eg: show the flag or something of that nature with a checkmark or a cross...?
Of course, you could argue that if the explanation/plugin name is translated the translation is ""done"" but as a polygot for nl_BE and nl_NL myself, I can say that isn't the case. Since we have a TON of plugins where the readme isn't translated and even visa versa. ",NekoJonez
Tickets Awaiting Review,53387,"Carry ""dates"" and times over to Plugins/Themes so you can see when it was installed/updated/removed.",,Administration,,normal,normal,Awaiting Review,feature request,new,,2021-06-11T20:15:50Z,2021-06-12T00:45:10Z,"It would be great to have some sort of administration ""activity log"" for Plugins/Themes so you can see if and when a plugin was updated last, when it was installed, and if one was deleted recently.
It would be even greater if there was some sort of ""activity log"". Where you could see logins, and then activity within WordPress such as ""updated XX article"", ""delete YY menu item"" and so on.
Giving a better picture of your WordPress site without needing to add access control or other plugins that would bog down the system.",starcrescendo
Tickets Awaiting Review,53395,Cannot use wp_is_mobile() in Network activated plugins,,Plugins,,normal,normal,Awaiting Review,defect (bug),new,,2021-06-14T10:31:25Z,2021-06-14T21:56:30Z,"Steps to reproduce
- Create a network site
- Create and activate a simple custom plugin, use wp_is_mobile() function anywhere in that plugin
- Login to the network dashboard and then activate the plugin
You will see an error:
Uncaught Error: Call to undefined function wp_is_mobile()
Looking at the source code of wp_is_mobile(), I can't see anything that would prevent it from loading earlier. Maybe it should be loaded earlier?
",promz
Tickets Awaiting Review,53405,short circuit before current filters for get_edit_user_link,,Users,,normal,normal,Awaiting Review,enhancement,new,,2021-06-15T07:50:14Z,2021-06-29T05:37:24Z,"currently the function get_edit_user_link can be filtered BUT it is only after it has gone searching for an appropriate value.
This is problematic as on multisite this search may call get_edit_profile_url and then get_dashboard_url which in turn then runs get_blogs_of_user which pulls all the options for every site that the user is a member of into memory. This can be huge and completely unnecessary!!
There needs to be a way to short cicuit this function at the start before all this occurs.
",shawfactor
Tickets Awaiting Review,53406,Custom css,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2021-06-15T09:18:45Z,2021-06-15T13:06:15Z,"Hi, I am relatively new to WP development and am helping out on styling a couple sites. I see WP has a text box for adding in custom CSS. this isn't ideal as that css is then written into the page. Changing the theme css is risky as when the theme updates then all the changes are lost.
It would be great if there was a custom css file independent of the theme and added into the header after the theme and plugin css files. I am currently adding in these files manually however am not sure if the theme will overwrite them. It means requires gaining access to the server in order to create the css files which is not ideal.
Ideally It would be great to have 4 css files that form part of WP and are independent of the theme. 1 for the home page, 1 for pages, 1 for posts and one for all. That way it is easy to customise theme and plugin css for different parts of the site.",lupussolaris
Unpatched Enhancements,53414,Add how to run php coverage reports to readme.md,hellofromTonya,Build/Test Tools,,normal,minor,Future Release,enhancement,assigned,needs-docs,2021-06-15T19:30:07Z,2021-11-10T02:03:18Z,"With the@Covers getting added in #39265 we need to make it easy to run/create the coverage reports
So let's add the instructions to the readme.md file",pbearne
Tickets Awaiting Review,53415,Filter API to edit footer content,,Themes,5.7.2,normal,normal,Awaiting Review,feature request,new,has-patch,2021-06-15T19:48:40Z,2022-09-30T16:01:10Z,"Just like ""the_content"", a filter that allows the footer content to be edited in functions.php. When optimizing landing pages, it's easy to dequeue scripts and styles, however, many plugins still add jQuery to the footer of the site even though the script has been deregistered and dequeued. Woocommerce tracking codes and other unnecessary code for a designated landing page cannot be filtered in the footer.",codemilitant
Tickets Awaiting Review,53417,The revisions endpoints provide an incorrect JSON schema,,Revisions,4.7,normal,normal,Awaiting Review,defect (bug),new,,2021-06-15T23:20:51Z,2021-06-15T23:29:55Z,"The schema provided by the REST API endpoints for revisions at `wp/v2/posts/{id}/revisions` and `wp/v2/pages/{id}/revisions` is incorrect. The schema states that `content.protected` and `excerpt.protected` properties exist for each revision, but these properties do not exist.
* [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L736 The schema is constructed here] from the parent controller for posts, which does include this property
* [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L600-L604 When the content data is prepared here] the `protected` property is not included
* [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L608-L611 When the excerpt data is prepared here] the `protected` property is not included
Two options:
1. Remove the `content.protected` and `excerpt.protected` properties from the schema
2. Add the `content.protected` and `excerpt.protected` properties to the response
Here is the `content` property from the schema. Note the `protected.context` property states that the property exists for all three contexts.
{{{
""content"": {
""description"": ""The content for the post."",
""type"": ""object"",
""context"": [
""view"",
""edit""
],
""properties"": {
""raw"": {
""description"": ""Content for the post, as it exists in the database."",
""type"": ""string"",
""context"": [
""edit""
]
},
""rendered"": {
""description"": ""HTML content for the post, transformed for display."",
""type"": ""string"",
""context"": [
""view"",
""edit""
],
""readonly"": true
},
""block_version"": {
""description"": ""Version of the content block format used by the post."",
""type"": ""integer"",
""context"": [
""edit""
],
""readonly"": true
},
""protected"": {
""description"": ""Whether the content is protected with a password."",
""type"": ""boolean"",
""context"": [
""view"",
""edit"",
""embed""
],
""readonly"": true
}
}
},
}}}",johnbillion
Candidates for Closure,53439,Updating failed. The response is not a valid JSON response.,,Editor,5.7.2,normal,major,Awaiting Review,defect (bug),new,dev-feedback,2021-06-17T10:57:16Z,2021-06-24T23:44:00Z,"Hi, There seems to be a issue where when one tries to save a page you get the error ""Updating failed. The response is not a valid JSON response."" The only thing that seems to work is to set the permalink setting to plain.
I believe the issue has something to do with paths. I am running PHP 7.0.27
I have installed a fresh install of WP in wwwroot on a hosted service Hostek. Updated to 5.7.2. The only plugin I have is gutenberg using 2021 Theme. Set the permalink to Post Name. No problems with this setup.
Then I installed a test WP installation into wwwroot/_test/abc. Updated to 5.7.2. This only has gutenberg and 2021. Set the permalink to Post name. - WP throws the error and refuses to save the page - I do get offered to restore the backup so some sort of saving takes place. Following online guidance, I change the permalink to plain and then WP will save the page.
It seems that the issue has something to do with json not liking that WP is not installed at the root of the server. Possibly json is testing the slug and erroring out due to path conflict.
error site would be abc.com/_test/abc/slug.
good site is abc.com/slug
Kind Regards
Richard
",lupussolaris
Tickets Needing Feedback,53450,[WP_Meta_Query] Add faster LIKE based 'STARTSWITH' and 'ENDSWITH' compare modes for value query,,Query,,normal,trivial,Future Release,enhancement,new,needs-docs,2021-06-18T15:57:59Z,2022-09-20T14:56:48Z,"Currently the ""LIKE"" compare mode for meta value compares is only usable for ''contains'' queries as it always adds wildcards around all queries {{{LIKE '%query%'}}}. This makes one use the more complex REGEXP compare mode for queries which easily could be written with {{{LIKE '%query'}}} or {{{LIKE 'query%'}}}.
As LIKE is faster than REGEXP it is preferable to use LIKE.
See: http://billauer.co.il/blog/2020/12/mysql-index-pattern-matching-performance/
In addition people don't have to use the much more complex regex. Which tends to introduce errors in my experience as most people just copy & paste but do not understand how regex really works (not meant as an offense). So REGEXP should be avoided if possible.
I would suggest naming the new compare types {{{STARTSWITH}}} and {{{ENDSWITH}}}. Also adding their {{{NON ...}}} counter parts to match up the ''LIKE'' behaviour.
**Maybe** also add an alias for ''LIKE'' named {{{CONTAINS}}} as the current naming ''LIKE'' suggests that you could pass in the wildcards yourself. Which is not the case and thus misleading. But this is just for the sake of the tickets completenes. The pull request only contains code and tests for the new modes.
As an alternative I thought about reworking the current LIKE mode to allow custom wildcard passing. But this will clearly break backward compat and thus I discarded this approach.",janthiel
Unpatched Enhancements,53451,Chrome 92 userAgent notice,adamsilverstein,General,,normal,minor,Future Release,task (blessed),assigned,,2021-06-18T17:12:13Z,2022-05-02T08:32:17Z,"Starting Chrome 92, Chrome dev tools will start warning about the usage of navigator.userAgent:
https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html
Although it is colored blue and not red and hence not an error message, it's better to not see it.
Many scripts user navigator.userAgent, especially wp-emoji.js which loads on all sites.
A way to continue using it is to see if navigator.userAgentData is true and prevent new Chrome from executing navigator.userAgent. ",superpoincare
Slated for Next Release,53465,PHP 8.1.: the default value of the flags parameter for htmlentities() et all needs to be explicitly set,hellofromTonya,General,,normal,normal,6.6,task (blessed),assigned,has-patch,2021-06-20T18:19:22Z,2024-02-26T16:59:59Z,"From the PHP 8.1 changelog:
> `htmlspecialchars()`, `htmlentities()`, `htmlspecialchars_decode()`,
> `html_entity_decode()` and `get_html_translation_table()` now use
> `ENT_QUOTES | ENT_SUBSTITUTE` rather than `ENT_COMPAT` by default. This means
> that `'` is escaped to `'` while previously it was left alone.
> Additionally, malformed UTF-8 will be replaced by a Unicode substitution
> character, instead of resulting in an empty string.
Ref: https://github.com/php/php-src/blob/28a1a6be0873a109cb02ba32784bf046b87a02e4/UPGRADING#L149-L154
If effect this means that the output of the above mentioned functions may be different depending on the PHP version and the passed text string, unless the `$flags` parameter is explicitly passed.
I've run an initial scan over WordPress core with a new (not yet published) sniff for PHPCompatibility and this flags 33 issues.
* 1 issue in GetID3 which should be fixed upstream and the copy of GetID3 used in WP should be updated once the issue is fixed.
* 1 issue in PHPMailer which should be fixed upstream and the copy of PHPMailer used in WP should be updated once the issue is fixed.
* 1 issue in SimplePie which should be fixed upstream and the copy of SimplePie used in WP should be updated once the issue is fixed.
* And 30 issues in WP Core native code or code from external dependencies which are no longer maintained externally.
Detailed issue list: https://gist.github.com/jrfnl/9d56b4053faa62a0fe91dea1b14839bf
To fix this issue, the `$flags` parameter should be explicitly passed in each of these function calls.
Some investigation will be needed for each of these instances to determine what will be the optimal value for `$flags`.
Take note that the ""old"" parameter default in the function signature is documented as `ENT_COMPAT`, while in the parameter detail documentation, it states that the default, in actual fact, is ` ENT_COMPAT | ENT_HTML401`.
However, by the looks of it, the full range of flag constants is available to us, which is at least one less problem.
There is no mention of any of the flags being added since PHP 5.6.
Ref: https://php-legacy-docs.zend.com/manual/php5/en/string.constants
It is **strongly** recommended to make sure that for each of these at least one unit test exists which exposes the difference in output between PHP < 8.1 and PHP 8.1 to safeguard the fixes which will be added for the future.
Also see:
* https://www.php.net/manual/en/function.htmlentities.php
* https://www.php.net/manual/en/function.html-entity-decode.php
* https://www.php.net/manual/en/function.htmlspecialchars.php
* https://www.php.net/manual/en/function.htmlspecialchars-decode.php
* https://www.php.net/manual/en/function.get-html-translation-table.php",jrf
Tickets Awaiting Review,53495,incorrect (and confusing) DocBlock for get_page_by_title(),,Query,5.3,normal,normal,Awaiting Review,defect (bug),new,,2021-06-24T00:41:14Z,2021-06-24T00:42:10Z,"The DocBlock of [https://developer.wordpress.org/reference/functions/get_page_by_title/ get_page_by_title()] says:
> If more than one post uses the same title, the post with the smallest ID will be returned. Be careful: in case of more than one post having the same title, it will check the oldest publication date, not the smallest ID.
That description was added in [45779].
Besides the fact that the text after `Be careful:` seems to contradict that the statement that `the post with the smallest ID will be returned`, there actually is no guarentee that if there is more than 1 post with the same title that the one with the smallest ID will be returned.
The query performed by [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php#L5534 get_page_by_title()] is:
{{{#!php
$sql = $wpdb->prepare(
""
SELECT ID
FROM $wpdb->posts
WHERE post_title = %s
AND post_type = %s
"",
$page_title,
$post_type
);
}}}
(with a slight mod if an array of post types is passed).
Since there is no `ORDER BY` clause in that query, if there are more than 1 posts with the same title the order in which they are returned is not defined by SQL (i.e., is implemented dependent).
The SQL-92 spec [http://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt explicitly states]:
> General Rules
>
> 1) All General Rules of Subclause 7.10, """", apply
> to the .
>
> 2) Let Q be the result of the .
>
> 3) If Q is empty, then a completion condition is raised: no data.
>
> 4) If an is not specified, then the ordering of
> the rows of Q is implementation-dependent.
As far as I can tell, no later revisions of the SQL spec are available for free on the web, so I don't know if anything has changed in the what the language says happens in the absense of an `ORDER BY` clause
I've looked through the MySQL and Maria DB docs for an explicit statement that says as much and haven't been able to find one.
But I think the DocBlock should be changed to say something like:
> If more than one post uses the same title, which of the multiple posts is returned is not defined.
though I'm not completely happy with that wording, and welcome other suggestions.
",pbiron
Unpatched Enhancements,53520,Add regression test for the wp_option data corruption bug,,Build/Test Tools,,normal,normal,Future Release,enhancement,new,needs-unit-tests,2021-06-26T01:22:16Z,2021-11-10T18:50:31Z,"Gutenberg v10.7.x introduced a bug that caused some `wp_option`s to get blank or corrupted data after (any) settings were updated in the `options-general.php` page. This was eventually fixed in v10.7.4, with this PR: https://github.com/WordPress/gutenberg/releases/v10.7.4. See https://github.com/Automattic/wp-calypso/issues/53447 and https://github.com/Automattic/wp-calypso/issues/53431.
There's already a regression E2E test in Gutenberg that was introduced in this PR: ttps://github.com/WordPress/gutenberg/pull/32797. Ideally, though, it'd be either moved to WP core or also implemented here. It doesn't need to be an E2E test, and could be a lower-level integration test, if we can figure out how to reproduce at a lower level (there was a failed attempt to do this, though, see this comment: https://github.com/WordPress/gutenberg/pull/32797#issuecomment-865005516.",fullofcaffeine
Tickets Awaiting Review,53523,Themes can't be bulk edited.,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2021-06-26T16:37:48Z,2022-06-06T13:29:53Z,"On the plugin screen, you have a nice list of every plugin with a handy checkbox to put them all on auto-update or delete them in bulk.
This isn't possible in on the themes page while both of these things would be kind of handy. Especially for dev sites. ",NekoJonez
Unpatched Bugs,53529,Block based widget admin screen causes a NS_ERROR_FAILURE error in Firefox,,Customize,5.8,normal,major,Future Release,defect (bug),reopened,,2021-06-27T16:30:56Z,2022-06-07T09:48:43Z,"On the new widget screen the following error occurs in Firefox 89.0.2 in the console, when loading the page:
{{{
Uncaught
Exception { name: ""NS_ERROR_FAILURE"", message: """", result: 2147500037, filename: ""http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-p…gacy-widget-preview%5Binstance%5D%5Braw%5D%5Bnav_menu%5D=181"", lineNumber: 14, columnNumber: 0, data: null, stack: ""t.supports[o[r]]<@http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-preview%5BidBase%5D=nav_menu&legacy-widget-preview%5Binstance%5D%5Bencoded%5D=YToxOntzOjg6Im5hdl9tZW51IjtpOjE4MTt9&legacy-widget-preview%5Binstance%5D%5Bhash%5D=2421412fbc986f068f1a768eb85295f7&legacy-widget-preview%5Binstance%5D%5Braw%5D%5Bnav_menu%5D=181:14:628\n@http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-preview%5BidBase%5D=nav_menu&legacy-widget-preview%5Binstance%5D%5Bencoded%5D=YToxOntzOjg6Im5hdl9tZW51IjtpOjE4MTt9&legacy-widget-preview%5Binstance%5D%5Bhash%5D=2421412fbc986f068f1a768eb85295f7&legacy-widget-preview%5Binstance%5D%5Braw%5D%5Bnav_menu%5D=181:14:1102\n@http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-preview%5BidBase%5D=nav_menu&legacy-widget-preview%5Binstance%5D%5Bencoded%5D=YToxOntzOjg6Im5hdl9tZW51IjtpOjE4MTt9&legacy-widget-preview%5Binstance%5D%5Bhash%5D=2421412fbc986f068f1a768eb85295f7&legacy-widget-preview%5Binstance%5D%5Braw%5D%5Bnav_menu%5D=181:14:1779\n"" }
widgets.php:14
t.supports[o[r]]< http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-preview[idBase]=nav_menu&legacy-widget-preview[instance][encoded]=YToxOntzOjg6Im5hdl9tZW51IjtpOjE4MTt9&legacy-widget-preview[instance][hash]=2421412fbc986f068f1a768eb85295f7&legacy-widget-preview[instance][raw][nav_menu]=181:14
http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-preview[idBase]=nav_menu&legacy-widget-preview[instance][encoded]=YToxOntzOjg6Im5hdl9tZW51IjtpOjE4MTt9&legacy-widget-preview[instance][hash]=2421412fbc986f068f1a768eb85295f7&legacy-widget-preview[instance][raw][nav_menu]=181:14
http://wpbeta.localhost/wp-admin/widgets.php?legacy-widget-preview[idBase]=nav_menu&legacy-widget-preview[instance][encoded]=YToxOntzOjg6Im5hdl9tZW51IjtpOjE4MTt9&legacy-widget-preview[instance][hash]=2421412fbc986f068f1a768eb85295f7&legacy-widget-preview[instance][raw][nav_menu]=181:14
}}}
Tested this in WordPress 5.8-beta4-51244. It seems to be related to the use of a canvas element in an iframe. Also see https://bugzilla.mozilla.org/show_bug.cgi?id=941146.
This errors does not occur in other browsers.
",walterebert
Unpatched Bugs,53552,Inactive Widgets prevent placement of new widget if `multiple` is false,,Widgets,5.8,normal,normal,Future Release,defect (bug),new,,2021-06-29T16:03:42Z,2021-11-01T22:05:49Z,"In the new Widget page, moving a Widget to Inactive stops placement of a new copy of that widget is 'multiple' is defined as false in the block code.",MattyRob
Tickets Awaiting Review,53572,"An ""acknowledged"" category for site health check for things managed outside of WordPress",,Site Health,5.1,normal,trivial,Awaiting Review,feature request,new,,2021-07-01T08:45:49Z,2021-10-16T21:16:54Z,"I'd like to have an option to acknowledge single elements of the site health check or an option to mark them as read and done.
Reason for this is that my managed wordpress hoster disables some features like the wordpress in-built updater to manage updates centralized and not from within the wordpress backends hosted by him. That's why wp_version_check() is disabled, but not that much of a problem to have it permanently affecting the site health.
So the site health check should have more categories: something like ""done"" and an ""ignored"" (or ""acknowledged"") and and ""to do"" while ignored should affect the score as if it is done.",paradonym
Tickets Awaiting Review,53573,Non-WP Blog Embeds are being cropped.,,Embeds,5.7.2,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-07-01T12:21:38Z,2021-07-01T15:03:31Z,"When adding an embed for a non-WP blog post, for example, a NY Times story, the enclosing iFrame is not getting a default height set to it, which is causing the embed to crop off most of the information.
Issue seems to be the iframe generated is not expanding to include all of the content from the embed. If I manually set height: 400px; on the iframe, for example, it shows the content. However, the bottom is still cut off (seems the height of the embed in this case is 457px). The ma.tt embed in the screenshot has a height as an attribute of the iframe, the NYTimes does not.
@mamaduka tested this issue in both the Block Editor and Classic Editor with similar results. See comment here: [https://github.com/WordPress/gutenberg/issues/28490]",mdwolinski
Tickets Awaiting Review,53591,Firts missing in wp_list_categories(),,Taxonomy,,normal,normal,Awaiting Review,defect (bug),new,,2021-07-05T14:20:09Z,2021-07-05T19:28:46Z,"Hello,
When using the [wp_list_categories()] function it provides an HTML list starting right by an `` without the ``.
",sebastienserre
Tickets Awaiting Review,53607,Loading or saving a post with enough (large) revisions exhausts available memory,,Revisions,5.7.2,normal,normal,Awaiting Review,defect (bug),new,,2021-07-06T14:22:21Z,2021-07-06T14:22:21Z,"This is a follow-up to #34560.
**What steps should be taken to consistently reproduce the problem?**
- create a post with enough (large) revisions (see ""Steps to reproduce"" from #34560).
- Reduce `WP_MAX_MEMORY_LIMIT` so that it is enough to load one revision but not enough to load tens / hundreds of revisions (e.g. 128M)
- save post -> `Updating failed. The response is not a valid JSON response.`
- edit post -> `**Fatal error**: Allowed memory size of 134217728 bytes exhausted`
**Does the problem occur even when you deactivate all plugins and use the default theme?**
- yes
**Likely cause**
It seems full post revisions (including post content) are still being loaded when editing a post. This is likely the cause of high memory consumption. To look into this:
- on a standard WordPress installation, activate [https://wordpress.org/plugins/debug-bar/] with
{{{#!php
}}}
- edit a post with revisions enabled
- check the ""Queries"" tab of the debug bar (might need to turn off Gutenberg full screen mode to see it) and look for the query that loads the exhaustive list of full revisions (`wp_posts.*`):
{{{
SELECT wp_posts.* FROM wp_posts
WHERE 1=1 AND wp_posts.post_parent = [[THE CURRENT POST ID]]
AND wp_posts.post_type = 'revision'
AND ((wp_posts.post_status = 'inherit'))
ORDER BY wp_posts.post_date DESC, wp_posts.ID DESC
}}}
",mlbrgl
Tickets Awaiting Review,53611,Font size inconsistency in the data erasure inline notice for 'additionalMessages' list items,,Privacy,5.7.2,normal,minor,Awaiting Review,defect (bug),new,,2021-07-06T20:17:30Z,2021-07-06T20:17:30Z,"This in reference to the unordered list items added by plugins or other code as 'additionalMessages' with a personal data erasure admin process.
The inline notice has a tag with text about the completed request. Plugins can add messages using the wp_privacy_personal_data_erasers filter. Additional messages are displayed using the unordered list markup.
Right now, the
tag in this notice has a smaller font size and line height, so the added items are not uniform with the default message's appearance.
I'm working on an update that will add CSS to adjust the font-size and line-height of these list items to match the paragraph. ",kimannwall
Tickets Awaiting Review,53622,"Query Param status default is a string value, but an array is required",rachelbaker*,REST API,,normal,minor,Awaiting Review,defect (bug),accepted,needs-unit-tests,2021-07-07T17:24:41Z,2023-02-20T21:33:06Z,"The default value in the collection params that is a string. https://github.com/WordPress/wordpress-develop/blob/953e1c5f8313a89d4d3b99ab5996b4660045c976/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L2847
Really, we should make that `['publish']`.
Original commit: https://github.com/WordPress/wordpress-develop/commit/ede099a7047a150a37d43a380e661b99387bce41",austyfrosty
Tickets Needing Feedback,53625,The 'explode' function does not work on widget block editor.,,Widgets,5.8,normal,major,,defect (bug),reopened,dev-feedback,2021-07-08T13:47:39Z,2021-07-16T14:08:03Z,"The `explode()` function does not seem to be working on the new Widget block editor. I am testing it on the RC-2 version.
I have created a simple widget that accepts Title, Description, and multiple selections from a Checkbox list items (Screenshots attached)
On selecting checkboxes, the values form a comma-separated string (e.g. 123456, 9822310, 457790 etc.) and stored in a textbox.
Inside the `update()` function, I am exploding this string and storing the array as `$instance['groups']` element, which in turn gets saved in the database (`wp_options` table).
The functionality works as expected if I have the `widgets-block-editor` support disabled. But when enabled, the `explode()` function is not working and nothing is in `$instance['groups]`.
{{{#!php
Settings > Discussion, there is a section ""Email me whenever"". The 2 options in this section are:
- Anyone posts a comment
- A comment is held for moderation
There's currently no way for a plugin to add more checkboxes to this list.",henry.wright
Tickets with Patches,53650,Incorrect quotation marks in many strings,,I18N,5.8,normal,normal,Future Release,defect (bug),new,has-patch,2021-07-12T21:52:39Z,2022-04-27T05:41:12Z,"Among the strings that just became available for translation, several strings use incorrect quotation marks. As I started looking for what specific strings, I found strings that got added earlier, too. In most cases, these strings need to be corrected upstream, in the block editor, etc. So I'm dumping this here as a start. Next step would probably be to split these on the various relevant sub projects.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=29155#L29155
WordPress contains different types of content and they are divided into collections called ""Post Types"". By default there are a few different ones such as blog posts and pages, but plugins could add more.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=29183#L29183
Blog posts can be ""stickied"", a feature that places them at the top of the front page of posts, keeping it there until new sticky posts are published.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=31216#L31216
Add ""read more"" link text
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/widgets.js?marks=766#L766
The ""%s"" block was affected by errors and may not function properly. Check the developer tools for more details.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/edit-post.js?marks=15242#L15242
Give the template a title that indicates its purpose, e.g. ""Full Width"".
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/edit-post.js?marks=16883#L16883
Describe the purpose of the template, e.g. ""Full Width"". Custom templates can be applied to any post or page.
https://build.trac.wordpress.org/browser/trunk/wp-includes/blocks.php?marks=1031#L1031
Block ""%1$s"" is declaring %2$s support in %3$s file under %4$s. %2$s support is now declared under %5$s.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=31215#L31215
""Read more"" link text
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-editor.js?marks=22663#L22663
Block pattern ""%s"" inserted.
https://build.trac.wordpress.org/browser/trunk/wp-includes/theme.php?marks=3163#L3163
The ""%s"" must be a callable function.
https://build.trac.wordpress.org/browser/trunk/wp-includes/option.php?marks=100#L100 (+ 2 more occurrences in same file)
The ""%1$s"" option key has been renamed to ""%2$s"".
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-editor.js?marks=26878#L26878
Copied ""%s"" to clipboard.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-editor.js?marks=26879#L26879
Moved ""%s"" to clipboard.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-block-pattern-categories-registry.php?marks=70#L70
Block pattern category ""%s"" not found.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-block-patterns-registry.php?marks=91#L91
Pattern ""%s"" not found.
https://build.trac.wordpress.org/browser/trunk/wp-includes/blocks.php?marks=91#L91
The asset file for the ""%1$s"" defined in ""%2$s"" block definition is missing.
https://build.trac.wordpress.org/browser/trunk/wp-includes/rest-api.php?marks=1595#L1595
The ""type"" schema keyword for %1$s can only contain the built-in types: %2$l.
https://build.trac.wordpress.org/browser/trunk/wp-includes/rest-api.php?marks=2076#L2076 (+1 more occurrence in same file)
The ""type"" schema keyword for %s is required.
https://build.trac.wordpress.org/browser/trunk/wp-includes/rest-api.php?marks=2098#L2098 (+1 more occurrence in same file)
The ""type"" schema keyword for %1$s can only be one of the built-in types: %2$l.
https://build.trac.wordpress.org/browser/trunk/wp-includes/theme.php?marks=3145#L3145
When registering an ""array"" feature, the feature's schema must include the ""items"" keyword.
https://build.trac.wordpress.org/browser/trunk/wp-includes/theme.php?marks=3152#L3152
When registering an ""object"" feature, the feature's schema must include the ""properties"" keyword.
https://build.trac.wordpress.org/browser/trunk/wp-includes/theme.php?marks=3123#L3123
The feature ""type"" is not valid JSON Schema type.
https://build.trac.wordpress.org/browser/trunk/wp-includes/theme.php?marks=3130#L3130
When registering a ""variadic"" theme feature, the ""type"" must be an ""array"".
https://build.trac.wordpress.org/browser/trunk/wp-includes/theme.php?marks=3138#L3138
When registering an ""array"" or ""object"" feature to show in the REST API, the feature's schema must also be defined.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=11494#L11494
// A ""block"" is the abstract term used
// to describe units of markup that
// when composed together, form the
// content or layout of a page.
registerBlockType( name, settings );
https://build.trac.wordpress.org/browser/trunk/wp-includes/capabilities.php?marks=252#L252
The post status %1$s is not registered, so it may not be reliable to check the capability ""%2$s"" against a post with that status.
https://build.trac.wordpress.org/browser/trunk/wp-includes/option.php?marks=2305#L2305
When registering an ""array"" setting to show in the REST API, you must specify the schema for each array item in ""show_in_rest.schema.items"".
https://build.trac.wordpress.org/browser/trunk/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php?marks=2502#L2502
The ""%1$s"" taxonomy ""%2$s"" property (%3$s) conflicts with an existing property on the REST API Posts Controller. Specify a custom ""rest_base"" when registering the taxonomy to avoid this error.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-block-styles-registry.php?marks=85#L85
Block ""%1$s"" does not contain a style named ""%2$s"".
https://build.trac.wordpress.org/browser/trunk/wp-includes/meta.php?marks=1339#L1339
When registering an ""array"" meta type to show in the REST API, you must specify the schema for each array item in ""show_in_rest.schema.items"".
https://build.trac.wordpress.org/browser/trunk/wp-includes/blocks/quote/block.json?marks=0#L0
Give quoted text visual emphasis. ""In quoting others, we cite ourselves."" — Julio Cortázar
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=19348#L19348
Your site doesn’t include support for the ""%s"" block. You can leave this block intact, convert its content to a Custom HTML block, or remove it entirely.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-library.js?marks=19357#L19357
Your site doesn’t include support for the ""%s"" block. You can leave this block intact or remove it entirely.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/editor.js?marks=8530#L8530
Apply the ""%1$s"" format.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-block-type-registry.php?marks=86#L86
Block type ""%s"" is already registered.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-block-type-registry.php?marks=119#L119
Block type ""%s"" is not registered.
https://build.trac.wordpress.org/browser/trunk/wp-includes/user.php?marks=4210#L4210
Confirm the ""%s"" action
https://build.trac.wordpress.org/browser/trunk/wp-includes/script-loader.php?marks=1201#L1201
Schedule your customization changes to publish (""go live"") at a future date.
https://build.trac.wordpress.org/browser/trunk/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php?marks=1296#L1296
Passwords cannot contain the ""%s"" character.
https://build.trac.wordpress.org/browser/trunk/wp-includes/option.php?marks=2318#L2318 (+ 3 more places in same file)
https://build.trac.wordpress.org/browser/trunk/wp-admin/includes/template.php?marks=1569#L1569 (+ 3 more places in same file)
The ""%s"" options group has been removed. Use another settings group.
https://build.t
rac.wordpress.org/browser/trunk/wp-includes/capabilities.php?marks=95#L95 (+ 3 more places in same file)
The post type %1$s is not registered, so it may not be reliable to check the capability ""%2$s"" against a post of that type.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-theme.php?marks=241#L241
The theme directory ""%s"" does not exist.
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-theme.php?marks=384#L384 (+ 1 more place in same file)
The ""%s"" theme is not a valid parent theme.
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1664#L1664
New comment on your post ""%s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1636#L1636
New trackback on your post ""%s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1650#L1650
New pingback on your post ""%s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1825#L1825
A new trackback on the post ""%s"" is waiting for your approval
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1836#L1836
A new pingback on the post ""%s"" is waiting for your approval
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1847#L1847
A new comment on the post ""%s"" is waiting for your approval
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1681#L1681
[%1$s] Comment: ""%2$s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1645#L1645
[%1$s] Trackback: ""%2$s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1659#L1659
[%1$s] Pingback: ""%2$s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php?marks=1892#L1892
[%1$s] Please moderate: ""%2$s""
https://build.trac.wordpress.org/browser/trunk/wp-includes/class-wp-theme.php?marks=357#L357
The parent theme is missing. Please install the ""%s"" parent theme.
https://build.trac.wordpress.org/browser/trunk/wp-includes/js/dist/block-editor.js?marks=33470#L33470
Search results for ""%s""
",tobifjellner
Tickets with Patches,53673,Add unit tests for v5.8 widget sidebar IDs,hellofromTonya,REST API,5.8,normal,normal,Future Release,enhancement,assigned,dev-feedback,2021-07-15T17:55:43Z,2021-08-31T16:58:05Z,"r51239 was included in 5.8, but was intended to have included unit tests as part of the release. See [https://core.trac.wordpress.org/ticket/53452#comment:13 parent ticket] as possible starting point for a unit test patch on this.",JeffPaul
Tickets Awaiting Review,53677,"load_script_textdomain() doesn't work for subdirectory themes, or those in alternate theme roots",,I18N,,normal,normal,Awaiting Review,defect (bug),new,,2021-07-16T07:08:25Z,2021-07-16T07:12:08Z,"load_script_textdomain() attempts to load script translations for themes, but fails to generate the correct relative filename when the theme is within a sub-directory or alternate theme root.
WordPress supports three main formats for theme directories (See [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/theme.php#L427 search_theme_directories()])
1. wp-content/themes/$theme
2. wp-content/custom-theme-root/$theme
3. wp-content/themes/a-directory-of-themes/$theme (and likewise for the custom $theme_root)
The first case is covered, but when using the other two, the generated relative path and subsequent path md5 is incorrect.
For example, given the file `.../themes/a-directory-of-themes/$theme/build/index.min.js` instead of generating the md5 of `build/index.js` it generates it of `$theme/build/index.js`.
I'm unsure what it would do with the custom theme roots, all that I can tell is that the use-case doesn't appear to be covered in the function.",dd32
Unpatched Bugs,53682,tags (keywords) with umlauts don't get saved in german locale,,Editor,5.7.2,normal,minor,Future Release,defect (bug),new,,2021-07-17T15:41:20Z,2023-07-09T16:44:05Z,"
== This report is about assigning keywords to an article.
**First keyword:** ""Gärten"" with slug ""gaerten"" (exists already)
**Second keyword:** ""Garten"" with slug ""garten"" (was not created yet)
I tried to apply the new keyword ""Garten"", but once I saved the article, the keyword ""Gärten"" was assigned in the preview. I removed it and tried to assign ""Garten"" once again, but WordPress keeps applying ""Gärten"" to the article, even though **the editor showed ""Garten"" in the sidebar** (as expected).
I then created the keyword ""Garten"" with slug ""garten"" manually in the keyword management interface. Now I have both keywords in my database.
But still, when I try to assign ""Gärten"" in the editor, WordPress keeps changing it to ""Garten"", once the article is saved and I view the preview. The slugs are different (gaerten vs. garten), but it seems like the editor confuses the German umlauts in Gärten with Garten.
I am using the latest WordPress 5.7.2 and the Classic Editor.",spielautomat4
Tickets Awaiting Review,53685,Update the `caniuse` database when running `grunt precommit:css`,,Build/Test Tools,,normal,normal,Awaiting Review,defect (bug),new,,2021-07-18T23:58:00Z,2023-06-16T19:18:58Z,"The `autoprefixer` dependency is responsible for applying browser specific prefixing and other changes to Core CSS generated from Sass files. It relies on the `browserslist` package, which in turn relies on the `caniuse-lite` database for determining which browser versions are supported for the project based on the `browserslist` field in the `package.json` file.
The `caniuse-lite` data is updated pretty frequently (several times a month), but unless it is manually updated, the data used is most likely outdated. This can result in unsupported browsers being considered supported due to outdated data.
When `grunt precommit:css` is run, the script should check whether `browserslist` is at the latest version to ensure the generated CSS supports the correct browsers.
The recommended way to do this is running `npx browserslist@latest --update-db`.",desrosj
Tickets Awaiting Review,53688,add super admin feature to help developer,,Customize,,normal,major,Awaiting Review,feature request,new,,2021-07-19T06:32:02Z,2021-07-19T08:09:13Z,"hello wordpress team .
i am a developer from nepal . i use to manage different company websites . Many of my clients ask admin when i provide them admin they damage website because they are not tech savvy . sometime they make error white they try to change some data using theme editor . so i request to make one use like super admin or developer which we have feature to edit / download . delete theme and plugins but super admin have to give access to administrator user access to edit anything functionally . admin user can add user and remove user at their level but cant access to theme and plugin so it will help developers to save their time of solving bugs create by clients .
we can disable theme edit and plugin edit from wp-config file but if we want to add new plugin we should upload it using ftp and we have to save that file in our pc so it will be more time consuming .
i hope you have understand my issue and make this feature as soon as possible . thank you . ",janakkafle
Tickets Awaiting Review,53692,Inaccurate schema for the app_id property in the application-passwords endpoints,,Application Passwords,5.6,normal,normal,Awaiting Review,defect (bug),new,needs-unit-tests,2021-07-19T12:28:48Z,2021-07-19T12:32:43Z,The schema for the `app_id` property of objects in the `wp/v2/application-passwords/*` endpoints has a `format` of `uuid`. This is not entirely accurate because if no app ID was provided when the application password was registered then this field contains an empty string.,johnbillion
Unpatched Bugs,53693,Block icons too big on 5.8 widgets page,,Widgets,5.8,normal,normal,Future Release,defect (bug),new,,2021-07-19T17:23:22Z,2021-11-01T21:51:21Z,"[https://en-ca.wordpress.org/plugins/yet-another-related-posts-plugin/ Our plugin] adds a block using an SVG image which still looks fine on the blocks page. But on the widgets page introduced in WP 5.8, our block's icon is way too big and spills into the surrounding areas.
See [[Image(https://i.imgur.com/ut0vOSv.png)]]
On the post editing page, where the icon still looks fine, I see this critical CSS:
{{{
.block-editor__container img {
max-width: 100%;
height: auto;
}
}}}
It seems on the widgets page there is no `block-editor__container` so the styles don't apply, and icons like ours are unstyled.
",mnelson4
Tickets Awaiting Review,53694,Multisite: Capability check isn't strict enough when hard deleting a site,,Networks and Sites,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-07-19T19:52:29Z,2021-11-19T18:16:11Z,"If the second argument passed to {{{wpmu_delete_blog()}}} is {{{true}}}, then a site can be hard deleted. By hard deleted I mean the site's database table will be dropped.
My understanding is, the {{{delete_sites}}} capability is granted to super administrators only. {{{delete_sites}}} will let the super administrator hard delete a site. Administrators don't have this capability. Instead, administrators have the {{{delete_site}}} capability.
In wp-admin/network/sites.php, {{{wpmu_delete_blog()}}} is called with {{{true}}} as the second argument. The capability check in this case is {{{delete_site}}}. Should this be {{{delete_sites}}}?",henry.wright
Slated for Next Release,53707,Edit critical error message for situations when email is not received,,Upgrade/Install,5.8,normal,normal,6.6,defect (bug),reopened,has-patch,2021-07-20T21:36:37Z,2024-02-21T21:02:08Z,"Fatal error when trying to update to WordPress 5.8 from (5.7.2) with PHP8. Tried to disable all plugins and same problem on two different websites (same hosting), also no e-mail is sent out about critical error to site admin e-mail.
Update WordPress
Downloading update from https://downloads.wordpress.org/release/sv_SE/wordpress-5.8.zip…
The authenticity of wordpress-5.8.zip could not be verified as no signature was found.
Unpacking the update…
Fatal error: Maximum execution time of 30 seconds exceeded in /.../wp-admin/includes/class-wp-filesystem-direct.php on line 76
There has been a critical error on this website. Please check your site admin email inbox for instructions.
`",ipajen
Candidates for Closure,53732,Widgets option shows blank,,Widgets,5.8,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-07-22T08:53:02Z,2021-07-23T11:06:23Z,"After updating WordPress to 5.8 , Widgets option shows blank when clicking, can't access to widgets",pirfirdouse
Tickets Awaiting Review,53734,Link rel attribute isn't shown in the input field (Widgets > Img > Anchor),,Widgets,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-07-22T09:07:09Z,2021-07-22T09:07:09Z,"If you add a link with a rel attribute to an image in the new widgets editor, the rel input saves the value but it doesn't display the value in the input box.
To get to this issue, I added an image into a widget sidebar, clicked the link to add a link (this works fine). I then selected ""Open in new tab"", which worked fine, however on adding a ""noopener"" attribute to the rel it got to 'noopene' then on pressing 'r' the value vanishes. It seems to store the data as it appears fine in the front-end.",seanvarnham
Tickets Awaiting Review,53748,wp_render_layout_support_flag assumes centered layout,,Themes,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-07-22T18:42:43Z,2021-07-22T18:42:43Z,"When applying sizes to a block, margin is also added.
https://core.trac.wordpress.org/browser/tags/5.8/src/wp-includes/block-supports/layout.php#L74
What if a theme doesn't want all content centered?",douglasjohnson
Tickets Awaiting Review,53781,Tests_Embed_Template tests fail when run in isolation,,Build/Test Tools,,normal,minor,Awaiting Review,defect (bug),new,,2021-07-26T10:25:19Z,2021-09-28T03:32:26Z,"When running the `Tests_Embed_Template` test in isolation, two of the tests fail.
{{{
phpunit --filter Tests_Embed_Template
}}}
{{{
#) Tests_Embed_Template::test_oembed_output_post_with_thumbnail
DOMDocument::loadHTML(): AttValue: "" expected in Entity, line: 10
path/to/wp/tests/phpunit/tests/oembed/template.php:66
#) Tests_Embed_Template::test_oembed_output_attachment
DOMDocument::loadHTML(): AttValue: "" expected in Entity, line: 10
path/to/wp/tests/phpunit/tests/oembed/template.php:110
}}}
Accidentally discovered when I added the `import` group to the `` `` and ran the complete test suite and those two tests - which are unrelated to the `import` tests - started erroring out.
A tentative conclusion from that can be that:
1. The `Tests_Embed_Template` tests have an undeclared dependency on the tests in the `import` group.
2. The `Tests_Embed_Template` tests only pass by accident due to the **''order''** in which the tests are run, which is not guaranteed and can be influenced in more recent PHPUnit versions, so cannot be relied upon.
Also see: https://phpunit.readthedocs.io/en/stable/configuration.html#the-executionorder-attribute
This needs further investigation.
Solution direction: The test should be made independent of the `import` tests.
Originally reported in https://core.trac.wordpress.org/ticket/53363#comment:39",jrf
Tickets with Patches,53784,Limiting user enumeration through the REST API,,REST API,,normal,normal,Future Release,defect (bug),assigned,has-patch,2021-07-26T12:08:32Z,2023-11-24T08:12:20Z,"Via endpoints like `/wp/v2/comments?search=$term`, it's currently possible to perform email discovery through brute force. In this case, emails of commenters.
Not exactly the same, but previous discussion (for login forms) is at: https://core.trac.wordpress.org/ticket/9568#comment:82
After an H1 report and some discussion within the [https://wordpress.slack.com/archives/G02QQEF9J/p1615160652036100?thread_ts=1614980894.034400&cid=G02QQEF9J security team], it was decided we should probably ""fix"" this and have more public discussion.
Authorized users should be able to search comment data that's non-public.
[https://hackerone.com/reports/1117674 Report] by `dawidpieper`.",ehtis
Tickets Awaiting Review,53785,Block Styles dropdown should use 'Default' instead of 'Not set',,Editor,,normal,normal,Awaiting Review,defect (bug),new,,2021-07-26T14:41:11Z,2022-01-11T09:39:16Z,"Issue:
After registering a new Block Style to the WordPress Core Paragraph block I noticed the text used in the dropdown states ''""Not set""'' instead of ''""Default""'', which is used as a caption in the image. This is confusing to (new) users.
Proposed solution:
Change the text in the dropdown into ''default''. This matches the image caption and clearly indicates that this style is the default style. ",BjornW
Unpatched Enhancements,53787,Allow changing number of attachments displayed,antpb,Media,5.8,normal,normal,Future Release,enhancement,assigned,,2021-07-26T16:44:22Z,2022-02-24T15:28:38Z,"#50105 introduced a new load more button to replace infinite scroll for media library.
In the initial version the number of [https://github.com/WordPress/wordpress-develop/blob/18ebf26bc3787e8ccc03438bd8375e4828030ca9/src/js/media/models/query.js#L174|posts per page is set in the code to 40].
In #50105 was discussed adding a filter to make it developer customizable. There are use cases for having more or less than the default 40. This should apply for the initial and later requests.
In a second step:
> It would be nice if this were user controllable like posts per page, or terms per page are from the screen options tab. We would need to integrate this into the modal itself though since it operates in numerous contexts.
[https://core.trac.wordpress.org/timeline?from=2021-02-07T04%3A28%3A43%2B01%3A00&precision=second|Quote from @adamsilverstein]
",grapplerulrich
Candidates for Closure,53789,all kinds of error messages using WordPress 5.8 Widgets block editor,,Widgets,5.8,normal,major,Awaiting Review,defect (bug),new,reporter-feedback,2021-07-26T22:35:24Z,2021-10-13T23:48:14Z,"After the Upgrade to WordPress 5.8, in the backend when I choose Appearance / Widgets (to edit widgets), I get error messages like these:
The ""blog_subscription"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""google_translate_widget"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""recent-posts"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""nav_menu"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""bbpmmymessages"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""text"" block was affected by errors and may not function properly. Check the developer tools for more details.
The ""search"" block was affected by errors and may not function properly. Check the developer tools for more details.
I installed and activated the Classic Widget Editor plugin so I could function. Later (after an update from one of the Widget providers), I deactivated the CWE plugin so I could see if this provider's widgets were now working with the 5.8 Widget block editor. (Some were fixed, some weren't). Unbelievably, though, I got more errors than before showing that widget blocks which seemed to be working before now were not working! I got a lot of Internal Error messages, whereas before I only saw one or two of these. Did switching to the Classic Widget Editor and then deactivating cause more problems? Now every time I try to access the 5.8 Widgets block editing, I get new or different errors. Very confusing and upsetting.
",janecarole
Tickets Awaiting Review,53790,Do not close block inserter when selecting blocks,,Editor,,normal,minor,Awaiting Review,enhancement,new,,2021-07-27T01:45:40Z,2021-07-27T03:44:12Z,"I suggest changing the behavior of the list of all blocks in the block editor to NOT automatically close the list as soon as the user has clicked elsewhere on the page.
The automatic closing of the list feels jarring and unexpected, and it increases the number of clicks required to build a post with many blocks.
See my short video (1:27) for specifics:
https://www.youtube.com/watch?v=SfZqZxzKUuk",curtiskessler
Tickets Awaiting Review,53818,Update notification in admin bar is not updating,,Upgrade/Install,5.8,normal,minor,Awaiting Review,defect (bug),new,,2021-07-28T19:24:40Z,2021-07-29T00:00:32Z,"Since I installed 5.8 the update notification continues to show what appears to be the sum of all the updates I have installed since 5.8. If I go to the update page or plugin page there are no updates needed and the update indicator returns to none.
When I log on later the indicator shows the number of updates again. Rinse Repeat.
Link to example: https://hubbelldigitalmedia.com/update-indicator.jpg
I looked to see if I could find any ticket or mention of this and did not find anything. So I thought I would, if this is a known issue, then I apologize for posting.
",andhub
Tickets Awaiting Review,53828,Nullable registered meta with format does not display in JSON schema,,REST API,,normal,normal,Awaiting Review,defect (bug),new,,2021-07-29T16:06:34Z,2021-07-29T16:06:34Z,"When registering a piece of meta as a nullable type in the REST schema, it does not display in the JSON schema for the particular object.
For example, the following will not correctly register a meta key in REST:
{{{#!php
true,
'type' => 'string',
'show_in_rest' => [
'schema' => [
'title' => __( 'Background Color' ),
'type' => [ 'string', 'null' ],
'format' => 'hex-color',
],
],
],
);
}}}
The key will not be visible in the JSON schema, and the key/value pair will also not be available in the meta object in the post response from the API.",chrisvanpatten
Candidates for Closure,53842,Review the type of select return values,,Build/Test Tools,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-07-30T22:06:25Z,2021-07-30T22:06:25Z,"In addressing ticket #46149, four tests were encountered which were testing (part of) a return value of WP Core functions, but were found to be using the wrong value type in this comparison.
This was discovered due to the fact that the `assertContains()` method in PHPUnit uses strict type comparisons as of PHPUnit 8.0.2.
For the time being, the tests will be updated to reflect the REAL return type per proposed commit https://github.com/jrfnl/wordpress-develop-official/commit/64dd09d5c292c3eac80419d5a1a325dab453a5ed
This ticket is being opened to follow up on this as it should be investigated whether the return type of these WP Core function as-is is actually correct and the test update was therefore justified. Or whether the test update should be reverted and the actual WP Core functions should be updated.
== Details
=== `Tests_Comment_GetPageOfComment::test_page_number_when_unapproved_comments_are_included_for_current_commenter()` and `Tests_Comment_GetPageOfComment::test_page_number_when_unapproved_comments_are_included_for_current_user()`
Both these tests generate a comment ID using a test Factory class:
{{{#!php
comment->create(
$comment_args
);
}}}
`$new_unapproved` will now contain a comment ID as an integer.
This integer is expected to be included in a list retrieved via the [https://developer.wordpress.org/reference/functions/get_comments/ `get_comments()`] function and filtered via [https://developer.wordpress.org/reference/functions/wp_list_pluck/ `wp_list_pluck()`].
Based on these two tests, the `comment_ID` as returned in the array retrieved via `get_comments()` is a string, not an integer.
So the questions for these two tests are:
* Should the `comment_ID` returned by `get_comments()` be a string or an integer ?
* If the `get_comments()` function should remain unchanged, should the TestCase::factory()->comment->create()` method be adjusted to return a string for the ID value instead of an integer ?
* If the answer to both the above questions is ""no"", no further action is needed once the proposed commit mentioned above has been committed.
=== `WP_Test_REST_Post_Meta_Fields::test_set_value_multiple_custom_schema()` and `WP_Test_REST_Term_Meta_Fields::test_set_value_multiple_custom_schema()`
These two tests both update the post meta of a WP post via a REST API POST request.
The data to be set is passed as integers:
{{{#!php
array(
'test_custom_schema_multi' => array( 2, 8 ),
),
);
$request->set_body_params( $data );
$response = rest_get_server()->dispatch( $request );
}}}
The test subsequently requests the post meta information via a call to [https://developer.wordpress.org/reference/functions/get_post_meta/ `get_post_meta()`] and ensures that the returned array contains both values.
The values returned in the array from `get_post_meta()`, however are ''strings'', not integers.
So the questions for these two tests are:
* Where does the type change from integer to string happen ?
* Is the data when set via the REST API being saved correctly ?
* Does the Core code need to change or is the test update correct ?
In this case, I suspect the type change ''may'' be due to the fact that all data received from `$_POST` will always be in string format, however, the handling of these API requests should be investigated to be sure.
",jrf
Tickets with Patches,53847,Removed 'noreferrer' relationship In JS file.,Shital Patel,General,,normal,normal,Future Release,defect (bug),assigned,close,2021-07-31T07:41:08Z,2021-07-31T10:04:52Z,"remove ""noreferrer"" in js Files and add ""noopener""",Shital Patel
Tickets Awaiting Review,53850,Plugin available updates not being displayed and updates not possible via admin console menu,audrasjb,Upgrade/Install,5.8,normal,normal,Awaiting Review,defect (bug),assigned,,2021-08-01T08:16:04Z,2021-08-30T08:39:40Z,"since updating to 5.8, available plugin updates are briefly displayed as a red number against the updates and plugin menus. However, the updates page shows all plugins, themes and translations are up to date - which they clearly aren't.
See https://wordpress.org/support/topic/cant-update-plugins-since-5-8-upgrade/",Ian Helliwell
Tickets Awaiting Review,53863,Gutenberg fails with wp 5.8,,Editor,5.8,normal,critical,Awaiting Review,defect (bug),new,,2021-08-03T01:40:57Z,2021-08-03T07:38:03Z,"I had to rollback to fix this. The WP 5.8 Gutenberg crashed with this info:
TypeError: Cannot read property '$el' of undefined
at new m (https://bestredlighttherapy.com/wp-includes/js/dist/media-utils.min.js?ver=5e105975fcfe18922cd4f0163466f454:2:3795)
at Yg (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:68:243)
at rh (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:98:274)
at zj (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:228:490)
at Th (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:223)
at tj (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:152)
at Te (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:146:151)
at https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:61:68
at unstable_runWithPriority (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react.min.js?ver=16.13.1:25:260)
at Da (https://bestredlighttherapy.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:60:280)
I did turn off all plugins and switched to the default theme. Only rolling back the main version allowed me to get into Gutenberg.",dogrescuer
Tickets Awaiting Review,53864,Feature Request - Add sizing options for Video Block,,Editor,,normal,normal,Awaiting Review,feature request,new,,2021-08-03T04:20:30Z,2021-08-03T04:20:30Z,"It would be great to have a sizing option for Video Block, similar to what we have in Image block. If the dragging option is not possible, it would be great if there can be width field within the block settings. ",nagpai
Tickets Awaiting Review,53865,Custom fields overlaps Post content blocks,,Editor,,normal,normal,Awaiting Review,defect (bug),new,,2021-08-03T06:11:27Z,2021-09-17T05:50:12Z,"When creating a post or edit an existing one, the Custom fields overlap Gutenberg blocks(wordpress version 5.8).
I cannot enter content into those blocks so I cannot complete my post using the new editor.
Also other Additional areas to the editor such as meta boxes from plugins(Yoast seo etc) are also overlapping the content.
Screenshots
1.Add new post (without any plugins-theme: twenty twenty-one) :https://ibb.co/SyhWP9F
2.Edit post(with yoast SEO metabox-theme: twenty twenty) :https://ibb.co/3zm2kf4
Support ticket created at
https://wordpress.org/support/topic/custom-fields-overlaps-post-content-blocks/?view=all#post-14724825 and @t-p responded to create a ticket in bug tracker.
Thank You.
",anjali94
Tickets with Patches,53874,Bundled Themes: Measurement in 'px' is unnecessary,,Bundled Theme,,normal,normal,Future Release,enhancement,new,has-patch,2021-08-04T17:21:06Z,2023-04-05T15:51:04Z,Measurement in 'px' is unnecessary in bundled themes.,ankitmaru
Unpatched Bugs,53875,Update inline docs to match handbook standards,,General,,normal,normal,Future Release,defect (bug),new,,2021-08-04T20:50:48Z,2021-10-26T23:37:33Z,"While looking at #53399, relative to the [https://make.wordpress.org/core/handbook/best-practices/inline-documentation-standards/php/#5-inline-comments PHP Documentation Standards], there are many-many places in the codebase that use PHP's multi-line code commenting style for what have always been (and likely always will be) single-line comments.
For example:
From `options-general.php`:
{{{
/** WordPress Administration Bootstrap */
require_once __DIR__ . '/admin.php';
/** WordPress Translation Installation API */
require_once ABSPATH . 'wp-admin/includes/translation-install.php';
}}}
The docs put emphasis on not using `/**` specifically:
> Important note: Multi-line comments must not begin with `/**` (double asterisk) as the parser might mistake it for a DocBlock. Use `/*` (single asterisk) instead.
It's worth emphasizing here that it does not say ''single-line'' comments shouldn't use `/**` but the handbook docs do not explain (that I have found) when and why single-line comments should use `/**`. This same syntax is also used when hooks are used in multiple locations, for example.
According to our own standard, I believe these lines should instead be:
{{{
// WordPress Administration Bootstrap
require_once __DIR__ . '/admin.php';
// WordPress Translation Installation API
require_once ABSPATH . 'wp-admin/includes/translation-install.php';
}}}
...or possibly...
{{{
/* WordPress Administration Bootstrap */
require_once __DIR__ . '/admin.php';
/* WordPress Translation Installation API */
require_once ABSPATH . 'wp-admin/includes/translation-install.php';
}}}
(My personal preference would be `// ..` over `/* .. */` because I find it easier to both type and read.)
Starting this ticket (with a nod from @johnbillion) to generate some discussion and come to an agreement.
----
For additional context, the examples I used above also use inconsistent language across the entire codebase, and my plan is to modify these lines already to make them consistent, and I'd like to bring both the syntax and the language inline together at the same time.
Before:
`/** WordPress Administration Bootstrap */`
After:
`// Load WordPress Administration Bootstrap`",johnjamesjacoby
Tickets Awaiting Review,53887,no link to theme changelog/readme.txt on the wordpress updates page,,Upgrade/Install,5.8,normal,normal,Awaiting Review,enhancement,new,,2021-08-06T14:05:51Z,2021-08-06T20:37:53Z,"On the WordPress updates page, there is a really convenient link to see what's new in every plugin update. Why isn't there the same link for theme updates? Instead, you have to go into APPREARANCE>>THEME and open the theme details, navigate to the theme's repo and open the readme.txt to what's new. Seems like there would be a way to make this easier.",waterfire
Tickets with Patches,53888,Add another link to Network Admin,sabernhardt*,Networks and Sites,,normal,normal,Future Release,enhancement,accepted,has-patch,2021-08-06T15:20:46Z,2021-11-09T21:16:00Z,"There are problems accessing the link for Network Admin in the toolbar dropdown:
- keyboard accessibility (reported on #34668 and at least one [https://wordpress.org/support/topic/wp-multi-site-network-admin-page-not-accessible-to-screen-readers-from-wp-admin/ accessibility support topic])
- touchscreen use (#22660)
I would like to add another link to that screen in case the other issues are not both fixed. It could go on the My Sites screen and/or in the side admin menu.",sabernhardt
Tickets Awaiting Review,53901,"I found error in wordpress ""Publishing failed. The response is not a valid JSON response.""",,Editor,5.8,normal,critical,Awaiting Review,defect (bug),new,,2021-08-09T12:50:50Z,2021-08-09T12:50:50Z,"I found an error while publishing the post ""Publishing failed. The response is not a valid JSON response."" I tried a couple of plugins and tricks I cant sussessed. KIndly help me to solve this issue. regards",uzair23
Tickets Awaiting Review,53902,Automating the creation of inline javascript and inline stylesheet nonces or hashes,,Security,,normal,normal,Awaiting Review,feature request,new,,2021-08-09T13:27:25Z,2022-01-03T22:22:26Z,"Inline javascripts and stylesheets are fairly common in the WordPress ecosystem. Site managers wishing to harden WordPress via a Content Security Policy have a choice between allowing such inline code via the ""unsafe-inline"" directive or must find a way to include either hashes or nonces in the CSP and, for nonces, in the code itself.
While there are means to determine hashes for static javascript or stylesheets, this is hardly possible for dynamically created code. It would help better secure WordPress sites if WP included the functionality that could automate the creation of nonces or hashes and automatically include them in a function that sends the appropriate, dynamically created, header via PHP or perhaps by writing to .htaccess or the like.",Josiah S. Carberry
Tickets Awaiting Review,53903,Duplicate Menu Bar option,,Menus,,normal,normal,Awaiting Review,feature request,new,,2021-08-09T15:56:43Z,2021-09-17T16:46:14Z,"Hi,
I would really like to see a way to duplicate a WordPress Menu bar. There have been countless times in the past few years of working with WordPress websites where this would have come in very handy.
So if possible, please add a way to duplicate a menu bar in a future WP version.
Thank you. ",AlGala
Tickets Needing Feedback,53910,`sanitize_title_with_dashes` returns partial encoded values in permalink,SergeyBiryukov,Permalinks,5.8,normal,major,Future Release,defect (bug),reviewing,dev-feedback,2021-08-10T21:48:09Z,2022-05-03T02:42:28Z,"Picked up quite an old bug (circa 2006!) while working on #47912.
`sanitize_title_with_dashes()` does a check to see if the title `seems_utf8()` and subsequently url encodes it. The call to `utf8_uri_encode()` has a `$length` argument of `200`.
If an encoded value crosses the 200 boundary, the encoded value is cut and the remainder isn't picked up by any of the subsequent actions taken by `sanitize_title_with_dashes()`.
>this-very-long-title-is-to-help-demonstrate-that-partial-encoded-values-remain-when-you-try-to-use-sanitize-title-with-dashes-on-encoded-strings-trimmed-to-200-chars-instead-of-using-max-and-strlen**%e2%80%af**
becomes:
>this-very-long-title-is-to-help-demonstrate-that-partial-encoded-values-remain-when-you-try-to-use-sanitize-title-with-dashes-on-encoded-strings-trimmed-to-200-chars-instead-of-using-max-and-strlen**%e2**
I've resolved this issue by:
- Storing the `seems_utf8()` value
- Changing the call to `utf8_uri_encode()`, so that the `length` argument is the `max()` of `strlen( $title )` and `200`
- Trimming the `$title` to `200` at the end of the `sanitize_title_with_dashes` instead.",costdev
Tickets Awaiting Review,53934,Vimeo embed working in admin and not on post when using private link,,Editor,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-08-16T16:48:19Z,2021-11-03T13:39:07Z,"Hi,
Issue :
Vimeo Embed link does not appear in the post (not even in the source code of the blog post) when using private link.
Current Behavior :
When copy/pasting a ""private video link"" from Vimeo into the WordPress Post editor (default one) the embed is done automatically, but does not display / work on the post once published.
Expected behavior :
Copy/paste the Vimeo link to wordpress, emebed is done autoamtically, when publishing video is visible ont he blog page.
How to reproduce :
- Get a Vimeo ""private link"" to a video
- Paste the Private link to a new blog post
- (WP will Auto embed the vimeo videpo player)
- publish post
- Post does not contain the video.
- If you edit the same blog post, the video is in there.
How to solve (workaround)
> Embed the vimeo player as an ""embed"" link using the ""player.vimeo.com/video/VIDEOID"".
What is causing the problem ?
From my experience & debugging : This behavior is mostly with Vimeo ""private link"".
Wordpress will automatically embed even is you copy the private link and it will work in the admin (and if you are connected on your vimeo account). But this will not show up on the page/blog post once published.
Embed expect the following : player.vimeo.com/video/VIDEOID
The private link is : vimeo.com/VIDEOID/RANDOMUNIQUEIDHERE
The vimeo page via private link is providing the info for oembed (json & xml) in its source.
(first time submitting a bug report here. Edit if required.)",Trouffman
Candidates for Closure,53935,Vimeo oembed force player with large height on blog post,,Embeds,5.8,normal,minor,Awaiting Review,defect (bug),new,reporter-feedback,2021-08-16T17:08:49Z,2021-08-18T19:46:11Z,"Hi,
When embedding a Vimeo Video Player on a blog post, the admin automatic embed display the player correctly but the published version have height that is way bigger than the player.
How to reproduce :
- create a new blog post
- insert text before
- embed a Vimeo video with link : player.vimeo.com/video/VIDEOID
- insert text after
- publish post
-> the vimeo video player is with large blank space on top and bottom
More details :
Seems like this is the iframe code on the WP Public page :
>> this width / height seems large and does not seems to come from the site theme either.
",Trouffman
Tickets Awaiting Review,53942,Non-single post meta multiple value update breaks post save through REST API,,REST API,5.8,normal,blocker,Awaiting Review,defect (bug),assigned,,2021-08-17T13:00:31Z,2021-08-17T15:21:25Z,"This is a follow-up to #52787.
Same situation as in #52787, but this time while updating **non-single** meta **multiple values at once** like `{ meta: { metaKey: [1, 2, 3] } }`, REST API fires `update_multi_meta_value()`, which tries first to delete old values in the database. When no meta value is present in database, `get_metadata()` returns defaults as `$current_values` and then trying to delete them anyway (non-existent in fact). This causes `update_multi_meta_value()` to return `WP_Error('rest_meta_database_error')` on `delete_metadata()` failure.
BTW, error messages could be more specific from `'Could not update the meta value of %s in database.'` to `'Could not update/delete...'` and `'Could not update/add...'`.",iknowsomething
Tickets Awaiting Review,53959,Error message when creating new widget using block editor,,Widgets,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-08-19T14:07:08Z,2021-08-23T14:48:47Z,"Our church website stm.org.uk is WordPress hosted by IONOS.
I have just tried the first update to the Content Sidebar since we were upgraded to WordPress 5.8.
I attempted to add the 'Breakfast Church' item using the new block editor, but I got a message:
There was an error. Invalid parameter(s): requests.
I ended up installing the 'classic widget editor' plugin and managed to create the item by adding two block widgets at the beginning, copying the block HTML from a similar item.
I did it this way, rather than setting up a text widget, to get a more consistent appearance. Incidentally, the 'our vicar' image widget has not been converted to a block and its appearance is not consistent with the others.
There seems to be no good reason for the error message.",mdrb55
Tickets Awaiting Review,53960,Construct WP_User::cap_key dynamically from wpdb instance,,Users,,normal,normal,Awaiting Review,defect (bug),new,,2021-08-19T14:18:53Z,2021-08-19T14:48:35Z,"Currently, `WP_User` is set up to set the `cap_key` property, which is used as the usermeta key for a user's role on a given site, only when the `WP_User` instance is instantiated.
This leads to some complication when setting a user role after a `switch_to_blog` call. While `switch_to_blog` internally calls a hook which ends up calling `wp_switch_roles_and_user`, that method only changes the ''current'' user's role without impacting other `WP_User` instances.
This means the following (psuedo-)code would not work as one might expect:
{{{#!php
set_role( /* some role */ );
restore_current_blog();
}
}}}
The end result is that the role is only applied to the root site, because the user object's `cap_key` property is never updated when the site is switched.
However, the user's ""user level"" ''is'' updated correctly for each site — because WP_User's `update_user_level_from_caps` method generates the user meta key dynamically from the blog prefix ''when the method is called'' ([https://github.com/WordPress/WordPress/blob/87bd00ac5b41674810cdc5b125561407ee827868/wp-includes/class-wp-user.php#L672 ref]).
I would propose changing the `cap_key` to be generated dynamically every time it is referenced, rather than only when the object is instantiated or `WP_User::for_site()` is explicitly called.",chrisvanpatten
Tickets Awaiting Review,53965,Legacy widgets used inside a normal block fail when salts are changed,,Widgets,5.8,normal,major,Awaiting Review,defect (bug),new,,2021-08-20T05:27:30Z,2022-03-02T20:30:19Z,"When a legacy widget is added to the new block based widget area and it's a 1st level block, its data is stored the way widgets have always stored data. However if a legacy widget block is used inside of a normal block its data is no longer stored separately in the options table, but is encoded and stored with its parent block.
The legacy widget data is stored by base64 encoding its serialized data then generating a hash of it using `wp_hash()`. Both pieces of data are stored in the parent block. When viewing the widget block editor this data is hydrated. The problem is the default scheme `AUTH` is used for `wp_hash()` when none is specified. The value of AUTH is volatile. Salt keys should be rotated occasionally and they can be changed via the `salt` filter, when that happens all the embedded legacy widgets will break.
I can think of several ways to fix this:
- Use a more stable salt.
- Encode data using a method that doesn't rely on a hash for verification.
- Remove the hash check. I don't see anywhere in the codebase (but I'm far from an expert) where serialized data is compared against a hash before sending it to `unserialize()`, so I don't think it adds any more risk as it is supposed to be trusted data. To me this is the cleanest solution, the first two methods would require a backwards compatibility fix: if the data failed to unserialize the new way, try the old method.
The hash check to remove is in `\wp-includes\rest-api\endpoints\class-wp-rest-widget-types-controller.php` on lines 447 - 453. A couple other places in the method also need the hash references removed. Luckily the `encode_form_data()` method is new and only used here so any changes won't be painful.
I originally came across this issue because my new WP 5.8 site was having widget errors whenever it was migrated to the staging server. My local server and staging server have different salt values, so it caused all the nested embedded widgets to fail. I was using some Navigation Menu widgets, which failed with the error `The ""nav_menu"" block was affected by errors and may not function properly. Check the developer tools for more details.` In dev tools this was the REST response `{""code"":""rest_invalid_widget"",""message"":""The provided instance is malformed."",""data"":{""status"":400}}`.
I verified the differing `AUTH_KEY`s were the issue by syncing them, which temporarily enabled the legacy widgets to work, however that isn't a realistic fix.",Enchiridion
Candidates for Closure,53968,In 5.8 Metaboxes hide post editor completely,,Editor,5.8,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-08-20T11:11:34Z,2021-09-10T15:21:29Z,"In 5.8, when editing posts, pages or anything else, metaboxes hide the page title and the page content by default every time you open a post for editing. I use page as euphemism for all custom post types.
Expected behaviour: metaboxes are below the page title and page content as is normal
Current behaviour: metaboxes hide the title and the content, which cannot be edited without closing the metaboxes each time you open the page.
The problem: 90% of the time the user wants to edit the title or content, most metaboxes are meant to be edited once and forgotten.
browser: Safari, Mac OS",robertjakobson
Tickets Awaiting Review,53970,Add HTML mark tag support on Gutenberg,,Editor,,normal,normal,Awaiting Review,enhancement,new,,2021-08-20T12:33:37Z,2021-08-20T14:57:34Z,"Hi,
In Gutenberg when we are writing a paragraph or a list item, sometimes it is needed to highlight a certain part of the text without bolding them.
In HTML 5 there is a specific tag for this called `mark`. Using the mark tag we can highlight a certain part of the text so it will look like we have highlighted that text without doing anything crazy.
Here is an example code:
{{{#!php
I have a car and that car is super fast even on bad roads.
}}}
You can take a deep drive into the `mark` tag [https://developer.mozilla.org/en-US/docs/Web/HTML/Element/mark here on the MDN Docs].
Currently, the only way to achieve it is by writing the paragraph or list item in the Gutenberg and then edit them as HTML and add the tag at which point Gutenberg doesn't recognize the element as the same element and ask users to convert it to HTML block.
It would be really awesome if a new icon can be added in the Gutenberg formatting menu just beside the icons of Bold, Italics etc. This Highlight icon will simply add the `mark` tag to the selected text and the rest will be automatically taken care of by the browser. It can further be custom styles in CSS if someone wants to do it. Honestly, it would be awesome to see it in Gutenberg.",isaumya
Tickets Awaiting Review,53973,WordPress <= 5.8 - Authenticated Persistent XSS (User role name),,Security,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-08-21T01:03:21Z,2022-12-23T12:29:58Z,"Hi there,
First of all, I need to mention this (as requested by @ehtis / H1):
>When creating the ticket, please mention in it that the security team has evaluated this and asked you to open a public ticket for discussion.
\\
== Intro:
In versions of WordPress, including the latest v5.8, it's possible to inject malicious JavaScript code in the name (`$display_name`, `$details['name']`) of any user role.
This vulnerability could be used to infect a website with malicious code or to keep a backdoor for future exploitations. Not all security plugins will detect such injections, cause adding or editing any user role is a legitimate process and all data is stored in the DB.
Important to note that the functionality of adding custom roles is available in many plugins and themes, some of which aren't properly protected from CSRF attacks. Given this vulnerability, such attack vectors can be combined to successfully compromise a website.
\\
== Impact:
Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.
\\
== Steps To Reproduce:
1. Use attached PoC plugin (this is the fastest way to reproduce the JS injection) or use this code in any PHP file on your WordPress website:
{{{
#!php
add_role( 'hacker', __( 'Hacker' ), array( 'read' => true, 'edit_posts' => true ) );
}}}
2. Activate the plugin (you can turn it off right away cause we don't need it anymore - our custom user role will be already injected). Our new role will appear in the database like this:
{{{
s:5:""hacker"";a:2:{s:4:""name"";s:37:""Hacker"";s:12:""capabilities"";a:2:{s:4:""read"";b:1;s:10:""edit_posts"";b:1;}}
}}}
3. After that injected payload will be triggered on many pages inside the dashboard, f.e.: /wp-admin/users.php | /wp-admin/profile.php | /wp-admin/options-general.php etc. In my PoC plugin there will be a simple alert window.
\\
== Additional Information:
Another way to add custom user role is by using plugin, f.e. '''uListing''' [https://ru.wordpress.org/plugins/ulisting/ulisting.2.0.4.1.zip v2.0.4.1] (CSRF scenario):
{{{
POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 925
action=stm_save_user_roles&roles%5B0%5D%5Bis_delete%5D=0&roles%5B0%5D%5Bname%5D=Visse%3Cscript%3Ealert(%2FVisse%2F)%3B%3C%2Fscript%3E&roles%5B0%5D%5Bslug%5D=visse&roles%5B0%5D%5Bcapabilities%5D%5Bdefault%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Blisting_limit%5D=1553&roles%5B0%5D%5Bcapabilities%5D%5Blisting_moderation%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Bstm_listing_role%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Ballow_delete_listings%5D=0&roles%5B0%5D%5Bcapabilities%5D%5Bcomment%5D=1&roles%5B1%5D%5Bis_delete%5D=0&roles%5B1%5D%5Bname%5D=Hacker%3Cscript%3Ealert(%2FHacker%2F)%3B%3C%2Fscript%3E&roles%5B1%5D%5Bslug%5D=hacker&roles%5B1%5D%5Bcapabilities%5D%5Bdefault%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Blisting_limit%5D=1337&roles%5B1%5D%5Bcapabilities%5D%5Bcomment%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Blisting_moderation%5D=0&roles%5B1%5D%5Bcapabilities%5D%5Bstm_listing_role%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Bis_open%5D=1
}}}
\\
== Possible solution:
File: /wp-includes/class-wp-roles.php, line 162:
`'name' => $display_name,` change to `'name' => strip_tags( $display_name ),`.
\\",visse
Tickets Awaiting Review,53975,Send Reset Password bulk-action/link missing for non-super admins (multi-site only),,Users,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-08-22T00:26:24Z,2021-08-22T10:49:56Z,"Admin users in multi-site do not have the ability to send password reset emails from /wp-admin/users.php.
Repro Steps:
On a site with multisite, create a user, assign admin role.
Go to /wp-admin/users.php.
Expected Results:
Admin can send a reset password email to any user.
Actual Results:
Send password reset link missing from actions links
Send password reset option missing from bulk-actions drop-down
Other Information:
class-wp-users.php -> get_bulk_actions() uses ""if ( current_user_can( 'edit_users' ) )"" as the condition to determine if this can be allowed. The same check is performed in the single_row() method when the actions are specified.
I understand there are restrictions in multi-site for user creation/editing for non-super admins, however I believe this is not a security action and should not be restricted for site administrators.",jcutler
Tickets Awaiting Review,53976,Twenty Twenty-One: Anchor link on the same page causes the menu button icon to turn upside down,,Bundled Theme,,normal,normal,Awaiting Review,defect (bug),new,,2021-08-22T14:00:07Z,2021-08-22T16:55:40Z,"As reported and requested in [https://wordpress.org/support/topic/menu-button-auto-scrolls-to-top-when-pressed-scroll-to-top-change-button-icon/].
If you have an anchor link on the same page, the icon turs upside down.
Example. In website.com/one/ if you add a link to website.com/one/#anchor, this will cause the issue. An example will be a scroll to top button as in the report mentioned.
Video showing (the bug report is for the second option. The first one was solved too in the report, but may not be the best solution, and, as the theme is not prepared to have a fixed header, and the problem is that when clicking the menu button, it automatically scrolls to the top, may not be relevant, but you can check on the report mentioned at first).
In the video you can see in 0:09 when I click ""ARRIBA"", that is a scroll to top in casael.com using casael.com/#inicio
[https://youtu.be/zW7R58KM_BA]
Problem is in primary-navigation.js
{{{
document.addEventListener( 'click', function( event ) {
// If target onclick is with # within the href attribute
if ( event.target.hash && event.target.hash.includes( '#' ) ) {
wrapper.classList.remove( id + '-navigation-open', 'lock-scrolling' );
twentytwentyoneToggleAriaExpanded( mobileButton );
// Wait 550 and scroll to the anchor.
setTimeout(function () {
var anchor = document.getElementById(event.target.hash.slice(1));
anchor.scrollIntoView();
}, 550);
}
}
}}}
Possible Solution:
Change
{{{
document.addEventListener( 'click', function( event ) {
}}}
to
{{{
document.querySelector('.primary-menu-container').addEventListener( 'click', function( event ) {
}}}
The function was being activated all the time, and that function should only work when the mobile menu is open. Now, you can use #anchors to move on the same page off the menu without “glitching” the menu icon.
That change is tested and working without any problems.",joelbermudez
Tickets Awaiting Review,53982,Adding pages to menus could be more user friendly,,Menus,5.8,normal,normal,Awaiting Review,enhancement,new,,2021-08-23T19:15:16Z,2021-09-10T06:35:13Z,"It's difficult to find pages or visually see the page hierarchy when working with the site's menus.
**Appearance / Menus**
For a site that has a lot of content and multiple levels is hard to manage in the tiny Pages tab, it would be ideal if the height was adjustable.
Adding a page places the item at the bottom of the list where the user needs to manually move the item up the stack.
It would be ideal to drag the item from the Pages section into the menu.
**Appearance / Customize / Menus**
For some reason, this interface doesn't represent the page hierarchy making it hard to see the structure.
Same height restriction as above, there are only a small number of pages visible here making it hard to use with a lot of content.
The text input beside `+ Add` makes me think that I can search the page list based on some interactions in the `Appearance / Menus` area.
It would be ideal to drag the item from the Pages section into the menu.",adampatterson
Tickets Awaiting Review,53994,REST API requests with session cookies but an invalid/missing nonce are considered authenticated for most of the request,,Security,,normal,normal,Awaiting Review,defect (bug),new,,2021-08-24T17:29:07Z,2021-08-24T17:29:07Z,"**Note: the security team reviewed this and asked that I post a public report as a hardening issue.**
If a REST API request has valid session cookies but does not include a nonce, there is a significant portion of the process where the user is considered validly authenticated and signed in until the nonce is finally checked and the user account is nulled out. This period of the request is, practically speaking, the entire portion of the request where a plugin or theme would perform any operations before the REST response was sent (the obvious exception is if the REST endpoint were a custom one created by the theme or plugin, in which case, any code in direct service of dispatching the response would be after the nonce was checked). Therefore, if a request contains valid session cookies but an invalid or absent nonce, plugins and themes will almost always treat the request as if the user were validly authenticated, potentially voiding the purpose of the nonces.
In WordPress Core, the first place the user account is accessed is in `\WP::init()`. After that, the init action fires, which of course, is a common hook for plugins and themes. In addition, there is nothing stopping a plugin or theme from accessing the user account well before `\WP::init()`, e.g. immediately as it is loaded. In other words, a user session is validated as early as an mu-plugin loading. Out-of-the-box, WordPress does make some decisions based on the user's logged-in status and capabilities, e.g. which mime types are allowed for an attachments REST request and how widget content is processed. In fact, even the REST API code itself decides whether or not to send nocache headers based on the user's authentication state before the nonce is checked.
The request isn't de-authenticated again until the nonce is checked when
`\WP_REST_Server::check_authentication()` runs, which is immediately before the response is dispatched in `\WP_REST_Server::serve_request()`.
=== Steps To Reproduce:
1. Sign into a WordPress site
2. Add the following code to your theme/plugin to confirm that you are considered ""signed in"", even though you didn't provide a nonce
{{{#!php
}}}
Notes:
We also found that the Twenty-twenty-one theme does fine UNTIL you add a custom page with the codex formatting suggestions like above. As soon as you save and try to swap templates the break happens. ",juliacramer
Tickets Awaiting Review,54006,"Wp Multisite Get, Add, Update and Delete Site Meta Issue.",,"Options, Meta APIs",5.8,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-08-25T16:26:30Z,2021-08-27T14:21:30Z,"Just working on some code to help with WP Multisite integration...
I have noticed that the `add_site_meta` function is currently not working.
I had a look through the functions in wp-includes/ms-site.php and found that the first parameter in the 'add_metadata' function called by add_site_meta (line 1012) is 'blog'.
I figured since you changed the blogmeta table to sitemeta that something might be amiss. If the metadata is added thus:
add_metadata( 'site', 1, 'test_site_feta', 'cheese', false );
All appears to work okay, however this does not;
add_metadata( 'blog', 1, 'test_site_feta', 'cheese', false );
Think its a bug...until I had a closer look I had to use MySQL queries to add the site meta.
",leeml
Tickets Awaiting Review,54016,Media Library: Bulk delete elements in grid view takes very long,,Media,,normal,normal,Awaiting Review,enhancement,new,,2021-08-26T15:10:47Z,2023-07-10T13:52:51Z,"When bulk deleting images in media grid view they will be deleted one by one counting down, refreshing the view (not reloading the page!) and this takes unnecessarily long. I wonder if this can be accelerated by first deleting all of them before the view gets refreshed for example.
",Presskopp
Tickets Awaiting Review,54026,One admin menu item from different plugins,,Administration,,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-08-27T14:43:43Z,2021-09-03T15:11:56Z,"Hello.
In this example i have two plugins (which cannot be merged) which should use one admin menu item.
plugin 1:
{{{
function test1_admin_menu() {
add_menu_page(""Test Plugin"", ""Test Item"", ""manage_options"", ""test-plugin-admin"");
add_submenu_page(""test-plugin-admin"", """", ""Subitem for plugin 1"", ""manage_options"", ""test1-admin-subitem"");
// remove the automatically created submenu
remove_submenu_page(""test-plugin-admin"", ""test-plugin-admin"");
}
add_action(""admin_menu"", ""test1_admin_menu"");
}}}
plugin 2:
{{{
function test2_admin_menu() {
add_menu_page(""Test Plugin"", ""Test Item"", ""manage_options"", ""test-plugin-admin"");
add_submenu_page(""test-plugin-admin"", """", ""Subitem for plugin 2"", ""manage_options"", ""test2-admin-subitem"");
// remove the automatically created submenu
remove_submenu_page(""test-plugin-admin"", ""test-plugin-admin"");
}
add_action(""admin_menu"", ""test2_admin_menu"");
}}}
This works - and the menu is also shown, if only one plugin is active/enabled.
BUT:
The menu ""Test Item"" in the admin backend is shown twice. Same ID in HTML, same subitems, same links, same names ... completly copied.
Is there a way to avoid that behaviour ?
I will use a clean admin menu and all my plugins should use one (own) admin menu item as parent.",kimjo
Tickets with Patches,54028,Fix improper use of the hooks API,,General,5.8,normal,normal,Future Release,defect (bug),new,has-patch,2021-08-27T19:43:07Z,2023-01-17T17:19:24Z,"Using lambda functions as callbacks for `add_action()` and `add_filter()` is not supported as it breaks part of the WP Hooks API. It prevents the removal of such callbacks, `remove_action()` and `remove_filter()` stop working.
It seems there are few cases of such breakage in core:
- https://github.com/WordPress/wordpress-develop/blob/master/src/wp-admin/edit-form-blocks.php#L32
- https://github.com/WordPress/wordpress-develop/blob/master/src/wp-admin/options-privacy.php#L21
- https://github.com/WordPress/wordpress-develop/blob/master/src/wp-admin/privacy-policy-guide.php#L20
- https://github.com/WordPress/wordpress-develop/blob/master/src/wp-includes/script-loader.php#L2448
- https://github.com/WordPress/wordpress-develop/blob/master/src/wp-includes/sitemaps/class-wp-sitemaps-renderer.php#L254
(and possibly other).
Generally hooks should be added to either `wp-admin/includes/admin-filters.php` or `wp-includes/default-filters.php` as much as possible. It's also acceptable to add them from functions or ""template"" files. However hooks should never be added from ""include"" files (for security reasons), and lambda callbacks are not acceptable.",azaozz
Tickets Awaiting Review,54040,Changing element text or background color should only affect color,,Editor,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-08-31T11:40:02Z,2021-09-07T13:33:39Z,"Page elements get unintended padding when changing background or font color, violating the [https://en.wikipedia.org/wiki/Principle_of_least_astonishment principle of least astonishment].
In effect, the end-user is expecting that a change to the background color would have only one outcome. Instead, there is a second side-effect where the element gets padding.
Padding is added to many elements via CSS selectors that mostly target "".has-background,"" such as the following.
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/heading/style.css#L76-L78
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/heading/style-rtl.css#L76-L78
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/list/style.min.css#L1
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/list/style-rtl.min.css#L1
- https://github.com/WordPress/WordPress/blob/270f2011f8ec7265c3f4ddce39c77ef5b496ed1c/wp-content/themes/twentytwentyone/assets/sass/05-blocks/group/_editor.scss#L18-L23
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/list/style-rtl.css#L72-L74
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/list/style.css#L72-L74
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/paragraph/style-rtl.css#L101-L103
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/paragraph/style.css#L101-L103
- https://github.com/WordPress/WordPress/blob/270f2011f8ec7265c3f4ddce39c77ef5b496ed1c/wp-content/themes/twentytwentyone/assets/sass/05-blocks/rss/_editor.scss#L104-L107
- https://github.com/WordPress/WordPress/blob/270f2011f8ec7265c3f4ddce39c77ef5b496ed1c/wp-content/themes/twentytwentyone/assets/sass/05-blocks/rss/_style.scss#L104-L107
- https://github.com/WordPress/WordPress/blob/8a11188d0f5728bc9bbdf331ff9174d45b1768a6/wp-content/themes/twentytwentyone/assets/sass/03-generic/vertical-margins.scss#L159-L161
- https://github.com/WordPress/WordPress/blob/270f2011f8ec7265c3f4ddce39c77ef5b496ed1c/wp-content/themes/twentytwentyone/assets/sass/05-blocks/paragraph/_editor.scss#L4-L6
- https://github.com/WordPress/WordPress/blob/1a7033e75ff6b5911b2b9d34ceee38e80084b85e/wp-content/themes/twentytwentyone/assets/sass/05-blocks/query-loop/_style.scss#L3-L8
- https://github.com/WordPress/WordPress/blob/1a7033e75ff6b5911b2b9d34ceee38e80084b85e/wp-content/themes/twentytwentyone/assets/sass/05-blocks/query-loop/_editor.scss#L3-L7
- https://github.com/WordPress/WordPress/blob/270f2011f8ec7265c3f4ddce39c77ef5b496ed1c/wp-content/themes/twentytwentyone/assets/sass/05-blocks/paragraph/_style.scss#L6-L8
- https://github.com/WordPress/WordPress/blob/0a2b52dfeb4e28e4ff3714899a2890a779c3748f/wp-content/themes/twentytwentyone/assets/sass/05-blocks/latest-posts/_style.scss#L112-L115
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/preformatted/style.css#L75-L77
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/preformatted/style-rtl.css#L75-L77
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/group/editor.css#L83-L86
- https://github.com/WordPress/WordPress/blob/8df663cbfafedd6e594c3df8101e6085dfe18035/wp-includes/blocks/group/editor-rtl.css#L83-L86
- https://github.com/WordPress/WordPress/blob/c3ea09ebb8034be04f42e5aaf5f523cbead7e2a4/wp-includes/blocks/columns/style.css#L85-L87
- https://github.com/WordPress/WordPress/blob/c3ea09ebb8034be04f42e5aaf5f523cbead7e2a4/wp-includes/blocks/columns/style-rtl.css#L85-L87
- https://github.com/WordPress/WordPress/blob/0638de4c60de0d9cf800ca887177b67ba8ad68f0/wp-content/themes/twentynineteen/style-editor.scss#L868-L880
- https://github.com/WordPress/WordPress/blob/270f2011f8ec7265c3f4ddce39c77ef5b496ed1c/wp-content/themes/twentyseventeen/assets/css/editor-blocks.css#L496-L498",brylie
Tickets Awaiting Review,54046,Uncaught SyntaxError: Invalid regular expression,,Editor,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-08-31T22:34:14Z,2021-09-11T23:50:56Z,"Hi
I am trying to install a fresh version of WordPress on my server
but the problem is, on the add new post page, I am getting this error:
{{{
Uncaught SyntaxError: Invalid regular expression: /[!-/:-@[-`{-~б─-б©ц≈ц╥Б──-Б╞©Б╦─-Б╧©]/: Range out of order in character class
at new RegExp ()
at Module.pC98 (wordcount.min.js?ver=61ab1af9326f4d5fda7ed01990e1be70:2)
at t (wordcount.min.js?ver=61ab1af9326f4d5fda7ed01990e1be70:2)
at wp.wordcount.YLtl (wordcount.min.js?ver=61ab1af9326f4d5fda7ed01990e1be70:2)
at wordcount.min.js?ver=61ab1af9326f4d5fda7ed01990e1be70:2
}}}
however everything is fine even with this error until I try to install SEO plugins, like Yoast SEO and Rank Math SEO, but the cause of the problem is WordPress
I tried everything to see if this problem will gone away or not
Tested with php 7.4 and 8.0
Tested with chrome, firefox and opera
Tested with mysql and mariadb, also tested with different charset
",mmakenzi
Tickets Awaiting Review,54048,improve preloaded REST API requests in widget editor,,Widgets,5.8,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-09-01T10:29:13Z,2021-09-04T15:04:38Z,Preload more REST API requests in the widget editor. ,spacedmonkey
Tickets Awaiting Review,54053,Multisite Users screen Mark as Spam status is not documented,,Users,5.8,normal,normal,Awaiting Review,enhancement,new,,2021-09-01T15:09:21Z,2021-09-06T05:28:07Z,"This issue was brought up in the support forums - https://wordpress.org/support/topic/finding-documentation-for-mark-as-spam-button/.
I was also not able to find and clear documentation around what marking a user as spam actually means.",welcher
Tickets Awaiting Review,54070,"Increase CPT ""machine name"" limit from its current maximum of 20 characters.",,Database,2.1,normal,normal,Awaiting Review,feature request,new,dev-feedback,2021-09-03T13:30:04Z,2022-10-04T18:08:03Z,"In order to accommodate proper namespacing for Custom Post Types (as well as, potentially, transliteration from non-Latin alphabets), 20 characters is often not enough.
Custom Taxonomies currently have a machine name limit of 32 characters. It would be nice to see CPTs have at least that many, although 64 characters would be even better.",taupecat
Tickets Awaiting Review,54078,Underscore appended to media file on upload,,Upload,5.8,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-09-06T14:02:07Z,2021-09-07T14:35:04Z,"I noticed that a random underscore is appended to media files, when uploading them in an article. Im using the Classic Editor.
The original file name was:
**AB-LET.2018.133.AXH1.jpg**
Once uploaded, it became:
**AB-LET.2018.133.AXH1_.jpg**
There was no prior file uploaded with that name (at least the media gallery does not find any).",spielautomat4
Candidates for Closure,54080,Dashboard > My Sites could use a list table for displaying the list of sites,,Networks and Sites,3.0,normal,normal,Awaiting Review,feature request,new,dev-feedback,2021-09-07T07:59:55Z,2021-09-08T09:13:36Z,"Dashboard > My Sites uses an unfamiliar display when listing a user's sites if compared with the rest of the pages in the administration area such as Posts > All Posts.
For consistency, could My Sites make use of a [https://developer.wordpress.org/reference/classes/wp_list_table/ list table]?",henry.wright
Candidates for Closure,54086,bloginfo language issue,,Networks and Sites,3.0,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-09-08T16:50:55Z,2021-09-23T22:06:39Z,"hi,
the code snippet below only returns the name of the blog well, not the language, it is always the same.
even though the language is changed in the site admin settings.
{{{#!php
blog_id );
echo get_bloginfo( 'name' );
echo get_bloginfo( 'language' );
restore_current_blog();
}
}}}
",kukac7
Slated for Next Release,54091,Attachment details pane navigation not working after opening 81st (or greater) item and refreshing the browser,antpb,Media,5.8,normal,trivial,6.6,defect (bug),assigned,dev-feedback,2021-09-08T19:02:34Z,2024-03-27T15:26:10Z,"Setup:
- clean 5.8;
- twentytwentyone active;
- no plugins active.
Steps to reproduce:
- open media page;
- click on the 41st item in the list;
- notice the left arrow is enabled (which is to be expected, since there are previous items);
- refresh the page.
Notice the left arrow now - it's disabled.
Not sure if this is intended, but since the item isn't loaded (in the grid), there's no previous but there's only next, which points to the first item. Clicking the right arrow goes to the it and you can't go back to the previous item.",ppetrov2c
Tickets Awaiting Review,54096,Get URL by post ID in WP-Admin,,Administration,5.8,normal,normal,Awaiting Review,feature request,new,,2021-09-08T21:39:03Z,2021-09-08T21:39:03Z,"Would it be feasible to add search by ID to the [https://github.com/WordPress/gutenberg/blob/trunk/packages/core-data/src/fetch/__experimental-fetch-link-suggestions.js#L70 fetchLinkSuggestions] function?
There are times when I'm working on large sites and I have pages with identical names in different sections of the site. If I could just plug the ID in, it'd save me a fair bit of time and hassle.",jhned
Tickets Awaiting Review,54102,Users with email address's containing & shows up as HTML & breaking certain connectivity,,Users,5.8,normal,normal,Awaiting Review,defect (bug),new,,2021-09-09T11:01:47Z,2021-09-23T08:53:21Z,"The email address is set to tes&123@go6.co.uk but WordPress back end-user panel is treating it as tes&123@go6.co.uk which is causing malformed results when trying to perform other actions we need.
See screenshot - https://i.snipboard.io/VHAgmO.jpg",waynep16
Tickets Awaiting Review,54113,Override core/gallery block,,Editor,5.8.1,normal,normal,Awaiting Review,defect (bug),new,,2021-09-12T17:34:11Z,2022-01-31T09:45:08Z,"Hello,
I did override the core block for the gallery using in my ''functions.php'' file :
{{{#!php
'my_gallery_render',
) );
}
add_action( 'init', 'my_register_gallery', 10 , 1 );
}}}
It was perfectly working, but since a few days (I did the last update of wordpress 5.8.1), and maybe a little bit before, but I am not totally sure, I have an issue :
If I use the ''unregister_block_type'' function I cannot override it with ''register_block_type'' and the block disappear in the editor. And a strange thing occurs, I have this message on the former existing gallery blocks :
{{{
Your site doesn’t include support for the THRON block. You can try installing the block, convert it to a Custom HTML block, or remove it entirely.
}}}
If I don't use ''unregister_block_type('core/gallery');'' before, I have this message :
{{{
Notice: WP_Block_Type_Registry::register was called incorrectly. Block type ""core/gallery"" is already registered. Please see Debugging in WordPress for more information. (This message was added in version 5.0.0.) in /Users/the_user/wordpress_folder/wp-includes/functions.php on line 5663
}}}
All of that was working before with no alert.
I tried with all my plugins deactivated, and with removing all my function.php files actions.
",lohic
Tickets Awaiting Review,54116,Check ImageMagick version 6/7,,Site Health,,normal,normal,Awaiting Review,enhancement,new,,2021-09-13T08:52:32Z,2024-01-24T09:26:50Z,"From #52654
**Context**
WordPress uses ImageMagick to create, edit, compose, or convert digital images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, WebP, HEIC, SVG, PDF, DPX, EXR and TIFF. ImageMagick can resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.
**ImageMagick recommendation**
But, we recommend using ImageMagick, although the last WordPress versions supports WebP and ImageMagick 6 does not support it.
Moreover, a lot of OS have the version 6 by default because version 7 needs to be compiled manually (at least, at this moment).
**Site Health**
Should the Site Heath check the version?
Yes. because for some functionalities, there are some things different.
**How we can check it?**
https://www.php.net/manual/en/imagick.getversion.php
The array returns something like:
{{{
Array
(
[versionNumber] => 1632
[versionString] => ImageMagick 6.6.0-4 2010-11-16 Q16 http://www.imagemagick.org
)
}}}
But, we should get the version with this example:
{{{#!php
ID, get_object_taxonomies( 'post' ) );
}}}
2. But in block editor, hope we are separately storing the category and terms(Please correct me if am wrong)
3. In block editor on old post status as ""new"" and new post status as ""publish"" (This would the first time publish of that post), in wp_insert_post() we are not getting the category or terms to store in that post, so while entering transition_post_status action hook, we are not able to get the corresponding selected category instead we are getting the Uncategory for that post as a default.
4. In block editor we are getting the corresponding post category for action hook transition_post_status, but the post status are incorrect, the old post status and new post status is ""publish"", which is equivalent to update, so we are not able to identify whether the post has been published first or update.
Please let me know if the above is unclear.
Thanks
M A Vinoth Kumar",vinoth06
Tickets Awaiting Review,54125,Rest API tax_relation=OR doesn't seem to work correctly,,REST API,5.8,normal,major,Awaiting Review,defect (bug),new,,2021-09-15T07:02:38Z,2021-09-15T07:02:38Z,"Let's say we have posts of a custom post type.
Post 1 has custom-tax1 with ID1 and custom-tax2 with ID2.
Post 2 has custom-tax2 with ID2.
Post 3 has custom-tax1 with ID3.
Post 4 has no custom taxonomies attached.
When querying
{{{
/wp/v2/custompost?&_fields=id,title&custom-tax1=ID&custom-tax2=ID2
}}}
it returns only Post 1 as expected.
{{{
/wp/v2/custompost?&_fields=id,title&custom-tax2=ID2
}}}
returns Post 1 and Post 2 as expected
Querying
{{{
/wp/v2/custompost?&_fields=id,title&custom-tax1=ID1&custom-tax2=ID2&tax_relation=OR
}}}
I expect it to return Post 1 and Post 2 as well, but instead it returns all 4 Posts. As soon as tax_relation=OR is added to the query, it seems all prior tax queries are just ignored.
Unless I'm misreading this https://make.wordpress.org/core/2020/02/29/rest-api-changes-in-5-4/ and it should somehow work differently.",roverlap
Tickets Awaiting Review,54126,Twenty Twenty: Left and right image alignment issue in front side,,Bundled Theme,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-09-15T09:19:49Z,2022-07-26T02:42:44Z,"In the twentytwenty theme, when we give alignment left and right to the image from the backend, the design is breaking due to some properties on that image in the front side.
",aezazshekh
Candidates for Closure,54136,Slideshow gallery shown as a tiled gallery when using shortcode with Classic Editor,,Gallery,5.8.1,normal,minor,Awaiting Review,defect (bug),new,close,2021-09-16T19:18:33Z,2021-12-15T03:15:56Z,"The issue is happening with the Gallery Block, [https://wordpress.com/support/wordpress-editor/blocks/gallery-block/2/ when added through the Classic Editor as explained here.]
Adding it with the shortcode {{{[gallery]}}} and the variable {{{type: slideshow}}} outputs it as a tiled gallery instead of showing a slideshow.
[https://wordpress.org/support/topic/what-options-are-currently-available-in-the-wordpress-gallery-shortcode-2 This was initially reported here as a Jetpack issue], but I was able to reproduce it without Jetpack installed, and with a default theme (Twenty Seventeen).
",muffinpeace
Tickets Awaiting Review,54144,The New Blocks Widgets Causes a Huge Load on the Database,,Widgets,5.8.1,normal,critical,Awaiting Review,defect (bug),new,,2021-09-18T16:26:14Z,2023-04-20T13:52:18Z,"Hi There!
My host on DigitalOcean with 4GB RAM which is too large for any small WordPress site, and I had no issues until you released the new Widgets.
Just while loading the widgets in the Admin Dashboard, I receive a DB error message (which I made to know about an overload) in every Widget box.
This is a very wired situation not suitable for my server's resources, I don't know if someone else report this issue before but now all my websites upgraded to v5.8 always down in the Widgets pages because of overload on database.
Thanks hope to fix soon
[[Image(https://awscdn.oxibug.com/cdn/wp-content/uploads/2021/09/WordPress-v581-Widgets-DB-Overload-Issue.jpg)]]",oxibug
Candidates for Closure,54145,new widget feature broke database,,Widgets,5.8.1,normal,critical,Awaiting Review,defect (bug),new,reporter-feedback,2021-09-19T02:47:16Z,2021-09-28T00:59:22Z,"https://prnt.sc/1srrhlp
== **Error establishing a database connection
**when i install new themes or develop websites uses astra or paid themes
this new widget module creates critical bugs and broke database also
after going to this page it makes my website says ""Error establishing a database connection""
but host is worked well and wp-config is correct; so in two condition i test sometimes create php errors and make database corrupt so my suggestion is make a site owner to decide what he want to use new module or not and suggest to put old widget plugin in main plugin page side classic editor and i hope to fix it soon in coming updates
thanks for making wordpress open for everyone",starmido213
Tickets with Patches,54149,Audit `get_comment()` response checks.,hellofromTonya,Comments,5.9,normal,normal,Future Release,defect (bug),assigned,has-patch,2021-09-21T02:14:44Z,2022-09-27T16:55:50Z,"There are currently 164 calls to `get_comment()` across 36 files in the codebase (see attached file), with more pending with at least one upcoming PR.
Some of these calls check the response of `get_comment()` in one of the following ways:
{{{#!php
comment_ID ) {...
if ( ! empty( $comment->comment_ID ) {...
}}}
Some do not check the response at all. A [https://wordpress.slack.com/archives/C02RQBWTW/p1630738445035900 discussion on Slack] between myself and @jrf led to the suggestion that we audit the use of `get_comment()`.
@hellofromtonya suggested two alternative checks on the response:
{{{#!php
tag when HTML tags are present within JS strings.,,General,,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-09-24T13:42:03Z,2021-09-26T01:26:06Z,"We are using a custom JS file that is reaching out to a web service, building a string from the data, and setting it as the innerHTML to a DOM Element already on the page. For some reason, HTML tags in this string were causing our script to get cut short, and whatever remained would instead by interpreted as HTML. A JavaScript snippet such as the following:
{{{
myElement.innerHTML = ‘’;
}}}
would cause a tag to be inserted between the
and tags, cutting the JS short, leaving the rest to be read as HTML. The fix was to replace every tag in these strings with a chain of concatenations:
{{{
myElement.innerHTML = ‘<’ + ‘div>’ + ‘<’ + ‘p>My Content’ + ‘<’ + ‘/p>’ + ‘<’ + ‘/div>’;
}}}
I don’t know what was causing this, but this workaround prevented whatever was processing our JavaScript from recognizing and interpreting the HTML tags.",joshuapeck9898
Candidates for Closure,54182,Use wp_unslash() for $_REQUEST Parameter in wp-admin/admin-post.php file,,General,5.8.1,normal,normal,Awaiting Review,enhancement,new,reporter-feedback,2021-09-25T11:13:03Z,2021-09-30T20:56:30Z,"Need to use the `wp_unslash()` for `$_REQUEST['action']`, you can see screenshot.",yagniksangani
Tickets Awaiting Review,54184,HTML entities get decoded in Customizer text fields,,Customize,5.8.1,normal,normal,Awaiting Review,defect (bug),new,,2021-09-26T00:19:10Z,2021-09-26T00:19:10Z,"= Part 1
1. Use `WP_Customize_Manager::add_setting()` and `WP_Customize_Manager::add_control()` to create a `text` setting/control with the default value `©`;
2. Navigate to the newly added setting in the Customizer.
== Expected Result
The literal text `©` is in the edit box (as specified for the default value).
== Actual Result
A copyright symbol (`©`) is in the edit box.
= Part 2
1. Enter the text `&` in the above edit box (replacing what was there);
2. Publish (save) settings;
3. Reload the page and navigate to the setting once again.
== Expected Result
The literal text `&` is in the edit box (as originally entered).
== Actual Result
Only a single ampersand symbol (`&`) is in the edit box.
= Note
Same results if the setting is given type `textarea`.
Whatever is entered into text controls, or provided for a default value, should be preserved as is. The WordPress Customizer has no knowledge of how it is going to be used and should not make presumptions that it is going to be used in HTML output.
",jqz
Unpatched Bugs,54204,Twenty Twenty-One: s are not styled in block editor,,Bundled Theme,5.8.1,normal,normal,Future Release,defect (bug),new,,2021-09-29T20:41:27Z,2023-03-25T17:54:03Z,The title says it all.,zebulan
Tickets Awaiting Review,54205,jqxhr is undefined inside of deferred.done() when using wp.media to add a custom image upload,,Media,5.8.1,normal,major,Awaiting Review,defect (bug),new,,2021-09-30T20:55:42Z,2022-05-31T14:33:33Z,"I have done all the usual trouble shooting and found this is being cause by a new block of code added to wp-util.js in 5.8.1. Specifically lines 121-134.
The jqXHR property does not exist inside of the done() object and therefor always errors out. This is removing a key functionality of a clients admin that makes it where no new products can be added without a horrible workaround.",metawebdevelopment
Tickets Awaiting Review,54216,missing base href in wp-admin,,Administration,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-10-04T12:24:27Z,2021-10-13T22:10:48Z,"I'm currently testing WordPress with a custom setup using the built-in PHP webserver (php -S localhost:8080 -t .) and I stumbled upon a problem.
When I access http://localhost:8080/wp-admin everything looks fine. But the links point to options-general.php, edit.php, plugins.php and so on which results in http://localhost:8080/options-general.php, http://localhost:8080/edit.php, http://localhost:8080/plugins.php and so on.
Only on http://localhost:8080/wp-admin/index.php and http://localhost:8080/wp-admin/ the links result in http://localhost:8080/wp-admin/options-general.php and so on.
I am aware that the PHP built-in webserver should normally not be used but I have to use it since there are several issues with the WP CLI like https://github.com/wp-cli/server-command/issues/71 and I just need a small local demo setup using github.com/DanielRuf/run-local-wordpress.
I added the missing base metatag in the wp_admin_bar_header function using a simple echo "" "";
I suggest to add an option to enable the output of the needed base tag.
This trac issue is created as according to https://wordpress.org/support/topic/missing-base-href-in-wp-admin-needed-for-php-built-in-webserver/#post-14932543 this should be reported as ""bug"" or trac issue in the WordPress core.",anonymized_17880307
Tickets Awaiting Review,54217,Menu Screen has some UI inconsistency issue,,Menus,5.8,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-10-04T13:42:31Z,2021-10-05T06:53:46Z,"Bulk Select button on menu screen on top and bottom doesn't have the equal margin from top and bottom, Refer Screenshot `bulk-select-margin.png`
After applying the patch, the screen looks like this, refer `bulk-select-after-fix.png`
Made sure it doesn't break anything else, after applying the fix for it, menu items margin got disturbed so applied fix for that as well, refer `menu-item-margin.png`
`Add menu items from the column on the left.` padding of this also got disturbed so fixed this by adding
{{{
.nav-menus-php #post-body-content .post-body-plain {
margin-bottom: 0;
padding: 0.1em 0;
}
}}}
Refer Screenshots: `menu-item-colum-left.png` & `menu-item-colum-left-after-fix.png`
",juhise
Candidates for Closure,54240,WP REST API Users Endpoint Search,,REST API,5.8.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-10-11T03:31:11Z,2021-10-14T11:16:28Z,"The WP REST API Users endpoint doesn't support plus addresses when searching using the search parameter - /wp-json/wp/v2/users/?search=example+label@example.com
Plus addressing is a handy Google Workspace and Office 365 feature that I'm noticing adoption of more and more.",damianem
Tickets with Patches,54247,REST API: Add block editor settings endpoint,,REST API,,normal,normal,Future Release,enhancement,new,has-patch,2021-10-12T17:21:11Z,2021-10-21T16:58:47Z,"This is a tracking ticket for merging the block editor settings endpoints from Gutenberg.
https://github.com/WordPress/gutenberg/blob/trunk/lib/class-wp-rest-block-editor-settings-controller.php",enej
Tickets with Patches,54260,Add accessible labels to pagination links,,General,,normal,normal,Future Release,enhancement,reopened,has-patch,2021-10-13T23:31:52Z,2023-05-24T05:57:50Z,"The default behavior of `paginate_links` is to output link text with no context around the page numbers that the text represents.
WP Ref: https://developer.wordpress.org/reference/functions/paginate_links/
This is a sample of the default output:
{{{
}}}
I believe the more accessible output would be this:
{{{
}}}
This falls short of what most of us would call an acceptable level of readability for users with assistive technologies. A few small code changes could alleviate this, I believe.
W3 Ref: https://www.w3.org/WAI/WCAG21/Understanding/headings-and-labels#dfn-label
To go along with this, a small change to `get_the_posts_pagination` should be used to supply the translatable string for this label.
WP Ref: https://developer.wordpress.org/reference/functions/get_the_posts_pagination/
{{{
$args = wp_parse_args(
$args,
array(
'mid_size' => 1,
'prev_text' => _x( 'Previous', 'previous set of posts' ),
'next_text' => _x( 'Next', 'next set of posts' ),
'screen_reader_text' => __( 'Posts navigation' ),
'aria_label' => __( 'Posts' ),
'links_aria_label' => __( 'Page' ),
'class' => 'pagination',
)
);
}}}",michaelbourne
Unpatched Enhancements,54265,Updates UI: offer multiple variations of available updates nags to highlight older updates,audrasjb,Upgrade/Install,,normal,normal,Future Release,enhancement,reopened,,2021-10-14T15:39:10Z,2024-03-05T15:41:44Z,"Today, when an update is available for one of your plugins, for Core, or for a theme, the update notice is always the same:
- It uses a single and consistent color across the different wp-admin screens.
- The update messager remains the same until you've update the plugin/theme/core.
While that works, I wonder if there could be an opportunity to better emphasize the need to update things on your site.
Google Chrome comes to mind: its update warning is first green, then turns yellow and then red to highlight the need to update.
I wonder if WordPress could do something similar:
- If an update has been available for less than a month, have the notice displayed the way we display it today.
- If that update has been available for 2 to 3 months, have the notice turn more yellow / be more of a warning.
- If that update has been available for more than 3 months, have the notice turn red.
We may even want to be more granular there; core security releases would be red right away for example.
Somewhat related: #33374",jeherve
Tickets Awaiting Review,54266,Enhancing WordPress - CSS for Category links,,General,5.8.1,normal,normal,Awaiting Review,enhancement,new,,2021-10-14T15:50:00Z,2021-10-14T16:52:04Z,Not sure if you can do this but it would be helpful if there were classes to style the category links (a href's) displayed on posts. I would like to be able to colorize to match my category pages for UI purposes. Thank you.,ireviewfreemovies
Tickets Awaiting Review,54268,Using `author_name` in URL parameter gives unexpected results when logged into contributor account,,Query,5.8.1,normal,minor,Awaiting Review,defect (bug),new,,2021-10-14T22:22:48Z,2021-10-14T22:22:48Z,"When logged into a contributor account, and trying to view the post listing on the dashboard of an administrator user, the query changes unexpectedly when the URL uses the `author_name` parameter rather than the default url.
Assuming a user ID of 1 for an administrator user, and a user ID of 2 for a contributor user:
When logged into the contributor account, and displaying the admin user's posts in the dashboard, the URL looks like this and works as expected:
`/wp-admin/edit.php?post_type=post&author=1`
The main query is:
{{{
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID
FROM wp_posts
WHERE 1=1
AND wp_posts.post_author IN (1)
AND wp_posts.post_type = 'post'
AND (wp_posts.post_status = 'publish'
OR wp_posts.post_status = 'future'
OR wp_posts.post_status = 'draft'
OR wp_posts.post_status = 'pending'
OR wp_posts.post_author = 2
AND wp_posts.post_status = 'private')
ORDER BY wp_posts.post_date DESC
LIMIT 0, 20
}}}
But if the URL is switched to the username of the administrator user, example, admin, like this `/wp-admin/edit.php?post_type=post&author_name=admin` or even just `/wp-admin/edit.php?author_name=admin` I would expect the same results, but they are different:
{{{
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID
FROM wp_posts
WHERE 1=1
AND wp_posts.post_author IN (2)
AND (wp_posts.post_author = 1)
AND wp_posts.post_type = 'post'
AND (wp_posts.post_status = 'publish'
OR wp_posts.post_status = 'future'
OR wp_posts.post_status = 'draft'
OR wp_posts.post_status = 'pending'
OR wp_posts.post_author = 2
AND wp_posts.post_status = 'private')
ORDER BY wp_posts.post_date DESC
LIMIT 0, 20
}}}
The `IN (2)` and the `OR wp_posts.post_author = 2` here is unexpected, because the 2 is the user ID of the contributor user that is logged in, and it isn't relevant to a query for the posts of user ID 1 (admin).
For comparison, when logged into the administrator's account, this query looks like this:
{{{
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID
FROM wp_posts
WHERE 1=1
AND (wp_posts.post_author = 1)
AND wp_posts.post_type = 'post'
AND (wp_posts.post_status = 'publish'
OR wp_posts.post_status = 'future'
OR wp_posts.post_status = 'draft'
OR wp_posts.post_status = 'pending'
OR wp_posts.post_status = 'private')
ORDER BY wp_posts.post_date DESC
LIMIT 0, 20
}}}
To replicate:
1. Create two users, one with the administrator role, and another with a contributor role.
2. Publish a post for the admin user.
3. While logged into the contributor user's account, view the administrator user's posts in the dashboard. The link will look like `/wp-admin/edit.php?post_type=post&author=1`. Take note of the main query and the search results.
4. Alter the url to look for the username of that administrator user, in this format: `/wp-admin/edit.php?post_type=post&author_name=admin`. Check the main query and search results again.
This appears to be coming from the `get_posts` function in the wp-includes/class-wp-query.php file.
This is a low severity issue that I stumbled upon while investigating a Co Authors Plus [https://github.com/Automattic/Co-Authors-Plus/issues/820 issue], a plugin that uses the `author_name` in the URL. However, even when that plugin is not installed, the above described behavior is replicable.",lschuyler
Tickets Awaiting Review,54274,Choose where new menu items should go instead of default ending them to the end.,,Menus,,normal,normal,Awaiting Review,enhancement,new,,2021-10-16T11:14:38Z,2021-10-22T14:21:16Z,"I think it would be a nice quality of life improvement if you were able to choose where a menu item goes when you add it.
Currently, when you want to add a menu item in the middle, you have to add it and move it from the bottom towards the correct position.
Thinking out loud, add a sort of clickable line/button between the menu items in the appearance -> menu section that opens a list where the user can select which page/post/custom item to add in between the two items and possibly a checkbox if the user wants to add it as a child or not. ",NekoJonez
Tickets Awaiting Review,54289,Improve get_shortcode_regex performance,,Shortcodes,5.9,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-10-19T09:02:03Z,2021-10-19T09:02:56Z,"Hi,
It's my first PR to WordPress, I hope it goes well :).
I ran Blackfire on my homepage (eCommerce shop with Woocommerce plugin). After analyzing it, I see that many shortcodes are parsing, but I don't use it directly. After some investigation, I see that in
`get_shortcode_regex` is many unnecessary call implode/array_map function for empty `$tagsname` argument.
After this patch, page response time is reduced by almost ~200ms.
Blackfire profile screen: [[Image(https://monosnap.com/file/Vq4pXvVggX2AdEG4736sl0cShQNBbk)]]
",Antek88
Tickets Awaiting Review,54290,Domain mapping: Text displayed on wp-signup.php asserts site doesn't exist when it does actually exist,,Networks and Sites,,normal,normal,Awaiting Review,defect (bug),new,,2021-10-19T09:22:59Z,2021-10-26T18:11:21Z,"In a network install, when domain mapping is active for a custom domain, the following message appears on the wp-signup.php page when the network sub-domain is visited:
> The site you were looking for, https://foo.example.com/, does not exist, but you can create it now!
**Steps to reproduce**
1. Map a network site ""foo.example.com"" to a custom domain ""foo.com"" using this guide: https://wordpress.org/support/article/wordpress-multisite-domain-mapping/
2. Visit the network sub-domain ""foo.example.com"" in a browser
3. Observe the text on wp-signup.php which notes ""foo.example.com"" doesn't exist
The network sub-domain ""foo.example.com"" does exist so this text shouldn't be displayed.",henry.wright
Tickets Awaiting Review,54293,Expand functionality of themes REST API,,REST API,4.7,normal,normal,Awaiting Review,enhancement,new,needs-unit-tests,2021-10-20T09:30:08Z,2022-06-07T11:59:12Z,"Current the REST API for themes is extremely limited. It only allows for listing themes and getting the current theme. However, there are lots theme related functions that are not possible to access via this api. This includes ( but it not limited to )
- Installing new themes
- Network activating theme ( multisite only )
- Network deactivating theme ( multisite only )
- Active ( switch to theme )
- Deleting theme
Any themes api should allow the patterns / structure of the plugins REST API, in it's params and responses.
It is also worth noting, that have a multisite element, as themes can be network activated / deactivated.",spacedmonkey
Tickets with Patches,54298,Multisite: resetpassform always posts to the main-site wp-login.php file,,Login and Registration,,normal,normal,,enhancement,new,dev-feedback,2021-10-20T14:50:00Z,2023-10-01T01:52:18Z,The reset password form always posts to the main-site wp-login.php file. If the reset password form on a sub-site is being used then I'd expect the form to post to the sub-site wp-login.php file.,henry.wright
Candidates for Closure,54299,Multisite: The link in the password retrieval email always points to the main-site,,Login and Registration,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2021-10-20T14:59:52Z,2023-08-18T12:37:19Z,"The link in the password retrieval email always points to the main-site. If the password reset was requested on a sub-site then the link in the email should point to that sub-site.
This is important because the main-site may be in a different language to the sub-site.",henry.wright
Tickets Awaiting Review,54303,[Object Cache] Allow global caching groups to be filterable / changed,,Cache API,5.8.1,normal,minor,Awaiting Review,enhancement,new,dev-feedback,2021-10-21T13:02:06Z,2022-06-09T01:17:57Z,"The Object Caching system differentiates between ""local cache groups"" and ""global cache groups"". This is essential for Multisite setups.
Global cache groups store cached objects - as the name implies - globally. There is one cached object for all sites in the network. Whereas the local cache groups are stored individually per site.
The cache groups are setup using the {{{wp_cache_...}}} API. Like https://developer.wordpress.org/reference/functions/wp_cache_add/
Which groups are actually global is setup in the Object Cache bootstrapping code here:
https://github.com/WordPress/WordPress/blob/e791d7f5db8252ba66c7777c456ed80343a450aa/wp-includes/load.php#L732-L735
{{{
wp_cache_add_global_groups( array( 'users', 'userlogins', 'usermeta', 'user_meta', 'useremail', 'userslugs', 'site-transient', 'site-options', 'blog-lookup', 'blog-details', 'site-details', 'rss', 'global-posts', 'blog-id-cache', 'networks', 'sites', 'blog_meta' ) );
}}}
This is hardcoded and not filterable in any (reasonable) way. Currently you have to rely on the actual Object Caching implementation to allow one to change the global cache groups.
The current globals setup is fine for the assumption of a default WordPress installation. But as it is with customizable software like WordPress, this is not true in any case.
For example: If one would split the user information and move it from the (global) network level to the individual sites, one would have to remove all the user related groups from the global cache groups.
This is currently not possible at all.
There are some possible solutions:
1. Make the array of global cache groups filtereable
- This might be a timing issue because the object cache system is loaded very early. But it might work.
2. Add a function to the Object Cache API to actually remove cache groups from the globals list.
- This is the {{{add}}} function: https://developer.wordpress.org/reference/classes/wp_object_cache/add_global_groups/
- This could be extended with a counterpart:
{{{
public function remove_global_groups( $groups ) {
$groups = (array) $groups;
$this->global_groups = array_diff_key( $this->global_groups, $groups );
}
}}}
This could then be leveraged from plugins at any point of time. Yet it still might kick in too late due to the early nature of the object cache system.
3. If timing issues are an issue, instead of the filters, one could make the filtering available using a constant ( WP_OBJECT_CACHE_NON_GLOBAL_GROUPS => array( 'users', 'usermeta' ) ). Yet this depends on PHP7+
4. Configure the global cachegroups late when filters are available and allow default WP filtering
Is this an Edge case? Yes! But it still is quite a burden on the flexibility of the Object cache that could be solved :-)",janthiel
Tickets with Patches,54304,Expose menu data public in Menus REST API,,REST API,4.7,normal,normal,Future Release,defect (bug),new,has-patch,2021-10-21T19:45:22Z,2024-03-07T12:20:38Z,"Menus endpoints will be added in #40878. However by default this data requires the user to be logged in with the correct capability to access this data.
There should be a way to allow developers or users to expose menu / menu item / menu location publically in REST API. ",spacedmonkey
Candidates for Closure,54312,Widgets editor blocks,,Widgets,5.8.1,normal,major,Awaiting Review,defect (bug),new,reporter-feedback,2021-10-23T13:38:21Z,2022-02-16T08:32:44Z,"Hi there, we have noticed a bug in widgets block.
When editing Widgets in Blocks will repeat with errors and the console shows it is a JSON error stating 'The response is not a valid JSON response' and also says 503 error with it.
Troubleshooting I have done:
- Have tried downgrading versions, errors will be removed but unable to move widgets around. Now I have the current version.
- Deactivating all plugins, one reactivated they come back and it is not related to a plugin.
- did permalinks,
- re did htaccess file
- classic widgets plugin also takes away errors but you cant move widgets.
none of these steps worked.
Some guidance on what is happening would be greatly appreciated. Thank you
",donno1
Candidates for Closure,54313,Layout boxes angle sizes issue,,Administration,,normal,normal,Awaiting Review,defect (bug),assigned,close,2021-10-23T17:27:24Z,2021-10-23T19:49:24Z,"Hello WordPress team,
I have noticed this issue and sharing it with WordPress team experts according to this front-end layout. There is an issue with mobile responsiveness with these layout boxes, angel sizes are not suitable in mobile devices and the web view is perfect. So I am creating a ticket for this because this is a major issue, so please solve it or please give me a chance to enhance my skills.
Thank you so much...",lutuf
Candidates for Closure,54322,Add Logical Properties to safecss_filter_attr,,Formatting,5.8.1,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2021-10-26T07:59:07Z,2021-11-19T18:16:32Z,"== Background
CSS Logical Properties and Values give easier control over automating different writing mode formats by using logical, rather than physical directions. In other words, it means that the intended spacing, sizing, etc for each appropriate side of a box element translate seamlessly.
Mozilla Reference:
https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Logical_Properties
With the increase in inline styling from blocks, it's important to add more flexibility to how a theme or plugin developer might want to style their spacing components or future proof them as accessibility and internationalization become increasingly important and stop of mind.
Global usage is at a decent enough support level where it makes sense:
https://caniuse.com/?search=logical%20properties.
== Proposed Enhancement
The proposed addition would just be to add to the properties to the default array in safecss_filter_attr().
File: wp-includes/kses.php:
https://github.com/WordPress/wordpress-develop/blob/98bf67e02b0a4b4aa3848f4e8266c4fd66cdaad0/src/wp-includes/kses.php#L2170
The complete list of Logical Properties:
{{{
// Properties for sizing
'block-size',
'inline-size',
'max-block-size',
'max-inline-size',
'min-block-size',
'min-inline-size',
// Properties for borders
'border-block',
'border-block-color',
'border-block-end',
'border-block-end-color',
'border-block-end-style',
'border-block-end-width',
'border-block-start',
'border-block-start-color',
'border-block-start-style',
'border-block-start-width',
'border-block-style',
'border-block-width',
'border-inline',
'border-inline-color',
'border-inline-end',
'border-inline-end-color',
'border-inline-end-style',
'border-inline-end-width',
'border-inline-start',
'border-inline-start-color',
'border-inline-start-style',
'border-inline-start-width',
'border-inline-style',
'border-inline-width',
'border-start-start-radius',
'border-start-end-radius',
// Properties for margin & padding
'margin-block',
'margin-block-end',
'margin-block-start',
'margin-inline',
'margin-inline-end',
'margin-inline-start',
'padding-block',
'padding-block-end',
'padding-block-start',
'padding-inline-end',
'padding-inline-start',
// Properties for float & positioning
'inset',
'inset-block',
'inset-block-end',
'inset-block-start',
'inset-inline',
'inset-inline-end',
'inset-inline-start',
// Other Misc Props
'caption-side',
'overflow-block',
'overflow-inline',
'overscroll-behavior-block',
'overscroll-behavior-inline',
'resize',
'text-align'
}}}
",wazeter
Tickets Awaiting Review,54325,Multisite domain mapping: No blog address to revert to when domain mapping is made inactive,,Networks and Sites,,normal,normal,Awaiting Review,enhancement,new,,2021-10-26T18:06:05Z,2021-11-07T21:14:03Z,"When a user creates a blog in a network install they are given a blog address like ""foobar.example.com"". Now, imagine domain mapping is activated for this blog and the blog can be accessed using a custom domain like ""example.com"".
If the user decides they no longer want example.com to be hosted on the network, they may point DNS records to an IP address not associated with the network install. This will result in an orphaned blog because the ""foobar.example.com"" address was vacated when the initial domain mapping became active.
""foobar.example.com"" isn't reserved so a completely different user may have created a new blog in the mean time using the ""foobar.example.com"" address.",henry.wright
Tickets Awaiting Review,54338,"Site Health dashboard: ""insecure PHP""",,Site Health,,normal,normal,Awaiting Review,enhancement,new,,2021-10-29T08:51:31Z,2024-01-24T09:26:50Z,"Since WordPress 5.1, the [https://make.wordpress.org/core/2019/01/14/php-site-health-mechanisms-in-5-1/ WordPress dashboard has advice about the old PHP versions], and it says something like:
''WordPress has detected that your site is running an insecure version of PHP.''
This is really not accurate because it can be insecure or not. For example, in a few days we will have PHP 8.1, so PHP 7.3 will be end-of-life, but this doesn't really mean that will be insecure by default.
Maybe is more accurate, using [https://www.php.net/supported-versions.php the same words as PHP says] in this case: ""end of life"".
PHP has 3 options:
- Active support: A release that is being actively supported. Reported bugs and security issues are fixed and regular point releases are made.
- Security fixes only: A release that is supported for critical security issues only. Releases are only made on an as-needed basis.
- End of life: A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.
Probably, a text like this will be better:
''WordPress has detected that your site is running an end-of-life / no longer supported version of PHP.''
''WordPress has detected that your site is running an end-of-life version of PHP.''
''WordPress has detected that your site is running a no longer supported version of PHP.''",JavierCasares
Tickets Awaiting Review,54339,unique $keys array when add custom key from Several places with postmeta_form_keys,,General,5.8.1,normal,normal,Awaiting Review,defect (bug),new,,2021-10-29T09:11:47Z,2021-10-29T09:11:47Z,"I added two similar custom key from my theme and a plugin with postmeta_form_keys filter.
but now display both of theme in custom-fields name's select box (custom-fields metabox - post.php or post-new.php)
I think is better to unique $keys before options are printed.
wp-admin/includes/template.php
line ~730
before:
foreach ( $keys as $key ) {
after:
$keys = array_unique($keys);
foreach ( $keys as $key ) {",myousefi08
Candidates for Closure,54345,Publish Date Transparent Css Issue,,Editor,5.8.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2021-10-30T03:47:10Z,2021-10-30T05:30:20Z,"While editing an article i see Publish Date Transparent Css Issue,
in simple words, the custom date selection button is not visible.",itssamimtahir
Tickets with Patches,54346,Slow SQL queries fetching posts from specific categories,craigfrancis*,Database,,normal,normal,Future Release,enhancement,accepted,has-patch,2021-10-30T11:05:53Z,2023-12-11T00:44:48Z,"Noticed that REST API queries used in mobile app are very slow and found that such SQL queries can be optimized to be 10 times faster (1.8134 seconds vs. 0.1804 seconds) for wp_posts table having 800k records, see below.
Very similar queries are used when displaying posts from specific categories on the web, meaning optimizing this could lead to significant speed up everywhere.
The one responsible for this is WP_Tax_Query->get_sql_for_clause function.
REST API to fetch posts from specific categories, e.g. `/wp-json/wp/v2/posts/?per_page=10&_embed=1&categories=63545,63546,63547,63548,63549,63552,76287&page=1` executes the following SQL query:
{{{
SELECT
wp_posts.ID
FROM
wp_posts
LEFT JOIN wp_term_relationships ON (
wp_posts.ID = wp_term_relationships.object_id
)
WHERE
1 = 1
AND (
wp_term_relationships.term_taxonomy_id IN (
63545, 63546, 63547, 63548, 63549, 63552, 76287
)
)
AND wp_posts.post_type = 'post'
AND(
(wp_posts.post_status = 'publish')
)
GROUP BY
wp_posts.ID
ORDER BY
wp_posts.post_date DESC
LIMIT
0, 10
}}}
Query took 1.8134 seconds.
This query can be optimized by using subquery:
{{{
SELECT
wp_posts.ID
FROM
wp_posts
WHERE
wp_posts.ID IN (
SELECT
object_id
FROM
wp_term_relationships
WHERE
wp_term_relationships.term_taxonomy_id IN (
63545, 63546, 63547, 63548, 63549, 63552, 76287
)
)
AND wp_posts.post_type = 'post'
AND wp_posts.post_status = 'publish'
ORDER BY
wp_posts.post_date DESC
LIMIT
0, 10
}}}
Query took 0.1804 seconds seconds.
",Krstarica
Tickets Needing Feedback,54356,Determine and apply best default quality settings for WebP images,adamsilverstein,Media,5.8,normal,normal,Future Release,enhancement,assigned,dev-feedback,2021-11-01T16:21:18Z,2023-01-19T06:45:51Z,"In ticket:35725 we added core support for the WebP image format. On the ticket, we discussed studying the best compression level (""quality"") setting to use for WebP images ([https://core.trac.wordpress.org/ticket/35725#comment:152 comment 152], [https://core.trac.wordpress.org/ticket/35725#comment:124 comment 124], [https://core.trac.wordpress.org/ticket/35725#comment:117 comment 117], [https://core.trac.wordpress.org/ticket/35725#comment:101 comment 101]). In the end we decided to use the same default quality as JPEG images use for our initial pass.
However, given the differences between the formats (and in anticipation of even newer formats), we should consider what the best default quality setting would be for WebP images.
Some details on how we can test compression settings and arrive at an ideal level are [https://developers.google.com/speed/webp/docs/webp_study outlined in this post].
Related: #53669
",adamsilverstein
Tickets Awaiting Review,54361,Multisite: Confusion for average users when a blog is a mapped domain and requires re-authentication,,Networks and Sites,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2021-11-02T09:31:05Z,2021-11-15T18:16:49Z,"If domain mapping is active for a blog in a network install, users of that blog must re-authenticate when visiting that blog because the domain is likely to be different from the host install domain.
Mapped domains appear in the My Sites list. When a user visits their blogs in the list it is confusing for them to be asked to re-authenticate for blog A (mapped domain) and not be asked to re-authenticate for blog B (not a mapped domain).
An average user isn't familiar with the cookie authentication mechanism and would find it frustrating to authenticate multiple times which is, to the average user, seemingly unnecessary.
How do we make this process clear or easier?",henry.wright
Unpatched Bugs,54368,Twenty Twenty-One: Visibility issue on Input field of search widget in dark mode,,Bundled Theme,,normal,normal,Future Release,defect (bug),new,dev-feedback,2021-11-03T12:50:08Z,2023-03-25T17:44:38Z,"When the dark mode is on, the search input field is not that visible on the twenty twenty-one theme. https://imgur.com/a/bEEjM09",amin7
Tickets Awaiting Review,54369,Request Gallery widget editor enhancement to allow standard editing features for each image in gallery,,Widgets,5.8.1,normal,normal,Awaiting Review,enhancement,new,,2021-11-03T14:54:18Z,2021-11-03T14:54:18Z,"Editing 'Image' widget allows standard options including custom URL, attribute, CSS, open in new tab, etcetera.
Editing 'Gallery' widget only allows single, limited link fuction for all images in gallery (does not even allow 'open in new tab' function).
Can the standard 'Image' widget editing options be nested within the 'Gallery' widget so that the individual images in the gallery can each have standard editing options including custom URL, attribute, CSS, open in new tab, etcetera?
See attached image file.",nzflagmaven
Tickets Awaiting Review,54372,class-wp-automatic-updater.php adds a period to home_url(),,Upgrade/Install,,normal,minor,Awaiting Review,defect (bug),new,has-patch,2021-11-04T05:09:37Z,2022-01-03T20:55:51Z,"The automatic emails that are generated by class-wp-automatic-updater.php have an issue where a period character immediately follows a home_url() string in the body of the message. When using a third-party mailing and/or link-branding service on these emails, those periods are being incorporated into the links, rendering them useless.
Example body of an update email:
Howdy! Some plugins and themes have automatically updated to their latest versions on your site at https://www.example.com. No further action is needed on your part.
When passed through a service that brands the links, such as MailChimp or SendGrid, that URL is interpreted as ""https://www.example.com."", and not as ""https://www.example.com""
The code for this is reused through the file, but an example starts at line 1031:
{{{#!php
My Sites > Network Admin > Plugins > Add New`
(Themes has the same above issue & relative navigation...)",johnjamesjacoby
Tickets Needing Feedback,54412,Twenty Twenty: Letters move when opening accordion menu,,Bundled Theme,5.8.1,normal,normal,Future Release,defect (bug),new,reporter-feedback,2021-11-10T10:25:53Z,2023-04-28T15:53:28Z,"I haven't changed anything, this is the original version of Twenty Twenty. This happens in any browser of the latest version, I have Windows 10.
Gif - \\https://gifyu.com/image/ePvd
screen - \\https://ibb.co/tX7XjTJ
",mike77777
Tickets Awaiting Review,54417,Featured Image Exceeds Container,,Editor,5.8.1,normal,normal,Awaiting Review,defect (bug),new,,2021-11-10T23:44:33Z,2021-11-10T23:44:33Z,"When a portrait-oriented featured image is selected on a WordPress post, it appears to be exceeding the boundaries of its container and obscuring other items on the right hand toolbar. The left edge of the Featured Image tab is still clickable, and the problem can be circumvented by closing the Featured Image tab. But, while it is open, any items behind the Featured Image are not visible or clickable.",johnkakuk
Tickets Awaiting Review,54419,Suggestion to add an action in /wp-admin/import.php page,,Import,5.8.1,normal,minor,Awaiting Review,enhancement,new,has-patch,2021-11-11T11:28:40Z,2022-10-19T10:29:53Z,"Hi.
I think it would be useful if we add an action in /wp-admin/import.php page, much like the those we have on other administration pages ex. ''[/https://core.trac.wordpress.org/browser/tags/5.8.1/src/wp-admin/tools.php#L92] tools page''.
The suggested action is the following
{{{
/**
* Fires at the end of the importers Administration screen.
*
*/
do_action( 'after_importers' );
}}}
to insert after
[https://core.trac.wordpress.org/browser/trunk/src/wp-admin/import.php#L232]
Sorry, for not posting it as a patch.
Bests,
Lena",lenasterg
Tickets Needing Feedback,54420,Tests: Mock REST API remote requests,hellofromTonya,Build/Test Tools,,normal,normal,Future Release,defect (bug),reopened,dev-feedback,2021-11-11T15:43:01Z,2022-10-10T13:18:47Z,"Recent timeout failures ([https://github.com/WordPress/wordpress-develop/runs/4174016878?check_suite_focus=true see GitHub failed job]) of specific REST API tests show some tests are not mocking the remote requests. These requests can be mocked with a callback hooked into `'pre_http_request'` filter.
Each test should be reviewed to determine:
* If a remote request to a live API endpoint is being made
* If those specific requests should/can be mocked
* and then mocks created for each in its context of the condition under test
Ideally a mocking strategy could be created to abstract the heavy lifting and make it easier for these tests to mock the requests.",hellofromTonya
Tickets Awaiting Review,54438,"""Required fields are marked"" shows up without required fields being present",,Media,5.8.2,normal,minor,Awaiting Review,enhancement,new,,2021-11-13T16:33:06Z,2023-11-21T14:14:32Z,"A support ticket for my Image Source Control (ISC) plugin made me investigate this.
https://wordpress.org/support/topic/erforderliche-felder-sind-mit-markiert/
Whenever a custom field is added to the attachment edit page, the notice ""Required fields are marked"" is displayed by WordPress core.
ISC uses the `attachment_fields_to_edit` filter for that.
I looked into `wp-admin/includes/media.php`. The code responsible for showing the message is
{{{
if ( $item ) {
$item = '' .
/* translators: %s: Asterisk symbol (*). */
sprintf( __( 'Required fields are marked %s' ), '* ' ) .
'
' .
'';
}
}}}
The foreach loop that goes through all fields could easily check if any field has the ""required"" attribute and rather use that as a condition to show the message instead of `$item`.",webzunft
Tickets Awaiting Review,54439,"In block editor for page/post setting, the 'P' not showing properly inside the drop-down",,Editor,,normal,normal,Awaiting Review,defect (bug),assigned,,2021-11-14T06:54:51Z,2021-11-14T18:05:33Z,"
Steps to reproduce:
1. Create/edit any page/post.
2. Go to settings and observe the drop-down value for the template.
https://nimb.ws/IPKapT",pavanpatil1
Unpatched Bugs,54449,Loading CodeMirror prevents the Help tabs children to work properly.,,Help/About,5.8.2,normal,normal,Future Release,defect (bug),new,,2021-11-15T17:41:22Z,2022-07-19T13:25:06Z,"When you load the `wp-theme-plugin-editor` script (CodeMirror) it prevents/blocks the Help on click event. You can quickly test this if you additional tab on the Theme Editor screen, right now there is only an Overview, but if we add and 2nd one you won't be able to switch between children.
I am using this on another page, but I have tested it, and when I remove the `wp_enqueue_script('wp-theme-plugin-editor');` the functionality works as it should be.
This is the JS file that's causing the issue: `/wp-admin/js/theme-plugin-editor.js`
I have looked at it quickly but couldn't pinpoint the section of code that's causing the issue.
Krasen ",krasenslavov
Tickets Awaiting Review,54452,Image Aspect Ratio on resize,,Media,5.8.2,normal,trivial,Awaiting Review,enhancement,new,,2021-11-16T10:54:08Z,2021-11-16T10:54:08Z,"With the picture block the css resize the picture width but never the height so it break is aspect ratio.
Just need to add a height: auto to .wp-block-image img .",edgarwes
Tickets Awaiting Review,54473,Comments listing screen in wp-admin doesn't expose if a comment was left by a logged in user,,Comments,,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-11-19T05:34:17Z,2021-11-20T00:26:35Z,"When viewing wp-admin/edit-comments.php it's not possible to determine if comments are being left by an ""anonymous"" user, or by a logged in user, despite this being stored in the comments table.
This is particularly useful for Sites where users need to be logged in to comment, or for sites with public registration enabled (such as WordPress.org).
Using #meta5485 as an example, spammers can register and then leave spam comments on posts, but it's not immediately visible what their user login is, or have any link to their profile - Having a link directing the moderator to the users profile, in addition to being able to spam just the comment, would be greatly beneficial for those use-cases.
There's already a bit of information overload on the comments listing author section, so perhaps for logged in users the information shown might be able to be adjusted/minified/etc. There might not be any reason to display the Email address for example.",dd32
Tickets Awaiting Review,54475,"CSS Selector in block-library css will broke SVG scaled text rendering in Chrome 96 (Win 10, Win 11, Mac OS)",,Editor,5.8.2,normal,major,Awaiting Review,defect (bug),new,,2021-11-19T16:31:48Z,2021-11-22T12:52:34Z,"**Issue:**
We detected wrong rendered SVG Text elements in Google Chrome 96. Our svg map solution is embedded in a wordpress based website of our client.
We detected moving ""shop numbers"" in our map solution, if the map is embedded in the wordpress website.
As soon as the user changes the zoom of the map the shop numbers will be rendered out of sync with the other svg parts.
We tracked the issue down to the following css file:
wp-includes/css/dist/block-library/style.min.css
The selectors used in the blocks
{{{
.wp-block-table table[style*=border-style]>*,
.wp-block-table table[style*=border-style] td,
.wp-block-table table[style*=border-style] th,
.wp-block-table table[style*=border-style] tr {
border-style: auto
}
.wp-block-table table[style*=border-width]>*,
.wp-block-table table[style*=border-width] td,
.wp-block-table table[style*=border-width] th,
.wp-block-table table[style*=border-width] tr {
border-width: auto
}
}}}
will cause the issue.
Reduced to the exact selectors:
{{{
.wp-block-table table[style*=border-style]>*,
}}}
and
{{{
.wp-block-table table[style*=border-width]>*,
}}}
or simplified:
{{{
*[style*=x]>* {}
}}}
We were also able to reproduce the issue in our test system:
Map without the critical selector:
https://db-ek-preview.d-ssl.de/preview/station_bonn.html
Map with the critical selector (style selector used in header):
https://db-ek-preview.d-ssl.de/preview/station_bonn_broken_chrome.html
**Steps to reproduce:**
1. Open website:
https://www.einkaufsbahnhof.de/dresden-neustadt/lageplan
or
https://db-ek-preview.d-ssl.de/preview/station_bonn_broken_chrome.html
2. Scroll to map view
3. Zoom in or out by mouse wheel / drag gesture / controls
**Current behavior:**
numbers within the circles in to of the shopping areas will be drawn outside of the circle
**Expected behavior:**
shop numbers drawn in sync with white circles
**Note**
Window resize by 1px or more will trigger svg area render updates, which will fix the issue until next zoom action.
**Test result:**
Affected systems
* Win 11 - Google Chrome 96
* Win 10 - Google Chrome 96
* Mac OS 12 - Google Chrome 96
Not affected systems
* Mac OS 12 - Safari 15.1
* Mac OS 12 - Mozilla Firefox
* Win 10 - Google Chrome 95
* Mac OS 11 - Google Chrome 95
* Win 10 - Edge 95 Beta
* Win 10 - Edge 94
* Android 11 (Pixel 5) - Google Chrome
* Android 11 (Huawei P30 Pro) - Google Chrome
* iOS 15.1 (iPad Pro 10,5) - Safari
I know the bug is a Google Chrome Browser issue in v96 and I will report the issue to Google Chrome team too.
But I report this issue to WordPress core team too, to trigger a workaround for WordPress, because I think the Google Chrome team will not prioritize this issue.",dashart
Candidates for Closure,54479,Set_blog_id performance,,General,5.9,normal,normal,Awaiting Review,enhancement,new,reporter-feedback,2021-11-20T10:06:43Z,2021-11-20T17:27:05Z,"On multisite many plugins switches blog (wbdb->set_blog_id) many times (few thousands).
There is a performance impact in wpdb->tables method.
Simple caching reduces overall execution time.",wladwm
Tickets Awaiting Review,54481,User list doesn't honor allow_password_reset filter,,Users,5.8.2,normal,minor,Awaiting Review,defect (bug),new,,2021-11-21T06:52:23Z,2021-11-23T21:13:27Z,"In WP 5.7 or so, the user list (Users - All Users in the admin section) began to display a ""Send password reset"" link for users (other than yourself). On many of my sites, I have a filter like this:
`add_filter('allow_password_reset', '__return_false');`
(I use an outside authentication system, so the WP-local passwords aren't used for anything, and most users can't get to WordPress' own login screen anyway.)
I expected the above filter also to suppress the links in the user list, but this appears not to be the case.
The patch for this is simple enough (a few lines of new code around line 279 in wp-admin/includes/class-wp-users-list-table.php), but before I write and test it, is this the best approach to fix this bug? i.e. is there anyone expecting that the ''allow_password_reset'' filter only applies to users doing self-service password resets, as opposed to admins sending resets on behalf of other users? If that's the case, this probably should be a separate filter or define of some sort.",desmith
Tickets with Patches,54488,wp_filter_nohtml_kses does not remove HTML comments,audrasjb,Formatting,2.1,normal,normal,Future Release,defect (bug),assigned,dev-feedback,2021-11-22T09:42:10Z,2023-10-12T06:51:06Z,"The documentation states that `wp_filter_nohtml_kses()`
""Strips all HTML from a text string.""
However, in reality, HTML comments are preserved. This seems to be an explicit choice (wp_kses_split2() - L1083 of wp-includes/kses.php but seems at odds with the documentation, and also with the expectations of a function named ""nohtml"".
Expected behaviour
{{{
wp> wp_filter_nohtml_kses('This is not a comment');
=> string(21) ""This is not a comment""
}}}
Actual behaviour
{{{
wp> wp_filter_nohtml_kses('This is not a comment');
=> string(37) ""This is not a comment""
}}}
",leewillis77
Tickets Awaiting Review,54500,Added Javascript (such as online chat) are displayed also in the widget editor,,Widgets,5.8.2,normal,normal,Awaiting Review,defect (bug),new,,2021-11-24T08:22:51Z,2021-11-24T08:22:51Z,"See screenshots..
I don't think this is supposed to be like that, right?
[[Image(https://i.imgur.com/tXYvaM6.png)]]
[[Image(https://i.imgur.com/TSrKjU4.png)]]
specifically, this is
- theme GeneratePress
- tawk.to plugin",mikulabc
Tickets Awaiting Review,54512,Suggestion for file protection,,Security,5.9,normal,normal,Awaiting Review,enhancement,new,,2021-11-25T16:06:56Z,2021-11-25T16:06:56Z,"Hi,
There are many plugins that deal with direct file access but are difficult to manage or configure. Could this issue be resolved by using an underscore in the media folder name? _images for example. This would prevent direct access using the file name.",treslabs
Tickets with Patches,54513,Add meta support to template REST API,,REST API,,normal,normal,Future Release,enhancement,new,has-patch,2021-11-25T16:37:52Z,2021-11-25T16:37:52Z,Add support for custom meta for the template / template part REST APIs. This will allow plugin developers to extending template / template part easier. ,spacedmonkey
Tickets with Patches,54516,Full site editing/REST-API: modify permission checks to use post type.,,REST API,5.9,normal,normal,Future Release,defect (bug),assigned,needs-unit-tests,2021-11-25T23:39:15Z,2024-02-19T20:33:19Z,"The new `wp_global_styles` post type is registered to use `edit_theme_options` in the capability settings.
The `WP_REST_Global_Styles_Controller` class's permission checks methods use the capability in a hard coded form rather than using `$post_type->cap->edit_posts`, etc, for the primitives and `edit_post, $post_id` for the meta caps.
To allow theme and plugin developers to modify the capability used for editing global styles via a filter, it would be good to defer to the post types setting. At the moment, such code would cause a conflict between the permission checks in the API and those in `wp_insert_post()`.
I'll put this on the 5.9 milestone for visibility as the endpoint was introduced during the current cycle.",peterwilsoncc
Tickets Needing Feedback,54521,Taxonomy term quick edit does not save if taxonomy has non latin characters,,Taxonomy,5.8.2,normal,normal,Future Release,defect (bug),new,dev-feedback,2021-11-26T11:52:46Z,2022-10-07T21:33:25Z,"This issue started from the following WooCommerce ticket
https://github.com/woocommerce/woocommerce/issues/31037
After investigating, I could reproduce the issue by doing the following
- Register a new taxonomy that contains Greek character `wp_ελληνικό_tax`
-
{{{
register_taxonomy( 'wp_ελληνικό_tax', array( 'post' ), $args );
}}}
- Create a term
- Edit the term through quick edit
[[Image(https://user-images.githubusercontent.com/2484390/141967192-60de334d-e5ec-437e-9574-3cd9aa30110c.png)]]
(for a strange reason, I cannot make the image appear inline)
- You'll get a `0` error, with no indication
- If you edit the term through the normal edit (not quick edit) it works fine.
I already have a suggestion on how to fix this error
https://developer.wordpress.org/reference/functions/wp_ajax_inline_save_tax/
This **wp_ajax_inline_save_tax** function, sanitizes the taxonomy, and `wp_ελληνικό_tax` becomes `wp__tax`, which doesn't exist. (hence the 0 error)
Why is the taxonomy needed? Cause currently, it calls `get_term` , passing `term_id` and `taxonomy_slug`.
Instead, what we could do is
- avoid sanitizing the taxonomy slug, seems like there is no need
- try and get the tag/term earlier, by calling `get_term` with just the `term_id` (as `term_id` is unique, regardless of the taxonomy it belongs to)
I have attached a revised version of this function
{{{#!php
taxonomy;
$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) );
// $tag = get_term( $id, $taxonomy );
$_POST['description'] = $tag->description;
........
.......
}
}}}
If agreed, I'd like to work on this issue and do my first contribution on WordPress.
Panos Synetos
Code Wrangler @ Automattic
",panagiotis.synetos
Tickets Awaiting Review,54523,inherited custom template hierarchy,,Themes,5.8.2,normal,normal,Awaiting Review,enhancement,new,,2021-11-26T23:32:17Z,2021-11-27T00:12:59Z,"hi,
i would to make a feature request on worpdress.
it would be a good idea to give us the possibility to create custom template hierarchy in worpdress.
example, i would to create a profile page who inherit author template hierachy.
the possibiltiy to build something like a class who extends the author class would be usefull…
better... the possibility to create custom template hierarchy with custom rules could be a good idea...",grosfaignan
Tickets Awaiting Review,54533,State more clearly that an active theme can't be deleted,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2021-11-29T16:18:19Z,2021-11-29T18:54:42Z,"A post in the forums https://wordpress.org/support/topic/theres-no-delete-button/ by @dmcohen pointed out a thing that should be better shown:
In wp-admnin/themes.php when a user with capability delete/install themes (i.e. usually an administrator) hits the ""Theme details"" button that is visible on hover and opens the theme details pop-up, they'll see the ""Delete theme"" link in the pop-up. But for the currently active theme (and its parent theme, where applicable) that link is ""missing"".
Suggestion: Instead of nothing, show a short message ""This theme is currently active and therefore cannot be deleted.""",tobifjellner
Tickets Awaiting Review,54555,Slow media query on big sites,,Media,5.8.2,normal,normal,Awaiting Review,defect (bug),new,,2021-12-02T07:50:02Z,2021-12-03T20:12:28Z,"On wordpress version 5.8.2 the wp_enqueue_media() slow query is still there. I found several old discussions about being fixed for many years ago but in my case is still there.
SELECT DISTINCT YEAR( post_date ) AS year, MONTH( post_date ) AS month
FROM wp_posts
WHERE post_type = 'attachment'
ORDER BY post_date DESC
4.6238s
I have 73903 media items",lebada
Tickets Awaiting Review,54568,WordPress admin overwrite JS history.state,,General,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-12-03T12:44:22Z,2022-01-03T21:30:15Z,"WordPress admin is injecting a piece of javascript at runtime (https://developer.wordpress.org/reference/functions/wp_admin_canonical_url/) that prevent accessing history.state. This is annoying because you cannot use {{{history.pushState()}}} and {{{history.replaceState()}}} functions properly in javascript.
Reproduce the bug:
1. Navigate to any wp admin page and open the browser developer console
2. Enter {{{window.history.replaceState({name: ""hello""}, null)}}} in console
3. Navigate to any other page
4. Go back and enter {{{history.state // result -> null}}}
Problem:
The code overwrites any history.state with {{{null}}} value:
{{{
window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
}}}
Solution:
Replace {{{null}}} value by {{{window.history.state}}} (which also default to null):
{{{
window.history.replaceState( window.history.state, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
}}}
The fix is very easy and has no side effect.",maximeschoeni
Candidates for Closure,54580,Latest Posts Gutenberg Block not supporting args filter.,,Editor,5.8.2,normal,normal,Awaiting Review,feature request,reopened,reporter-feedback,2021-12-05T17:46:09Z,2022-01-31T13:24:43Z,"Shouldn't we add the filter for recent posts widget arguments in the Latest Posts Block?
{{{#!php
not found
outillage -> the category ""Actualité sur l'outillage"" is found
The same probleme exists for the product category's name when Woocommerce is installed.",fiotty0
Candidates for Closure,54621,"Unsaved comment warning without any changes made when click on Publish, Update or Preview Buttons",,Comments,4.6,normal,major,Awaiting Review,defect (bug),assigned,reporter-feedback,2021-12-14T14:42:58Z,2022-03-18T16:47:44Z,"Hi Team,
I got unsaved comment changes warning without any changes made in the content of the custom post type post, here is screenshot: https://i.imgur.com/PQmirDL.png
I see new codes are added in the WordPress core file: wp-admin/js/edit-comments.js And there is some condition issue, the code is have strict equality comparison operator to undefined ID which is not present in the custom post type: #replyrow
Screenshot: https://i.imgur.com/kAHNkrs.png
Please review it.
Thanks",askaryabbas
Tickets with Patches,54642,Add prepared query builder support for `$wpdb` to build prepared queries across multiple location.,,Database,,normal,normal,Future Release,enhancement,new,has-patch,2021-12-17T09:07:50Z,2022-09-19T20:29:29Z,"This requests scopes adding a query builder like API to WordPress, so that queries can be built across multiple functions, without needing to disable any PHPCS sniffs.
Currently, if the query is not completely being built nearby, developers will eventually have to disable phpcs sniff, since they would need to combine or interpolate queries. Some examples of this are present in WP core as well, such as in the [https://github.com/WordPress/wordpress-develop/blob/954e9c153fe9d1b4f74d76bab9dd5175fd36cebc/src/wp-includes/class-wp-meta-query.php#L668 meta query], [https://github.com/WordPress/wordpress-develop/blob/954e9c153fe9d1b4f74d76bab9dd5175fd36cebc/src/wp-includes/taxonomy.php#L1585 taxonomy] etc. Although WP does a great job generally to avoid disabling phpcs, in the general plugin ecosystem, these examples are more prevalent.
Note that most of the examples of disabling phpcs can be refactored to not needing to disable. However, as far as I can tell, building a query this way (across multiple functions/places) is not considered a bad practice, if this assumption is correct then we should support doing it better.
This eventual disabling of PHPCS is risky and removes a major and effective protective layer.
== Solution
The solution for WordPress would be to provide an API where developers can build a prepared query in steps, and join them before executing in a safe manner.
I looked at query builders for various ORMs such as Doctrine (Symphony), ActiveRecord (Rails), Laravel etc. While such extensive APIs would likely be overkill for WordPress, one possible solution is this hopefully simpler API that I am proposing in [https://github.com/WordPress/wordpress-develop/pull/2062 this PR 2062].
This PR adds a new class called `WP_DB_Partial_Query` which implements `__toString()` magic method so that it can be interpolated in sprintf calls. The objects of this class will represent a partial query and a new method `$wpdb->prepare_partial()` which will create and return these objects.
This `$wpdb->prepare_partial()` method internally calls `$wpdb->prepare()` and takes exactly the same arguments. This PR also introduces a new placeholder `%q` (although this isn't necessary and `%s` can be used as well) which can be used to pass these prepared partial queries. I have added some examples to use the API in [https://github.com/vedanshujain/wordpress-develop/pull/1 this PR on my fork].
Note that this is only a PoC and implementation is not complete. Specifically, along with tests, a major component missing is to match against `%q` placeholders and quote the args if they are not objects of the `WP_DB_Partial_Query` class.
I can polish the PoC more to get in an acceptable state if this is a direction that WordPress is interested to explore at all and there are no obvious problems with the general approach that I have missed.
",vedjain
Tickets Awaiting Review,54648,Improve filter to enable setting quality for each subsize image,adamsilverstein*,Media,,normal,normal,Awaiting Review,enhancement,accepted,needs-unit-tests,2021-12-17T16:19:39Z,2024-02-23T11:07:57Z,"Talking with https://profiles.wordpress.org/codekraft/ we was wondering if it is possible to get a filter to specify the quality of subsized images.
Right now the `wp_update_image_subsizes` https://github.com/WordPress/wordpress-develop/blob/cdd5e43a04930bac390537944eb6f4256d364bd4/src/wp-admin/includes/image.php#L153 doesn't have that filter.
So on `wp_create_image_subsizes` https://github.com/WordPress/wordpress-develop/blob/cdd5e43a04930bac390537944eb6f4256d364bd4/src/wp-admin/includes/image.php#L228 calls `_wp_make_subsizes` https://github.com/WordPress/wordpress-develop/blob/cdd5e43a04930bac390537944eb6f4256d364bd4/src/wp-admin/includes/image.php#L386
But doesn't specify the quality.
Probably the best solution is to use `set_quality` of the Image Editor ImageMagick/GD classes in the last function.
This can help, in our thoughts, on generate smallest images (like under 200x200) with a different compression that can be more strong, compared to the others, as they have a different usage and the quality of those can be different.
This can save space and speed up the page.
Some examples? In the woocommerce gallery where there are the preview as tiny squares (150x150).
Maybe this idea can interest the new Performance team?",Mte90
Tickets Awaiting Review,54660,Comment is missing for the bulk_footer function,,Administration,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-12-19T13:20:08Z,2021-12-19T16:26:16Z,A comment is missing for the bulk_footer function in the file class-bulk-plugin-upgrader-skin.php,yagniksangani
Tickets Awaiting Review,54663,There are many missing comments in some files,,Administration,,normal,normal,Awaiting Review,enhancement,new,has-patch,2021-12-19T16:10:55Z,2021-12-19T16:30:42Z,,yagniksangani
Tickets Awaiting Review,54685,Admin email verification redirects back to login page,,Login and Registration,5.8.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2021-12-23T00:53:15Z,2024-03-12T19:38:31Z,"Hi everyone,
Recently, our admins started to getting `Administration email confirmation` on logon. However, after clicking on `This email is correct` admins are redirected back to login page and asked to login again. We've tried many times and it's an infinite loop of logging in, confirming email address, redirecting back to login page, logging in, confirming email addres, redirecting to login page and so on.
We use login URL configured on the /wp-admin/options-general.php?page=move-login page and it seems like WP doesn't properly handle admin email confirmation when login URL is set. I had a look at the codebase and I believe this `?action=confirm_admin_email` string parameter gets lost when webserver redirects `wp-login.php` to configured login page: https://github.com/WordPress/WordPress/blob/b788e6255a97dbdd1dc55d42f8fbeeb66c806214/wp-login.php#L623
I added one more hidden input same way as `redirect_to` is implemented https://github.com/WordPress/WordPress/blob/b788e6255a97dbdd1dc55d42f8fbeeb66c806214/wp-login.php#L635 and this fixed the issue.
I'm happy to attach a patch file.
Kind regards,
Mikhail Golenkov",golenkovm
Tickets Awaiting Review,54706,EMBED AND IMAGE SLIDER DON'T WORK,,Post Formats,,normal,major,Awaiting Review,defect (bug),new,,2021-12-29T10:24:43Z,2021-12-29T10:24:43Z,"The blocks ""**Embed**"" and ""**Image Slider**"" does not work. As I view my articles with incognito, these two blocks didn't show anything. Just a white blank.
This article is an example: [https://nowmods.com/simple-realistic-3d-far-cry-6/]
Some capture for more specific: [https://drive.google.com/drive/u/0/folders/1sl_xIjjaQwe3UVhz4ZnFCSNsQr1NuSDH]
Really glad if there will be some fix on this!
Thank you.",anhdoan
Tickets Awaiting Review,54734,Allow get_file_path_from_theme filterable like get_theme_file_path,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2022-01-04T09:38:52Z,2023-10-30T16:36:40Z,"Hello,
I've noticed that `get_theme_file_path` is not used into `WP_Theme_JSON_Resolver` but `WP_Theme_JSON_Resolver::get_file_path_from_theme method`.
Since the function `get_theme_file_path` is filterable and to be consistent with it, I think this can be a good idea to add a filter to this method.
",Rahe
Slated for Next Release,54738,Unable to upload images with URL over API when the image doesn’t have a filetype in the filename,,Media,,normal,normal,6.6,enhancement,new,has-patch,2022-01-04T15:37:53Z,2024-02-14T16:59:53Z,"**Problem**: It’s not possible to upload images with URL per API when the image doesn’t have a filetype in the filename.
**Elaboration**: There are some websites which don’t put filetypes inside the URL for images. For example: https://img.ricardostatic.ch/t_1800x1350/pl/1187743940/3/1/
Or: https://media.istockphoto.com/photos/coppersmith-repair-copper-kettle-on-fire-in-kashgar-in-xinjiang-picture-id1298102169?s=612x612
The format of the image is set and recognized by the browser with the MIME-Type. In theory WordPress could handle this, but unfortunately it never gets to the point where the correct MIME type is read out of the image signature.
**Reason**: At the function wp_check_filetype type will always be defined as false - if there is no filetype set inside the filename.
Call of the function: https://github.com/WordPress/WordPress/blob/266c58518846201a7e98cd7995ce2c7429caf1db/wp-includes/functions.php#L2984
Further down there would be a function to get back the real mime type from the signature of the image. However, the function is never called since type at this point is always false in that give case:
https://github.com/WordPress/WordPress/blob/266c58518846201a7e98cd7995ce2c7429caf1db/wp-includes/functions.php#L2999
**Possible Bug**: If the filename has no filetype the function wp_get_image_mime should always be called to get the type from the signature of the image.
**Following Bug**: After changing this, the filename at the upload should be extended with the filetype: https://github.com/WordPress/WordPress/blob/266c58518846201a7e98cd7995ce2c7429caf1db/wp-admin/includes/file.php#L924
Since it’s only really showing up in the library with the correct filetype.",masteradhoc
Tickets Awaiting Review,54753,Wrong post content when uploading raw post data via REST API when html data url is used,,REST API,5.8.2,normal,normal,Awaiting Review,defect (bug),new,,2022-01-05T21:26:59Z,2022-05-14T18:39:54Z,"I want to make use of data URLs in my post:
https://en.wikipedia.org/wiki/Data_URI_scheme
https://napuzba.com/data-url/
So I've added the following html to a post:
Download text file 2
Now I want to upload this html via REST API, and the rest API just filters out the ""data:"" part and the ""download=""a2.txt"":
Download text file 2
I made sure, that I am also uploading the post with the edit context, but that does not help. I also tried to url encode all content, so my test case is also not faulty. No luck. This is my curl:
curl -X POST https://example.com/wp-json/wp/v2/posts/ -u 'user:password' -d 'title=test&status=draft&context=edit&content=Download text file 2 '
curl -X POST https://example.com/wp-json/wp/v2/posts/ -u 'user:password' -d 'title=test&status=draft&context=edit&content=%3Ca%20href%3D%22data%3Atext%2Fplain%2CI%20am%20text%20file%22%20download%3D%22a2.txt%22%3EDownload%20text%20file%202%3C%2Fa%3E'
Is there a way to disable this filtering of my html? If not, it might be a bug?",nicohood
Tickets with Patches,54761,Save the prefered language from login page (since WP5.9),,Login and Registration,5.9,normal,normal,Future Release,enhancement,new,dev-feedback,2022-01-07T17:17:33Z,2022-04-09T08:18:57Z,"Hello,
On WP5.9 a language switcher is added in the wp-login.php. Here is the dev note by @audrasjb https://make.wordpress.org/core/2021/12/20/introducing-new-language-switcher-on-the-login-screen-in-wp-5-9/
I think it should be great if choosing a language here will update the Language user meta to display the back-office in the same language as previously chosen.
As per 1st test made, this doesn't currently update.",sebastienserre
Tickets with Patches,54764,UI issue in mobile device on add new theme page,SergeyBiryukov,Themes,5.8.2,normal,normal,Future Release,defect (bug),reopened,has-patch,2022-01-08T05:01:02Z,2022-07-05T15:39:03Z,"Hi,
UI issue in mobile device on add new theme page. when i am preview theme details then somthing wromg UI with popup width.
siteurl/wp-admin/theme-install.php?browse=new
More information check SS.",sumitsingh
Tickets Awaiting Review,54771,possible disagreement in the return types/values wp_cache_flush() and WP_Object_Cache:flush().,,Cache API,,low,normal,Awaiting Review,defect (bug),new,,2022-01-09T18:26:11Z,2022-01-11T03:37:47Z,"[https://developer.wordpress.org/reference/classes/wp_object_cache/flush/ WP_Object_Cache::flush()] always returns true.
[https://developer.wordpress.org/reference/functions/wp_cache_flush/ wp_cache_flush()] returns the value of calling `WP_Object_Cache::flush()`. But, the DocBlock of `wp_cache_flush()` lists the return as:
> True on success, false on failure.
Is this discrepancy just a mistake, or is it because of the possibility of an object caching plugin returning something different?",pbiron
Tickets Awaiting Review,54778,Adding Filters in UI (Plugins),,Plugins,5.8.3,normal,normal,Awaiting Review,enhancement,new,,2022-01-10T10:50:03Z,2023-05-20T06:47:16Z,"**Problem:**
Searching for any particular plugins shows the related plugins based on the keywords, out of which some old and unmaintained plugins also appear in the results which might be a vulnerability issue for their users.
**Possible Solution:**
Adding Filters to categorize the results for searchers query:
1. Latest to Oldest
2. Oldest to Latest
3. Most Downloads
4. Least Downloads
5. Highest Rated
6. Lowest Rated
**Exception:**
Adding the filters, rather than completely changing the way the results appear (such as: showing the most updated results first, etc) would be more useful, and it would be more fair for all publishers/plugin-maintainers.
**Possible Improvements:**
Reducing the risk of downloading incompatible old, untrusted, unmaintained plugins leading to vulnerability or other risks in website (business :D).",ritvikux
Tickets Awaiting Review,54784,Scheduled post calendar missing has-events dot,,General,5.8.3,normal,normal,Awaiting Review,defect (bug),new,,2022-01-10T23:38:01Z,2022-01-10T23:38:01Z,"== Quick summary
When scheduling a post or page for later publishing, you're presented with a calendar dialog to select the post's publish date. If there are other posts scheduled to publish on a given day, a small ""dot"" is displayed beneath that date (displayed with the CSS class has-events).
If you schedule a post/page to publish on February 28/29th or March 1st, this dot doesn't appear.
== Steps to reproduce
* Create a new post.
Schedule the post to publish on February 28, 2022 (at any time), February 29, 2024 (at any time), or March 1, 2022 at midnight (0:00 AM). Click ""Schedule"" to save the post.
* Create a second new post.
* Open the scheduling dialog and navigate to the first post's scheduled month.
== Expected Results
A small ""dot"" should appear on the first post's scheduled date to notify you that a post is scheduled for that date. This happens for every other date I tested other than February 28th/29th (at any time) or March 1st (specifically at midnight).
== Actual Results
No dot is shown.",cometgrrl
Tickets Awaiting Review,54802,Allow post_comments_feed_link to disable feed output,,Feeds,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-01-12T16:47:31Z,2022-01-12T16:47:39Z,"Using `add_filter( 'post_comments_feed_link', '__return_false');` one would expect to disable ""Comment feeds"".
It's not the case, because `$x = false; isset($x) === true;`
https://github.com/WordPress/wordpress-develop/pull/2150",drzraf
Unpatched Bugs,54808,Posts search term does not wrap well on mobile,,Administration,5.8.3,normal,normal,Future Release,defect (bug),new,,2022-01-13T11:20:59Z,2023-11-02T14:35:21Z,"Hi,
I just tried to find blog usage on mobile device. Then some UI issue for related search text on post listing page.
More information see SS.",sumitsingh
Tickets Awaiting Review,54810,Terms management screen: Bulk actions dropdown overlaps search field on small screens,,Taxonomy,5.8.3,normal,normal,Awaiting Review,defect (bug),new,,2022-01-13T13:25:06Z,2022-01-13T18:56:27Z,"Hi,
Tag listing page on button design issue on mobile devices when empty tag list.
More information see SS.
",sumitsingh
Tickets Awaiting Review,54818,Some file names are no longer sanitized,,Media,,normal,normal,Awaiting Review,defect (bug),new,,2022-01-14T11:16:03Z,2022-01-14T13:03:24Z,"When uploading a file which filename contain accents, those accents are no longer replaced by non-accent letter.
It's specific to JPEG file.
Tested with PDF and PNG: accent are well removed.
See attached screenshot with JPEG, PNG and PDF example.
I can reproduce this with WP 5.9 RC2 and WP 5.8.3.",Chaton666
Tickets Awaiting Review,54832,_doing_it_wrong should write into debug.log,,REST API,5.8.3,normal,normal,Awaiting Review,defect (bug),new,,2022-01-16T05:49:11Z,2024-02-14T14:26:27Z,"I was created a plugin that called to `register_rest_route()` without `permission_callback` argument. It worked fine until WordPress 5.5 that this argument is now required.
However, the errors is not appears anywhere except in the REST API headers but it is very hard to notice about that.
I keep using the old code because I didn't know about this change as it is not showing in the debug.log.
Until one day that WordPress 5.8 released and I was entered to the new widget management and BOOM!
All errors appears on the debug.log now.
This function (`_doing_it_wring()`) is useful and **should** write the details into debug.log file no matter where it is called.
Example:
{{{
add_action('rest_api_init', 'myplugin_register_routes');
function myplugin_register_routes()
{
register_rest_route('myplugin', '/allitems', [
'args' => [
'mycustom' => 'args',
],
'methods' => \WP_REST_Server::READABLE,
'callback' => 'myplugin_get_items_function',
// 'permission_callback' => 'is_missing',// should always showing error in debug.log
]);
}
}}}
",okvee
Unpatched Bugs,54839,Image upload after dirty filter requires filter change before it can be inserted to page,,Media,,normal,normal,Future Release,defect (bug),new,,2022-01-17T08:15:54Z,2024-02-05T20:14:53Z,"Steps:
1. Open media library popup.
2. Change date filter.
3. Upload new image.
4. See uploaded image is not visible in list nor selectable. (Select button is disabled)
5. Change filter to match the new image uploaded, See image is visible.
Expected behavior:
1. Uploaded image should be selectable if it matches filter (or should reset filter on tab change).
Current behavior:
1. Uploaded image after dirty filter is not selectable.",utkarshpatel
Tickets Awaiting Review,54842,inconsistent handling of align settings on Pages / Templates,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2022-01-17T11:45:05Z,2022-01-17T13:37:14Z,"Maybe i'm not getting the full concept behind but it feels a bit clumsy to setup the alignment/wide settings for the blocks on pages/posts or templates/template-parts.
Example:
- setup a header template using Gutenberg on a normal page
- - create Cover block with background color
- - insert a simple text
- - set alignment to full-width
- - copy the cover and insert it into a template-part
Now, if i want to edit the template part the alignment/sizing option is not available anymore. (see screenshots)
",tinomueller
Tickets Awaiting Review,54846,Add links to actual topics instead of general Debugging for messages only visible when Debug is enabled,,General,,normal,normal,Awaiting Review,enhancement,new,,2022-01-17T17:52:53Z,2023-02-17T00:28:31Z,"For `_doing_it_wrong()` messages such as:
- `The REST API route definition for %1$s is missing the required %2$s argument. For REST API routes that are intended to be public, use %3$s as the permission callback.`
- `""%1$s"" script should not be enqueued together with the new widgets editor (%2$s or %3$s).`
instead of the general link to https://wordpress.org/support/article/debugging-in-wordpress/ can be provided link better suited for each case.
Right now these are notices, and it means that only people with enabled debug are seeing them and they already knew about debugging and it's possible for them to actually solve the problem, so, more advanced links can better suit these cases. It's also possible that such right answers with a combination of ticket:50493 can reduce the number of questions on Support about 'What to do…' when people see this message. It is supposed to be clear from the message that if this is your own creation - you need to adjust it, if not - address the author.
For the message about REST API:
https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/ - this link can be added instead, but it looks like examples needs to be checked.
And for the second example, can be added something like this: ""If you see this message, probably you need https://wordpress.org/plugins/classic-widgets/ plugin because you are using old widgets. Please contact your theme author or developer/maintainer to update widgets to the new version.""
",oglekler
Unpatched Enhancements,54852,Twenty Twenty: Consider less aggressive motion preference styles,,Bundled Theme,,normal,normal,Future Release,enhancement,new,,2022-01-18T19:07:15Z,2022-01-19T06:14:30Z,"Twenty Twenty styles create animations and transitions but then disable all that animation for people who set the reduced motion preference in their browser/OS.
{{{
@media ( prefers-reduced-motion: reduce ) {
* {
animation-duration: 0s !important;
transition-duration: 0s !important;
}
}
}}}
The theme needs to continue honoring the preference, but it could define each of its animations within a `(prefers-reduced-motion: no-preference)` media query—and remove the `0s !important` styles—instead. That way, the theme would be responsible for its own motion without disabling motion from other stylesheets (from plugins).
Related: #54174 (Twenty Twenty-One)",sabernhardt
Tickets Awaiting Review,54857,"New column ""template"" in pages/""screen options"" (enhancement)",,Administration,,normal,trivial,Awaiting Review,enhancement,new,,2022-01-19T11:15:03Z,2022-05-18T13:55:48Z,"
With WP5.9 FSE themes, editable “templates” are introduced .
Therefore, in the list of “Pages” should now be a new column that displays the selected template name for each page.
I suggest to offer a new checkable column option “Templates” within Pages/“Screen Options” to get a better overview of the assigned templates.
",iStag
Tickets Awaiting Review,54868,[WP_User_Query][Multisite] Run queries in the context of the correct site / blog_id,,Users,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-01-20T21:23:57Z,2022-01-24T15:37:04Z,"Context: WP Multisite
`WP_User_Query` can be executed from any site to query for users from any other site. This is done using the `blog_id` parameter.
{{{
$user_query = new WP_User_Query( array( 'blog_id' => 42 ) );
}}}
Contrary to the commonly used pattern when data is fetched from a specific site within a network, WP_User_Query does __not__ make use of the `switch_to_blog` / `restore_current_blog` functions and thus executes code always within the context of the site which called the query instead of the site the query was actually called for.
This has some implications:
1. Low level functions called within WP_Query are **not** aware of the correct context. Especially the `WP Object Cache` called from `cache_users` is not aware of the correct site and thus stores the resulting data at the ''wrong'' site. This has no impact running default WP installations but is conceptionally wrong and prevents any flexibility.
2. Superfluous code could be removed
{{{
if ( 'all_with_meta' === $qv['fields'] ) {
cache_users( $this->results );
$r = array();
foreach ( $this->results as $userid ) {
$r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] );
}
$this->results = $r;
} elseif ( 'all' === $qv['fields'] ) {
foreach ( $this->results as $key => $user ) {
$this->results[ $key ] = new WP_User( $user, '', $qv['blog_id'] );
}
}
}}}
https://github.com/WordPress/WordPress/blob/e07b5af0423ea294e5cc0987a9ffde0cb3835221/wp-includes/class-wp-user-query.php#L803-L816
Just one example: The calls to `new WP_User` could be reduced to `new WP_User( $user )` if done within the correct site context already. All the `wp_cache_` calls within `WP_User` will also run within the ''wrong'' site context.
**Benefit**
Using `switch_to_blog` shifts all `wp_cache_` and all other functions, hooks, etc. into the right context. The global `blog_id` will be set correctly to the site that is queried instead of the site that is querying. This will also follow standard WordPress Multisite patterns to access data from other sites.",janthiel
Tickets Awaiting Review,54884,Load scripts conditionally to reduce page loading and processing time,,Script Loader,,normal,normal,Awaiting Review,enhancement,new,,2022-01-23T09:56:03Z,2022-02-20T02:13:34Z,"There are some core scripts, like `wp-polyfill` (+ `regenerator-runtime`?) and `jquery-migrate`, that are only needed on browsers lacking certain capabilities, yet these scripts are loaded on every page by default, whether the browser needs them or not.
Since mobile browsers typically have the required capabilities, it's particularly important to avoid loading unnecessary scripts on them. This will improve user experience and PageSpeed scores, without any downside.
Fortunately, browser capabilities can be detected with minimal JavaScript code, and only the necessary scripts added dynamically to the page using `appendChild()` (or maybe by manipulating script tag attributes?).
There are also cases, such as `wp-embed`, that are only needed when there is an object embedded on the page, which can be detected in PHP.
In both cases, there may be cases where the above scripts have dependencies that must be loaded, so both the respective front-end and back-end code must take dependencies into account.
Also, browser checks should be done early and requires scripts inserted so as to provide their functions to subsequent code that relies on it (not trivial, I know, but I trust the skills of the WordPress team/community).",galbaras
Tickets Awaiting Review,54893,wp_set_script_translations() accepts and evaluates ""],
}
}
}
}}}
== Recommendations
Escape JSON string ``
== Impact
* Attackers can inject any JavaScript code they like.
* Translation files can be provided from 3rd party(e.g. voluntary contributors), but hard to detect it's correct or not because they are written in foreign languages for the original authors.",Takahashi_Fumiki
Tickets with Patches,54915,"Username, email and password fields must be ltr in rtl locale",sabernhardt*,Users,,normal,normal,Future Release,defect (bug),accepted,has-patch,2022-01-26T07:32:40Z,2023-07-10T03:58:59Z,"Currently, username, email and password fields are rtl in rtl locale.
But for better experience and readability they must be ltr.
",man4toman
Unpatched Bugs,54924,Issues embedding Vimeo URLs with signatures,,Embeds,5.9,normal,normal,Future Release,defect (bug),new,,2022-01-26T13:59:31Z,2022-06-11T08:38:26Z,"Hi,
The [video] shortcode is not working with the new vimeo url format (containing signature as paramter).
Example : [video data-width=""500"" data-height=""281"" controls="""" src=""https://player.vimeo.com/progressive_redirect/playback/667848247/rendition/1080p/1080p.mp4?loc=external&signature=f059d7229d1c838389dc3cc145b2072e2b8c18439b26aeaba0c55658a2837d7e"" eq-attached=""true""]L’option pour l’IS des entrepreneurs individuels[/video]
WP remove all the parameters, so the video code integration is not the good one.",elpix
Unpatched Enhancements,54961,"Revise ""Technical Difficulties"" email to remove feature history and improve clarity of action steps",,Bootstrap/Load,5.2,normal,normal,Future Release,enhancement,new,,2022-01-27T21:25:05Z,2022-12-17T15:29:26Z,"As someone who supports websites for numerous people and organizations, I've found that the ""Technical Difficulties"" email with recovery link is confusing to many people. I've had multiple people wonder if it's spam and many others be generally confused by it.
I would suggest the following changes based on the feedback I have heard:
- Change the first line to clearly indicate there is a potential problem with the website and drop the reference to WordPress 5.2. This is not important information anymore.
- Move all technical information to the end of the email so as not to intimidate and confuse non-technical recipients
- Be clear that there may or may not be an active problem. I will note that probably half of the emails I see sent are for temporary errors during updates that seem to have no lasting impact on the site.
- Suggest people contact their website host -OR- developer (currently, only the host is mentioned)
I have included a copy of the email for easy reference at the end of this issue. I'd be happy to work up the patch for this once a few other folks weigh in to either confirm or amend the suggestions I have.
> Howdy!
>
> Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.
>
> In this case, WordPress caught an error with one of your plugins, Jetpack.
>
> First, visit your website ({url}) and check for any visible issues. Next, visit the page where the error was caught ({error path}) and check for any visible issues.
>
> Please contact your host for assistance with investigating this issue further.
>
> If your site appears broken and you can't access your dashboard normally, WordPress now has a special ""recovery mode"". This lets you safely login to your dashboard and investigate further.
>
> {recovery mode link}
>
> To keep your site safe, this link will expire in 1 day. Don't worry about that, though: a new link will be emailed to you if the error occurs again after it expires.
>
> When seeking help with this issue, you may be asked for some of the following information:
> WordPress version
> Current theme:
> Current plugin:
> PHP version
>
>
>
> Error Details
> =============",mrwweb
Candidates for Closure,54964,get_permalink() does not use the correct slug rewrite base,,"Posts, Post Types",5.9,normal,blocker,Awaiting Review,defect (bug),new,reporter-feedback,2022-01-27T22:10:49Z,2023-10-04T11:54:50Z,"Hello,
get_permalink does not work well for custom posts with slug rewrite.
E.g. I have implemented articles post type:
{{{#!php
array('slug' => _x('articles','slug','mydomain')),...));
}}}
'articles' is translateD to slovak language as 'clanky'. But **get_permalink({id_of_article})** returns '''localhost:10010/articles/my-title'''. It is wrong and i have recieve error 404, because right link is '''localhost:10010/clanky/my-title'''.
It works OK for older WP version.
Thanks a lot for any result.
Kind regards,
Ondrej Jakuba
",jakubaondrej
Tickets with Patches,54970,"""Please update WordPress"" link on incompatible theme tile on the ""Add Themes"" view is not clickable",audrasjb,Themes,5.5,normal,normal,Future Release,defect (bug),reviewing,has-patch,2022-01-28T12:09:46Z,2023-07-06T17:24:16Z,"Interaction is prevented by the ""Details & Preview"" overlay. Trying to click the ""Please update WordPress"" link on the warning ribbon opens the theme preview.
This happened when trying to install Twenty Twenty-Two theme on WordPress 5.8.
It is possible to update WordPress with any other available flow like the ""WordPress 5.9 is available! Please update now"" message on top of the page.",tomasza8c
Tickets Awaiting Review,54972,Change config variables from Settings,,Bootstrap/Load,6.0,normal,normal,Awaiting Review,feature request,new,,2022-01-28T12:25:11Z,2022-01-28T12:56:20Z,"Hi,
WordPress is installed in different ways these days than just FTP the files to the server, so having a non-technical person change the wp-config.php is a recipe for disaster.
A possible solution would be a page in the Settings section that enables the admin to increase or decrease the memory limit, upload limit, etc of their site but not beyond the php.ini limits. If this page wrote to a file such as .wp-settings, then it could be included in the wp-config.php file.
An import/export feature would be useful too, which saves a file like wp-settings.csv that the page could parse and import so it will ignore rogue settings.",fyremoon
Tickets Awaiting Review,54975,Allow filtering global styles,,Editor,5.9,normal,normal,Awaiting Review,enhancement,new,,2022-01-28T14:45:57Z,2023-03-02T08:45:32Z,"Due to using `!important` and possibly high selector specificity in CSS declarations in global styles code produced by WordPress 5.9, many themes supporting Gutenberg editor (but not block/FSE themes) [https://github.com/WordPress/gutenberg/issues/38252#issuecomment-1023345698 experience issues] with WordPress overriding their custom font sizes and color palettes ([https://developer.wordpress.org/block-editor/how-to-guides/themes/theme-support/ registered via `add_theme_support()`]).
It would be great if WordPress allowed at least filtering global styles code (produced by [https://github.com/WordPress/WordPress/blob/5.9/wp-includes/global-styles-and-settings.php#L88 `wp_get_global_stylesheet()`]) with a hook, such as: changing [https://github.com/WordPress/WordPress/blob/5.9/wp-includes/global-styles-and-settings.php#L133 `return $stylesheet;`] in `wp_get_global_stylesheet()` to:
{{{#!php
/**
* Filters the global CSS styles code.
*
* @since 5.9.1
*
* @param string $stylesheet CSS styles code.
* @param array $types Types of styles to load.
* @param array $origins A list of origins to include.
*/
return apply_filters( 'global_styles', $stylesheet, $types, $origins );
}}}
That way WordPress can keep its global styles intact (even with `!important` if that's really the best way to provide the styles...) for block/FSE themes and Gutenberg editor themes can adapt the global styles by using this filter if needed.
(Block/FSE themes and themes that do not add support for Gutenberg editor do not seem to be affected.)
----
More info can be found in https://github.com/WordPress/gutenberg/issues/38252#issuecomment-1023345698 and related comments.",webmandesign
Tickets Awaiting Review,54978,recreate response plugins_api,,Plugins,5.8.3,normal,minor,Awaiting Review,enhancement,new,,2022-01-28T15:13:58Z,2022-01-28T20:17:02Z,"recreate plugins_api response using plugin_information to load a custom list of plugin install since query_plugins does not get a custom list of plugins, for example send a list of plugins to display and not as a general query like list of recommended plugins
in file: \wordpress\wp-admin\includes\class-wp-plugin-install-list-table.php
[[Image(https://user-images.githubusercontent.com/37667605/151275086-0027172d-6948-4602-b924-1071831dfa63.png)]]",hhklik
Tickets Needing Feedback,54983,The post has already been deleted.,,"Posts, Post Types",5.4,normal,normal,Future Release,defect (bug),new,dev-feedback,2022-01-29T04:22:49Z,2022-10-07T21:37:04Z,"Hi,
One big issue on 5.9 . when i have deleted post then still on post page & getting error message ""The post has already been deleted."". So i think after delete post need to redirect page on post list?
More infomation you can see below mentioned quick video.
https://www.loom.com/share/616020077274422c8d90771034d22aff",sumitsingh
Candidates for Closure,54994,Action Hook admin_enqueue_scripts and wp_enqueue_scripts,,Plugins,5.9,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-01-30T08:58:51Z,2022-01-31T01:12:29Z,"Hey,
I'm a developer, I wanted to know if it's a bug, or am I doing it wrong way?
When using admin_enqueue_scripts (both methods static in the same class, I can not use it this way [ ( new self() ), 'admin_enqueue_scripts' ], It will throw errors).
{{{#!php
ID );
$next_steps_links = isset( $custom[ 'next_steps_links' ][0] ) ? $custom[ 'next_steps_links' ][0] : '';
echo '';
echo 'This panel allows entering of text content for the “Next Steps” stage of the tool. ';
echo '';
wp_editor( $next_steps_links, 'next_steps_links_id', array(
'wpautop' => true,
'tinymce' => array(
'toolbar1' => 'bold,italic,bullist,link,unlink',
),
'media_buttons' => false,
'quicktags' => array(
'buttons' => 'strong,em,underline,ul,li,link'
),
'textarea_name' => 'next_steps_links',
'textarea_rows' => get_option('default_post_edit_rows', 10),
'teeny' => true,
) );
wp_editor( $next_steps_links, 'next_steps_links_id' );
echo ' ';
echo ' ';
}
add_action( 'add_meta_boxes', 'render_page_metaboxes' );
function render_page_metaboxes() {
add_meta_box( 'a_tools_next_steps_metabox', 'Next Steps', 'tools_next_steps_metabox', 'page', 'normal', 'low' );
}
}}}
I appreciate this is perhaps not the most helpful ticket but given that issue has been reported in the past there is obviously some circumstance where using metaboxes and the wp_editor on pages using the block editor results in the editor not getting activated on load when the wp_editor is in visual mode. On the pages where I have the error occurring I have tried disabling the block editor on those pages and the wp_editor works correctly when the block editor is disabled.
",rickcurran
Unpatched Bugs,55023,get_header() notice: Theme without header.php is deprecated,audrasjb*,Themes,5.9,normal,normal,Future Release,defect (bug),accepted,,2022-02-01T09:39:22Z,2024-01-15T17:31:23Z,"1) i had install 2022 theme on one of the multisite (site.alakh.co.in)
2) Overall theme works well. Just found one issue.
3) on my site's register/signup page (https://site.alakh.co.in/wp-signup.php). i see following error in header and footer.
error msg:
`Deprecated: Theme without header.php is deprecated since version 3.0.0 with no alternative available. Please include a header.php template in your theme. in .../wp-includes/functions.php on line 5516`
kindly help me in solving this issue.",kpdaa
Tickets Awaiting Review,55030,wp_enqueue_script( 'jquery-ui-autocomplete' ) - is enqueueing a bunch of extra scripts I don't need,,Script Loader,,normal,normal,Awaiting Review,defect (bug),new,,2022-02-01T16:56:14Z,2022-02-18T11:57:05Z,"When I enqueue default scripts located in WP, specifically
{{{#!php
bulk_upgrade( array( $plugin ) );}}} called, and any other update progress run on same time.
Eg: there are translations update exists and when contain errors on translations update, the plugin update tell that the plugin fail to download, but the plugins successfully updated.
",arrayiterator
Tickets Awaiting Review,55095,"Adding widgets to widget area with the classic editor in appearance => widgets, widget does not display on front-end (brand new widgets only))",,Widgets,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-02-06T09:25:11Z,2022-02-06T09:25:11Z,"Hi,
I have noticed that when trying to create and manage widgets in the classic editor using the view; appearance => widgets, that when you attempt to display the widget on the front-end of the website using dynamic_sidebar('sidebar-name'), that for some reason the widget does not display.
This only happens with brand new widget areas that have had no previous widgets assigned to them.
I then added a new widget to the same widget area in the customizer => widgets view, and the widget then displayed using dynamic_sidebar('sidebar-name'). This then showed both widgets added to the area, the widget i assigned in appearance => widgets, and the new one i just assinged in customizer => widgets. To be clear these widgets were exactly the same in both widget used and content assigned.
after doing this through the customizer, then adding another widget to the widget area in the appearance => widgets view, the updates are displaying on the front-end as you would expect.
I am using self-hosted a self-hosted WordPress website.
The widget I was trying to add to my website was a custom widget that, that followed the documentation in https://codex.wordpress.org/Widgets_API to the letter.",morgscode94
Tickets Awaiting Review,55106,Split publish_posts in publish_posts and publish_others_posts,,Role/Capability,,normal,normal,Awaiting Review,feature request,new,,2022-02-07T21:24:30Z,2022-02-08T08:10:48Z,"While working on a multisite blog I've found that several capabilities have an _others_ version, but is missing on the `publish_posts` capability.
This is important because you currently can't limit someone to publish only his/her own posts. It's all or nothing. Example: a newly added Author can publish a draft from the Administrator.
It can also be seen as a feature the other way around: when everyone has only `publish_others_posts` capabilities, every posts has to get a second pair of eyes before getting published.
**I suggest implementing:**
`publish_posts` - Controls whether objects of this type __owned by current user__ can be published. Set as default capability of Super Admin, Administrator, Editor, Author.
`publish_others_posts` - Controls whether objects of this type __owned by other users__ can be published. If the post type does not support an author, then this will behave like publish_posts. Set as default capability of Super Admin, Administrator, Editor.
",freakenstein
Tickets Awaiting Review,55107,List and Delete button to delete broken plugins,,Plugins,,normal,normal,Awaiting Review,enhancement,new,,2022-02-07T21:53:35Z,2022-02-08T10:28:19Z,"Much like we have for themes, there should be a list of broken plugins with an option to delete them directly from the admin panel.
Along the lines of this ticket ( #28165 ) but for plugins.",gmariani405
Tickets Awaiting Review,55110,In WordPress 5.9 Edit site navigation toggle tooltip issue,,General,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-02-08T06:09:01Z,2022-02-08T12:10:10Z,"In WordPress 5.9 Edit site navigation toggle tooltip are displayed when we select template from
edit site select dropdown list > browse all template > Single Post
",multidots1896
Tickets Awaiting Review,55112,Twenty Twenty-Two: Button design,,Bundled Theme,5.9,normal,trivial,Awaiting Review,enhancement,new,has-patch,2022-02-08T10:22:04Z,2022-02-08T14:44:45Z,"It seems button elements are not styled in Twenty Twenty-Two such as
{{{
Click
}}}
The browser default button appears with such code. It would be great if they have a style like other default themes.
",umchal
Tickets Awaiting Review,55126,Twenty Sixteen: Replace frontend jQuery usage with vanilla JS,sergiomdgomes,Bundled Theme,,normal,normal,Awaiting Review,enhancement,assigned,has-patch,2022-02-09T16:04:02Z,2023-05-19T09:06:26Z,"`jQuery` is a large library, at around 90KB uncompressed, or 30KB gzipped. To make matters worse, it's usually enqueued in the head, and thus becomes part of the critical path, delaying first paint and subsequent metrics.
Nowadays, the library is being enqueued for relatively little gain in many situations, given that the platform supports much of the functionality. Twenty Sixteen is an example of this, as it's relatively trivial to reimplement its functionality in native JS.
This ticket focuses on removing jQuery as a frontend dependency for Twenty Twelve - specifically the frontend, as for example in the Customizer `jQuery` is loaded anyway (and performance is a bit less of a concern there).
See also #54171 and #54172, which do the same for other themes.",sergiomdgomes
Tickets Awaiting Review,55128,"REST API /media leaves holes in the result, making it virtually impossible to paginate through them",,REST API,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-02-09T18:09:03Z,2022-02-09T18:09:03Z,"A request to the REST API for say /media?per_page=20 can unexpectedly return any number of results up to 20, including an empty array when there are more pages to follow.
This happens when some of the media library entries are attached to unpublished posts, and the media were added in the post, not directly to the media library.
Now it may be reasonable to omit these when not authenticated, but not by post-processing the array after it has been fetched from the database, as seems to be happening currently.
Doing that makes it extremely difficult to paginate through them, or to choose an appropriate page size. This is compounded by the fact that it is more likely the missing images will be near the beginning, as those are the ones less likely to have been published yet.
Consider just displaying a matrix of the thumbnails, as obtained from the API, 20 at a time. So you ask for a page of 20 and get 5. OK, let's get another page before returning it to the client: you get 18 this time, so you take the first 15 of those and along with the first 5 give those to the client. The user clicks ""show more"". Where do I start? I can't start on page 3 because there were some left over on page 2. But I have no idea where the gaps are so I can't set an appropriate offset - offset apparently _includes_ the missing entries! And there is no information about where the missing entries might be. Basically using offset is not possible.
The only solution is to start from the beginning every time, and then omit the first however many results already delivered to the client. This defeats the point of pagination, and gets slower and slower as they ask for more.
I could provide randomly more than they requested, up to some maximum (set as per_page), and work entirely in pages, noting the page number highwater mark on each request, each time fetching as many pages as needed to get some minimum number of images. This doesn't require starting again each time, but can also result in hundreds of API requests retrieving empty arrays each time if there are many unpublished images, which is also very slow. It also makes it impossible to work to a UI where the user specifies how many to retrieve at once.
Or I could work with page_size = 1, which means I can use page number where I would have liked to have used offset, but that is also very slow: at least 20 requests, probably many more to skip unpublished images, where I would expect only to need one request.
And it makes it much harder to implement either way, as the obviously intended implementation is to set offset to the currently retrieved images, and a number up to 100 as the page size, and just fetch that page.
",frankieandshadow
Tickets Awaiting Review,55139,TypeError: k is not iterable,,Editor,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-02-10T19:19:27Z,2022-02-10T19:19:27Z,"When I am in the block editor and try typing something in the box search get the below error, see image 01 and 02.
[[Image(https://inqmatic.com/wp-content/uploads/2022/02/image_01.png)]]
[[Image(https://inqmatic.com/wp-content/uploads/2022/02/image_02.png)]]
The error is:
{{{
TypeError: k is not iterable
at f (https://c0.wp.com/c/5.9/wp-includes/js/dist/block-editor.min.js:26:86949)
at https://c0.wp.com/c/5.9/wp-includes/js/dist/block-editor.min.js:26:86506
at Array.map ()
at m (https://c0.wp.com/c/5.9/wp-includes/js/dist/block-editor.min.js:26:86496)
at p (https://c0.wp.com/c/5.9/wp-includes/js/dist/block-editor.min.js:26:86043)
at https://c0.wp.com/c/5.9/wp-includes/js/dist/block-editor.min.js:12:14633
at Object.useMemo (https://c0.wp.com/c/5.9/wp-includes/js/dist/vendor/react-dom.min.js:220:462)
at c.useMemo (https://c0.wp.com/c/5.9/wp-includes/js/dist/vendor/react.min.js:30:236)
at Wg7J.t.a (https://c0.wp.com/c/5.9/wp-includes/js/dist/block-editor.min.js:12:14608)
at Le (https://c0.wp.com/c/5.9/wp-includes/js/dist/vendor/react-dom.min.js:100:3)
}}}
further, this error appear then update to wordpress 5.9.
Thanks.",zirtrex
Candidates for Closure,55140,Erase Personal Data Email Validation Issue,,Privacy,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-02-10T23:34:17Z,2022-09-27T14:11:42Z,"Erase Personal Data work fine with invalid username but not working with email.
When i added random text email auto inserted.
",ravipatel
Tickets Awaiting Review,55146,WP5.9 Customizer partially white-screens in Safari browser,,Customize,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-02-11T16:54:41Z,2022-02-11T17:07:42Z,"Running (Mac) Safari 13.1.2, WordPress 5.9, on multiple sites.
When loading the Customizer, I get a partial white screen – no left-column menu items (although the frame is there) and no page preview. Screenshot attached, and console error messages as follow:
{{{
[Error] Failed to load resource: the server responded with a status of 404 (Not Found) (gutenberg.css, line 0)
[Error] TypeError: o.addEventListener is not a function. (In 'o.addEventListener(""change"",function(e){r=e.matches})', 'o.addEventListener' is undefined)
(anonymous function) (load-scripts.php:6:132)
Global Code (load-scripts.php:6:111258)
[Error] TypeError: undefined is not an object (evaluating 'c.Panel.extend')
(anonymous function) (customize-nav-menus.min.js:2:10976)
Global Code (customize-nav-menus.min.js:2:45601)
[Error] TypeError: undefined is not an object (evaluating 'wp.customize.Control.extend')
Global Code (slider-customizer.js:1:92)
[Error] TypeError: undefined is not an object (evaluating 'wp.customize.Control.extend')
Global Code (slider-control.js:1:86)
[Error] TypeError: undefined is not an object (evaluating 'api.Control.extend')
(anonymous function) (spacing-customizer.js:4)
Global Code (spacing-customizer.js:160)
[Error] TypeError: undefined is not an object (evaluating 'api.Control.extend')
(anonymous function) (backgrounds-customizer.js:2)
Global Code (backgrounds-customizer.js:31)
[Error] TypeError: undefined is not an object (evaluating 'api.Control.extend')
(anonymous function) (copyright-customizer.js:2)
Global Code (copyright-customizer.js:12)
[Error] TypeError: undefined is not an object (evaluating 'api.Section.extend')
(anonymous function) (upsell-control.js:2)
Global Code (upsell-control.js:12)
[Error] TypeError: undefined is not an object (evaluating 'wp.customize.Control.extend')
s (customizer.js:1:121358)
(anonymous function) (customizer.js:1:131873)
o (customizer.js:1:863)
t (customizer.js:1:729)
(anonymous function) (customizer.js:1:1826)
Global Code (customizer.js:1:1829)
[Error] Error: Minified React error #200; visit https://reactjs.org/docs/error-decoder.html?invariant=200 for the full message or use the non-minified dev environment for full errors and additional helpful warnings.
(anonymous function) (react-dom.min.js:243:307)
[Error] TypeError: The superclass is not an object.
Oe (customize-widgets.min.js:2:28659)
ke (customize-widgets.min.js:2:32932)
(anonymous function) (customize.php:3105)
[Error] TypeError: undefined is not a function (near '...wp.customize.section...')
(anonymous function) (load-scripts.php:2:31711)
}}}
Selected Element
{{{
…
}}}
:Benjamin",schmedia@…
Tickets Awaiting Review,55147,WordPress Designers Stops Working due Incomplete Widget Settings,,Widgets,,normal,normal,Awaiting Review,defect (bug),new,,2022-02-11T17:06:06Z,2022-02-11T17:35:37Z,"I had a theme since wordpress 4 installed, and in some of the recent updates the WordPress Designer Mode was broken (Stops loading with Javascript error).
I finally found the rootcause which is array missing array settings for 2 widget zones in the widget theme config entry.
This was the entry I am talking about:
a:9:{s:19:""wp_inactive_widgets"";N;s:23:""himalayas_right_sidebar"";a:0:{}s:22:""himalayas_left_sidebar"";a:0:{}s:28:""himalayas_front_page_section"";a:0:{}s:32:""himalayas_error_404_page_sidebar"";a:0:{}s:28:""himalayas_footer_sidebar_one"";a:0:{}s:28:""himalayas_footer_sidebar_two"";i:8409;s:30:""himalayas_footer_sidebar_three"";i:8401;s:13:""array_version"";i:3;}
For two zones, the array entry is missng: a:0:{}
I corrected the entry manually in the database and the problem was fixed for me:
a:9:{s:19:""wp_inactive_widgets"";N;s:23:""himalayas_right_sidebar"";a:0:{}s:22:""himalayas_left_sidebar"";a:0:{}s:28:""himalayas_front_page_section"";a:0:{}s:32:""himalayas_error_404_page_sidebar"";a:0:{}s:28:""himalayas_footer_sidebar_one"";a:0:{}s:28:""himalayas_footer_sidebar_two"";a:0:{}i:8409;s:30:""himalayas_footer_sidebar_three"";a:0:{};i:8401;s:13:""array_version"";i:3;}
However there are certain areas where the existence of this Array is not checked causing unexpected errors.",deltaray
Candidates for Closure,55149,Secondary sites disappear from My Sites menu,,Toolbar,5.9,normal,major,Awaiting Review,defect (bug),new,reporter-feedback,2022-02-11T18:41:22Z,2023-04-25T20:21:22Z,"If you create a new multisite, only **Network Admin** and the **Main Site** appear in the **My Sites** dropdown, the secondary sites do not appear. To change to another Site you need to go to **My Sites > Network Admin > Dashboard** and then select **All Sites** in the **Sites** menu.
In old installations it works correctly, it only happens in new installations.
",jose64
Tickets Awaiting Review,55183,Twenty Thirteen: Table color not reflect on the frontpage,,Bundled Theme,5.4,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-02-17T08:31:44Z,2023-12-29T16:19:25Z,"Steps:
1. Switch theme to Twenty Thirteen
2. Create Table and change color after update
3. Check the frontpage
Add the video Link below:
[https://www.loom.com/share/6ce4c74eb3314d7bb593b0e7173e637b]",umesh84
Candidates for Closure,55193,login-form: Use the same id and class value between wp_login_form() and wp-login.php,,Login and Registration,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-02-18T05:57:43Z,2023-08-18T12:05:40Z,"Hi, below are the codes of login forms html output of `wp_login_form()` function, and wp-login.php page
{{{
}}}
{{{
}}}
Look into same field between the two html outputs, you can see most of the p, label, and input tag has different values of the css ids and classes.
for example:
wp_login_form():
{{{ }}}
wp-login.php:
{{{ }}}
the ids are the same, but
wp_login_form():
{{{}}}
wp-login.php:
{{{
}}}
the classes are different
Can you make the ids and classes same, so it will be easier for me to make the two login forms ( `wp_login_form()` and wp-login.php ) with consistent style?
",syshut
Tickets Awaiting Review,55200,Cannot add caption to images on mobile,,Media,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-02-19T01:05:50Z,2023-06-14T11:45:43Z,"On the mobile view of the admin section you cannot add ally text, captions, or descriptions to media uploads ",vincepettit
Candidates for Closure,55206,wp core api memory leaks,,Database,,normal,normal,Awaiting Review,defect (bug),assigned,dev-feedback,2022-02-20T05:37:43Z,2022-04-29T04:44:55Z,"I've experienced the following two memory leaks in WP core. One involves $wpdb when `SAVEQUERIES` is defined truthy, and the other involves `$wp_object_cache` growing as a consequence of calling core api functions that themselves save to the object cache. Both have happened for me in cases where I'm doing large batch processing involving thousands or tens of thousands of posts. I've had memory usage exceed 512MB and cause crashes.
I'm including unit tests here showing each memory leak and also the fix that I've used to prevent the memory leak and keep my batch jobs running.
{{{#!php
queries particularly has a tendency to blow up.
*/
class WP_Memory_Leak_Tests extends WP_UnitTestCase {
/**
* This tests a condition which exposes a memory leak in the WPDB class.
* If 'SAVEQUERIES' is defined as truthy, then the $wpdb->queries property
* can grow indefinitely.
*/
public function test_WPDB_Memory_Leak() {
// Once a constant is defined, it can't be undefined, it's often defined in dev or staging environments.
define( 'SAVEQUERIES', true );
// I'll just start my cron job to read the import file I've got. It's
// got a decent number of records.
$number_of_records = 1000;
global $wpdb;
$memory = memory_get_usage( true );
$peak = memory_get_peak_usage( true );
foreach ( [ 'first', 'second' ] as $pass ) {
// first pass through, we'll apply a fix for this memory leak.
// second pass through, we'll bypass the fix and the tests will fail.
for ( $i = 1; $i <= $number_of_records; $i ++ ) {
if ( 'first' === $pass ) {
$wpdb->queries = [];
}
// for this test, we'll do direct calls to $wpdb
$wpdb->query( $wpdb->prepare( ""SELECT * FROM $wpdb->posts WHERE ID = %d"", $i ) );
}
$this->assertEquals( $memory, memory_get_usage( true ), ""$pass pass"" );
$this->assertEquals( $peak, memory_get_peak_usage( true ), ""$pass pass"" );
}
}
/**
* This tests a condition which exposes a memory leak in wp cache API. If
* a large batch job attempts to do a lot of something that ends up caching
* things ( like, for example, get_post or wp_insert_post ), then unless
* the cache is flushed regularly, the memory usage grows indefinitely.
*/
public function test_WP_Cache_Memory_Leak() {
// I'll just start my cron job to read the import file I've got. It's
// got a decent number of records.
$number_of_records = 1000;
global $wpdb;
$memory = memory_get_usage( true );
$peak = memory_get_peak_usage( true );
foreach ( [ 'first', 'second' ] as $pass ) {
// first pass through, we'll apply a fix for this memory leak.
// second pass through, we'll bypass the fix and the tests will fail.
for ( $i = 1; $i <= $number_of_records; $i ++ ) {
if ( 'first' === $pass ) {
wp_cache_flush();
}
// Because our last test defined 'SAVEQUERIES', we need to
// always apply this fix, otherwise that memory leak manifests.
// With us doing a core API function `wp_insert_post`, the number
// of queries is quite large and memory __really__ grows.
$wpdb->queries = [];
// let's say we're inserting posts, maybe from an excel file.
// this caches some things, so $wp_object_cache grows.
wp_insert_post([
'post_type' => 'post',
'post_title' => ""post $i"",
'post_content' => ""pass $pass""
]);
}
$this->assertEquals( $memory, memory_get_usage( true ), ""$pass pass"" );
$this->assertEquals( $peak, memory_get_peak_usage( true ), ""$pass pass"" );
}
}
}
}}}
",sllimrovert
Tickets Awaiting Review,55261,"Add a ""file size"" column to the media library menu",,Media,,normal,normal,Awaiting Review,feature request,new,needs-docs,2022-02-25T20:00:22Z,2023-02-02T16:19:11Z,"One of the things I think should be placed in the core of WordPress is to display the size of various photos and files that are uploaded to the host through WordPress in the media library menu (as a column in the table to make comparison easier). After a while and by adding different files, we do not know which file gets the most size from the host and in general it is very good that the webmaster can easily view the size of different files to make site management easier because according to the experience, This Menu is one of the most sensitive WordPress menus and must be carefully monitored. You can add this feature using the code below ;
{{{#!php
initHooks();
}
/**
* Initialize Hooks.
*
* @author Siavash Ebrahimi
* @since 1.0
* @return void
*/
public function initHooks() {
// Register size column for media library table
add_filter( 'manage_media_columns', [ $this, 'registerSizeColumn' ], 15 );
add_action( 'manage_media_custom_column', [ $this, 'populateCustomColumns' ], 15, 2 );
add_action( 'added_post_meta', [ $this, 'addFileSizeMetadataToImages' ], 15, 4 );
add_filter( 'manage_upload_sortable_columns', [ $this, 'registerColumnSortableFileSize' ], 15 );
add_action( 'pre_get_posts', [ $this, 'sortableFileSizeSortingLogic' ], 15 );
}
/**
* Column sorting logic (query modification)
*
* @param $query
*/
public function sortableFileSizeSortingLogic( $query ) {
global $pagenow;
if ( is_admin() && 'upload.php' == $pagenow && $query->is_main_query() && ! empty( $_REQUEST['orderby'] ) && 'filesize' == $_REQUEST['orderby'] ) {
$query->set( 'order', 'ASC' );
$query->set( 'orderby', 'meta_value_num' );
$query->set( 'meta_key', 'filesize' );
if ( 'desc' == strtolower($_REQUEST['order']) ) {
$query->set( 'order', 'DSC' );
}
}
}
/**
* Make column sortable
*
* @param $columns
*
* @return mixed
*/
public function registerColumnSortableFileSize( $columns ) {
$columns['filesize'] = 'filesize';
return $columns;
}
/**
* Ensure file size meta gets added to new uploads
*
* @param $meta_id
* @param $post_id
* @param $meta_key
* @param $meta_value
*/
public function addFileSizeMetadataToImages( $meta_id, $post_id, $meta_key, $meta_value ) {
if ( '_wp_attachment_metadata' == $meta_key ) {
$file = get_attached_file( $post_id );
update_post_meta( $post_id, 'filesize', filesize( $file ) );
}
}
/**
* Populate media custom columns
*
* @return string
* @since 1.0
* @access public
*/
public function populateCustomColumns( $column_name, $post_id ) {
if ( 'filesize' == $column_name ) {
if ( ! get_post_meta( $post_id, 'filesize', true ) ) {
$file = get_attached_file( $post_id );
$file_size = filesize( $file );
update_post_meta( $post_id, 'filesize', $file_size );
} else {
$file_size = get_post_meta( $post_id, 'filesize', true );
}
echo size_format( $file_size, 2 );
}
}
/**
* Register size column
*
* @param array $cols
*
* @return mixed
* @since 1.0
*/
public function registerSizeColumn( $cols ) {
$cols['filesize'] = __( 'File Size' );
return $cols;
}
}
}}}
Then initialize the class :
{{{#!php
Settings -> Settings. (Should probably be renamed to General so that we do not have a Settings Settings screen.)
Here is a plugin: https://wordpress.org/plugins/multisite-multidomain-single-sign-on/",paaljoachim
Candidates for Closure,55268,Title Becomes Non-Editable,,General,5.9.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-02-26T23:39:51Z,2022-02-27T20:13:46Z,"Compose a new WordPress post or edit an existing post.
Place an imag on the post.
Click the image and edit the image caption.
From this point, the title becomes un-editable. You cannot click in the title, nor select text in the title. You can still edit content elsewhere in the post, but not the title. The title remains unable to edit until you leave the page and return to it or refresh it in the browser.",franklinveaux
Tickets Awaiting Review,55280,Unsupported operand types in Site Health,,Site Health,5.9.1,normal,normal,Awaiting Review,defect (bug),new,,2022-03-01T09:30:26Z,2024-02-27T09:04:35Z,"I get the following error:
{{{
AH01071: Got error 'PHP message: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string - int in [..]/wp-admin/includes/class-wp-site-health.php:2521
Stack trace:
0 [..]/wp-admin/includes/class-wp-site-health.php(1728): WP_Site_Health->has_missed_cron()
1 [..]/wp-admin/includes/class-wp-site-health.php(192): WP_Site_Health->get_test_scheduled_events()
2 [..]/wp-admin/includes/class-wp-site-health.php(137): WP_Site_Health->perform_test()
3 [..]/wp-includes/class-wp-hook.php(307): WP_Site_Health->enqueue_scripts()
4 [..]/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
5 [..]/wp-includes/plugin.php(474): WP_Hook->do_action()
6 [..]/wp-admin/admin-header....', referer: https://[..]/wp-admin/
}}}
This is on a WordPress 5.9.1 multisite running on PHP 8.0.13 which was just upgraded from WP 5.5.8/PHP 7.3.33.",lw5
Tickets Awaiting Review,55281,Twenty Twenty-One: Consider decreasing the selector specificity,,Bundled Theme,5.6,normal,normal,Awaiting Review,enhancement,new,,2022-03-01T10:08:37Z,2022-08-11T19:36:08Z,"There is a CSS selector that selects almost any `a` tags and applies white background on focus. This forces users to use at least 4 classes on elements to override by specificity and complicate the code. You can see mentioned selector and how it overrides the focus color of a button with 3 classes already in attached screenshots. Why such strong selector is used there, is it really necessary, can we remove it or decrease the specificity?",orkunaybek
Tickets Awaiting Review,55288,"Site Editor on 5.9.1 fails to find homepage template for FSE themes, on WP subdirectory installation",,Editor,5.9.3,normal,critical,Awaiting Review,defect (bug),new,dev-feedback,2022-03-01T18:47:29Z,2022-08-11T19:29:10Z,"I'm getting an error when launching the site editor on 5.9.1, stating “The editor is unable to find a block template for the homepage”. This happens on both Twenty-Twenty-Two and a custom FSE theme (otherwise functional, has templates/single.html and templates/index.html). **My WP installation is in a subdirectory**, using the [[https://github.com/roots/bedrock|Bedrock]] site structure, so the editor URL is `https://example.test/wp/wp-admin/themes.php?page=gutenberg-edit-site`
I've tried it on PHP 7.4.25 and 8.0.14. I've confirmed it still happens with all plugins deactivated.
Notably, activating the Gutenberg plugin version 12.6.1 eliminates the error and the editor loads correctly.
There are several other reports of the same error in this Twenty-Twenty-Two forum thread: https://wordpress.org/support/topic/the-editor-is-unable-to-find-a-block-template-for-the-homepage/
The error code output from the copy button is
{{{
Error: `getHomepageParams`: HTTP status error, 404
at https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:8766:13
at async getHomepageParams (https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:8762:20)
at async redirectToHomepage (https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:8797:28)
at async reinitializeEditor (https://example.test/wp/wp-includes/js/dist/edit-site.js?ver=403e01f2b098b6a656118a51787581cb:9067:5)
}}}
",andronocean
Tickets with Patches,55290,Not all image edits are applied to all subsizes,joedolson*,Media,,normal,normal,Future Release,defect (bug),accepted,needs-unit-tests,2022-03-01T22:05:28Z,2024-02-05T20:24:32Z,"When editing an image using the admin editor, not all edits are applied correctly to all image subsizes. Specifically, the problem occurs when an edit results in a smaller size than the defined image size. Given the following image subsizes, and the attached image.
{{{
=> array(6) {
[""thumbnail""]=>
array(3) {
[""width""]=>
int(150)
[""height""]=>
int(150)
[""crop""]=>
bool(true)
}
[""medium""]=>
array(3) {
[""width""]=>
int(300)
[""height""]=>
int(300)
[""crop""]=>
bool(false)
}
[""medium_large""]=>
array(3) {
[""width""]=>
int(768)
[""height""]=>
int(0)
[""crop""]=>
bool(false)
}
[""large""]=>
array(3) {
[""width""]=>
int(1024)
[""height""]=>
int(1024)
[""crop""]=>
bool(false)
}
[""1536x1536""]=>
array(3) {
[""width""]=>
int(1536)
[""height""]=>
int(1536)
[""crop""]=>
bool(false)
}
[""2048x2048""]=>
array(3) {
[""width""]=>
int(2048)
[""height""]=>
int(2048)
[""crop""]=>
bool(false)
}
}
}}}
''The defined sizes above are the ones coming by default with the setting provided below.
''
== Steps to replicate the problem:
1. Upload the image into your installation.
2. After the image is uploaded, click on edit to open the image editor or go to the image editor from within the media library.
3. Click on Edit image
4. Click on rotate image (either right or left) only once.
5. Make sure the changes are applied to all images by checking that the setting Apply changes to: All image sizes is set
6. Click on save
After the image is saved observe the changes were applied only to the following image sizes:
- `thumbnail`
- `medium`
- `large`
- `full`
The only size that was not updated as expected was:
- `medium_large`
== Setup
{{{
### wp-core ###
version: 5.9.1
site_language: en_US
user_language: en_US
timezone: +00:00
permalink: /%year%/%monthnum%/%day%/%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: open
environment_type: production
user_count: 1
dotorg_communication: true
### wp-paths-sizes ###
wordpress_path: /app
wordpress_size: 152.90 MB (160327567 bytes)
uploads_path: /app/wp-content/uploads
uploads_size: 22.75 MB (23851112 bytes)
themes_path: /app/wp-content/themes
themes_size: 6.47 MB (6780262 bytes)
plugins_path: /app/wp-content/plugins
plugins_size: 208.42 MB (218539593 bytes)
database_size: 3.96 MB (4149380 bytes)
total_size: 394.49 MB (413647914 bytes)
### wp-active-theme ###
name: Twenty Twenty-Two (twentytwentytwo)
version: 1.0 (latest version: 1.1)
author: the WordPress team
author_website: https://wordpress.org/
parent_theme: none
theme_features: core-block-patterns, post-thumbnails, responsive-embeds, editor-styles, html5, automatic-feed-links, block-templates, widgets-block-editor, wp-block-styles, editor-style
theme_path: /app/wp-content/themes/twentytwentytwo
auto_update: Disabled
### wp-themes-inactive (3) ###
Twenty Nineteen: version: 2.2, author: the WordPress team, Auto-updates disabled
Twenty Twenty: version: 1.9, author: the WordPress team, Auto-updates disabled
Twenty Twenty-One: version: 1.5, author: the WordPress team, Auto-updates disabled
### wp-plugins-inactive (1) ###
Performance Lab: version: 1.0.0-beta.1, author: WordPress Performance Group, Auto-updates disabled
### wp-media ###
image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1691
imagemagick_version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
imagick_version: 3.7.0
file_uploads: File uploads is turned off
post_max_size: 100M
upload_max_filesize: 100M
max_effective_size: 100 MB
max_file_uploads: 20
imagick_limits:
imagick::RESOURCETYPE_AREA: 122 MB
imagick::RESOURCETYPE_DISK: 1073741824
imagick::RESOURCETYPE_FILE: 786432
imagick::RESOURCETYPE_MAP: 512 MB
imagick::RESOURCETYPE_MEMORY: 256 MB
imagick::RESOURCETYPE_THREAD: 1
imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVIF, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DJVU, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, H, HALD, HDR, HEIC, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV
gd_version: bundled (2.1.0 compatible)
gd_formats: GIF, JPEG, PNG, WebP, BMP
ghostscript_version: 9.53.3
### wp-server ###
server_architecture: Linux 5.15.12-1-MANJARO x86_64
httpd_software: nginx/1.17.10
php_version: 7.4.28 64bit
php_sapi: fpm-fcgi
max_input_variables: 10000
time_limit: 3
memory_limit: 1G
max_input_time: 900
upload_max_filesize: 100M
php_post_max_size: 100M
curl_version: 7.74.0 OpenSSL/1.1.1k
suhosin: false
imagick_availability: true
pretty_permalinks: true
### wp-database ###
extension: mysqli
server_version: 10.3.27-MariaDB
client_version: mysqlnd 7.4.28
max_allowed_packet: 33554432
max_connections: 151
### wp-constants ###
WP_HOME: undefined
WP_SITEURL: undefined
WP_CONTENT_DIR: /app/wp-content
WP_PLUGIN_DIR: /app/wp-content/plugins
WP_MEMORY_LIMIT: 40M
WP_MAX_MEMORY_LIMIT: 1G
WP_DEBUG: true
WP_DEBUG_DISPLAY: true
WP_DEBUG_LOG: true
SCRIPT_DEBUG: false
WP_CACHE: false
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_ENVIRONMENT_TYPE: Undefined
DB_CHARSET: utf8mb4
DB_COLLATE: undefined
### wp-filesystem ###
wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
mu-plugins: writable
}}}
",mitogh
Tickets Awaiting Review,55306,"Before posts/pages listing if there multiple filter drop-downs, view of pagination buttons are not better looking.",,"Posts, Post Types",5.9.1,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-03-03T12:21:37Z,2022-04-27T11:50:32Z,"While working on multiple drop-downs for particular post type, I came to find this bug when there is pagination is involved, UI is slightly damaged.
Check the attachments for more details.
",haritpanchal
Unpatched Enhancements,55321,Adding new themes in releases without a global theme auto-update setting renders installations insecure,pbiron,Upgrade/Install,,normal,normal,Future Release,enhancement,assigned,,2022-03-05T01:23:28Z,2022-11-02T22:37:42Z,"I'm a member of a student organisation offering hosting to other student organisations at a Belgian university. Thanks to WordPress, organisation with a complete lack of technical ability are able to maintain a website, largely through enabling automatic updates of WordPress, its plugins and its themes.
I understand it's a conscious choice of WordPress to add a theme every year through its releases. While I'm personally not a huge fan of these themes being added, I understand there isn't much we can do about that. However, many of our organisations assume that once they have enabled auto-updates, they're largely safe from maintenance issues. This isn't the case however since our a twentytwentytwo has only been installed a few months ago and very recently received its first update.
There doesn't seem to be a global setting to enable all auto-updates or auto-updating for all themes anywhere in the web interface of WordPress. This will mean that we will have to email each organisation to try to explain what they have to do and how. This seems contradictory to the idea of WordPress being very user-friendly even for those with little technical skills.
I would therefore either recommend a global setting concerning auto-updates, or ending the practise of adding a new theme every year without user consent.",bertvandepoel
Tickets Awaiting Review,55323,When an image is edited the URL of the image is not updated,,Media,5.9.1,normal,normal,Awaiting Review,defect (bug),new,,2022-03-06T01:31:01Z,2022-03-07T19:34:24Z,"When an image is edited from the image editor, after an edit has been applied, the URL of the image is not updated due it always references back to the original image instead of referencing the image to the updated image (when the edit has been applied to all images sizes).
== Steps to replicate the problem.
1. Upload an image into the media library
2. After the image is uploaded into the media library click on Edit image
3. Apply an edit to the image, either rotate, flip or crop,
4. Make sure that the option is applied to all images sizes.
5. Click on Save
6. Observe how the URL of the image (see attached image), by clicking on Copy URL to the clipboard
7. Open the copied URL into a new tab the copied URL still references to the original image, and not the edited image instead.
",mitogh
Tickets Awaiting Review,55326,Conditional classes directives in formatting,,Formatting,5.9.1,normal,normal,Awaiting Review,feature request,new,,2022-03-06T18:01:43Z,2022-03-07T02:02:55Z,"Hey people,
I am here with a suggestion and core feature request for conditional classes directive for HTML class attribute. Similar to [Laraval conditional-classes](https://laravel.com/docs/9.x/blade#conditional-classes)
If this function is already available in WP then please let me know about it, I wasn't able to find a similar function.
There are many cases in development where we're creating a `$clasess` array variable and then with if-else or using conditional statements adding classes into it.
While working with PHP code the code/file format in files look good and it's easy to manage but sometimes with HTML and PHP combination writing inline if-else make the code/file format ugly. and we also have to repeat the escape and echo things again n again if we have a couple of conditional CSS to write.
I have created this custom code to use in my custom development, which allows passing set or array or single sting or strings with comma/space and then it conditional validate and output the string.
{{{#!php
$class_name ) {
// Check if array has integer key, which means no conditions
// are set for this class, if class is not empty then keep it.
if ( is_int( $key ) && is_string( $class_name ) && ! empty( $class_name ) ) {
$class_set[] = trim( $class_name );
} elseif ( ! empty( $class_name ) && ! empty( $key ) ) {
$class_set[] = trim( $key );
}
}
/**
* Filter array with empty values.
* Make array unique.
* Sanitize class name.
* Implode by space.
*/
$output = implode( ' ', array_map( 'sanitize_html_class', array_unique( array_filter( $class_set ) ) ) );
}
}
if ( $echo ) {
echo esc_attr( $output );
} else {
return esc_attr( $output );
}
}
}}}
so using this function we could save time to not write a few lines of if-else and keep the code look clean and simple as well, e.g.
{{{#!php
';
}}}
this will convert into this.
{{{#!php
has_post_thumbnail(),
'is-featured' => has_term( 'featured', 'category' ),
),
);
echo '
; // false is for returning the values.
}}}
however, it does not save too many lines but we are repeating things less and I feel it looks clean in code reading. :)
But this function can be very useful while writing mixed HTML and php.
{{{#!php
"">
}}}
{{{#!php
is_sidebar_active( 'right-sidebar' ) && is_sidebar_active( 'righleft-sidebar' ),
'col-md-8' => ! is_sidebar_active( 'right-sidebar' ) && is_sidebar_active( 'righleft-sidebar' ),
'col-md-8 md-offset-4' => is_sidebar_active( 'right-sidebar' ) && ! is_sidebar_active( 'righleft-sidebar' ),
'col-md-8 md-offset-2' => ! ( is_sidebar_active( 'right-sidebar' ) && is_sidebar_active( 'righleft-sidebar' ) ),
);
?>
"">
}}}
Please let me know what you people think about having a directive function for classes.
Thanks,",vijayhardaha
Tickets Awaiting Review,55329,add_clean_index function throws PHP notice error,,Upgrade/Install,,normal,normal,Awaiting Review,defect (bug),new,,2022-03-07T13:59:36Z,2022-03-08T17:45:01Z,"When I tried to add index for newly created column my error log filled with php notice 25 times because of the function `drop_index` which is called inside the function `add_clean_index`.
Sample snippet:
{{{#!php
base_prefix . 'defender_lockout_log';
$column_name = 'country_iso_code';
$create_ddl = ""ALTER TABLE {$table_name} ADD {$column_name} CHAR(2) DEFAULT NULL"";
maybe_add_column( $table_name, $column_name, $create_ddl );
add_clean_index( $table_name, $column_name );
}
}}}
Error:
{{{
[Mon Mar 07 18:45:40.809008 2022] [php:notice] [pid 1167] [client 127.0.0.1:48886] WordPress database error Can't DROP 'country_iso_code_1'; check that column/key exists for query ALTER TABLE `wp_defender_lockout_log` DROP INDEX `country_iso_code_1` made by require_once('wp-admin/network/admin.php'), require_once('wp-admin/admin.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('init'), WP_Hook->do_action, WP_Hook->apply_filters, WP_Defender\\Upgrader->run, WP_Defender\\Upgrader->upgrade_2_8_1, WP_Defender\\Upgrader->add_country_iso_code_column, add_clean_index, drop_index, referer: http://multi.test/wp-admin/network/update.php?action=upload-plugin&package=55&overwrite=update-plugin&_wpnonce=c8b371f5b8
}}}
----
Error log screenshot:
[https://i.postimg.cc/2jqsb3Z4/bug-report.png]
",gvgvgvijayan
Tickets Awaiting Review,55332,problem with quick comment discarded changes,,"Posts, Post Types",5.9.1,normal,minor,Awaiting Review,defect (bug),new,,2022-03-07T22:56:11Z,2023-08-09T15:08:12Z,"The function discardCommentChanges in js/edit-comments.js does not seem to be working as intended. When using the quick comment editor, the function is called when an edit is started, and it does nothing at that point as expected. But if you click away from the form, nothing stops you and you lose your comment changes.
On the other hand, if a plugin enqueues edit-comment.js, buddyboss-platform does (I don't know how/why), and you are editing a post (my attached example is an event venue), the function is triggered on update. With no comments involved, the original content is an empty string and the editied comment is undefined and that triggers the popup warning that changes might be lost.",LinuxArchitect
Slated for Next Release,55343,"Add Tooltip to ""Remember Me"" (WP Login Form)",rajinsharwar,Login and Registration,,normal,normal,6.6,enhancement,assigned,dev-feedback,2022-03-08T16:33:44Z,2024-02-12T14:59:54Z,"Currently, WordPress' login form has a checkbox labeled ""Remember Me.""
Over the years, there's been some debate over the verbiage used for ""Remember Me"" (say, versus ""Stay Logged In"" or ""Keep Me Logged In"") and what it really means.
To eliminate any confusion, this is to request the [https://ibb.co/fkqN7Vz /addition of a tooltip] next to ""Remember Me"" in the form of a question (?) mark. Further, the tooltip can offer a security warning to all users.
The content (text) for the tooltip could be:
""**Selecting Remember Me reduces the number of times you’ll be asked to log in using this device. To keep your account secure, use this option only on your personal devices.**""
Also, in anticipation that this enhancement request will be approved, I would like to recommend updating the [https://developer.wordpress.org/reference/functions/wp_login_form /affected codex page] for the login form to add a code snippet that will allow developers to change the content (text) of the tooltip to suit their needs.
The above would be a nice addition or update to WordPress' login form.
Thank you.",generosus
Unpatched Enhancements,55344,Resources for hidden widgets are loaded on WP dashboard,adamsilverstein*,Administration,,normal,normal,Future Release,feature request,accepted,,2022-03-08T17:39:03Z,2023-07-21T10:00:14Z,"When plugins are placing widgets on the WordPress dashboard and these are hidden via the Screen Options the resources of those widgets are still loaded.
In the Sources tab of the browser console this can easily be checked. I've noticed this with multiple plugins, so it looks like a core bug.
It would save resources and increase performance of the dashboard if hidden items are not loaded.
I've asked in the #performance Slack channel, where I was asked to create a ticket to report this as a bug.",josklever
Tickets Awaiting Review,55368,Handle ajax failure when doing actions on themes/plugins,,Administration,5.9.2,normal,normal,Awaiting Review,defect (bug),reopened,,2022-03-11T05:36:32Z,2022-05-30T17:21:05Z,"When maintenance mode is active or the server is unresponsive for any reason, there are some ui issues in ajax-related messages like:
- When trying to delete a plugin: ""Deleting..."" forever. No error shown.
- When trying to enable auto-updates on a plugin: ""Enabling..."" forever. ""The request could not be completed"" error is shown. Same for disabling.
- When trying to delete a theme: ""Deletion failed: undefined"" error shown.
- When trying to enable a theme: ""Enabling..."" forever. ""The request could not be completed."" error shown. Same for disabling.
Check the screenshots attached below.
I tried to stay short in title description but I'm not sure it's 100% clear.",mirkolofio
Tickets Awaiting Review,55390,Not able to choose Color picker in customizer when the blocks are added in widget,,Editor,5.9.2,normal,major,Awaiting Review,defect (bug),new,,2022-03-15T13:21:58Z,2022-03-16T09:17:28Z,"Hi Team,
I hope you are doing well and safe!
I would like to highlight an issue with the color picker in the customizer when using the blocks in widgets.
1. For choosing the custom color, whenever you click on the color selection, it will trigger a click event where it will ask you to leave the site or not?
Here is the screenshot: https://share.bsf.io/YEur81BW
2. The color selection palette is not properly displayed.
Here is the screenshot: https://share.bsf.io/wbuzJ0zq
Furthermore, I have gone ahead and found that this issue is coming from WordPress version 5.9.2
Also, I have demonstrated a video that would help you check it on your end too.
This issue is occurring on default themes as well as other famous themes as well.
Here is the screencast: https://share.bsf.io/yAuKoy2J
I would suggest you please check this on priority and release a patch for this issue, as users are facing lots of issues due to this.
Looking forward to your response.",nileshc
Tickets Awaiting Review,55404,"Twenty Twenty-Two, Site Edit, Group with Background Color Overflows Page Size on Mobile",,Bundled Theme,5.9.2,normal,minor,Awaiting Review,defect (bug),new,,2022-03-16T16:56:30Z,2022-03-16T18:38:56Z,"When you add a group block with a background color to a footer template in the full site editor, the group block will overflow the page on a mobile device by a few pixels. For example, on a device that is 360 pixels wide will have approximately 10 pixels of overflow. The offending party is this CSS code:
{{{
.wp-site-blocks .alignfull, .wp-site-blocks > .wp-block-group.has-background, .wp-site-blocks > .wp-block-cover, .wp-site-blocks > .wp-block-template-part > .wp-block-group.has-background, .wp-site-blocks > .wp-block-template-part > .wp-block-cover, body > .is-root-container > .wp-block-cover, body > .is-root-container > .wp-block-template-part > .wp-block-group.has-background, body > .is-root-container > .wp-block-template-part > .wp-block-cover, .is-root-container .wp-block[data-align=""full""] {
margin-left: calc(-1 * var(--wp--custom--spacing--outer)) !important;
margin-right: calc(-1 * var(--wp--custom--spacing--outer)) !important;
width: unset;
}
}}}
Where margin-right is the source of the problem. Turning that style off in my browser's developer console eliminates the extra space.",joshuanan
Tickets Awaiting Review,55409,"Comment link navigation positioning messed with comment, when i try option “break comment to 50 top level”",,Comments,5.9.2,normal,normal,Awaiting Review,defect (bug),new,,2022-03-17T03:51:08Z,2022-03-17T03:57:26Z,"Navigation on comment positioning is messed up. Check my screenshot here. https://prnt.sc/ErlX_M6nLwxL and here https://prnt.sc/OwxWUUTdMW_T and here https://prnt.sc/XZcJsPknS5zo
those screenshot is from my live site. everything is updated to latest version.
i also try to test it on local environment, the issue persist. ",mryudha
Tickets Awaiting Review,55413,on user save apostrophes cause wp_mail error,,Users,5.9.2,normal,normal,Awaiting Review,defect (bug),new,,2022-03-17T16:22:40Z,2022-05-30T10:54:28Z,"This is a follow-up to #18039.
On user save from the admin the input is not unslashed and so the
1. wordpress thinks that the email has changed, has it is compared against a unslashed value
2. it uses the slashed input which isn't a valid email address to send the email was changed message
Can we unslash the email input in the wp_insert_user and wp_update_user functions",dg12345
Candidates for Closure,55417,Text Highlighting Broken,,Editor,5.9.2,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-03-17T21:25:47Z,2022-03-19T03:35:13Z,"Trying to add a custom HEX, RGB, or HSL colors using the UI is just broken. Trying to input values or paste in values doesn't work. I have tried disabling all plugins and have tested it on multiple wordpress.org sites. Editing the value in the code editor still works, but it's just less convenient. Hopefully, this can get fixed next update, thanks!",notgeo
Tickets Needing Feedback,55437,Bugfix: Display correct theme in site editor,SergeyBiryukov,Themes,5.9,normal,normal,Future Release,defect (bug),reopened,dev-feedback,2022-03-22T03:31:29Z,2024-02-20T09:50:02Z,"Scenario:
Child themes inherit template parts from the parent theme but on the site editor page, the ""Added by"" column defaults to displaying the child theme even though the template parts are inherited from the parent.
This creates confusion as to where the actual templates are located.
Patch:
https://github.com/ptahdunbar/WordPress/commit/25bbf034af03c9a4ea33a79d01f4d9c079750344
Probably should look into _build_block_template_result_from_post() as well.
Possibly related to [52062]",ptahdunbar
Tickets Awaiting Review,55438,Flaky result when saving widgets in the Widgets Editor,,Widgets,,normal,normal,Awaiting Review,defect (bug),new,,2022-03-22T07:19:13Z,2022-03-31T09:47:43Z,"I discovered this while trying to migrate the [https://github.com/WordPress/gutenberg/blob/3b1674a147c8e943b0d3727e0f4cbe379c2d9922/packages/e2e-tests/specs/widgets/editing-widgets.test.js#L123-L233 editing-widgets] e2e tests in Gutenberg. I think the test is currently skipped for the same reason.
By un-skipping the test and running it several times, it sometimes fails at the last step where the snapshot doesn't match. It mysteriously contains a `wp_inactive_widgets: ''` field in the serialized result. I think the bug is from a race condition in the REST API. I managed to record a HAR file so that you can plug it in Chrome's devtools and inspect it.
I'm not familiar with the PHP side of the code, but it seems like sometimes a widget block won't be saved to the specified sidebar, and instead be put inside `wp_inactive_widgets`.
Maybe someone with more knowledge around this can help debugging it? Sorry that there's isn't a reliable reproduction steps though.",kevin940726
Candidates for Closure,55442,count(): Parameter must be an array or an object that implements Countable in /var/www/html/wp-includes/post-template.php on line 319,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-03-22T21:59:34Z,2022-03-22T23:41:57Z,"Call get_the_content() with no arguments and $post is null. If post is null then this is ran:
{{{#!php
$elements = compact( 'page', 'more', 'preview', 'pages', 'multipage' );
}}}
Associate array has keys with null values. Then on lin3 319 is
{{{#!php
if ( $elements['page'] > count( $elements['pages'] ) ) {
}}}
Which causes this notice:
{{{
Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/html/wp-includes/post-template.php on line 319 Notice: Trying to access array offset on value of type null in /var/www/html/wp-includes/post-template.php on line 325
}}}
",davidscpl
Tickets with Patches,55443,Create WebP sub-sizes and use for output,adamsilverstein,Media,6.0,normal,normal,Future Release,enhancement,reopened,needs-docs,2022-03-22T23:15:33Z,2023-03-02T18:51:15Z,"=== Summary
This ticket introduces core support for generating and using additional mime types for sub-sized image uploads, with a focus on the WebP format. In addition, it filters frontend content to use the modern format when available for an image. After this change, WordPress will generate and use WebP sub sizes by default when available.
Currently, when users upload images in a supported mime type like JPEG or WebP, WordPress creates sub-sized images of the same type for use on the front end. In WordPress 5.8 we introduced the `image_editor_output_format` filter to enable filtering the mime type used to save images.
This ticket introduces the capability to generate more than a single mime type. For example, when users upload JPEG images, WordPress can automatically generate both WebP and JPEG sub-sized images. Then WordPress can use the WebP images when serving up the front end. JPEG images are still being generated by default, to support other use-cases outside of common web browsers (e.g. email newsletters) where WebP may not be supported yet.
The above is only the default though - the behavior of which image formats are generated and used can be customized via filters.
=== New Filters
This patch introduces two new filters, one to control the mime types WordPress generates when you upload an image and one to control which image mime type is used for displaying images on the front end of the website.
==== Mime type image generation filter
This patch adds a new filter named `wp_upload_image_mime_transforms` (and similarly named function) that maps the upload image mime type to an array of one or more output mime types:
By default, the mapping is:
{{{
array(
'image/jpeg' => array( 'image/jpeg', 'image/webp' ),
'image/webp' => array( 'image/webp', 'image/jpeg' ),
);
}}}
The attachment id is also passed to the filter for context.
==== Mime type front end output filter
This patch adds a new filter `wp_content_image_mimes` for the front end that specifies the preferred format(s) to use for content output (as long as the image file is available). When outputting images in the content, the first mime type available will be used. The attachment id and context are also passed to the filter.
=== WebP as a default output format for images
On the front end, sites will benefit from using WebP in place of JPEG for their images. Research on https://github.com/WordPress/performance/issues/7 indicates images will average around a 30% overall file size reduction. This work also includes verifying the visual image quality of the output using [https://github.com/kornelski/dssim dssim].
=== Developers Note
The function `make_subsize` in both of core’s bundled WP_Image_Editor implementations (WP_Image_Editor_Imagick and WP_Image_Editor_GD) has been updated to accept a `$mime_type` parameter which in turn passed the mime type to the `_save` function (which already supports a `$mime_type` parameter). If your code implements `WP_Image_Editor::make_subsize()` make sure you update your function to support the `$mime_type` parameter.
Plugins that modify image use (CDN, S3) or already create alternate mime types should test integrating with the code on this ticket and consider supporting the new sources meta data.
=== How to Test
Test with this patch or the Performance Lab [https://wordpress.org/plugins/performance-lab/ plugin]
Create a post and upload a jpeg image, placing in the post
Publish the post and view it’s source code, the image URLs should be “.webp” images
=== Technical Details
* In src/wp-admin/includes/image.php::wp_create_image_subsizes:
loop through all of the mime types returned from the `wp_upload_image_mime_transforms` filter, generating sub-sized images for every mime format supported by the system. Default when a type isn’t mapped in the array is outputting in the mime type of the uploaded image.
* `_wp_get_primary_and_additional_mime_types` extracts the primary and additional mime types
* “Full” sized images are created for each mime type supported by the system with a `-{mime extension}` appended to the file name
* When images over `big_image_size_threshold` are uploaded, the primary image gets a `-scaled` suffix (unchanged), alternate types get a `-{mime extension}-scaled` suffix
* Similarly, alternate mime rotated images get a `-{mime extension}-rotated` suffix
* New image meta `sources` array stores each mime type created for each full sized image and for each sub-sized image - both the file name (`file`) and size (`filesize`) are stored.
* In src/wp-admin/includes/image.php::_wp_make_subsizes:
* Using a mapping (from the input file mime type) provided by `wp_upload_image_mime_transforms`, output sub sized images in one or more output mime types
* In src/wp-admin/includes/image.php
* Add a new function `wp_upload_image_mime_transforms` as well as a matching filter named `wp_upload_image_mime_transforms` . Returns an array with the list of valid mime types that a specific mime type should be converted into.
* In src/wp-includes/class-wp-image-editor-gd.php and src/wp-includes/class-wp-image-editor-imagick.php:
* Update `make_subsize` to accept a new `mime_type` parameter that gets passed to the `_save` function when set (which already has a mime_type parameter). Add the new parameter to internal function calls as well.
* In src/wp-includes/media.php: Adds new function `wp_image_use_alternate_mime_types` that is called for every image in `wp_filter_content_tags`. This function:
* Adds a new filter `wp_content_image_mimes` that returns the mime type(s) to try to use for output, in the order they should be tried. The default order to try is array( 'image/webp', 'image/jpeg' ), meaning if a WebP version of the image exists, WordPress will use that image for the image tag output
* Replaces all image components (including urls in the `src` and `srcset` attributes) when the same image is available in the preferred mime type
* Returning an empty array will skip any image mime type substitution ( ie. `add_filter( ‘wp_content_image_mimes’, ‘__return_empty_array’ );`
* In src/wp-includes/post.php::wp_delete_attachment_files:
* Delete additional mime type images referenced in the image meta root ‘sources’ array as well as each sizes->sources array when present. This ensures that additional mime images are cleaned up if the original image is deleted.
* In src/js/_enqueues/vendor/plupload/wp-plupload.js and src/js/_enqueues/vendor/plupload/handlers.js retry count is raised from 4 to 8. (Should this be filterable)? This change is to accommodate the larger potential number of images that need to be created. Note: needs to be changed in Gutenberg as well, see https://github.com/WordPress/gutenberg/blob/23f11a18726bf69717595451ab3250cb67b426f6/packages/api-fetch/src/middlewares/media-upload.js#L38
=== PHPUnit test changes
New sources data added to expected results in ` test_wp_generate_attachment_metadata_pdf`, `test_crop_setting_for_pdf`
Remove new `wp_content_image_mimes` filter for tests in tests/phpunit/tests/media.php
=== Todo items remain for this patch:
- Add tests for new filters `wp_content_image_mimes` and `wp_upload_image_mime_transforms`
- Add full sized alternate mime creation for PDF upload special handling, see https://github.com/WordPress/wordpress-develop/pull/2393/files#r832651580
- Add REST support from https://github.com/WordPress/performance/pull/224 (or in follow up ticket)
- Improve naming of rotated/cropped alternate mime images
",adamsilverstein
Tickets Awaiting Review,55449,"More filter options for searching theme's & plugins - ""Last updated"" / ""Test with my WP version"".",,Plugins,,normal,normal,Awaiting Review,enhancement,new,,2022-03-23T11:30:36Z,2022-03-23T11:30:36Z,"When I'm looking in WP to install a new theme/plugin I find it quite annoying that I'm unable to filter my search results a bit more.
When I'm looking for a new plugin for a certain goal, I would love to filter on two things.
1) If the plugin is tested or not (and working) on my current WP version.
2) If the plugin got a recent update. (Maybe this might be a setting the user can choose. Since, for some is recent 1 year and for others it's 1 month.)
I think these filter options, with maybe checkmarks ...? could fit nicely on where I placed green in the attached screenshot.
",NekoJonez
Unpatched Bugs,55452,`safecss_filter_attr` removes background-images with URL parameters,,Formatting,,normal,normal,Future Release,defect (bug),new,,2022-03-23T21:41:18Z,2022-04-20T20:22:16Z,"If you try to add a background-image using an inline style, and the URL has query parameters (specifically, an `&`), the background-image will be stripped from the content.
What seems to be happening: the `&` is encoded, and becomes `&`, and when `safecss_filter_attr` splits the `$css` into separate declarations, it does so just by [https://github.com/WordPress/wordpress-develop/blob/ee96cedcb891c6a6e5b7b30a6f1c247345161b88/src/wp-includes/kses.php#L2242 breaking on a semicolon], which breaks the URL value. For example, `background-image:url(https://fake.test/image.png?a=1&b=2);` becomes `background-image:url(https://fake.test/image.png?a=1&` and `b=2)`, and neither are valid CSS.
**To reproduce:**
Try adding this Media & Text block, which uses this image: [https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a005-scottw-465.jpg?w=1200&h=1200&fit=clip&crop=default&dpr=1&q=75&vib=3&con=3&usm=15&cs=srgb&bg=F4F4F3&ixlib=js-2.2.1&s=06d4e5a9962096a6010029591ae36198 https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a005-scottw-465.jpg?w=1200&h=1200…]
{{{
}}}
When you save and view the post, the background-image is gone.",ryelle
Tickets Awaiting Review,55454,clean_site_details_cache() doesn't clean all site caches,,Networks and Sites,4.7,low,minor,Awaiting Review,defect (bug),new,,2022-03-24T03:42:33Z,2022-07-20T07:39:54Z,"clean_site_details_cache() clear's two caches:
{{{
wp_cache_delete( $site_id, 'site-details' );
wp_cache_delete( $site_id, 'blog-details' );
}}}
https://github.com/WordPress/wordpress-develop/blob/0b800e21c311e302824e4a025946a6fdb4f6c794/src/wp-includes/ms-blogs.php#L322-L337
But there's a third used within `get_blog_details()` that's closely related to those two caches:
{{{
if ( $get_all ) {
$details = wp_cache_get( $blog_id . 'short', 'blog-details' );
} else {
$details = wp_cache_get( $blog_id, 'blog-details' );
}}}
One could argue that the `blog-details` caches are not related to the `site-details` caches, but one would expect that if it clears some of them, that it'll clear all of them.
`clean_blog_cache()` is a [https://developer.wordpress.org/reference/functions/clean_blog_cache/ much more comprehensive function] though:
{{{
wp_cache_delete( $blog_id, 'sites' );
wp_cache_delete( $blog_id, 'site-details' );
wp_cache_delete( $blog_id, 'blog-details' );
wp_cache_delete( $blog_id . 'short', 'blog-details' );
wp_cache_delete( $domain_path_key, 'blog-lookup' );
wp_cache_delete( $domain_path_key, 'blog-id-cache' );
wp_cache_delete( $blog_id, 'blog_meta' );
}}}",dd32
Tickets with Patches,55463,Add a limit to _prime_*_cache functions,spacedmonkey,Cache API,,normal,normal,Future Release,enhancement,assigned,dev-feedback,2022-03-25T12:18:10Z,2023-07-09T22:24:31Z,"The _prime_*_cache functions, like `_prime_post_cache` do a simple query to prime caches. This does a IN request to get all the objects. As we know the number of objects we wish returned, as have an array, we can add a simple LIMIT to the query to improve the performance of the query.
Example:
{{{#!php
$fresh_posts = $wpdb->get_results( sprintf( ""SELECT $wpdb->posts.* FROM $wpdb->posts WHERE ID IN (%s) LIMIT %d"", implode( ',', $non_cached_ids ), count( $non_cached_ids ) ) );
}}}
",spacedmonkey
Tickets Awaiting Review,55465,Fix hiding playlist buttons from Add Media modal dialog,,Media,5.9.2,normal,minor,Awaiting Review,defect (bug),new,has-patch,2022-03-25T17:31:46Z,2022-03-25T18:59:18Z,"==== How to reproduce
On a fresh installation of WordPress 5.9.2 with [[https://wordpress.org/plugins/classic-editor/|Classic Editor]] plugin enabled, add the following lines to the default theme's `functions.php`:
{{{#!php
""Block type frontend and editor script definition. It will be enqueued both in the editor and when viewing the content on the front of the site.""
From that description, I expect the `script` set in my block's `block.json` to load in the editor and on the front-end when my block is in use. I do not expect the script to load on the front-end when my block is not in use.
If I activate TwentyTwentyTwo, everything works as expected.
If I activate TwentyTwentyOne, my script appears on every front-end view, whether or not the block is loaded.
The cause of this can be tracked to `wp_should_load_separate_core_block_assets()`, which has a short description of:
> Checks whether separate styles should be loaded for core blocks on-render
This implies at the beginning of the function documentation that the function will only apply to **core** blocks.
The longer description helps a bit, but is muddied up in talking about core and third-party blocks separately when in reality it seems that they are treated the same. It mentions `block-library/style.css`, which itself implies this _might_ be talking about styles rather than all assets.
The filter inside the function, `should_load_separate_core_block_assets`, defaults to `false` for themes that are not FSE and has a short description of:
> Filters whether block styles should be loaded separately.
The longer description refers only to ""core block assets"".
-----
== Proposal
My guess is that we can't just change the filter to default to `true`, though that would be ideal. :)
I think the function docs could be clarified with something like:
{{{
/**
* Checks whether block assets should always load or only on-render.
*
* When this function returns true, block assets defined by the `script` and
* `style` properties in `block.json` are loaded on-render.
*
* When this function returns false, these block assets are always loaded,
* regardless of whether the block is rendered in a page.
*
* This only affects front end and not the block editor screens.
}}}
And the filter docs with something like:
{{{
* Filters whether block assets should always load or load only on-render.
*
* Returning false loads all block assets, regardless of whether they are rendered
* in a page or not. Returning true loads block assets only when they are rendered.
}}}
Previously #53505
",jeremyfelt
Tickets Awaiting Review,55488,Add a filter to array of allow ported number in multisite.,,Networks and Sites,,normal,normal,Awaiting Review,enhancement,new,,2022-03-30T13:39:42Z,2022-03-30T13:39:42Z,"The allowed port numbers to setup a multisite are fixed. See this line.
{{{#!php
if ( ( false !== $has_ports && ! in_array( $has_ports, array( ':80', ':443' ), true ) ) ) {
}}}
However, a site maintainer may want to change these values to help enable serving their multisite from a custom port.
This ticket is a breakout from #21077",spacedmonkey
Tickets Awaiting Review,55492,`Dismiss Errors` button alignment is not centered in Media Library.,,Media,5.9.2,normal,normal,Awaiting Review,defect (bug),reopened,has-patch,2022-03-31T04:20:58Z,2022-05-11T07:15:04Z,"When I drag/upload an SVG image in the Media library then it shows a mime types error and the ""Dismiss Errors"" button is not aligned properly.",iamjaydip
Tickets Awaiting Review,55494,Include only Sticky Posts bug,,Editor,5.9.2,normal,critical,Awaiting Review,defect (bug),new,,2022-03-31T09:22:20Z,2022-03-31T13:21:19Z,"Hi there, in wordpress 5.9 last version, using editor to compose pages template, you may verify that if in 'Query loop' block you choose to select and view only sticky posts, it does not work. It shows instead all posts. Even Include and Exclude options are not working.",ricoverato
Tickets Awaiting Review,55501,Multiple loader issue on admin general setting page.,,Administration,5.9.2,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-03-31T13:56:36Z,2023-10-26T20:18:00Z,"When you select a new language from the general settings page and click submit multiple times, multiple loader images are appended.
Step 1: Open settings -> general page
Step 2: Select a new language from the site language option.
Step 3: click the ""Save Changes"" button multiple times.",bhaveshkhadodara
Tickets Awaiting Review,55503,Post Date display issue if we set empty from General Settings page,,Date/Time,,normal,normal,Awaiting Review,defect (bug),new,,2022-03-31T14:04:23Z,2022-03-31T16:41:44Z,"Hello,
I have faced one issue with the post date field on the backend side.
If we set empty Date and Time format from the General Settings page then the post date will be empty displaying on the edit screen of an article(any post type).
We need to set any default date and time format to display or make the Date format and Time format field required. If any admin set it empty mistakenly then it will take hours to figure out the root cause of the issue.",rishishah
Tickets Awaiting Review,55509,CSS conflict in Custom Fields table,,Editor,5.9.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-03-31T21:33:26Z,2022-04-29T09:49:44Z,"When using the [https://wordpress.org/support/article/custom-fields/ Custom Fields] feature, there are two conflicting CSS styles.
More specifically the background-color in the following CSS bit:
{{{
#postcustomstuff table {
margin: 0;
width: 100%;
border: 1px solid #dcdcde;
border-spacing: 0;
background-color: #f6f7f7;
}
}}}
with the background-color in the following CSS bit:
{{{
.alternate, .striped > tbody > :nth-child(2n+1), ul.striped > :nth-child(2n+1) {
background-color: #f6f7f7;
}
}}}
resulting in all rows of the table in div#postcustomstuff to have the same background color (#f6f7f7)",princeofabyss
Tickets Awaiting Review,55515,About the problem that the php file of the theme editor and plugin editor cannot be edited in multi-site,,Networks and Sites,5.9.2,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-04-02T13:45:22Z,2022-04-02T14:30:49Z,"Nice to meet you.
Create a ticket for the first time. If you do not follow the rules, please let me know.
In multi-site, when editing with the theme editor and plugin editor of the management screen, the php file is in an uneditable state.
After verification, it was possible to solve it by changing the admin_url function on lines 552 to 562 of wp-admin / includes / file.php to the network_admin_url function.
https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/file.php#L552-L562
The problem is that I'm making a validation request containing wp_scrape_key for a php file, but even for multi-site the request is now sent to /wp-admin/theme-editor.php.
Therefore, when verifying wp_scrap_key, it will be redirected to /wp-admin/network/theme-editor.php and cannot be verified, resulting in loopback_request_failed that cannot be edited.
This seems to be happening at all multi-sites. If anyone knows, please let me know.",ishihara takashi
Tickets Awaiting Review,55521,Use dashicons-class in `wp_dashboard_quota` and `wp_dashboard_right_now`,,Administration,3.8,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-04-03T18:06:18Z,2023-12-01T08:06:21Z,"Proposal:
Replace hardcoded css-rules for each item in the `At a Glance`-widget, use dashicons-classes for each item. This makes adding new items to the widget easier, simply just add a `dashicons-before`-class the your new items.
Background:
So using `dashboard_glance_items` to add custom items to the post list is easy, but changing icons without adding new css with a file or inline to the admin views is hard, since the hardcoded rules overrides `dashicons-before` on my added items.
",kebbet
Tickets Awaiting Review,55534,Remaining image files after deleting them,,General,5.9.2,normal,critical,Awaiting Review,defect (bug),new,,2022-04-05T20:12:26Z,2022-04-05T21:34:40Z,"hi wordpress team!
I had a very strange problem yesterday that I did not even think about ...
As you know, after uploading images in WordPress, WordPress automatically creates several different sizes of it. For example, I uploaded over 200 product images to WooCommerce ... (on an unofficial site) After a long time, yesterday I decided to remove all products and their photos from within the WordPress media section And I did. **But after looking at the hosts and the uploads folder, I was surprised to see that all the images still remained in the upload folder.** In fact, in addition to the image uploaded in WordPress (WooCommerce products), there were 4 different sizes of each image in the upload folder.
I was really surprised by this ...
I tested this on several different websites and even my colleagues confirmed it. Please address this issue if possible. It is very, very important. thank you!",hoseinkh
Unpatched Enhancements,55535,Pre-populate Image Alt Text field with IPTC Photo Metadata Standard Alt Text,joedolson*,Media,,normal,minor,Future Release,enhancement,accepted,dev-feedback,2022-04-05T21:45:25Z,2024-02-05T20:52:37Z,"The IPTC Photo Metadata Standard includes the ability to embed Alt Text with a photo.
Seems like it would be helpful if WordPress would check for this data when an image is uploaded, and, if it exists, pre-populate the Alt Text field with it.
I could see this being especially useful for site owners who purchase stock photography; if the alt text is embedded with those images, it would save the site owner time, and it would also help ensure that an Alt Text itself is added -- and is an accurate description of the image (assuming the photographer or stock photo site actually enters a good description!).
http://www.iptc.org/std/photometadata/specification/IPTC-PhotoMetadata#alt-text-accessibility",eatingrules
Tickets Awaiting Review,55541,Update the styling for invalid form fields,,Administration,,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-04-07T10:58:42Z,2022-04-07T11:07:13Z,"Splitting this out from #47018.
In a few places in the admin, a red border (actually a border and a box-shadow) are added to some form controls when submitting the form with some empty values.
The style of this red border still uses some transparency and doesn't match any longer with the new style used, for example, for the focus style which is a 'solid' border with no transparency.
For consistency, the red 'error' style should be updated. Here's a few places where the red error style can be checked:
- The Categories and Tags pages.
- The Edit Comment page, see the date and time small form under 'Submitted on'.
- Same for the Classic Editor Edit post page.
- The Menus page > create a new menu.
See attached screenshots.",afercia
Candidates for Closure,55548,"Unchecked ""Uncategorized"" checkbox re-checks itself upon publish or update of a post",,Editor,5.9.3,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-04-08T21:02:10Z,2022-04-08T21:02:10Z,"A WordPress-based news website's editorial team has problems with the ""Uncategorized"" category.
1. They create a post and check the desired category and uncheck the default ""Uncategorized"" category.
2. Then they click ""Publish"".
3. At the last second during the Publish operation, the Block Editor unchecks the user-selected category and re-checks ""Uncategorized"".
4. Then they have to go back into the post and attempt to uncheck ""Uncategorized"" and recheck the desired category.
They have to do step 4 three or four times to get the result they want. Or they just use ""Quick Edit"" to change it in the post list.
It doesn't happen every time and is sometimes difficult to reproduce. But it happens often enough to be a problem. I cannot find a way to consistently reproduce it. Nor can I find any indication that this is a known issue with WordPress. It will happen with or without plugins enabled.
If there's no easy way to investigate or fix this in core, is there a way to add a script somewhere in the theme's functions.php or a jQuery script somewhere to ensure that ""Uncategorized"" *never* gets checked and that the originally-intended category remains checked? All the searches I do on Google for this topic ironically just reveal a bunch of posts on peoples' blogs that are set to ""Uncategorized"".",rcwatson
Tickets Awaiting Review,55553,update_blog_option should accept autoload parameter,,"Options, Meta APIs",5.9.3,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-04-10T21:22:46Z,2024-01-31T21:27:10Z,"The function update_blog_option doesn't accept any autoload parameter, even though it calls the function update_option that accepts an autoload parameter.",giuse
Tickets Awaiting Review,55582,cURL error 77 (no https to wordpress.org),,Plugins,5.9.3,normal,critical,Awaiting Review,defect (bug),new,,2022-04-16T10:29:47Z,2022-04-16T10:29:47Z,"In order to install or update a plugin, appropriate functions are called in the backend. They end up with the error mentioned above. WordPress 5.9.3 is installed. The updates and installations work in the CLI.
In den Einstellungen ist alles auf https umgestellt.
Warning: Ein unerwarteter Fehler ist aufgetreten. Es scheint etwas bei
WordPress.org oder mit dieser Serverkonfiguration nicht zu stimmen.
Sollte das Problem weiter bestehen, nutze bitte die Support-Foren.
(WordPress konnte keine sichere Verbindung zu WordPress.org herstellen.
Bitte kontaktiere deinen Server-Administrator.) in
...../public_html/wp-includes/update.php
on line 413 ",pferderausch
Tickets Awaiting Review,55583,"Hook before and after ""Add New"" button in edit screen",,"Posts, Post Types",6.0,normal,normal,Awaiting Review,enhancement,assigned,has-patch,2022-04-17T18:30:50Z,2022-04-17T18:30:50Z,"I need to add a new button after the ""Add New"" button but there is no hook placed.
**Example Usages:**
Add a button to manage bulk migration from other sources
[[Image(https://prnt.sc/cR-GdDNnVe6Z)]]",rafiq91
Tickets Awaiting Review,55584,Settings API autoload hook,,"Options, Meta APIs",,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-04-18T04:56:49Z,2023-08-31T17:43:17Z,"Currently all settings registered via Settings API is forced to enable autoload, There is no hook to replace this.
Lets imagine just for example:
1. all wordpress plugins is using this to register their settings data. but not delete this value during uninstall.
2. Average wodpress admin install then uninstall 50 plugins in their lifetime.
3. Average autoloaded setting is 100kb per plugin
there will be 5mb autoloaded options which not used anymore. that event is per pageload. Just imagine that. ",hir88en
Tickets Awaiting Review,55585,WordPress 5.9 wp-container styles introduce Cumulative Layout Shift,,Themes,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-04-18T06:05:00Z,2022-04-20T01:30:36Z,"I'm using the latest stable WordPress version and Generatepress theme which doesn't support the newest fullsite block editing and templates (like the majority of themes right now).
I understand that the new `wp-container-NUMBER` styles were added to allow better customization. But in the current implementation they’re cumbersome, repetative and introduce Cumulative Layout Shift.
First of all, repetative styles are not being bundled together. Styles are being defined even if they'll never be used (I don't have tags that use `alignleft` or `alignright` in those blocks). And it makes no point in defining tags if they have default values.
Default Gutenberg container block (at least for me) doesn't even have an option to change margins for child elements.
{{{
}}}
So a better output would be:
{{{
}}}
Or even no output at all, since those are default values.
Now to the topic of Cumilative Layout Shift. Currently `wp-container` inline styles are being output in the `wp_footer` action unless user theme supports newest templates feature. This results in the following behaviour during the loading (Default Social Block as an example):
[[Image(https://i.ibb.co/kmCtVVC/2-Annotation-2022-04-18-070146.png)]]
And after page is fully loaded it looks like it's intented to be:
[[Image(https://i.ibb.co/v3smntX/1-Annotation-2022-04-18-070139.png)]]
Those styles either should be output in the `wp_head` action or right before block tags.",rinart73
Tickets Awaiting Review,55596,Twenty Twenty-Two: font-smoothing antialiasing setting,,Bundled Theme,,normal,normal,Awaiting Review,enhancement,new,,2022-04-21T03:40:13Z,2022-06-14T19:14:11Z,"Currently, at the top of 2022's style.css, font-smoothing is enabled by default by the following:
`body {-moz-osx-font-smoothing: grayscale;-webkit-font-smoothing: antialiased; }`
Critics of such anti-aliasing font smoothing say that it actually degrades the clarity of fonts on computer screens, particularly dark text on a light background. It switches rendering from subpixel-rendering to pixel level rendering:
https://usabilitypost.com/2012/11/05/stop-fixing-font-smoothing/
https://github.com/google/fonts/issues/1170
Perhaps, font-smoothing should not be enabled by default in the default WordPress theme.
Cheers, Sam
",happysadhu
Tickets Awaiting Review,55600,Can't save registered post meta field of type string that equals registered default value via REST API,,"Options, Meta APIs",,normal,normal,Awaiting Review,defect (bug),new,,2022-04-21T13:47:24Z,2022-04-21T13:47:24Z,"== Current behaviour
Currently if you register a post meta key as string and set a default value:
{{{
register_post_meta(
'my_cpt,
'my_meta',
[
'show_in_rest' => true,
'single' => true,
'type' => 'string',
'default' => 'foo'
]
);
}}}
and then save the default value it is not actually being written to the database.
If you save any other type, e.g. a boolean
{{{
register_post_meta(
'my_cpt,
'my_meta',
[
'show_in_rest' => true,
'single' => true,
'type' => 'boolean',
'default' => true
]
);
}}}
it is being written to the database.
Also not saving via the REST API, but via `update_metadata()` works for strings.
== What seems to happen
The problem seems to happen like this:
- Post meta is only saved if it differs from the currently stored value.
- So before saving each field the new value is compared with the stored value.
- When doing so the assumption is (rightfully) that all stored data is a string since that is how post meta is stored in the DB.
- If the key doesn't exist though, the comparison happens with the default value.
- The default value though isn't necessarily a string, but is handled as such in the strict equality check.
- So the strict equality check fails on anything but a string field.
**-> String fields can't save the default value, anything else can.**
== How did it come to this?
I am not absolutely sure what is actually the intended behavior, but I assume if there is nothing stored in the DB the value should be saved, even if it equals the default.
I assume this because the behavior of `update_metadata()` [https://core.trac.wordpress.org/changeset/48402 got changed] to only consider DB data, not default values for the comparison by retrieving the stored data using `get_metadata_raw()` instead of `get_metadata()`.
`WP_REST_Meta_Fields` duplicates some of the checks in `update_metadata()` ([https://github.com/WordPress/wordpress-develop/blob/14d9ca8da64688f799695eb9683e6ac8166cd4ee/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php#L382 even explicitly states that in a comment]) but `WP_REST_Meta_Fields::update_meta_value()` (and some other places in that class) didn't get the change to use `get_metadata_raw()` instead of `get_metadata()`.
I assume this got overlooked when introducing the default metadata values in https://core.trac.wordpress.org/changeset/48402
It seems that replacing get_metadata with get_metadata_raw in that class should fix the issue, but I haven't found time yet to prepare a patch, so I thought I'd at least document the issue for now to see if someone else finds time for a fix before me.",kraftner
Slated for Next Release,55603,PHP 8.2: address deprecation of the utf8_encode() and utf8_decode() functions,hellofromTonya,General,6.0,normal,normal,6.6,task (blessed),assigned,dev-feedback,2022-04-21T19:24:21Z,2024-03-23T09:15:29Z,"== Context
The [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode PHP RFC to remove the `utf8_encode()` and `utf8_decode()` functions] from PHP in PHP 9.0 has recently been accepted.
This means in effect that as of PHP 8.2, those functions will be deprecated and a deprecation notice will be thrown whenever they are called.
The reasoning behind the deprecation and removal is that these functions are confusing and rarely used correctly.
See the [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode#usage Usage section] of the RFC for an analysis of the various (mostly incorrect) uses of the functions.
== The Problem
The [https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode#alternatives_to_removed_functionality typical replacements for these functions] are using the [https://www.php.net/manual/en/book.mbstring.php MBString extension] and/or the [https://www.php.net/manual/en/book.iconv.php Iconv extension].
As these extensions are both ''optional'' extensions in PHP, they cannot be relied on to be available in an open source context.
WordPress uses the `utf8_encode()` function a few times in the codebase:
* 1 x `utf8_encode()` in `src/wp-admin/includes/export.php`
* 2 x `utf8_encode()` in `src/wp-admin/includes/image.php`
* 1 x `utf8_encode()` in `tests/phpunit/tests/kses/php`
Aside from that the external dependency [https://github.com/JamesHeinrich/getID3 GetID3] also uses both these functions a number of times.
A search of the plugin and theme directory shows more worrying results with a plenitude of matches:
* [https://wpdirectory.net/search/01G16P0SWHB37G2965MP8R4ZYK 11247 matches in 3315 plugins], including 15 plugins with over a million installs.
* [https://wpdirectory.net/search/01G16P2K39TQ538M9KRTVXT4CA 40 matches in 22 themes].
== Options
So, what are the options we have ?
In my opinion, especially seeing how these functions are used so often in plugins, there are only two realistic options:
=== 1. We could polyfill these functions.
While some functions which may not be available are polyfilled by WP, this is generally only done to have access to ''new'' PHP functionality or to allow for using functions which require certain optional extensions to be enabled.
As far as I know, no PHP native function has ever been polyfilled due to it being removed from PHP.
**Pro**:
Relatively simple solution and everything keeps working (deprecation notices will still show when running on PHP 8.x, though these could silenced).
**Con**:
As most uses of these functions are likely to be incorrect usage (especially in plugins), these ""bugs"" will remain and not be reviewed or addressed, undercutting the improvement PHP is trying to make.
=== 2. We could make the MbString (or the Iconv) extension a requirement
At this moment, [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-site-health.php#L876 both the MbString as well as the Iconv extension are recommended, but not required by WP].
A couple of MbString functions are also polyfilled in WP, so now might be a good time to make the MbString extension a requirement for WP.
**Pro**:
MbString being available will allow for fixing the deprecations in a forward-compatible manner. It will also allow for other code improvements to be made to improve WPs support for languages using non-latin based scripts.
**Con**:
A new requirement would be added to WP which should not be taken lightly. At the same time, it should be noted that MbString is generally enabled already anyway, so this will impact only a small percentage of users.
==== Why MbString instead of Iconv ?
While both are included (though not enabled) by default with PHP, Iconv [https://www.php.net/manual/en/iconv.requirements.php requires the `libiconv` library], which may not be available, while MbString has [https://www.php.net/manual/en/mbstring.requirements.php no external dependencies].
MbString is [https://www.php.net/manual/en/mbstring.installation.php not enabled by default in PHP], but generally ''is'' enabled in practice.
[https://www.php.net/manual/en/mbstring.installation.php Iconv is enabled by default] in PHP, but can be disabled.
Having said that, MbString offers much more functionality than the limited functionality offered by Iconv and - as indicated by a number of functions being polyfilled - is already in use in WP.
Still, it would be helpful if someone with access to the underlying statistics data collected by WP could add figures to this issue showing how often either extension is enabled on systems running WP.
== Recommendation
I'd strongly recommend option 2, but would like to hear the opinions of additional Core devs.
== Action lists
=== General
- [ ] Report the issue to GetID3
=== Action list for option 1
- [ ] Polyfill the functions.
- [ ] Review the uses of the functions in WP Core anyhow to see if those could/should be removed/the code using them should be refactored.
- [ ] Add a note about the polyfills in a dev-note with a recommendation for plugin/theme authors to review their use of these functions anyhow.
=== Action list for option 2
- [ ] Make the MbString a requirement for installing WP/in the WP bootstrapping.
- [ ] Change the MbString extension from optional to required in the Site Health component.
- [ ] Remove the current MbString related polyfills from the `compat.php` file.
- [ ] Review the uses of the functions in WP Core and replace with more appropriate alternatives.
- [ ] Add a note about the deprecation in the PHP 8.2 dev-note with a recommendation for plugin/theme authors to review their use of these functions and noting that the MbString extension can be relied upon to be available (as of WP 6.1).
",jrf
Candidates for Closure,55607,wp-config overrides of WP_HOME and WP_SITEURL are forgotten when installing MultiSite.,,Networks and Sites,3.0,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-04-22T18:37:42Z,2022-12-03T20:03:10Z,"The chain of events I encountered when playing with WordPress on my home server.
1. Installed WP successfully.
2. I changed the two URL settings to the wrong value by accident.
3. Tried logging back into the admin panel, but I kept being redirected to the wrong place, the one I had mis-typed.
4. Google'd for a fix that would avoid my having to reinstall from scratch and found you can override these two settings in wp-config. I added the correct values for WP_HOME and WP_SITEURL.
5. Finding access to my website restored, I forgot about the two settings editable on the setting panel.
6. I switched on Multi-Site by setting WP_ALLOW_MULTISITE in wp-config.
7. I followed the Network-Setup panel, opting for subfolders. (The sample code to paste into wp-config had the correct name for DOMAIN_CURRENT_SITE.)
8. I followed the instructions to update both wp-config and .htaccess.
9. I went to the login page and saw the page layout was all messed up. Investigating, I found the CSS etc links were all to the mistyped URL I had typed back in step 2.
Note, after restoring the htaccess and wp-config (but keeping my WP_HOME and WP_SITEURL changes) I found I could not update the wrong settings in the DB, as both text boxes were greyed out.
WP multi-site appears to have some reference one of the two URL settings in the database. This should defer to the replacement settings in wp-config.",billpg
Tickets Awaiting Review,55618,combine/concatenate enqueued relative js/css,,Script Loader,,normal,normal,Awaiting Review,feature request,new,,2022-04-25T22:33:12Z,2022-04-25T22:33:12Z,"What everybody is looking for nowadays is to optimize the speed of websites and one of the ways is to compress/optimize/combine jss/css files.
There are many plugins to do that but many of them are clunky or load multiple versions in different pages which doesn't improve the speed.
I think the combining part should be done by the application, and if it's done through the WP core it would be better, like with load-scripts.php in the admin panel.
One way to do it is to combine js/css that have been enqueued using relative paths, and keep a hash of each, then keep a hash of all hashes - or simply timestamps.
for example
wp-content/themes/XX/style.css -> timestamp of it
wp-content/plugins/XX/whatever.css -> timestamp of it
save as 1 transient all paths+timestamps above as key and as value the combined css
Propose to serve it dynamically or statically by either serving the content through a php file (like i think it was done in the admin panel) or saving the combined version in a cache folder (would probably need a hashing for the filename).
+ checking regularly through the wp-cron that they didn't change. Instead of timestamp it could be hashes (propose 2 different hashing, timestamp check only is much faster, or $ver+timestamp, $ver, $ver+hash etc).
If served dynamically also allow to set the expiration.
And add options to refresh(force to resave)/clear (in db only)/purge (also delete local cache files).
You could also integrate some of the logic of load-styles load-scripts, this was an example.",briandd
Tickets Awaiting Review,55630,add array input to meta_query key,,Query,5.9.3,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-04-27T14:55:34Z,2022-04-27T15:06:37Z,"use :
{{{
'meta_query' => array(
'relation' => 'OR',
array(
'key' => ['meta_key_1' , 'meta_key_2', 'meta_key_3'],
'value' => 23,
),
);
}}}
Instead of this :
{{{
'meta_query' => array(
'relation' => 'OR',
array(
'key' => 'meta_key_1',
'value' => 23,
),
array(
'key' => 'meta_key_2',
'value' => 23,
),
array(
'key' => 'meta_key_3',
'value' => 23,
),
);
}}}
",hossin277
Tickets Awaiting Review,55639,Implement Async CSS,,General,,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-04-28T10:14:06Z,2022-05-12T19:09:57Z,"Initially created as a Performance Lab issue: https://github.com/WordPress/performance/issues/120 by @dainemawer. Copied description below:
Another pattern to possibly follow is Asynchronous CSS - this was suggested by the Filament Group at some point and has had some decent results: https://www.filamentgroup.com/lab/load-css-simpler/
It is slightly hacky, but it involves loading CSS files with media attribute set to print - this allows the browser to load the stylesheet in a non render block fashion. Using the onload attribute, we can set media back to all so that the stylesheet is applied as one would expect. As fallback, the original link is included in a a tag incase JS borks out:
{{{
}}}
This could possibly be an extension of wp_enqueue_style by adding another parameter:
{{{#!php
}}}
",mihaidumitrascu
Tickets with Patches,55645,Docs: Improve the documentation for `plugins_api()`.,,Plugins,2.7,normal,normal,Future Release,task (blessed),new,has-patch,2022-05-02T02:23:02Z,2024-02-19T20:37:31Z,"The docblock for [https://developer.wordpress.org/reference/functions/plugins_api/ plugins_api()] needs some improvement, including:
- it does not document the make-up of possible return values.
- it has a self-reference in the `@return` annotation.
Related ticket: #55480",costdev
Tickets Awaiting Review,55660,Twenty Twenty Two: Empty index.php breaks bbPress; consider including generic template loop?,,Bundled Theme,,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-05-02T23:19:31Z,2023-09-09T09:30:36Z,"Twenty Twenty Two currently breaks bbPress; including a generic index.php would prevent this without inhibiting it's original intent.
I.e. https://wordpress.org/support/topic/blank-topic-pages-on-bbpress-while-using-twenty-twenty-two-theme/#post-15610502
Or perhaps this is not the place for this, and bbPress can sense and compensate for block theme incompatibility? ",Steveorevo
Tickets Awaiting Review,55662,Eliminating magic numbers,,General,,normal,normal,Awaiting Review,enhancement,new,,2022-05-03T07:49:31Z,2022-05-03T14:43:08Z,"Magic numbers in code are unique values with unexplainable meaning. These numbers can be confusing to the reader. To learn more, see: https://en.wikipedia.org/wiki/Magic_number_(programming)
Using this example:
`$max_filesize = 5 * 1024 * 1024`;
A common way to eliminate those numbers is by using either comments or constants. Example:
`$max_filesize = 5 * 1024 * 1024; // 5 MB`
`$max_filesize = 5 * MB_IN_BYTES;`
WordPress counts at least 20 instances of using `1024` in PHP, either meaning filesize, screen, or image dimensions. Using constant definitions would instantly differentiate their meaning when browsing the code.
Another example is `fileupload_maxk`, which defaults to `1500`. If we define that size using a constant, we could easily update all related instances without having to inspect those manually: simply by updating the constant value. This cohesiveness aids in reducing regressions. ",Cybr
Tickets Awaiting Review,55663,CSS theme and features themes is buggy,,Networks and Sites,5.9.3,normal,normal,Awaiting Review,defect (bug),new,,2022-05-03T09:19:07Z,2022-05-03T09:19:07Z,"Hello,
To explain my problem, I created a multi-site network and I want to use a theme, or even divi, the WordPress CSS is buggy.
Then I installed Divi (the theme) and when I go to validate my license (in the options), there is no divi css, but this: https://prnt.sc/ElUkmp_zXBPW
But even with the default theme ""Twenty Twenty-Two"", I have this same problem: https://prnt.sc/j1BRIO8yU85I
While on the main site, there are no CSS bugs.
Is this normal, is it still recommended to use the network?
Thank you for your reply",valentindu62
Tickets Awaiting Review,55665,Remove unused margin when post-body-content is empty,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,,2022-05-03T14:06:18Z,2022-05-06T15:25:33Z,"I created a custom post type that does not support any fields (support argument in $args)
It's just a metabox inside
But on the page to add that post (add-new post in wp-admin), there is an unused margin in , which creates a space at the top of the page that is related to the tag with the post-body-content ID.
I suggest deleting this margin if this tag is empty.
thank you
[[Image(https://i.imgur.com/fFhFWiT.png)]]",myousefi08
Tickets Awaiting Review,55672,"Media endpoint allows multiple media types on request, but only returns image in response",,REST API,6.0,normal,minor,Awaiting Review,enhancement,new,,2022-05-04T08:40:46Z,2022-05-04T08:40:46Z,"The REST API for attachments (`/wp-json/wp/v2/media/`) allows to search for specific types based on `get_allowed_mime_types()`, giving a full range of types to be used.
However the response of the same endpoint only returns 'image' or 'file' (aka everything else).
This causes issues when requesting multiple types, since it won't be possible to differentiate them by type anymore (mime type is still correct). It's an issue I found while building a custom editor (Gutenberg) block which can handle multiple types (image, video, audio and pdf)
Code which causes the issue:
{{{
if ( in_array( 'media_type', $fields, true ) ) {
$data['media_type'] = wp_attachment_is_image( $post->ID ) ? 'image' : 'file';
}
}}}
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php#L756-L758
**Workaround:**
At the moment I use a workaround which modifies the REST response.
{{{
function get_real_media_type($post_id)
{
switch (true) {
case wp_attachment_is('image', $post_id):
return 'image';
case wp_attachment_is('video', $post_id):
return 'video';
case wp_attachment_is('audio', $post_id):
return 'audio';
case wp_attachment_is('pdf', $post_id):
return 'pdf';
// add more types?
// when no predefined type, return 'file'
default:
return 'file';
}
}
add_filter('rest_prepare_attachment', function ($response, $post, $request) {
if (
is_object($response)
&& property_exists($response, 'data')
&& array_key_exists('media_type', $response->data)
) {
$response->data['media_type'] = get_real_media_type($response->data['id']);
}
return $response;
}, 10, 3);
}}}
**Solution:**
Extend the response code for media files to include more different media types, instead of only 'image' and 'file'.
This **shouldn't** cause any backwards compatibility issues, since 'image' will still work and 'file' will still be there in case it's a non-standard type.",grezvany13nl
Tickets Awaiting Review,55675,Improve performance Themes REST API endpoint,,REST API,,normal,normal,Awaiting Review,enhancement,new,,2022-05-04T13:19:08Z,2022-05-19T13:06:11Z,"await wp.apiFetch({ path: 'wp/v2/themes?_envelope'});
The first time you call it, we have 2 duplicated queries.
The second time you call it, we have 1 duplicated query.
",furi3r
Tickets Awaiting Review,55685,Date setting should have two more options: j.n.Y and d.m.Y,,Date/Time,5.9.3,normal,normal,Awaiting Review,enhancement,new,,2022-05-05T14:39:41Z,2022-05-05T18:30:39Z,"Everytime I set up a WordPress site, I have to consult the PHP date formatting rules to get the site to show dates in the way that is standard in much of Europe, Post-Soviet countries, and many other places: `j.n.Y`. That is, 31.12.2022 for the last day of this year, or 5.5.2022 for today, with no leading zeroes.
This is a shortened way of the official `d.m.Y`, which shows 05.05.2022 for today, with leading zeroes. Most of the time I see all types of organizations and individuals prefer the shorter version without leading zeroes, but this official notation has plenty of users as well.
Both would be so helpful for so many users to have as one-click options in the site's General Settings page that I think it'd be great to add them there.
**More info**
https://en.wikipedia.org/wiki/Date_and_time_notation_in_Europe
https://en.wikipedia.org/wiki/Date_format_by_country
Searching the latter page for ""d.m"" finds 36 countries where either of these formats is in widespread usage. The combined population of these countries is approx. a billion people (e.g. Russia, Germany, Ukraine, Turkey, Israel, Poland). In addition to these, the list shows approx. 100 countries following the DMY order of date representation, without specifying the separators (dots ""."" or otherwise). The combined population in countries using j.n.Y or d.m.Y representations of dates might be well in excess of 1 billion people.",Daedalon
Candidates for Closure,55691,New site editor uses WP_SITEURL instead of WP_HOME,audrasjb,Themes,5.9,normal,normal,Awaiting Review,defect (bug),reviewing,reporter-feedback,2022-05-06T19:10:55Z,2023-03-01T16:39:35Z,"For my development environment I just installed a fresh copy of WordPress using Bedrock and Docker.
With this combination, my WP_HOME (http://wordpress.localhost) is different from my WP_SITEURL (http://wordpress.localhost/wp).
When I want to run the new Editor under ""Appearance"" I get the error message ""The editor is unable to find a block template for the homepage.""
Further debugging revealed, that the URL http://wordpress.localhost/wp/?_wp-find-template=true is requested which results in a 404 response.
For this setup, the URL http://wordpress.localhost/?_wp-find-template=true should be called instead as the whole site is reached under the URL http://wordpress.localhost and therefore can supply the requested information.",saijsaij
Candidates for Closure,55733,Add option to sort Pages by Slug,,"Posts, Post Types",5.9.3,normal,normal,Awaiting Review,feature request,new,close,2022-05-14T14:49:12Z,2022-05-15T16:05:45Z,"Please add an option to sort list of Pages by Slug (that is, make the Slug column sortable).
Right now, for some reason, WordPress only offers to sort by Title - which is of useless as Title is just a SEO-formatted blurb that's irrelevant for a meaningful sort order.
(Yes, I'm aware of a free plug-in - that appeared just 3 months ago - that allows to sort by slug. Still, this essential feature must be in core WordPress functionality).",zevrix
Tickets Awaiting Review,55742,"In Safari Browser, when we click on preview in new tab then it opens a page/post in same tab",,Administration,5.9.3,normal,normal,Awaiting Review,defect (bug),new,,2022-05-16T08:13:16Z,2022-05-27T11:25:12Z,"When we create a page/post and after updating its content we can preview a page/post in new tab then in chrome it always open in new tab but in safari the preview in new tab works only once and from the second time it always open in same tab, for more detail please find the attachment and let me know if there is anything.",kmadhak
Tickets Awaiting Review,55749,Large-site inefficiency in REST users endpoint used by Gutenberg editor,,Users,,normal,normal,Awaiting Review,defect (bug),new,,2022-05-17T14:33:26Z,2023-04-20T12:58:52Z,"(In 6.0-RC2 and 5.9.3) The Gutenberg editor populates its dropdown list of authors by hitting this REST endpoint.
{{{
/wp-json/wp/v2/users?context=view&who=authors&per_page=50&_fields=id,name&_locale=user
}}}
This results in the following SQL statement.
{{{
SELECT SQL_CALC_FOUND_ROWS wp_users.*
FROM wp_users
INNER JOIN wp_usermeta ON ( wp_users.ID = wp_usermeta.user_id )
WHERE 1=1
AND (( wp_usermeta.meta_key = 'wp_user_level'
AND wp_usermeta.meta_value != '0' ))
ORDER BY display_name ASC
LIMIT 0, 50
}}}
There are some serious inefficiencies here.
First, the notorious and deprecated performance killer {{{SQL_CALC_FOUND_ROWS}}} is present in the query. If the results of the query were going to be used for pagination (that is, a UI element like **<< < Page [1] of 250 pages > >>** then {{{SQL_CALC_FOUND_ROWS}}} would serve a purpose. But it doesn't in this usage of REST.
Second, the filter
{{{
(( wp_usermeta.meta_key = 'wp_user_level' AND wp_usermeta.meta_value != '0' ))
}}}
correctly applies an index to get the right meta_keys from usermeta, but then it must scan the meta_values (they are CLOBs so the best we can do is prefix indexes).
Third, {{{ORDER BY display_name LIMIT 50}}} means the DBMS must retrieve all the eligible users, sort them, and then discard all but 50.
Similarly, when displaying the Posts or Pages dashboard panel this query prepopulates the dropdown list to use for authors in Quick Edit.
{{{
SELECT wp_users.ID,wp_users.user_login,wp_users.display_name
FROM wp_users
INNER JOIN wp_usermeta ON ( wp_users.ID = wp_usermeta.user_id )
WHERE 1=1
AND (((
( wp_usermeta.meta_key = 'wp_capabilities'
AND wp_usermeta.meta_value LIKE '%\""edit\\_posts\""%' )
OR ( wp_usermeta.meta_key = 'wp_capabilities'
AND wp_usermeta.meta_value LIKE '%\""administrator\""%' )
OR ( wp_usermeta.meta_key = 'wp_capabilities'
AND wp_usermeta.meta_value LIKE '%\""editor\""%' )
OR ( wp_usermeta.meta_key = 'wp_capabilities'
AND wp_usermeta.meta_value LIKE '%\""author\""%' )
OR ( wp_usermeta.meta_key = 'wp_capabilities'
AND wp_usermeta.meta_value LIKE '%\""contributor\""%' )
)) )
ORDER BY display_name ASC
}}}
As we say in New England USA, this is wicked slow. And each render of the Pages or Posts panel requires it to run.
#38741 provided some improvements to the handling of users on large many-user sites. But there's more to do.",OllieJones
Tickets Awaiting Review,55756,Deletion of broken themes,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2022-05-18T07:27:00Z,2022-05-18T14:55:50Z,"When themes fail during installation, they severally appear on the theme installation page. A user cannot mass delete these broken themes. They will need to be deleted one by one.
If they had check boxes like posts, it would be quicker to delete many orall at once.",martiniwebb
Unpatched Bugs,55768,Checkboxes not displayed when images are turned off in browser,,Administration,5.3,normal,normal,Future Release,defect (bug),new,,2022-05-18T09:24:11Z,2022-05-19T07:59:09Z,"When images are turned off in browser, the checked post categories in the admin post dashboard disappear. ",martiniwebb
Tickets Awaiting Review,55780,Global Styles: Introduce filter for toggling stylesheet cache,,Editor,5.9,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-05-19T15:03:44Z,2022-11-10T01:04:24Z,"Currently, for `wp_get_global_stylesheet()` and `wp_get_global_styles_svg_filters()` we'll cache the merged stylesheet data per theme in a transient for a minute if:
* `WP_DEBUG` is not enabled;
* `SCRIPT_DEBUG` is not enabled;
* This is not a REST API request
* We're not in the admin
However, for huge multisite instances that leverage object caching, this can result in thousands of `wp_cache_set()` operations per minute, which can be quite intensive.
At the same time, retrieving the global stylesheet data and merging it, on a well-optimized server will usually take very little time (up to a few milliseconds).
As a consequence, we end up wanting to disable that caching, because it creates more problems than it solves. However, there is no good trigger for disabling just that cache.
I'd like to propose a filter that allows us to disable the global stylesheet cache. While it will still be enabled by default, disabling it will be easy when needed.",tyxla
Tickets Awaiting Review,55795,Fix the WordPress Status Bar to Make Actions Clearer to the User,,Toolbar,3.1,normal,normal,Awaiting Review,enhancement,new,,2022-05-23T16:32:38Z,2022-05-26T00:20:23Z,"==== What problem does this address?
New users might not understand what the buttons mean on the status bar because they are unclear. The buttons should be labelled properly to make them easier to understand.
==== What is your proposed solution?
[[Image(ticket:55795:169851851-647601cc-56b3-43a5-bbff-ae100ac042d4.png)]]
* Next to the Dashboard icon, the menu should be removed and it should just say Dashboard
* The website name should be moved in front of the dashboard icon not behind it
* To keep consistency, the word ""Comments"" should be placed behind the picture of a speech bubble instead of just the number. This will also make it clearer to the user that clicking will take the user to the Comments section.
''originally reported on [https://github.com/WordPress/gutenberg/issues/41243 GB41243]''",deborah86
Candidates for Closure,55796,SHORTINIT requires rest-api.php via rest_cookie_collect_status() via wp_get_current_user(),,Application Passwords,2.0,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-05-23T21:36:15Z,2022-05-24T06:09:11Z,"Hello friends! 👋
I believe it may be unintended behavior that in order to use the `SHORTINIT` constant with standard cookie authentication, either `wp-includes/rest-api.php` must be included or its related default filters need to be removed.
----
**wp_get_current_user() – jjj1.php**
{{{
true
) );
}}}
Produces:
{{{
Fatal error: Uncaught Error: Call to undefined function wp_get_current_user() in wp-includes/class-wp.php:635
Stack trace:
#0 wp-includes/class-wp.php(768): WP->init()
#1 wp-includes/functions.php(1330): WP->main(Array)
#2 jjj1.php(31): wp(Array)
}}}
IMO, the inside of `WP->init()` has needed a `function_exists()` call around `wp_get_current_user()` since WordPress 2.0.0, and I'm only just now getting around to suggesting such 😅
----
**rest_cookie_collect_status() - jjj2.php**
{{{
true
) );
}}}
Produces:
{{{
Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function ""rest_cookie_collect_status"" not found or invalid function name in wp-includes/class-wp-hook.php:309
Stack trace:
#0 wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array
#1 wp-includes/plugin.php(476): WP_Hook->do_action(Array)
#2 wp-includes/pluggable.php(705): do_action('auth_cookie_mal...', false, '')
#3 wp-includes/class-wp-hook.php(307): wp_validate_auth_cookie(false)
#4 wp-includes/plugin.php(191): WP_Hook->apply_filters(false, Array)
#5 wp-includes/user.php(3583): apply_filters('determine_curre...', false)
#6 wp-includes/pluggable.php(70): _wp_get_current_user()
#7 wp-includes/class-wp.php(635): wp_get_current_user()
#8 wp-includes/class-wp.php(768): WP->init()
#9 wp-includes/functions.php(1330): WP->main(Array)
#10 jjj2.php(65): wp(Array)
}}}
This happens because `wp-includes/default-filters.php` assumes that the REST API will always be loaded, and the default `pluggable.php` versions of the cookie based authentication functions apply filters that the REST API also uses by default, including the Application Password feature.
----
If the REST API were a SHORTINIT auth requirement, my ''guess'' is that it would have been required earlier in `wp-settings.php`.
This is all somewhat of a catch-22 situation, because `default-filters.php` ''is'' loaded for `SHORTINIT` which is far ahead of when both cookie auth and the REST API are both included.
It is possible to work around this by removing the hooks, but obviously that only counts for today's hooks, and not future hooks if something new is introduced. I think a core code change will be required to decide when & how the REST API filters are applied. 😬",johnjamesjacoby
Tickets Awaiting Review,55812,Custom admin columns don't sort string meta_key values when using MariaDB.,,Administration,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-05-25T03:24:45Z,2022-06-14T16:35:45Z,"If your using MariaDB, and you want to sort the WP_Query using meta_key and orderby 'meta_value' sort does not work.
'''To reproduce:'''
1. Create a basic child theme, I made a child theme of Twenty Twenty Two that contained the style.css and functions.php. \\ \\ '''style.css'''
{{{
/*
Theme Name: Twenty Twenty Two Child
Description: Twenty Twenty Two Child Theme
Template: twentytwentytwo
Version: 1.0.0
Text Domain: twentytwentytwochild
*/
}}}
2. Define the hooks to add a custom column. \\ \\'''functions.php'''
{{{#!php
__( 'Test', 'twentytwentytwochild' ),
),
array_slice( $columns, 1 ),
);
}
add_filter( 'manage_pages_columns', 'child_manage_pages_columns' );
function child_pages_custom_columns( $column_key, $post_id ) {
switch ( $column_key ) {
case 'test_custom_field':
$value = get_post_meta( $post_id, 'test_custom_field', true );
echo esc_html( $value );
break;
}
}
add_action( 'manage_pages_custom_column', 'child_pages_custom_columns', 10, 2 );
function child_manage_edit_pages_sortable_columns( $columns ) {
$columns['test_custom_field'] = 'test_custom_field';
return $columns;
}
add_filter( 'manage_edit-page_sortable_columns', 'child_manage_edit_pages_sortable_columns' );
function child_manage_edit_pages_sortable_columns_pre_get_posts( $query ) {
if ( ! is_admin() || ! is_main_query() ) {
return;
}
$orderby = $query->get( 'orderby' );
switch ( $orderby ) {
case 'test_custom_field':
$query->set( 'meta_key', 'test_custom_field' );
$query->set( 'orderby', 'meta_value' );
break;
}
}
add_action( 'pre_get_posts', 'child_manage_edit_pages_sortable_columns_pre_get_posts' );
}}}
3. Log into the WordPress admin panel and add a couple of pages that use custom fields. I made three pages two of those pages had the same custom field value and the third had a new value (Hello World, Hello World, and Other World).
4. Go to the page listing and try to sort with the 'Test' column. The sort may change the first time, but will remain the same each time after that.
I tested this with MariaDB version 10.5.4 on Windows 10 with WAMP. I also tested with MySQL 8.0.24 on Windows 10 with WAMP but did not have the issue.
Through some testing and google searches I realized the issue is that MariaDB's LongText column type is just not sortable. In my test I updated wp_postmeta's meta_value column to Varchar(15000) and that enabled sort to work as expected.",kevincorrigan
Tickets Awaiting Review,55823,The Theme Details Page Options Need to be Streamlined,,Themes,6.0,normal,normal,Awaiting Review,enhancement,new,,2022-05-25T11:41:59Z,2022-05-25T17:59:01Z,"What problem does this address?
It is difficult for new users to spot all the options available to manage a theme on the theme details page.
What is your proposed solution?
See the [https://core.trac.wordpress.org/attachment/ticket/55823/55823-proposal.png attached image].
Put all theme management options in a single location in the UI instead of having them multiple locations. This will help users locate the option they are looking for quicker. The suggested area of placement for the options is the blue area in the image.
Reference:
First proposed in [https://github.com/WordPress/gutenberg/issues/41247 Gutenberg] but suggested to move to Trac for Core consideration.",deborah86
Tickets Awaiting Review,55827,Can't drag and drop block into empty column in list view,,Editor,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-05-25T13:35:05Z,2022-06-02T14:33:26Z,"When editing a page and using the List View to see the blocks, you can't drag and drop a block into an empty column. Only if there is already a block in a column can you drag and drop any other block into it in List View. You can, however, drag and drop a block into an empty column on the page itself. ",bhammondCVL
Candidates for Closure,55841,wp_get_nav_menu_items doesn't work properly,,Menus,6.0,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-05-26T09:45:23Z,2022-05-27T21:47:56Z,"Function ""wp_get_nav_menu_items"" doesn't work correctly, when you try to retrieve a list of terms for a specific menu using slug returns all pages available.
",andreamarrano
Tickets Awaiting Review,55844,color picker has scroll in styles menu,,Editor,6.0,normal,minor,Awaiting Review,defect (bug),new,,2022-05-26T12:29:42Z,2022-05-28T00:32:18Z,in the color picker inside the styles menu moving your color picker circle to the right makes the color picker have a scrollbar in the bottom.,tomkolron
Candidates for Closure,55853,Use of unsanitized data in wp_ajax_dashboard_widgets(),,Widgets,,normal,major,Awaiting Review,enhancement,new,close,2022-05-27T05:39:19Z,2022-05-27T17:37:18Z,"In the ""wp-admin/includes/ajax-actions.php,"" there are much data that is unsanitized. Below is one example of it. I think it is good to sanitize all the fields properly to avoid unwanted scenarios.
{{{
$pagenow = $_GET['pagenow'];
if ( 'dashboard-user' === $pagenow || 'dashboard-network' === $pagenow || 'dashboard' === $pagenow ) {
set_current_screen( $pagenow );
}
switch ( $_GET['widget'] ) {
case 'dashboard_primary':
wp_dashboard_primary();
break;
}
}}}
Here the $_GET fields are used without any sanitization.
",hilayt24
Tickets Awaiting Review,55854,Save term creation time by default,,Taxonomy,6.0,normal,minor,Awaiting Review,feature request,new,,2022-05-27T07:50:37Z,2022-05-27T07:50:37Z,"I would like to see WP save all term creation - and last modified - datetimes by default as term meta.
Easy use case example to see advantage: Ordering Category terms by creation date straight-off instead of making a query for posts and deciding the order that way. Term ID's do not always convey the correct order - especially if data migration/s have been made.
Would also enable a surefire way to publish term creation dates in a term listing instead of having to pull info from posts within said terms.
Would not interfere with existing architecture too much - ""too much"" because the meta key could be something like ""term_date"" or ""term_created_date"" and ""term_modified_date"" - someone might have used the same keys when creating custom meta.
The addition would not increase DB size or complexity by much.",JPontinen
Candidates for Closure,55870,WP App Passwords Should be URL Decoded,,Application Passwords,5.6,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-05-29T04:05:15Z,2022-05-30T04:52:34Z,"Using OAuth 2 based. authentication IETF recommends for [https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 client id/secrets] URL [https://datatracker.ietf.org/doc/html/rfc6749#appendix-B encoded] forms.
Which means, by using some node OpenID clients, we always get `Authorization: Basic urlSafeEncodedBase64String('user:pass')`.
This fails to authenticate as [https://github.com/WordPress/wordpress-develop/blob/0a6c37ceb0a86bebf0b287ac12d200e67bbf948f/src/wp-includes/user.php#L474 WordPress doesn't decode] the `user` and `pass` which could also be clientId and clientSecret in OAuth2.
This could be solved by using `urldecode( string $str )`.
BEFORE
{{{#!php
true` for the default WP_Query when feeds are triggered?
So far, I've managed to fix it with
{{{#!php
is_feed && $query->is_main_query() )
{
$query->set('no_found_rows', true);
}
}
add_action( 'pre_get_posts', 'feed_filter' );
}}}
but curious if there might be other implications to this?",ovidiul
Tickets Awaiting Review,55911,Slow query because Admin Bar loads all options on all user's sites,,Toolbar,3.1,normal,normal,Awaiting Review,enhancement,reopened,,2022-06-03T17:22:21Z,2022-06-30T18:06:13Z,"==== Problem
The Admin Bar displays a list of sites that the user has a role on. To get that data, it calls `get_blogs_of_user()` when it initializes.
That's not a big deal on a single site, because everything is already cached in memory. On Multisite, though, it can result in looping through all of the sites that a user has a role on, and calling `switch_to_blog()`. That calls `wp_load_alloptions()` on each site, which can be a slow database request.
The issue gets worse the more sites the user has a role on, and the more data stored in the `wp_options` table of those sites.
It looks like this dates back to the Admin Bar's creation in r15671.
{{{
Call Stack
# Time Memory Function Location
1 0.0001 362896 {main}( ) .../index.php:0
2 0.0001 363232 require( '/wp-blog-header.php ) .../index.php:17
3 1.8896 17408184 require_once( '/wp-includes/template-loader.php ) .../wp-blog-header.php:19
4 1.8896 17408184 do_action( $hook_name = 'template_redirect' ) .../template-loader.php:13
5 1.8896 17408560 WP_Hook->do_action( $args = [0 => ''] ) .../plugin.php:476
6 1.8896 17408560 WP_Hook->apply_filters( $value = '', $args = [0 => ''] ) .../class-wp-hook.php:331
7 1.8896 17409720 _wp_admin_bar_init( '' ) .../class-wp-hook.php:307
8 1.8897 17409864 WP_Admin_Bar->initialize( ) .../admin-bar.php:49
9 1.8897 17409904 get_blogs_of_user( $user_id = 33690, $all = ??? ) .../class-wp-admin-bar.php:47
10 2.3312 15098272 WP_Site->__get( $key = 'blogname' ) .../user.php:994
11 2.3312 15098272 WP_Site->get_details( ) .../class-wp-site.php:237
12 2.3312 15098272 switch_to_blog( $new_blog_id = '206', $deprecated = ??? ) .../class-wp-site.php:323
13 2.3313 15098216 do_action( $hook_name = 'switch_blog', ...$arg = variadic('206', 1366, 'switch') ) .../ms-blogs.php:563
14 2.3313 15098592 WP_Hook->do_action( $args = [0 => '206', 1 => 1366, 2 => 'switch'] ) .../plugin.php:476
15 2.3313 15098592 WP_Hook->apply_filters( $value = '', $args = [0 => '206', 1 => 1366, 2 => 'switch'] ) .../class-wp-hook.php:331
16 2.3313 15098968 wp_switch_roles_and_user( $new_site_id = '206', $old_site_id = 1366 ) .../class-wp-hook.php:309
17 2.3313 15098968 WP_Roles->for_site( $site_id = '206' ) .../ms-blogs.php:659
18 2.3313 15098968 WP_Roles->get_roles_data( ) .../class-wp-roles.php:328
19 2.3314 15098968 get_option( $option = 'wc_206_user_roles', $default = [] ) .../class-wp-roles.php:370
20 2.3314 15098968 wp_load_alloptions( $force_cache = ??? ) .../option.php:167
}}}
==== Potential Solution
At first glance, it seems like `wp_admin_bar_my_sites_menu()` is the only caller (in Core), and that it only needs a few pieces of data (site name, url, etc). Those could maybe be cached in a transient rather than doing a `switch_to_blog()` loop on every request.
There's also some duplicated functionality between `WP_Admin_Bar` and `wp_admin_bar_my_sites_menu()`, where the latter does a 2nd `switch_to_blog()` loop over those same sites. That would need to be cached too to avoid the same problem.
It may be better to refactor them so that the class isn't doing anything on init, and instead waits for a caller to request the data, and then it provides all the data the caller needs, to avoid the caller having to do its own loop.",iandunn
Tickets Awaiting Review,55913,Custom Fields table can have extra-wide checkboxes and radio buttons,,Editor,6.0,normal,normal,Awaiting Review,enhancement,new,,2022-06-03T20:11:08Z,2022-06-04T00:33:37Z,"In [https://wordpress.org/support/article/custom-fields/ Custom Fields] feature, there is an unforeseeable problem in a specific CSS rule defined for ''div#postcustomstuff''.
More specifically there is this defined in wp-admin/css/edit.css:
{{{
#postcustomstuff table input, #postcustomstuff table select, #postcustomstuff table textarea {
width: 96%;
margin: 8px;
}
}}}
While this works well in the situation the rule was written for, it hides a problem when attempted to reuse the code for other cases, where a checkbox or checkbox or radio button is used, as it stretches them out.
[[Image(https://i.ibb.co/hmX30Nx/Screenshot-2022-06-03-230840.jpg)]]
You might want to consider excluding those two from the CSS rule...
{{{
#postcustomstuff table input:not([type=checkbox]):not([type=radio]),
}}}
",princeofabyss
Tickets Awaiting Review,55934,"Twenty Twenty: ""Add citation"" text font-weight issue in Quote block",,Bundled Theme,5.3,normal,normal,Awaiting Review,defect (bug),reopened,,2022-06-06T10:51:25Z,2022-06-09T07:13:13Z,"In Twenty Twenty Theme, when we add a text on ""Add citation"" in Quote block and make the text as italic then in editor side it is visible as italic without font-weight. But when we see the same formatted text at front side, then it is with italic and having font-weight as bolder which is different from editor side.
Steps to replicate:
1: Activate the Twenty Twenty Theme
2: Add Quote block
3: Add text in ""Add citation"" section
4: Select the added text and make them as italic
5: Save Page/Post
6: View the page/post at front side
For better understanding I provide video attachment.
Thank You.",kmadhak
Tickets Awaiting Review,55945,UI Isssue on header list view,,Editor,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-06-08T05:15:28Z,2022-06-10T09:43:43Z,"Hi,
I am not able to see or scroll for see remove row on editor. more information you can see SS.",sumitsingh
Tickets Awaiting Review,55951,Page List and Latest Posts Text Colors Do Not Automatically Adjust to Background Color in 6.0,,Editor,6.0,normal,major,Awaiting Review,feature request,new,,2022-06-08T15:51:00Z,2022-06-24T18:48:45Z,"I am using the Twenty Twenty-Two theme in WordPress 6.0. I created a cover block with a black background, added a column block, then added the ""Page List"" block and ""Latest Posts"" block to the columns. The bullet points automatically changed to white, whereas all the links remained black - and thus could not be read/seen since they were the same color as the background. I am assuming this is because the ""links"" color in my ""Styles"" are black, but there is no option to adjust the link styling in the case where the background color is darker (i.e. a link color alternative). If I change the link color, it will affect all the links across my site - not just the links on a dark background.
A much-needed feature is either the ability to edit link colors from the Block Settings Sidebar, or to have a link color alternative for darker backgrounds available to set in the ""Styles"" section.
I'll add that I'm aware that such customizations can be made using CSS, but I think these features should be built-in to WordPress and should not require custom coding.
Thanks,
Mike - a humble WordPress user/teacher. ",daviesmediadesign
Tickets Awaiting Review,55958,Checking if _admin_notice_post_locked should be called can slow down the post editing,,Editor,4.9,normal,normal,Awaiting Review,enhancement,new,,2022-06-10T10:18:56Z,2022-06-13T07:51:10Z,"On `wp-admin/edit-form-advanced.php:28`, WordPress checks if multiple users exist to call _admin_notice_post_locked.
In some cases, plugins add additional filters to all `get_users` calls to ensure that a user role doesn't have access to private data.
If these checks use meta value comparisons, it can slow post-editing on sites with large `user_meta` tables.
The root cause of this issue is how WordPress stores and validates user capabilities, but the `_admin_notice_post_locked` check could be optimized without fixing the root cause.
Some suggestions on how to fix this would be:
- caching the `$check_users` value
- using a boolean option that is true if a site has multiple users
- adding a filter that allows manually setting `$check_users` to skip this check
",berislav.grgicak
Tickets Needing Feedback,55960,External links in WordPress toolbar,,Toolbar,,normal,normal,Future Release,enhancement,reopened,has-patch,2022-06-10T14:41:43Z,2023-06-22T23:12:01Z,"UI suggestion for WordPress backend.
When use clicks on any of this link page should open in new tab. Currently it opens in same tab and I navigate off my website.
https://prnt.sc/eW2Ry6ZzUrc4",itpathsolutions
Tickets Awaiting Review,55961,Add embed to WP_REST_Request class,,REST API,4.7,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-06-10T16:06:13Z,2023-07-20T10:01:22Z,"Add embed param to `WP_REST_Request` class, to add extra context to the request and allow for improved nested embeds. ",spacedmonkey
Tickets Needing Feedback,55962,Upgrade `sanitize_hex_color()` to CSS Color Level 4,pbearne,Formatting,,normal,normal,Future Release,enhancement,assigned,dev-feedback,2022-06-11T04:57:08Z,2024-01-17T00:09:09Z,"I’ve noticed that the `sanitize_hex_color()` function unsupports the CSS Color Level 4 with the alpha channel and can therefore not be used. As users are given the ability to provide settings by configuration filters in a mini-plugin or in their theme’s `functions.php`, they may wish to configure opacity alongside.
The fix is to extend the validation condition of `sanitize_hex_color()` from:
`if ( preg_match( '|^#([A-Fa-f0-9]{3}){1,2}$|', $color ) )`
to
`if ( preg_match( '|^#([A-Fa-f0-9]{3,4}){1,2}$|', $color ) )`",anrghg
Tickets Awaiting Review,55969,The function set_transient should have the autoload argument,,"Options, Meta APIs",6.0,normal,normal,Awaiting Review,enhancement,new,,2022-06-12T14:28:53Z,2023-11-26T23:10:03Z,"The function set_transient should have an argument to decide if a specific transient should be autoloaded or not so.
At the moment every transient that is set with the function set_transient is autoloaded.
Not all the transients have the need to be autoloaded. For example, many times transients that are used only in the backend don't need the autoload, but they slow down the frontend in some cases.",giuse
Tickets with Patches,55974,Bundled theme: Add support for border options,,Bundled Theme,6.0,normal,normal,Future Release,defect (bug),new,has-patch,2022-06-14T11:42:12Z,2024-03-02T08:22:01Z,"In Twenty Twenty Theme, when we add Pullquote block in editor side and add any border style after that choose border color, We can see that border color is seen in editor side. But when we see the same Pullquote block at front side, border color is not reflected.
Steps to replicate:
1: Activate the Twenty Twenty Theme
2: Add Pullquote block
3: Add border style
4: choose border color
5: Save Page/Post
6: View the page/post at front side
For better understanding I provide video attachment link.
Video URL : https://share.cleanshot.com/bqZzSHG6AGVy2hslSIqc
Thanks",kajalgohel
Tickets Awaiting Review,55975,Twenty Twenty: Pullquote Block font-size issue,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-06-14T11:47:38Z,2024-01-24T16:57:53Z,"When we choose a Pullquote block in editor side and change the font-size of ""Add Quote"" and ""Add Citation"" text then it is not reflected.
Steps to replicate:
1: Activate the Twenty Twenty Theme
2: Add Pullquote block
3: Add ""Add Quote"" text and ""Add Citation"" text
4: Choose Typography Size Option
for more information I provided a video
Video: https://share.cleanshot.com/YFEvesCAX75U534X1xXR
Thank you.",kmadhak
Candidates for Closure,55994,Twenty Seventeen: Header image zooms in when scrolling down on Mobile Safari,,Bundled Theme,,normal,trivial,Awaiting Review,defect (bug),new,close,2022-06-16T14:44:08Z,2024-03-28T08:57:15Z,"Steps to replicate
- Open TwentySeventeen demo site in Mobile Safari (https://twentyseventeendemo.wordpress.com).
- Watch the header image as you scroll down the page.
(Note that this only seems to happen in Mobile Safari, and doesn't appear in Chrome/Safari on the desktop even with a small window)
The header image zooms in slightly when scrolling down, providing a jarring experience for the viewer. The header image should not change size when scrolling.
Originally reported here: https://github.com/Automattic/themes/issues/678",mrfoxtalbot
Unpatched Bugs,55996,the get_the_block_template_html call all the same functions as the the_conent filter so they are run twice,flixos90,Formatting,,normal,normal,Future Release,defect (bug),assigned,dev-feedback,2022-06-16T22:23:50Z,2024-03-13T15:42:08Z,"In get_the_block_template_html we have this code
{{{#!php
run_shortcode( $_wp_current_template_content );
$content = $wp_embed->autoembed( $content );
$content = do_blocks( $content );
$content = wptexturize( $content );
$content = convert_smilies( $content );
$content = shortcode_unautop( $content );
$content = wp_filter_content_tags( $content );
$content = do_shortcode( $content );
$content = str_replace( ']]>', ']]>', $content );
}}}
These are direct calls to the same functions as used by the filter the_content
{{{#!php
Stops more data being added to the cache, but still allows cache retrieval.
As ""set"" also ""adds"" (or at least modifies if already exists therefore adds/subtracts) data in cache.",malthert
Tickets Awaiting Review,56001,Twenty Twenty Two: Pullquote Block: No Lowercase for Add Citation Text,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-06-17T12:18:17Z,2022-06-20T16:30:15Z,"In Twenty Twenty Two theme when we add the pullquote block, the citation text will be in uppercase even if the caps lock is off.
Steps to replicate:
1. Activate Twenty Twenty Two theme
2. Insert Pullquote Block
3. Enter citation text
For more information, the screen recording link is attached below.
https://www.loom.com/share/1f8b07daca9f46188f9a257d381e821d",nithins53
Tickets Awaiting Review,56011,Twenty Twenty: styles issue in Quote block,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-06-20T06:59:32Z,2023-03-03T11:20:20Z,"In Twenty Twenty Theme, when we add Quote block in editor side, the styles option named Plain is not reflected in front-side and editor-side. Actually the Default Styles and Plain Styles are looking same in both the side.
Steps to replicate:
1: Activate the Twenty Twenty Theme
2: Add Quote block
3: Choose Plain styles option
4: See block at editor side(block is looking same, nothing change)
5: Save Page/Post
6: View the page/post at front side
For better understanding I provide video attachment URL.
Video URL: https://share.cleanshot.com/iIXb2WcfmC4un0eapOgG
Thanks",kajalgohel
Tickets Awaiting Review,56012,Twenty Twenty-Two: Image block alignment issue,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-06-20T09:25:01Z,2022-07-01T14:42:47Z,"In Twenty TwentyTwo Theme, When we add the left and right alignment of the image block, it does not work correctly.
[https://streamable.com/vpmj53]",devtanbir
Tickets Awaiting Review,56024,Removing a caption's contents removes the image alignment,,General,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-06-21T04:49:33Z,2022-07-12T16:55:00Z,"To reproduce this bug: first, insert an aligned image with a caption in either the classic WYSIWYG or a classic WYSIWYG block. Next, hit backspace to delete the caption within the editor. The image appears to remain properly aligned in the editor, but once you save/publish, the alignment is lost.",eagleharborsolutions
Slated for Next Release,56034,PHP 8.2: proposal for handling unknown dynamic properties deprecations,hellofromTonya*,General,,normal,normal,6.6,task (blessed),accepted,,2022-06-22T04:19:45Z,2024-02-26T10:21:38Z,"Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0, though this last part is not 100% certain yet.
RFC: https://wiki.php.net/rfc/deprecate_dynamic_properties
**This ticket is only intended for situations 3 and 4 (see below) where fixing a typo or explicitly declaring the property is not possible.**
== The problem
=== What is a dynamic property ?
{{{#!php
id = $id;
// This is a dynamically created property as the property
// is not declared on the class.
$this->field_name = $field_name;
}
}
}}}
Dynamic properties can both be created from inside a class, like in the above example, as well as from outside the class (see the below example), which makes these issues very tricky to find via static analysis.
{{{#!php
type = 'something';
}}}
=== When is something not a dynamic property ?
1. When the property is explicitly declared on the class.
2. When the property is explicitly declared on the (grand)parent class.
=== When are dynamic properties not problematic ?
1. When the class, or one of its parents, has a magic `__set()` method which assigns the property to a declared property.
{{{#!php
field_name = $field_name; // Not problematic.
}
public function __set( $name, $value ) {
$this->fields[ $name ] = $value;
}
}
}}}
2. When the class, or its parent, extends the PHP native `stdClass`, which has highly optimized versions of the `__set()` magic method available.
== Mitigation
The solution needed depends on the specific situation and each instance where a deprecation is thrown needs to be individually evaluated.
We can basically categorize dynamic properties into four base situations:
|| ||= Situation =||= Solution =||
|| 1. || Typo in property name || Fix the typo, either in the property as declared or where the property assignment happens ||
|| 2. || Known, named, dynamic property || Declare the property on the (parent) class ||
|| 3. || Known use of unknown dynamic properties || Declare the full set of magic methods on a class (preferred) or let the class extend `stdClass` (discouraged) ||
|| 4. || Unknown use of unknown dynamic properties || Use the `#[AllowDynamicProperties]` attribute on the (parent) class and/or declare the full set of magic methods on a class and/or let the class extend `stdClass` ||
Note: the `#[AllowDynamicProperties]` attribute is expected to be a temporary solution and it is expected that support for the attribute will be removed at some point in the future.
== The larger problem
=== Intended future roadmap for PHP
The deprecation of dynamic properties in PHP is only step 1 in a larger plan to remove support for dynamic properties completely.
No impact analysis was done for the RFC, as even PHP Core realized that identifying all uses of dynamic properties via static analysis is neigh impossible.
With that in mind, the `#[AllowDynamicProperties]` attribute was introduced to allow for doing an actual impact analysis for the next step of the plan, i.e. removing support for dynamic properties altogether.
**Note**: ''when support for dynamic properties would be removed altogether, correctly set up magic `__set()` methods will still continue to work, including those in the `stdClass`.''
At this time it is unclear when the removal of support for dynamic properties will land, but it is ''expected'' to be either in PHP 9.0 or 10.0.
Once it lands, the attribute is expected to no longer be respected.
=== WordPress infrastructure
Due to the extendable nature of WordPress and its large plugin and theme infrastructure, the problem facing WordPress is exponential as every single class in WordPress ''may'' be used and/or extended from within plugins and themes and these plugins/themes ''may'' be setting dynamic properties on the WordPress Core classes.
Now, while WP Core at least has tests for a small part of its codebase and runs those diligently, which allows for finding (a subset of the) dynamic properties via the deprecation notices, the majority of plugins/themes do not have any tests.
As noted previously, finding dynamic properties via static analysis is hard, so these plugin/themes would have to largely rely on error logging/user reporting of the PHP 8.2 deprecation notices to fix things and that is still providing the plugin/theme is actively maintained, while a large number of plugins/themes are not.
Also note that the PHP 8.x uptake under WordPress users is low (due to WP Core not being fully compatible) and the number of users logging errors is also low, so user reporting is not a reliable method to allow plugins/themes to get ready for this change.
Altogether, this means that end-users run a significant risk of their sites going down once PHP removes support for dynamic properties and the user upgrades to that PHP version, with little advance notice.
== Proposal
Taking all of the above into account, I would like to propose the following:
1. Introduce two traits into WP Core: `trait DeprecateDynamicProperties` and `trait ForbidDynamicProperties`.
* The `DeprecateDynamicProperties` trait would contain a full set of the magic methods (`__isset()`, `__get()`, `__set()`, `__unset()` and will throw a deprecation notice whenever any of those methods are called. Properties will still be set via the magic methods. This trait is intended to be a temporary stop-gap solution and will not fall under the WordPress BC promise. When PHP removes support for dynamic properties, this trait should be removed from WordPress as well.
* The `ForbidDynamicProperties` trait would contain a full set of the magic methods (`__isset()`, `__get()`, `__set()`, `__unset()` and will throw a fatal error whenever the `__set()` method is called. Properties will **not** be set via the magic methods, `__isset()` will always return `false`, `__get()` will always result in an undefined property warning.
2. Evaluate every single class in WP Core `src` directory:
* If the class - or one of its parents - already has a full set of properly implemented magic methods in place, no action is needed.
* If the class - or one of its parents - already extends `stdClass`, no action is needed.
* If the class really **''should''** support dynamic properties, the magic methods should be implemented on the class itself (or its parent).
* For every single class which does not fall into the above categories, the `DeprecateDynamicProperties` trait should be added, as well as the `#[AllowDynamicProperties]` attribute (to allow the class to be recognized for the PHP Core scan for the next RFC).
3. Every new class introduced to WP Core ''after'' the initial change from step 2, would be **required** to either have a full set of the magic methods or to add the `ForbidDynamicProperties` trait. New classes should not be allowed to have the attribute.
If the above proposal is accepted, it would effectively ''backport'' the PHP 8.2 deprecation all the way back to PHP 5.6, making it far more likely that users discover any dynamic property related issues in their site.
This will give end-users plenty of time to either contact the plugin/theme owner to mitigate the issue and/or to switch to other plugins/themes if the plugin/theme is no longer actively maintained.
It will also give plugin and theme authors plenty of time to notify WP Core of Core classes which use the `DeprecateDynamicProperties` trait, but should, in all reality, fully support dynamic properties.
For those cases, after evaluating the merit of the specific use-case and finding it valid, the full set of magic methods could then be added to the WP Core class and the use of the trait and the attribute removed.
Altogether, this should greatly diminish the dramatic impact of PHP removing support for dynamic properties altogether in a future release.
=== Practical
I'm perfectly happy to prepare the patch for this together with some people. However, as the proposed patch comes down to a huge amount of work, I want to see some second opinions supporting this proposal first before starting the work on this.
----
Related: #56009
Trac ticket #56033 is open for addressing dynamic properties in category 1 and 2.",jrf
Tickets Awaiting Review,56038,Twenty Twenty-One: Aligned images cannot be resized or are properly displayed,,Bundled Theme,,normal,normal,Awaiting Review,defect (bug),new,,2022-06-22T11:13:38Z,2022-10-12T19:33:16Z,"1. Add two blocks: One paragraph and one image.
2. Place the image on top and align it to one side.
3. Try to scale the image up to use 75% or more of the available width.
This seems to possible in the editor but when visiting the public site, the image will never use up more than 50% of the available space.
There is as similar issue affecting Twenty Twenty: https://core.trac.wordpress.org/ticket/55581#ticket",mrfoxtalbot
Tickets Awaiting Review,56039,Classic Editor: Current selection is not preserved when switching Visual to Text editor,,Editor,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-06-22T11:58:49Z,2023-04-19T13:25:23Z,"Plugin: Classic Editor
== Problem
In some cases (when formatting HTML attributes is disabled), the current selection when switching Visual to Text editor is not preserved. The selected text gets unselected and the editor does not jump to the previous selection position.
This is because the regular expression is not appropriate.
**Line 774 in `wp-admin/editor.js`**
The regular expression to find the selection position is:
{{{#!js
var startRegex = new RegExp(
']*\\s*class=""mce_SELRES_start""[^>]+>\\s*' + selectionID + '[^<]*<\\/span>(\\s*)'
);
}}}
This works well with:
{{{#!xml
}}}
However, it does not work **when ""class"" is the last attribute**:
{{{#!xml
}}}
----
== Solution
Changing `+`(1 or more) to `*`(0 or more) in the regular expression makes it work.
`wp-admin/editor.js`
**Line 775**
{{{#!js
']*\\s*class=""mce_SELRES_start""[^>]+>\\s*' + selectionID + '[^<]*<\\/span>(\\s*)'
}}}
↓
{{{#!js
']*\\s*class=""mce_SELRES_start""[^>]*>\\s*' + selectionID + '[^<]*<\\/span>(\\s*)'
}}}
**Line 779**
{{{#!js
'(\\s*)]*\\s*class=""mce_SELRES_end""[^>]+>\\s*' + selectionID + '[^<]*<\\/span>'
}}}
↓
{{{#!js
'(\\s*)]*\\s*class=""mce_SELRES_end""[^>]*>\\s*' + selectionID + '[^<]*<\\/span>'
}}}",shge
Tickets Awaiting Review,56054,Need to add some gap between input and range slider in Avatar block,,Editor,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-06-23T12:28:02Z,2022-06-24T07:44:53Z,"While selecting avatar block if we change the border-radius from range slider at the 0th point the range slider pointer is touches to input box.So we need to add some gap between them.
",multidots1896
Tickets Awaiting Review,56056,Specify a Custom Array of $sizes for `wp_get_attachment_image` to Reduce HTML Bloat,,Post Thumbnails,,normal,normal,Awaiting Review,enhancement,new,,2022-06-23T15:44:50Z,2022-10-12T18:04:54Z,"Plugins and the theme can specify multiple thumbnail sizes. Using `wp_get_attachment_image` provides a modern solution to responsive image sizes, however, it does not currently account for reducing the bloat to all the registered thumbnail sizes that are added by plugins / theme.
Therefore a proposal is to allow a custom list of thumbnails to use, this can, for example, be specified as:
{{{#!php
ID, $types )}}} is always false (assuming the user has posts), so regardless of what i do in the {{{user_has_cap}}}, i cannot deny access.
https://github.com/WordPress/wordpress-develop/blob/6.0/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php#L445
Perhaps i'm approaching this the wrong way, maybe there is another way to achieve what i want?
",marijnboekel
Tickets Awaiting Review,56172,Strict comparisons not used.,,General,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-07-08T05:04:18Z,2023-10-26T00:02:19Z,"On going through the core files, I observed that in many places strict comparison is not used. After that, I ran the code through the WPCS and also got the warnings for the same. Though it does not affect the flow of the site, it should be used.
Few exampals are:
1 options-general.php
{{{
215 | WARNING | Found: ==. Use strict comparisons (=== or !==).
393 | WARNING | Found: ==. Use strict comparisons (=== or !==).
}}}
2 sites.php
{{{
105 | WARNING | Found: ==. Use strict comparisons (=== or !==).
145 | WARNING | Found: !=. Use strict comparisons (=== or !==).
145 | WARNING | Found: !=. Use strict comparisons (=== or !==).
157 | WARNING | Found: ==. Use strict comparisons (=== or !==).
185 | WARNING | Found: !=. Use strict comparisons (=== or !==).
185 | WARNING | Found: !=. Use strict comparisons (=== or !==).
}}}
",hilayt24
Candidates for Closure,56183,Icon not appearing,,Media,6.0,normal,minor,Awaiting Review,defect (bug),new,reporter-feedback,2022-07-08T20:59:30Z,2023-10-25T04:58:36Z,"The icon set in the customizer does not create an icon, or even a tag.",cjcodingyu8am1
Tickets Awaiting Review,56193,Twenty Twenty: font size issue in Post Title block,,Bundled Theme,5.9,normal,normal,Awaiting Review,defect (bug),new,,2022-07-11T10:36:25Z,2022-07-12T16:12:42Z,"In Twenty Twenty Theme, when we add Post Title block in editor side and change the heading level, we can see that the font size of heading level is not reflected in editor side. It is only reflected in front side.
Steps to replicate:
1: Activate the Twenty Twenty Theme
2: Add Post Title block
3: Choose heading level
4: View the page/post at editor side
5: Save page/post
6: View the page/post at front side
For better understanding I provide video attachment link.
Video link: https://share.cleanshot.com/yx5iwnPKbNDnqcSeCTex
Thanks",kajalgohel
Candidates for Closure,56195,Padding issue in Post Title Block,,Editor,6.0,normal,normal,Awaiting Review,defect (bug),new,close,2022-07-11T12:36:51Z,2022-07-12T00:27:44Z,"Hello Team,
In Twenty Twenty Two Theme, when we add Post Title block in editor side and after that applied background color for that, we can see there is some padding but in Frontend side the padding is not reflected.
For more information, please find video below:
Video URL: https://share.cleanshot.com/28JCrp2bbSPC7aT2i2d5
Thank you.",varshil151189
Tickets Awaiting Review,56204,Twenty Thirteen: Table font size not reflected in editor and Front,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-07-12T12:58:30Z,2024-03-24T09:21:45Z,"Theme: Twenty Thirteen Table font size not reflected in editor and Front
Steps to replicate:
1: Activate the Twenty Thirteen Theme
2: add Table block
3: Select Size
Attaching a video link for better understanding.
https://www.loom.com/share/b2801ca097754378833c061a051c9597",umesh84
Candidates for Closure,56205,Twenty Twenty: background color of column can affect the inner content color,,Bundled Theme,6.0,low,normal,Awaiting Review,enhancement,new,dev-feedback,2022-07-12T13:52:54Z,2024-03-23T20:29:21Z,"Steps to reproduce :-
1. Activate Twenty Twenty theme.
2. Choose Columns block.
3. Give background-colour Accent colour from the options.
4. In inner column give a white background.
all the text under that column block is not visible because it is by default taking white colour.
For better understanding please refer to this video.
Video URL:- [https://share.cleanshot.com/vskbRyILtP0XkAq8aid4]",nidhidhandhukiya
Tickets Awaiting Review,56207,Multisite: record when a user is added to a site,,Users,,normal,normal,Awaiting Review,enhancement,new,,2022-07-12T17:42:10Z,2022-07-13T22:48:56Z,"This is a relatively small feature/enhancement request to record when a specific multisite user gets added to a site. Right now, we can detect whether a user is a member of a site, but the `user_registered` field on their user reflects their original user registration date, which doesn't reflect when they were added to any specific site, and may not be information that should be shared with site-level users.",daledupreez
Tickets Awaiting Review,56218,wp-block-columns no margins or padding in WordPress 6,,Editor,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-07-14T11:23:25Z,2022-08-04T15:26:17Z,"This issue has been recreated in 4 different themes, Twenty Twenty-Two, Astra, & 2 Genesis themes. Also, with all plugins disabled, and all caches cleared.
I've been using the `div class=""wp-block-columns""` markup via the code editor on over 300 articles on my WordPress site. I originally copied all of the markup directly from the WordPress block editor, so it was totally valid markup.
Everything worked fine through several WordPress updates, until WordPress 6. Now, when using WordPress 6, this markup no longer styles the block columns, and all columns merge into one block and lose their margins and padding.
If I look at the current WordPress 6 block editor columns markup, it has changed, and now has the markup enclosed in several “remarks” – e.g.
{{{
}}}
So this shows that WordPress 6 has changed how it deals with `wp-block-columns` markup, but has not ensured backward compatibility with the previous markup. This essentially breaks my website, so I am unable to update to WordPress 6.
",XyZed
Unpatched Bugs,56220,Twenty Nineteen: Centered H2 headings on full-width Cover blocks are not correctly centered,,Bundled Theme,,normal,normal,Future Release,defect (bug),new,,2022-07-14T15:40:20Z,2022-08-10T21:17:31Z,"When H2 headings are added to a full-width Cover block and centered in the block editor, they do not appear visually centered on screen.
This does not affect other heading sizes, only H2.
== Steps to reproduce
- Add a Cover block to a page and set the block to Full width
- Add an H2 Heading block on top of the Cover block
- Set the H2 Heading to center alignment
- Add other elements like an H1 heading or paragraph and center those as well
- View published page
== What you expected to happen
All centered elements should be centered horizontally.
== What actually happened
Only the H2 headings are not correctly centered; they are displayed too far to the left.
Other elements are correctly centered.
== Workaround
This custom CSS may be used as a workaround:
{{{
@media only screen and (min-width: 1168px) {
.entry .entry-content .wp-block-cover.alignfull h2 {
max-width: unset;
}
}
}}}
== Specs
Replicated with Twenty Nineteen 2.3
WordPress 6.0.1
Gutenberg 13.6.0 active or inactive
No other plugins active
Firefox 102.0.1 / Chrome 103.0.5060.114 / Safari 15.3
MacOS 12.2.1
Browser size: ~~1008 x 499~~ 1512 × 748",zoonini
Tickets Needing Feedback,56221,Add download URL to plugins REST create (install) endpoint,TimothyBlynJacobs*,Plugins,5.5,normal,normal,Future Release,enhancement,accepted,dev-feedback,2022-07-14T21:51:39Z,2023-06-27T07:04:57Z,"The `wp-json/wp/v2/plugins` endpoint allows installing plugins by POSTING the `slug` parameter. It then queries the .org plugin repo for the download link and proceeds to download and install that zip file using `Plugin_Upgrader`.
I would like to be able to specify the download URL so I can install plugins from outside the .org plugin repo.
My plan is to install plugins to my site when a I create a new release on GitHub, i.e. use GitHub Actions to POST the new download URL to my site, then serve the plugin to other sites using SatisPress.
I tried unsuccessfully to find past related tickets that maybe discussed if omitting this functionality was intentional.
It looks like a relatively easy change. I'll make PR for it soon.
https://github.com/WordPress/WordPress/blob/4c265b66297074f09d66c17d9f14d11a5fffdb00/wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php#L289-L313",brianhenryie
Tickets Awaiting Review,56241,The post category count according post data not showing on admin side.,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-07-18T12:04:35Z,2022-07-18T20:49:12Z,"we are created category as parent and child relationship. This category shows on the category listing with count number. The clicking on the count show all post which are assigned category and redirect to post listing page. But the no of count shows for parent category with child category. I mean to say not show only parent category count.
Screenshots: [https://www.awesomescreenshot.com/image/30272055?key=d91d4077475e475448b781faf504be14 Categories screen] and [https://www.awesomescreenshot.com/image/30272057?key=b44d8d751e7f1ced24ae065b364a8c5a Posts listing]",rima1889
Tickets Awaiting Review,56245,Allow Theme Templates to have Statuses,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2022-07-19T00:23:10Z,2022-07-19T00:23:10Z,"Similar to how the Customizer allows you to save changes as drafts or to schedule them to go live at a later date, I believe that FSE theme templates could benefit from this.
One immediate use case that I've run into comes to mind: I want to use the default page template for my homepage, without having to manually go into a theme downloaded from the repository and making changes. All suggestions that I've had so far have been to edit the Front Page template, or remove it from the theme entirely.
While those are options that I can use as someone who regularly edits theme files, I don't believe that it is the most straightforward for users. An option to mark theme templates as a draft, or unpublished, would be a way to solve this problem from the dashboard itself. This would allow theme users to ignore templates that they do not want to use, without having to fully remove them from the theme.",wolfpaw
Tickets Awaiting Review,56246,Open FSE to the page template that is currently displayed,,Themes,,normal,normal,Awaiting Review,defect (bug),new,,2022-07-19T00:42:03Z,2022-07-19T00:42:03Z,"Similar to how clicking ""Edit Page"" in the admin dashboard takes you to the editor for that specific page, I would like to see the ""Edit Site"" button take you directly to the template that is being viewed.
Currently, when I am viewing a page, I click ""Edit Site"" and am taken to the editor for the front page template. I then have to navigate to the proper template that I want to edit.
I propose using the same query string method that redirects to the front page template if it exists to whatever the current template being viewed is. When on a page, clicking ""Edit Site"" would take you to the standard page template. When on a single post, clicking would take you to the single post template.",wolfpaw
Tickets Awaiting Review,56247,Page editor for the page assigned as Front Page does not indicate this status,,Themes,,normal,normal,Awaiting Review,enhancement,new,,2022-07-19T00:42:55Z,2022-07-19T00:42:55Z,"This is an issue that has existed in WordPress prior to FSE, when a front page PHP template or widget based homepages were used in themes.
The issue appears more egregious however, now that FSE is intended to allow editing of all portions of the site.
If I have a static page set to the front page of the site, my expectation is that clicking ""Edit Page"" in the admin bar would take me to the page that displays that content. Instead, when a theme has a front page template, I am seeing content that will not display on the actual site frontend.
My suggestion is some form of notice to the user that they are not editing in the actual place that content is displayed. They could also be taken directly to the front page template of the ""Edit Site"" portion of the dashboard.
I imagine that there would be a variety of edge cases to work around here, as well as related issues such as opening the editor to the proper template, as suggested in #56246",wolfpaw
Tickets Awaiting Review,56250,ReferenceErrors encountered when running QUnit tests,,Build/Test Tools,,normal,normal,Awaiting Review,defect (bug),new,,2022-07-19T16:35:59Z,2023-08-07T17:44:51Z,"When running QUnit tests, there are a handful of errors output:
{{{
Error: ReferenceError: QUnit is not defined
at
:130:13
at HTMLDocument. (:132:2)
}}}
Even with these errors, no tests actually fail.
The number of errors also differences between `grunt qunit` (3) and `grunt qunit:compiled` (6).",desrosj
Tickets Awaiting Review,56252,Allow error_reporting level to be configurable for WP_DEBUG,,Bootstrap/Load,6.0,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-07-19T18:34:39Z,2023-03-01T15:36:23Z,"I use WP_DEBUG_LOG in production to catch errors not caught during development.
But almost all entries are PHP Deprecated errors. This makes hard to spot more relevant errors.
It would be useful to be able to configure the error level report when using WP_DEBUG.",luistar15
Unpatched Enhancements,56261,Normalize comment function parameters with mixed case names,SergeyBiryukov*,Comments,,normal,normal,Future Release,enhancement,accepted,,2022-07-20T16:30:32Z,2023-02-08T14:39:53Z,"Background: #56244
As of WordPress 2.9, core normalizes the `user_ID` parameter to `user_id` when passing data to comment functions, see [12267], [12300], and [28915].
We should consider normalizing other parameters in the same way as it was done for `user_ID` → `user_id`:
* `comment_ID` → `comment_id`
* `comment_post_ID` → `comment_post_id`
* `comment_author_IP` → `comment_author_ip`
Then any combination of these parameters would work regardless of the case.
This would allow extenders to name variables in accordance with the WordPress coding standards:
* `$comment_id`
* `$comment_post_id`
* `$comment_author_ip`
and use them subsequently in a `compact()` call without having to worry about a case mismatch.
This would also allow us to revert some of `compact()` rearrangements made in [53719] and [53723]:
{{{
$compacted = array(
'comment_post_ID' => $comment_post_id,
'comment_author_IP' => $comment_author_ip,
);
$compacted += compact(
'comment_author',
'comment_author_email',
'comment_author_url',
...
'user_id'
);
}}}
which could then be:
{{{
$compacted = compact(
'comment_post_id',
'comment_author',
'comment_author_email',
'comment_author_url',
'comment_author_ip',
...
'user_id'
);
}}}
The list of functions this may affect:
* `wp_insert_comment()`
* `wp_new_comment()`
* `wp_update_comment()`
* `wp_filter_comment()`
* `wp_handle_comment_submission()`",SergeyBiryukov
Tickets Awaiting Review,56290,Twenty Twelve: Button blocks inside widget areas don't apply custom colours,,Bundled Theme,5.8,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-07-27T05:31:47Z,2023-05-26T12:22:18Z,"A similar issue was reported in #45432 but it was only partially fixed.
I have noticed that, while this is fixed for buttons adding to the main content, the problem is still reproducible with buttons added to widget areas.
We would need to reduce the specificity of the selectors on widget areas to prevent this.",mrfoxtalbot
Tickets Awaiting Review,56302,Admin menu links have relative URLs,,Administration,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-07-29T06:01:54Z,2022-11-04T07:53:52Z,"Hey,
When i opened `abc.com/wp-admin/options.php/` and then try to go on submenu under settings then menu link is wrong and not opening page. more information you can see quick recording.
https://www.loom.com/share/e64670a986df4c5da8e81838799a7ea1
Thank you
",iihglobal
Unpatched Bugs,56317,“document.domain” setting,,General,,normal,normal,Future Release,defect (bug),new,,2022-08-01T12:57:48Z,2022-10-12T19:02:38Z,"Hi Team,
I submit a ticket for review as suggested in this post (https://wordpress.org/support/topic/document-domain-setting/).
Do you know any plans to address “document.domain” setting problem in upcoming WordPress releases:
– https://developer.mozilla.org/en-US/docs/Web/API/Document/domain
– https://developer.chrome.com/blog/immutable-document-domain/
I check the latest WordPress release (v6.0.1) and it has four JavaScript libraries using this property:
* wp-admin\js\gallery.js
* wp-includes\js\tinymce\wp-tinymce.js
* wp-includes\js\dist\vendor\wp-polyfill.js
* wp-includes\js\dist\vendor\wp-polyfill-url.js",ashoot96
Tickets with Patches,56320,Update mediaelement.js to the latest version,,External Libraries,,normal,normal,Future Release,defect (bug),new,has-patch,2022-08-01T18:20:19Z,2022-08-26T08:44:23Z,"Follow up to #56319 (updating to the latest 4.x release).
The latest version of `mediaelement`, as of today, is [https://github.com/mediaelement/mediaelement/releases/tag/5.0.5 5.0.5].
Version 5.0 made the player WCAG 2.1 compliant, but some of the changes required are breaking. It's possible this update can be merged into WordPress without issue, but this update needs to be fully tested, and there may be a developer note required to communicate action that needs to be taken by plugin and theme developers.",desrosj
Tickets Awaiting Review,56341,Twenty Twenty-Two: Long text strings cause horizontal overflow,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-08-05T12:07:40Z,2022-08-09T10:21:17Z,"When viewed on narrow viewports, long strings will overflow outside the main content area.
Older bundled themes would default to `word-break: break-all` to avoid this and I believe that Twenty Twenty-Two should also work this way by ""pushing"" long strings into multiple lines.
The code below can be used as a temporary workaround.
{{{
.wp-site-blocks * {
word-break: break-all;
}
}}}
",mrfoxtalbot
Tickets with Patches,56349,Update WordPress core functions to support multiple MIME types,joegrainger,Media,,normal,normal,Future Release,enhancement,assigned,needs-unit-tests,2022-08-08T14:06:16Z,2022-09-07T21:11:58Z,"As part of an effort to improve performance within WordPress, WebP image generation has been introduced into core for new uploads. In order for WebP images to be used outside of user-editable content, WordPress core image functions will be updated to allow developers to specify what MIME type to return for an attachment.
The proposal is to update the `wp_get_attachment_image_src` function by replacing the `$icon` parameter with a `$args` parameter. This new parameter will allow developers to requests a specific attachment mime type source.
To accommodate this change a new `wp_get_attachment_preview_src` function will be created. This function is intended to replace all instances in WordPress core where `wp_get_attachment_image_src` is called and the `$icon` parameter is set to true.
Additionally, all core functions that have an `$icon` parameter will be updated to accept the new `$args` parameter and pass this to the `wp_get_attachment_image_src` function.
For backward compatibility the `$args` parameter can be passed as a boolean and work the same as the original `$icon` parameter.
The `$args` parameter will accept 2 keys, `icon` and `mime_type`. The `icon` argument will work the same as the original `$icon` parameter and will return the files MIME type icon when set to `true`. The `mime_type` argument is used to define the preferred image MIME to return. If the MIME type requested is not available, the original image MIME type is returned.
Lastly, the `image_downsize` and `image_get_intermediate_size` functions will be updated with a new `$mime_type` parameter. This will be used to return the correct file for the specified MIME type.
Patch incoming.",joegrainger
Tickets with Patches,56350,Allow exact search in REST API,,REST API,4.7,normal,normal,Future Release,enhancement,new,has-patch,2022-08-08T14:53:25Z,2022-11-25T09:51:07Z,"Wordpress only allows full text search when using the REST API but doesn't allow exact search. Yet, the exact search is possible using a search query like:
{{{
http://website.com/?s=keyword&exact=1
}}}
When you have tens of thousands of posts, being forced to do a full text search can take several seconds and impacts the performance of the website.
It would be an improvement to allow exact search in the WP_REST_Posts_Controller in order to allow REST API requests like:
{{{
http://website.com/wp-json/wp/v2/posts?s=keyword&exact=1
}}}
",jimmyh61
Unpatched Bugs,56358,PHP8 TypeError on current_time( 'timestamp' ) if timezone is set to GMT / 0,,Date/Time,6.0,normal,minor,,defect (bug),reopened,,2022-08-09T22:46:45Z,2024-03-18T17:58:01Z,"Just a minor bug to report, seems that if you have your timezone set to GMT, current_time( 'timestamp' ) throws a fatal error on PHP8, I think because 0 is being sent as a string. I can fix by changing my timezone to anything else.
PHP Fatal error: Uncaught TypeError: Unsupported operand types: string * int in /wp-includes/functions.php:75
Stack trace: #0 /RSSItemPull.php(286): current_time('timestamp')",toastercookie
Tickets Awaiting Review,56360,Twenty Twenty: Font size issue in H1 Heading block,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,,2022-08-10T10:53:10Z,2022-08-10T19:17:22Z,"In Twenty Twenty Theme, when we add Heading block in editor side and change heading level to H1 and applied the background color, it is reflected proper in editor side but it is reflected in front side into the larger font size.
Steps to replicate:
1: Activate the Twenty Twenty Theme
2: Add Heading block
3: Choose H1 heading level
4: Choose background color.
5: View the page/post at editor side
6: Save page/post
7: View the page/post at front side
For better understanding I provide video attachment link.
Video link: https://share.cleanshot.com/hUvyB1LHodVizNDuqxvB
Thanks",kajalgohel
Tickets Awaiting Review,56367,Twenty Seventeen: List block padding issue in editor side,,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-08-12T08:00:44Z,2022-09-03T14:52:22Z,"In Twenty Seventeen Theme, when we add List block in editor side and choose background color for that block, We can see that there is padding issue in editor side but it is working properly in front side.
Steps to replicate:
1: Activate the Twenty Seventeen Theme
2: Add List block
3: Enter some data
4: Choose background color
5: View the page/post at editor side
6: Save page/post
7: View the page/post at front side
For better understanding I provide video attachment link.
Video link: https://share.cleanshot.com/NUc4wzmVcKv6KGjGjQQs
Thanks",kajalgohel
Tickets Awaiting Review,56368,Unable to use enum with array data type - REST API,,REST API,,normal,normal,Awaiting Review,enhancement,new,,2022-08-12T08:16:14Z,2022-09-04T19:08:23Z,"I would like to be able to specify enums when creating a REST schema property that accepts an array of values.
**For example:**
{{{#!php
__( 'Sort collection by object attribute.' ),
'type' => array( 'string', 'array' ),
'default' => 'id',
'items' => array(
'type' => 'string',
),
'enum' => array( 'id', 'title', 'date', 'include' ),
'validate_callback' => 'rest_validate_request_arg',
);
}}}
",picocodes
Tickets Awaiting Review,56376,Add wp_is_ini_value_changeable( 'memory_limit' ) yes or no to class WP_Debug_Data,,Site Health,6.0,normal,normal,Awaiting Review,enhancement,new,,2022-08-14T17:34:09Z,2022-08-14T17:34:09Z,"If the function
{{{
wp_is_ini_value_changeable( 'memory_limit' )
}}}
is true or false is important to know when deciding if setting a higher value of WP_MEMORY_LIMIT or WP_MAX_MEMORY_LIMIT will have any effect on the site performance.
I can't find this info in the current version of class WP_Debug_Data in WP 6.0.1.",missveronicatv
Tickets Awaiting Review,56384,Error in CSS for form input,,Administration,6.0,normal,minor,Awaiting Review,defect (bug),new,,2022-08-15T21:50:28Z,2022-08-15T22:12:27Z,"In ''user-new.php'' and ''user-edit.php'', I created an interface to add some custom meta fields using checkboxes.
The problem is that the CSS bit
{{{
#adduser .form-field input, #createuser .form-field input {
width: 25em;
}
}}}
breaks my interface as I'm using the HTML
{{{
}}}
So ''.form-field input'' without excluding checkbox types, or specifically applying it to text/url types, stretches the checkboxes...
Below I'm attaching two screenshots, the first with the CSS bit in effect, and the second with it disabled in the developer tools of the browser...
[[Image(https://i.ibb.co/Lkf2r4P/Screenshot-2022-08-16-003733.jpg)]]
[[Image(https://i.ibb.co/yPKBSCS/Screenshot-2022-08-16-003822.jpg)]]",princeofabyss
Tickets Awaiting Review,56390,Updating WP_MEMORY_LIMIT,,Bootstrap/Load,,normal,normal,Awaiting Review,enhancement,new,,2022-08-16T09:04:13Z,2024-01-24T09:26:49Z,"During the [https://europe.wordcamp.org/2022/contributor-day/ Contributor Day at the WordCamp Europe 2022], the Hosting Team found that {{{WP_MEMORY_LIMIT}}} is set as 40 MB (single site) and 64 MB (multisite). Furthermore, the {{{WP_MAX_MEMORY_LIMIT}}} is set as 256 MB.
{{{WP_MEMORY_LIMIT}}} is the value for the WordPress Memory Limit, usually referred to the frontend memory, and {{{WP_MAX_MEMORY_LIMIT}}} is the value for the PHP Memory Limit, usually referred to the backend memory.
== History ==
Around September 2013, the {{{WP_MEMORY_LIMIT}}} value changed from 32 MB to 40 MB (32+8). Some tests done by the Hosting Team suggest that the memory used on WordPress is around 16 MB.
The PHP {{{memory_limit}}} sets the maximum amount of memory in bytes that a script is allowed to allocate. This helps prevent poorly written scripts for eating up all available memory on a server. Note that to have no memory limit, set this directive to {{{-1}}}. Check the [https://www.php.net/manual/en/ini.core.php#ini.memory-limit PHP page for more information].
== Actual code ==
Checking the [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/default-constants.php default-constants.php], the code for {{{WP_MEMORY_LIMIT}}} is:
{{{
#!php
$current_limit = ini_get( 'memory_limit' );
$current_limit_int = wp_convert_hr_to_bytes( $current_limit );
// Define memory limits.
if ( ! defined( 'WP_MEMORY_LIMIT' ) ) {
if ( false === wp_is_ini_value_changeable( 'memory_limit' ) ) {
define( 'WP_MEMORY_LIMIT', $current_limit );
} elseif ( is_multisite() ) {
define( 'WP_MEMORY_LIMIT', '64M' );
} else {
define( 'WP_MEMORY_LIMIT', '40M' );
}
}
// Set memory limits.
$wp_limit_int = wp_convert_hr_to_bytes( WP_MEMORY_LIMIT );
if ( -1 !== $current_limit_int && ( -1 === $wp_limit_int || $wp_limit_int > $current_limit_int ) ) {
ini_set( 'memory_limit', WP_MEMORY_LIMIT );
}
}}}
''NOTE: this code is an extrapolation of some parts to understand the values.''
For {{{WP_MAX_MEMORY_LIMIT}}}, is:
{{{
#!php
$current_limit = ini_get( 'memory_limit' );
$current_limit_int = wp_convert_hr_to_bytes( $current_limit );
if ( ! defined( 'WP_MAX_MEMORY_LIMIT' ) ) {
if ( false === wp_is_ini_value_changeable( 'memory_limit' ) ) {
define( 'WP_MAX_MEMORY_LIMIT', $current_limit );
} elseif ( -1 === $current_limit_int || $current_limit_int > 268435456 /* = 256M */ ) {
define( 'WP_MAX_MEMORY_LIMIT', $current_limit );
} else {
define( 'WP_MAX_MEMORY_LIMIT', '256M' );
}
}
}}}
''NOTE: this code is an extrapolation of some parts to understand the values.''
== PHP values ==
The first part gets the value from PHP, and if not exists, sets a default value. Thereafter, if the value is incorrect (in bytes) sets the memory limit from the constant.
This PHP value has evolved:
- PHP <5.1.0 (2005-11-24): valued at 8 MB (view [https://web.archive.org/web/20051127013935/https://www.php.net/manual/en/ini.core.php archive.org page])
- PHP =5.2.0: valued at 16 MB
- PHP >5.2.0 (2008-12-12): valued at 128 MB (view [https://web.archive.org/web/20081217050654/https://www.php.net/manual/en/ini.core.php#ini.memory-limit archive.org page])
== Some questions ==
**Why change the WP_MEMORY_LIMIT value?**
To level it to the PHP standard.
If the hoster has some kind of limitation, misconfiguration, an incorrect value or does not allow changing it, the value used is the lesser, of 40 MB, which usually produces memory errors, when it should use the PHP default value, which is generally acceptable in new installations. At this time, 20 latest versions of WordPress (since WordPress 4.1 / 2014-12-17) can use PHP 5.6.40+ so it would meet the minimums set by PHP.
**Can, actually, the value be greater than the PHP value?**
Yes. That's why there is an intent to include something like:
{{{WP_MEMORY_LIMIT <= WP_MAX_MEMORY_LIMIT <= memory_limit}}}
== Premises ==
We should keep in mind some basic assumptions when incorporating PHP memory limits based on what users can do.
The memory limit set by computer systems are set for a reason. And that reason should be enforced; therefore, PHP's memory limit should not be exceeded, and in case it needs to be exceeded, it should be changed by the system administration.
Users can set the values they want from the wp-config.php configuration file. Often, extremely high values are set to hide a memory consumption problem due to bad programming. With a few visits it usually works, but it is a short-term fix.
We must be realistic about the memory limits of the WordPress Core and the normal use of a WordPress, whether it is a simple WordPress or a WordPress Multisite. Most WordPress sites install plugins and themes that make memory spikes higher.
PHP has its baseline memory limits that should serve as a reference for its use and application.
== Proposal ==
Considering that since 2008, and PHP >5.2.0 the {{{memory_limit}}} value is equal to 128 MB, should we consider an update of this value in the WordPress base configuration, or at least an update of the values?
The proposal from the WordPress Hosting team is for {{{WP_MEMORY_LIMIT}}}:
- WordPress Single: {{{define('WP_MEMORY_LIMIT', '128M');}}}
- WordPress Multisite: {{{define('WP_MEMORY_LIMIT', '192M');}}}
Another patch should be:
{{{WP_MEMORY_LIMIT <= WP_MAX_MEMORY_LIMIT <= memory_limit}}}
Users can modify the {{{WP_MEMORY_LIMIT}}} and {{{WP_MAX_MEMORY_LIMIT}}} at {{{wp-config.php}}} and should have some limitations in values, as far as WordPress cannot overflow PHP.
== Getting the values ==
When doing some calls to PHP functions and values, got this:
- php.ini: {{{memory_limit}}} -> value: {{{256M}}}
- function: {{{memory_get_usage}}} -> value: {{{2097152}}}
- updating the {{{ini_set memory_limit}}} to {{{512M}}} -> value: {{{memory_limit = 256M}}}
- function: {{{ini_get_all[memory_limit]}}}
{{{
Array (
[global_value] => 256M
[local_value] => 512M
[access] => 7
)
}}}
So, the real values are, always in the {{{ini_get_all[memory_limit]}}}.
After doing some tests, maybe hard-coding the values is a bad idea, but having some ""limits"" is cool (like now) but reading the real values.
== New code ==
This is just a proposal of code (need revision and checking by the WordPress Core Team).
{{{
#!php
$default_max_memory = 128 * MB_IN_BYTES; // this is a security limit. Should be align with the default PHP memory_limit. Now (PHP 5.3+) is 128M
$memory_default = ini_get( 'memory_limit' );
$ini_get_all = ini_get_all();
// set by global ini
if( isset( $ini_get_all['memory_limit']['global_value'] ) ) {
$max_memory_default = $ini_get_all['memory_limit']['global_value'];
} elseif( $memory_default ) {
$max_memory_default = $memory_default;
} else {
$max_memory_default = $default_max_memory;
}
// set by site / virtualhost / pool ini
if( isset( $ini_get_all['memory_limit']['local_value'] ) ) {
$max_memory_real = $ini_get_all['memory_limit']['local_value'];
} else {
$max_memory_real = $max_memory_default;
}
unset( $memory_default, $ini_get_all );
// default memory in bytes
$max_memory_default_int = wp_convert_hr_to_bytes( $max_memory_default );
if( $max_memory_default_int <= 0 ) $max_memory_default_int = $default_max_memory;
// site memory in bytes
$max_memory_real_int = wp_convert_hr_to_bytes( $max_memory_real );
if( $max_memory_real_int <= 0 ) $max_memory_real_int = $default_max_memory;
if( $max_memory_real_int < $max_memory_default_int ) $max_memory_real_int = $max_memory_default_int; // set the limit to the max memory set wherever
// user did not set the WP_MEMORY_LIMIT in wp-config.php
if ( ! defined( 'WP_MEMORY_LIMIT' ) ) {
define( 'WP_MEMORY_LIMIT', size_format( $max_memory_real_int ) );
// if the WP_MEMORY_LIMIT set by the user is greater than the real available
} elseif( $max_memory_real_int < wp_convert_hr_to_bytes( WP_MEMORY_LIMIT ) ) {
define( 'WP_MEMORY_LIMIT', size_format( $max_memory_real_int ) );
}
// user did not set the WP_MAX_MEMORY_LIMIT in wp-config.php
if ( ! defined( 'WP_MAX_MEMORY_LIMIT' ) ) {
define( 'WP_MAX_MEMORY_LIMIT', size_format( $max_memory_real_int ) );
// if the WP_MAX_MEMORY_LIMIT set by the user is greater than the real available
} elseif( $max_memory_real_int < wp_convert_hr_to_bytes( WP_MAX_MEMORY_LIMIT ) ) {
define( 'WP_MAX_MEMORY_LIMIT', size_format( $max_memory_real_int ) );
}
if ( wp_convert_hr_to_bytes( WP_MEMORY_LIMIT ) > wp_convert_hr_to_bytes( WP_MAX_MEMORY_LIMIT ) ) {
WP_MEMORY_LIMIT = WP_MAX_MEMORY_LIMIT;
}
unset( $default_max_memory, $max_memory_default, $max_memory_real, $max_memory_default_int, $max_memory_real_int );
}}}
Initial Props: @javiercasares, @crixu, @bernardzijlstra, @mikeschroder.
Original document from the Hosting team at
[https://docs.google.com/document/d/1CFMboqFnHMBifcuozqWKvUQUdxSCqCh-YcCwMOMeAl0/]",JavierCasares
Candidates for Closure,56403,Write 'Activated' instead of 'Installed' for activated theme,audrasjb,Themes,,normal,normal,Awaiting Review,defect (bug),reviewing,reporter-feedback,2022-08-18T09:08:42Z,2022-08-18T15:22:40Z,"On theme-install page, there have text for all installed theme but it should be 'Activated' instead of 'Installed' for activated theme.",alireyad
Tickets Awaiting Review,56410,WordPress API error when trying to add tags,,Editor,6.4.2,normal,critical,Awaiting Review,defect (bug),new,,2022-08-20T03:49:31Z,2024-02-07T17:05:11Z,"In this video- https://www.loom.com/share/6671fc834c624e37940ba9ecf0398389 you can see that, even with all plugins deactivated and with a default theme, there is an error whenever we tried to add a new tag. As you can see in the video, there is a 400 server error related to the WordPress API.
Maybe it is showing due to - WordPress API error when trying to add tags that already exist to a existing post or within site.
I’ve run into an error in the browser console whenever I try to add tags (that already exist on the site) to a post. I’ve managed to reproduce this on a completely new site.
To reproduce this, please try the following steps:
1) Create a few tags (around 5-6) under Posts > Tags.
2) Create a new post.
3) With the browser console open, start adding your tags to the new post.
4) You should see a 400 Bad Request error for /wp-json/wp/v2/tags?_locale=user
I was able to reproduce this error on a completely new WordPress 6.0.1 install.
We then tried to reproduce this issue on a completely new WordPress installation with no plugins and we managed to reproduce this problem. It looks like this is a problem in WordPress core and not in a plugin. The error seems to be triggered only when you try to add a tag that already exists on the site.",fanmerch2016
Tickets Awaiting Review,56420,"In block editor when block is at top of window the block tools / settings dialog is hidden by ""Editor top bar""",,Administration,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-08-23T11:53:13Z,2022-09-06T16:15:03Z,"In block editor when block is at top of window and I activate the block tools / settings dialog it overflows ""Editor content"" and is hidden by ""Editor top bar"".",ritterml
Tickets Awaiting Review,56421,"Fix scrolling in Block Editor ""Editor Content"" inside ""Group Block""",,Administration,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-08-23T13:04:55Z,2022-09-06T16:31:35Z,"When I am navigating with my up/down keyboard buttons inside a Group Block in the Block Editor ""Editor Content"" does not scroll until I scroll below the Group Block.",ritterml
Candidates for Closure,56425,wp_localize_script assign to const and freeze instead of var to avoid reassignments,,Script Loader,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-08-23T23:59:48Z,2022-11-08T07:36:06Z,"wp_localize_script adds elements as ""var"".
To avoid accidental, silent overwrites by other plugins or malicious code, it would be better if we used a const and freeze the object, to disable reassignments.
",malthert
Tickets Awaiting Review,56427,Twenty Twenty-Two: editor font weight for bold text in Button block does not match front,,Bundled Theme,6.0.1,normal,normal,Awaiting Review,defect (bug),new,,2022-08-24T05:54:10Z,2023-05-30T01:17:57Z,"Hello Team,
For Twenty Twenty Two Theme, when we add Button block in editor side, and make the text bold at editor end the font-weight is coming 600 while at Frontend it is coming 700.
Steps to replicate:
1: Activate the Twenty Twenty-Two Theme
2: Add Button block
3: Add Text in Button Block
4: Make Button text Bold from Top Toolbar
5: View the page/post at editor side
6: Save Page/Post
7: View the page/post at front side
For Better understanding i am providing video attachment link
Link: https://share.cleanshot.com/CNLRh4J9ut4dcWypHHuT
Thank you.",varshil151189
Tickets Awaiting Review,56428,Filter username on Users list table (WP_Users_List_Table),,Users,6.0.1,normal,trivial,Awaiting Review,feature request,new,,2022-08-24T11:49:40Z,2022-08-24T12:39:34Z,"there is no way to filter the username columns text like the cpt title column with the filter ""the_title""
the only way is to unset it from manage_users_custom_column filter but then you lose the ""quick actions"" feature",3wwwGR
Tickets Awaiting Review,56429,Gutenberg author box missing,,Editor,6.0.1,normal,normal,Awaiting Review,defect (bug),new,,2022-08-24T14:03:31Z,2022-11-05T22:30:57Z,"There is a bug related to the author box missing when all of the following conditions are true:
- When there are more than 70 users in a WP installation
- When an Editor creates a post and saves it as a draft. This must be the only post of that user
- If all the users are ordered alphabetically, that user must be above 60 in the order
When this is true, if another Editor opens that draft, the author box won't be visible. There is an additional request that should fetch that user and it's returning error 403
If Administrator opens it, the author box is present
The cause for the bug is the last condition that fails here - https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php#L445 because the function checks for the author of the post",lgadzhev
Tickets Awaiting Review,56443,Twenty Nineteen: button block font size issue.,,Bundled Theme,6.0.1,normal,normal,Awaiting Review,defect (bug),new,,2022-08-26T05:38:39Z,2023-04-21T13:37:06Z,"Steps to reproduce:-
1. Activate Twenty Nineteen Theme.
2. Choose button block.
3. Change the font size of the button.
4. Check at the Front side.
You can see the font is a little lesser than our given font size.
The font size is exactly the same on our editor side but the front side font is lesser than the given font-size value.
I have attached video for better understanding.
Video URL:- [https://share.cleanshot.com/gr6tIUCZSXR6Xj54uqLn]",nidhidhandhukiya
Tickets Awaiting Review,56446,Query loop next page button not working as expected.,,General,,normal,normal,Awaiting Review,defect (bug),assigned,,2022-08-26T18:16:58Z,2022-08-27T08:04:01Z,"Recently I ran into an issue using the query loop block halfway down on the front page of a website I was working on.
Whenever I clicked on the ‘next page’ button to show more blogposts results, the click would cause the page to jump to to top and I would have to scroll down to go back to the blog overview window.
I expected the click to show me more more results yet stay in the same place on the page. Is this a wrong assumption or is this an actual bug?
If it's not a bug then maybe an enhancement issue? ",vncntdvrs
Tickets Awaiting Review,56455,Twenty Nineteen: Text Color issue in Pullquote Block,,Bundled Theme,6.0.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-08-29T07:16:04Z,2024-03-18T10:33:29Z,"In Twenty Nineteen Theme, when we add Pullquote block in editor side, and choose text color, We can see that the text color is not reflected for ""Add citation"" text.But when we see the same Pullquote block at front side, text color for ""Add quote"" and ""Add citation"" is not reflected.
Steps to replicate:
1: Activate the Twenty Nineteen Theme
2: Add Pullquote block
3: Enter some Text for ""Add quote""
4: Enter some Text for ""Add citation""
3: Choose Text color
4: Save Page/Post
5: View the page/post at front side
For better understanding I provide video attachment link.
Video URL : https://share.cleanshot.com/4DhJNFXRZcP8DJKYfZnp
Thanks",kajalgohel
Tickets Awaiting Review,56456,Twenty Nineteen: Text Color issue when added background color in Pullquote Block,,Bundled Theme,6.0.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-08-29T09:01:12Z,2023-05-26T08:23:01Z,"In Twenty Nineteen Theme, when we add Pullquote block in editor side, and choose text color after that choose Background color, We can see that the text color is not reflected for ""Add quote"" and ""Add citation"" text.
Steps to replicate:
1: Activate the Twenty Nineteen Theme
2: Add Pullquote block
3: Enter some Text for ""Add quote""
4: Enter some Text for ""Add citation""
5: Choose Text color
6: Choose Background color
7: Save Page/Post
8: View the page/post at front side
For better understanding I provide video attachment link.
Video URL : https://share.cleanshot.com/CN6Zb1g87OIUmDsJgD9i
Thanks",kajalgohel
Tickets Awaiting Review,56458,Multisite Theme Details,,Networks and Sites,6.0.1,normal,normal,Awaiting Review,feature request,new,,2022-08-29T17:51:16Z,2022-09-30T14:39:06Z,"It would be great if there were some accounting for the use of themes across a network. I'm thinking the /wp-admin/network/sites.php listing could show the active theme of each site.
Even if there was a counter so I could confirm the number of sites using a given Theme, that would work.
Or similar to the Users list, which has a column of Sites the user has access to, you could add a Sites column to the Themes listing.
Use Case: I have 8 themes installed, and 97 subsites. There doesn't seem to be any way to confirm which themes are active on 0 sites, confirming which I can uninstall.",hopetommola
Candidates for Closure,56473,Getting notice message I am disabling update notifications,,Upgrade/Install,5.9.3,normal,normal,Awaiting Review,defect (bug),new,close,2022-08-31T10:44:32Z,2022-09-06T01:55:17Z,"Hey,
I am trying to disable Plugin/Theme/WP update notice notifications. after added code getting Notice on update-core.php page. More information you can see mentioned SS.
Thank you ",sumitsingh
Tickets Awaiting Review,56479,Missing capability shows blank page in WP-Admin,,"Posts, Post Types",6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-08-31T16:34:07Z,2023-03-12T21:53:38Z,"Hello,
I have created a **custom post type** with the following code.
{{{#!php
_x('Fortbildungen', 'Post Type General Name', 'ibf'),
'singular_name' => _x('Fortbildung', 'Post Type Singular Name', 'ibf'),
'menu_name' => __('IBF', 'ibf'),
'name_admin_bar' => __('IBF-Fortbildung', 'ibf'),
'archives' => __('IBF-Archiv', 'ibf'),
'all_items' => __('Alle Fortbildungen', 'ibf'),
'add_new_item' => __('Neue Fortbildung', 'ibf'),
'add_new' => __('Neue Fortbildung', 'ibf'),
'new_item' => __('Neue Fortbildung', 'ibf'),
'edit_item' => __('Fortbildung bearbeiten', 'ibf'),
'update_item' => __('Fortbildung speichern', 'ibf'),
'view_item' => __('Fortbildung anzeigen', 'ibf'),
'view_items' => __('Fortbildungen anzeigen', 'ibf'),
'search_items' => __('Fortbildung suchen', 'ibf'),
);
$args = array
(
'label' => __('IBF', 'ibf'),
'description' => __('Fortbildungen verwalten', 'ibf'),
'labels' => $labels,
'supports' => array('title', 'editor', 'author', 'thumbnail', 'revisions', 'custom-fields'),
'show_in_rest' => true,
'hierarchical' => false,
'public' => true,
'show_in_menu' => true,
'menu_position' => 5,
'menu_icon' => 'dashicons-welcome-learn-more',
'has_archive' => true,
'rewrite' => array('slug' => 'ibf'),
'capability_type' => 'post',
'capabilities' => array
(
'edit_post' => 'edit_ibf',
'edit_posts' => 'edit_ibfs',
'edit_others_posts' => 'edit_others_ibf',
'publish_posts' => 'publish_ibf',
'read_post' => 'read_ibf',
'read_private_posts' => 'read_private_ibf',
'delete_post' => 'delete_ibf',
'create_posts' => 'create_ibfs',
),
);
register_post_type('ibf', $args);
}
add_action('init', 'customPostTypeIBF', 0);
}}}
Then I adjusted the **wp_user_roles** field in the database so that the permissions are also set appropriately based on the role.
Now when I don't have the **create_ibf** permission I get the following message in the admin panel:
[[Image(https://i.ibb.co/2dPcrWh/error-ok.png)]]
Thats right and it works!
**Now the problem:** When I don't have the **edit_ibf** ''(without S at the end)'' permission I just get a white page (blank page) in the admin panel. Now error message or so. Only a white page. The source code shows the page but in the browser I cant see anything.
If I use the developer tools I get the following error message:
[[Image(https://i.ibb.co/gjjyhkZ/error-white.png)]]
If I follow the link in the error message I can see that:
[[Image(https://i.ibb.co/3dFQ8Sh/wp-rest-error.png)]]
So I think here is a error message missing.
**And now another funny thing:** When I havent the permission **edit_ibf** and disable the **block editor** with the parameter:
{{{#!php
false,
}}}
the page is loading:
[[Image(https://i.ibb.co/dGJPdj3/ibf-ohne-blockeditor.png)]]
I think something is wrong here. Maybe someone can take a look and fix this. At least the error message that you don't have enough rights would make sense, since you're looking for the error for a long time.
Thanks in advance!
**My Live-Server:** Ubuntu 20.04.3 with PHP 8.0.22 and MariaDB 10.5
**My Test-Server (used here for reporting):** Windows 11 with XAMPP and PHP 8.0.19 and a fresh install from 18:00 Uhr",vincenz17
Tickets Awaiting Review,56480,_add_post_type_submenus doesn't use WP_Post_Type::$menu_position,,"Posts, Post Types",,normal,normal,Awaiting Review,defect (bug),new,,2022-08-31T17:17:11Z,2023-04-12T19:26:37Z,"Although it's possible to add a post type as a submenu when registering by setting the property show_in_menu, it's not possible to set the position.
This is happening because in the function [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/post.php#L2071 _add_post_type_submenus] (wp-includes/post.php) the function add_submenu_page is called without passing the parameter $position.
{{{#!php
true ) ) as $ptype ) {
$ptype_obj = get_post_type_object( $ptype );
// Sub-menus only.
if ( ! $ptype_obj->show_in_menu || true === $ptype_obj->show_in_menu ) {
continue;
}
add_submenu_page( $ptype_obj->show_in_menu, $ptype_obj->labels->name, $ptype_obj->labels->all_items, $ptype_obj->cap->edit_posts, ""edit.php?post_type=$ptype"" );
}
}
}}}
Steps to reproduce the issue:
1. Add the code snippet in the functions.php of the theme (notice the 'menu_position')
{{{#!php
array(
'name' => 'Foo',
),
'show_in_menu' => 'edit.php?post_type=page',
'menu_position' => 20,
'public' => true,
)
);
register_post_type(
'bar',
array(
'labels' => array(
'name' => 'Bar',
),
'show_in_menu' => 'edit.php?post_type=page',
'menu_position' => 10,
'public' => true,
)
);
}}}
2. Visit the Dashboard and check that under the menu Pages, ""Foo"" appears **before** ""Bar""
Expected behaviour: ""Foo"" appears **after** ""Bar""",Rahmohn
Tickets Awaiting Review,56481,Short-circuit HEAD methods in Core controllers,,REST API,4.7,normal,normal,Awaiting Review,enhancement,new,,2022-08-31T19:53:43Z,2022-08-31T19:53:43Z,"The REST API has built-in support for responding to a `HEAD` request. If no callback is specifically registered for the method, the server will fallback to the associated `GET` handler. However, this means that the server is throwing away work when no response body is needed.
`GET` routes can be adapted to check if the `WP_REST_Request::get_method` is `HEAD` and if so skip preparing the response body. For single item routes, this is pretty straightforward.
It is a little more nebulous for collection routes. We still need to provide any headers like pagination which are currently prepared after the response body is generated.
I think we'd want to extract the pagination logic to it's own method. Then, before making the database query,
adjust the query to only return `ids`. This will give us enough information to build the pagination headers and allow us to send the `HEAD` response.
See https://github.com/WordPress/gutenberg/pull/43703",TimothyBlynJacobs
Candidates for Closure,56483,Weird oneOf behaviour upon validation of post meta value upon GET retrieval via REST API,,REST API,6.0.1,normal,major,Awaiting Review,defect (bug),new,reporter-feedback,2022-08-31T23:21:28Z,2022-12-11T15:54:52Z,"I've been checking for a significant amount of time with some other developers, and we can't find reasonable explanations for the behavior described here: https://wordpress.stackexchange.com/questions/409131/oneof-json-schema-validation-not-properly-working-for-custom-post-meta-value",joeyojoeyo12
Tickets Awaiting Review,56489,An extra post lookup in WP_Embed::shortcode for known post,,Embeds,,normal,normal,Awaiting Review,enhancement,new,,2022-09-01T16:34:26Z,2022-09-01T16:37:10Z,"`WP_Embed::shortcode` caches embeds into post_meta for known posts (ie.: embed in a post_content) or into a post of the `oembed_cache` post type in case the global post is not set (ie.: outside the loop).
However, [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-embed.php?rev=53269#L251 the code] always tries to lookup the `oembed_cache` post, even in case the global post is set, which results in an extra SQL query, since the `oembed_cache` post is never created, if there is a known global post.
The `$cached_post_id` variable populated by the `WP_Embed::find_oembed_post_id` function call is really only used in case there is no global post set, and thus, IMHO, should be only populated in such case.",david.binda
Candidates for Closure,56495,"For multi site, The emial content used with sprint and filter wpmu_signup_user_notification_email",,General,6.0.2,normal,normal,Awaiting Review,defect (bug),assigned,reporter-feedback,2022-09-02T08:07:44Z,2022-09-06T06:52:30Z,"In the file ""wp-includes/ms-functions.php"" line no 1082.
It's used sprintf function and also used filters in it as well so if someone applies this filter and updates the content of the subject with any specifiers from the below screenshot it will throw an error as sprintf function has only a string to replace but if the someone update content with more specifiers will not work.
So we should separate out sprintf and filter that is used in it.
Thanks",kp4net
Tickets with Patches,56496,Twenty Twenty-Two: Update comment block markup,,Bundled Theme,,normal,normal,Future Release,defect (bug),new,dev-feedback,2022-09-02T09:37:52Z,2024-01-19T11:13:34Z,"The comment block markup in Twenty Twenty-Two is using an outdated version of the block: ``
In the Site Editor, the block shows the following notice: You're currently using this block in legacy mode.
This should be updated to use the latest version of the comments block, e.g. wrapped in the `` tag.",mikachan
Candidates for Closure,56497,Categories (List) block center alignment is not working with dropdown in editor,,Editor,6.0.1,normal,normal,Awaiting Review,defect (bug),assigned,close,2022-09-02T09:46:43Z,2022-09-14T02:11:52Z,"Categories block center alignment setting is not reflecting on editor side.
1. Activate the Twenty Eleven Theme
2. Add Categories Block (or ""Categories List"" block if Gutenberg plugin is activated)
3. Select the ""Display as dropdown"" option in the sidebar
4. Change the alignment to center
Here is Screen Recording:[https://share.cleanshot.com/CDO3nlFrsNj3r6TpLJH5]",multidots1896
Tickets Awaiting Review,56499,count() used in the loop condition,,Comments,,lowest,normal,Awaiting Review,defect (bug),new,has-patch,2022-09-02T12:40:53Z,2022-09-21T15:22:51Z,The use of count() inside a loop condition is not allowed; assign the return value to a variable and use the variable in the loop condition instead.,krunal265
Tickets Awaiting Review,56506,Used default separator style in editor but It's showing Wide Line Separator style in My Patterns,,Editor,6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-09-04T06:36:36Z,2023-10-30T16:35:53Z,"I have an issue on pattern design submission. While submitting my pattern, I have used default style separator but I'm getting Wide line style Separator in frontend in current WordPress Version. I did not understand what have I missed.
Used Separator
https://tinyurl.com/2lpyuja4
Frontend Separator
https://tinyurl.com/2nd2k8by",rohit900
Candidates for Closure,56512,Design glitch in calendar block control with align left and right(Frontend),,Themes,6.0.2,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-09-05T09:55:06Z,2022-09-05T12:42:49Z,"I've noticed that when I add the calendar block (without any other blocks) with the align left or right control in backend,
the calendar displays inline with the footer. But instead of a calendar, I added a latest post block with an align left control,
and it looks fine.
Would you please verify.
latest post block: https://tinyurl.com/2le537ry
calendar : https://tinyurl.com/2lyxklye
WordPress Version: 6.0.2
Active Theme: TwentyTwentyTwo ",bisnusnr
Tickets Awaiting Review,56522,Add filter for wp_get_layout_style,,Editor,5.9,normal,normal,Awaiting Review,enhancement,assigned,,2022-09-06T15:56:00Z,2023-02-09T21:27:59Z,"Currently, there is no filter for the output of this function, which contains the layout styles associated with a given block. Having this be filterable seems conducive to clean overrides versus having a specificity battle with inlined styles (which in many cases would require `!important` to override), while allowing this to be a very intentional, opt-in feature.
I will be working on a patch for this which I'll add to the ticket once created. ",10upiansvo
Tickets Awaiting Review,56525,"Twenty Eleven: Font-style issue of ""Add Citation"" text in Pullquote Block",,Bundled Theme,6.0,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-09-07T08:18:14Z,2024-03-23T21:14:15Z,"In Twenty Eleven Theme, when we add Pullquote block in editor side, We can see that the font-style of ""Add citation"" text is Italic. But when we see the same Pullquote block at front side, font-style for ""Add citation"" text is not reflected, It is display normal.
Steps to replicate:
1: Activate the Twenty Eleven Theme
2: Add Pullquote block
3: Enter some Text for ""Add quote""
4: Enter some Text for ""Add citation""
5: Save Page/Post
6: View the page/post at front side
For better understanding I provide video attachment link.
Video URL : https://share.cleanshot.com/yoxXVomU1svauo5FmF9G
Thanks",kajalgohel
Tickets Awaiting Review,56542,"Should not allow to unregistered user be able to make a ""Export Personal Data"" Request",,Privacy,4.9.6,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-09-10T05:25:01Z,2022-09-27T23:31:13Z,"Hello,
We should fix the condition of unregistered users allowed to ""Export Personal Data"" request when try with an email address",hiren1094
Tickets Awaiting Review,56554,Twenty Eleven: Width issue in Button block,,Bundled Theme,6.0.2,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-09-12T08:14:21Z,2023-03-22T00:07:02Z,"In Twenty Eleven Theme, when we add Button block in editor side and change the Width settings of Button, we can see that the Width is not reflected in editor side.
Steps to replicate:
1: Activate the Twenty Eleven Theme
2: Add Button block
3: Choose Width from Width settings
4: View the page/post at editor side
5: Save Page/Post
6: View the page/post at front side
For better understanding I provide video attachment link.
Video link: https://share.cleanshot.com/SPJat9VXVPA8lMQUfZlD
Thanks",kajalgohel
Tickets Awaiting Review,56557,Twenty Twenty: Remove font size and weight definition on cite element,,Bundled Theme,5.3,normal,normal,Awaiting Review,enhancement,new,,2022-09-12T10:40:58Z,2022-09-13T02:35:57Z,"The {{{cite}}} element in Twenty Twenty is styled in a way that makes it less flexible than it's meant to be, with a smaller font size and no italic. [[https://www.w3schools.com/tags/tag_cite.asp|The W3Schools example uses the element to wrap the title of a painting]], not the author, causing the title to have reduce emphasis (see tt-before.png).
The default styling for the `cite` element is to simply have italic text (see intended.png).
Suggestion: remove the font-weight, style, and size definitions from TT's `cite` element. See (tt-after.png)
Example block markup:
{{{
Do Androids Dream of Electric Sheep , Philip K. Dick
Neuromancer , William Gibson
The Diamond Age , Neal Stephenson
}}}",Joen
Candidates for Closure,56562, Tag should be self closing on wp-mail.php file,,Mail,,normal,normal,Awaiting Review,defect (bug),assigned,close,2022-09-13T13:38:49Z,2022-09-25T00:00:32Z,"Previously tag is not self-closing so I have make tag self-closing.
",rajanpanchal2028
Tickets Awaiting Review,56565,Twenty Sixteen: Quote Block Border Left color not reflected in editor,,Bundled Theme,6.0.2,normal,minor,Awaiting Review,defect (bug),new,has-patch,2022-09-14T06:29:23Z,2024-01-17T16:02:03Z,"Theme Twenty Sixteen Quote Block Border Left color not reflected in editor
Steps to replicate:
1: Activate the Twenty Sixteen Themes
2: add Quote block
3: Select color
For better understanding I provide video attachment link.
Video link: https://www.loom.com/share/bc19aee1e3cb4370a0642a403c61942f
",umesh84
Tickets Awaiting Review,56567,Twenty Nineteen: Pullquote Block Text color not reflected on Front end,,Bundled Theme,6.0.2,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-09-14T12:49:40Z,2022-10-12T19:27:09Z,"In the Theme Twenty Nineteen Pullquote Block Text color not reflected in Front side
1: Activate the Twenty Nineteen Themes
2: Add Pullquote Block
3: Change Text color
4: See Front side
For better understanding I provide video attachment link.
URL: https://www.loom.com/share/dd96363e35c74530bab44e8f71600706",umesh84
Candidates for Closure,56578,Post date block color setting is not reflecting in editor and front side,,Editor,6.0.1,normal,normal,Awaiting Review,defect (bug),new,close,2022-09-15T10:18:10Z,2022-09-20T20:11:39Z,"Twenty Fifteen: Post date block color setting is not reflecting in editor and front side.
1)Install Twenty Fifteen Theme.
2)Add Post Date block
3)Enable link to page setting and changing the color from settings.
Here is recording:[https://share.cleanshot.com/T6EEHXMZtsE6QSqnYTQI]",multidots1896
Candidates for Closure,56582,Decide how to format multi-line comments in global scope.,,General,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-09-15T15:58:03Z,2022-09-17T07:47:15Z,"[https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/ The PHP Documentation Standards] include formats for various types of comment.
However, there is no clear description of what to use for multi-line comments in global scope.
For example:
**3. Requires and Includes**
Files required or included should be documented with a summary description DocBlock.
Optionally, this may apply to inline `get_template_part()` calls as needed for clarity.
However:
**5. Inline Comments**
Inline comments inside methods and functions should be formatted as follows:
**5.2 Multi line Comments**
{{{
/*
* This is a comment that is long enough to warrant being stretched over
* the span of multiple lines. You'll notice this follows basically
* the same format as the PHPDoc wrapping and comment block style.
*/
}}}
**Important note:** Multi-line comments must not begin with `/**` (double asterisk) as the parser might mistake it for a DocBlock. Use `/*` (single asterisk) instead.
Note: It's quite possible that the inline multi-line format just never expected to have to cover multi-line comments in global scope and was too specific in saying ""inside methods and functions"".
This leads to inconsistent formats and unnecessary discussion about what is correct.
Let's decide on a format that is appropriate.
Should we use `/**`, which is described for other items in global scope, or, as this format typically denotes something extra important (such as requires/includes, docblocks, class members, pre-existing filter docblocks), should we instead use the already existing multi-line comment format of `/*`?",costdev
Tickets Awaiting Review,56583,Permalinks in Multisite not working when Main Site is in a subdirectory,,Permalinks,6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-09-15T16:07:18Z,2022-11-25T07:05:15Z,"Hello
I have installed WP 6.0.2 on my Server in a subdirectory
`/var/www/example.org/wp`
After install I activated Multisite.
I added a website ""example2"" to the main site and permalinks are working, e.g.:
`example.org/wp/example2`
Sites are found as e.g. `example.org/wp/example2/subsite`
Then I used an own domain `example2.org` instead of `example.org/wp/example2`
and now the subsites of `example2.org` are only accessable with Permalinks > Simple (e.g. `example2.org?p=123`) but not with subsite names (e.g. `example2.org/subsite`).
This seems to me a bug, as it should work since WP 3.5 as I read in doc.
Thank.frank",francwalter
Candidates for Closure,56593,Post meta validation error messages are not helpful to end users,,REST API,6.0.2,normal,normal,Awaiting Review,feature request,new,dev-feedback,2022-09-17T07:06:47Z,2022-09-17T07:06:47Z,"The meta error messages generated by the validate callback are not helpful to the end user.
For example, if we register a meta field with the following:
{{{
register_post_meta(
$post_type,
'author_url',
array(
'type' => 'string',
'show_in_rest' => array(
'single' => true,
'schema' => array(
'type' => 'string',
'pattern' => 'https:\/\/.+',
),
)
)
);
}}}
An incorrectly formatted field would yield the following error message in the Gutenberg editor:
{{{
Updating failed. meta.author_url does not match pattern https:\/\/.+.
}}}
As far as I can tell, the only way I can see currently to filter the message is to crudely hook into `rest_post_dispatch` and string replace the error message.
I may be wrong. Perhaps there is some way to conveniently do this on the client side with the notice date store selectors / actions, but since the meta fields are registered server side, it seems like it would be more convenient to filter the output of `rest_validate_value_from_schema` to customize the error messages
I'd like to request a `rest_validate_value_from_schema` filter.
",andrewleap
Tickets Awaiting Review,56599,"""All"" view not selected for all relevant views for custom post type",,"Posts, Post Types",4.2,normal,trivial,Awaiting Review,defect (bug),new,has-patch,2022-09-19T10:58:34Z,2022-09-19T14:24:10Z,"When the screen options get saved, the parameter `mode=list` gets appended to the URL. For the posts table, the “All” view gets the `.current` HTML class, since `\WP_Posts_List_Table::is_base_request()` returns `true`. For all other post types—including pages—it returns `false`.",alpipego
Tickets Awaiting Review,56602,Add a comment to auto-generated editor files pulled from Gutenberg repository,,Build/Test Tools,,normal,normal,Awaiting Review,enhancement,new,,2022-09-19T13:14:16Z,2022-09-19T13:34:01Z,"Background: #30666, #48424.
With the increasing amount of files merged from Gutenberg, it's not always clear which files are safe to patch in core and which should first be patched upstream in the Gutenberg repository and then backported to core.
At a glance, these fall under the latter category:
{{{
wp-includes/blocks/*
wp-includes/class-wp-block-parser.php
}}}
Patching them directly in core would cause a test failure, see comment:10:ticket:56581 for a recent example.
To avoid further confusion, it would be great to add a comment like this at the top of the file:
{{{
/*! This file is auto-generated */
}}}
similar to the one added in [41271] and [46589] for RTL CSS and minified JS and CSS files.
Or this one from [source:trunk/tools/release/sync-stable-blocks.js?rev=53688&marks=22#L15 tools/release/sync-stable-blocks.js], added in [53688]:
{{{
// This file was autogenerated by tools/release/sync-stable-blocks.js, do not change manually!
}}}
If that would require changes in both core and Gutenberg build process, this ticket can be used for tracking. If it can be done entirely on the Gutenberg side, happy to move the issue there.",SergeyBiryukov
Tickets Awaiting Review,56607,Improve doc for WP_Screen class,,Administration,3.3,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-09-20T07:24:18Z,2022-09-20T07:28:12Z,"WooCommerce 6.9 introduced a conflict with several plugins by accessing to the property `WP_Screen::id` and expecting it to be a string, while conflicting plugins just set the current screen with a simple call to `set_current_screen()` without parameter. In this case, `get_current_screen()` returns a `WP_Screen` object with the property `id` set to null.
This pushed me to review the doc of the class and notice that several properties are not correctly documented for this case.",Chouby
Tickets Needing Feedback,56626,Twenty Twenty-Two: Elements with alignfull in the content provoke a horizontal scrollbar,,Bundled Theme,6.1,normal,normal,Future Release,defect (bug),new,reporter-feedback,2022-09-22T16:09:12Z,2023-02-07T09:59:10Z,"Add a cover block with full alignment to the content and you'll see a horizontal scrollbar.
Current CSS:
{{{
margin-left: calc(-1 * var(--wp--custom--spacing--outer)) !important;
margin-right: calc(-1 * var(--wp--custom--spacing--outer)) !important;
}}}
Fix:
{{{
margin-left: calc(-0.5 * var(--wp--custom--spacing--outer)) !important;
margin-right: calc(-0.5 * var(--wp--custom--spacing--outer)) !important;
}}}
",markhowellsmead
Tickets Awaiting Review,56638,Twenty Twenty-One: submit button colors inside a block with background color,,Bundled Theme,6.0.2,normal,normal,Awaiting Review,defect (bug),reopened,has-patch,2022-09-23T14:10:49Z,2022-10-25T12:30:09Z,"When we use Post Comments Form Block and change the block setting like background color & font color in the specific Twenty Twenty-One theme. then front side post comments button design breaks.
For better understanding, I have provided below video link.
URL: https://share.cleanshot.com/8SDCpoyOds4BwHDvtAFR",upadalavipul
Tickets Awaiting Review,56663,`tag_escape()` does not follow naming convention.,,Formatting,,normal,normal,Awaiting Review,enhancement,new,,2022-09-27T03:08:33Z,2022-09-27T14:06:24Z,"In WordPress, escaping functions generally use the naming convention `esc_thing()`.
The `tag_escape()` function and it's associated hook do not. Is it worth renaming each to either `esc_tag` or the more precise `esc_html_tag`?
There is some [https://wpdirectory.net/search/01GDYE8DKXN527KR6GDA24HCE2 use within the plugin repository] but not a huge amount.
",peterwilsoncc
Candidates for Closure,56685,Remove LiveJournal from importer recommendations,,Import,,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-09-29T05:06:49Z,2022-10-04T03:23:52Z,"The LiveJournal importer has seemingly been broken for quite some time, but is still recommended on the Importers screen.
After reviewing some data, including the support threads and plugin directory install metrics, I recommend that we retire the LiveJournal plugin from being recommended on the Importer screen.
See also #47243 and #meta5550
The importer list is pulled from WordPress.org, but a fallback list is included in core: https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/import.php#L187",dd32
Tickets Awaiting Review,56688,Uncaught Requests_Exception using Requests::request_multiple,,General,6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-09-29T10:17:52Z,2022-09-29T10:17:52Z,"If a remote website does not respond to a request in Requests::request_multiple then CURL timeout is unhandled in the process.
{{{
PHP Fatal error: Uncaught Requests_Exception: cURL error 28: Operation timed out after 10001 milliseconds with 0 out of 0 bytes received in /ggg/tg-plugin-development-local/app/public/wp-includes/Requests/Transport/cURL.php:443
Stack trace:
#0 /ggg/tg-plugin-development-local/app/public/wp-includes/Requests/Transport/cURL.php(179): Requests_Transport_cURL->process_response('', Array)
#1 /ggg/tg-plugin-development-local/app/public/wp-includes/class-requests.php(381): Requests_Transport_cURL->request('https://api.dyn...', Array, NULL, Array)
#2 /ggg/tg-plugin-development-local/app/public/wp-includes/class-requests.php(233): Requests::request('https://api.dyn...', Array, NULL, 'GET', Array)
#3 /ggg/tg-plugin-development-local/app/public/wp-content/plugins/tg-dynamic-dns-updater/public/class-tg-dynamic-dns-updater-public.php(149): Requests::get('https://api.dyn...', Array)
#4 /ggg/tg-plugin-development-local/app/public/wp-content/plugins/tg-dynamic-dns-updater/public/class-tg-dynamic-dns-updater-public.php(131): Tg_Dynamic_Dns_Updater_Public->tg_get_bearer_token('70f4>
#5 /ggg/tg-plugin-development-local/app/public/wp-includes/class-wp-hook.php(307): Tg_Dynamic_Dns_Updater_Public->tg_post_dynamic_dns('RHMgWcS1V5ybPtY...')
#6 /ggg/tg-plugin-development-local/app/public/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array)
#7 /ggg/tg-plugin-development-local/app/public/wp-includes/plugin.php(476): WP_Hook->do_action(Array)
#8 /ggg/tg-plugin-development-local/app/public/wp-content/plugins/tg-dynamic-dns-updater/includes/class-tg-dynamic-dns-updater-async-api-task.php(34): do_action('wp_async_tg_inv...', 'RHMgWcS1V5ybPt>
#9 /ggg/tg-plugin-development-local/app/public/wp-content/plugins/tg-dynamic-dns-updater/includes/wp-async-task.php(164): tg_async_dns_api_task->run_action()
#10 /ggg/tg-plugin-development-local/app/public/wp-includes/class-wp-hook.php(307): WP_Async_Task->handle_postback('')
#11 /ggg/tg-plugin-development-local/app/public/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array)
#12 /ggg/tg-plugin-development-local/app/public/wp-includes/plugin.php(476): WP_Hook->do_action(Array)
#13 /ggg/tg-plugin-development-local/app/public/wp-admin/admin-post.php(85): do_action('admin_post_wp_a...')
#14 {main}
}}}
To reproduce simply add non-responsive url to the requests array or reduce the timeout value to an unreasonable value to force a CURL timeout.
This issue is a bit beyond my understanding but has to do with the hook system calling other functions where the timeout occurs as best I can tell.... this creates a fault where it can't be caught by the calling code.
I also admit to not knowing what ""Component"" this belongs to.
",clutch2sft
Tickets with Patches,56689,Use WP_Query in get_page_by_path,spacedmonkey,Query,,normal,normal,Future Release,enhancement,reopened,dev-feedback,2022-09-29T10:35:58Z,2023-02-07T04:15:36Z,"Use `WP_Query` in `get_page_by_path`, this this correctly primes caches and is cached itself. ",spacedmonkey
Candidates for Closure,56693,"Copying and Pasting Sporadically duplicates the pasted content, which cannot then be removed",,Editor,6.0.2,normal,normal,Awaiting Review,defect (bug),assigned,reporter-feedback,2022-09-29T18:21:31Z,2022-12-09T15:36:32Z,"Sometimes when we paste content over highlighted content, it duplicates it and then won't let us quickly remove the dups.",adamvanbuskirk
Tickets Awaiting Review,56694,Uncached database read for logged in users when Privacy Policy Page is deleted,,Privacy,5.7,normal,normal,Awaiting Review,defect (bug),new,needs-unit-tests,2022-09-29T20:47:20Z,2022-09-29T21:24:19Z,"As a logged in WordPress user navigating around WordPress Admin, a hook fires on every admin page that attempts to notify you whether or not the suggested Privacy Policy text (in WordPress) has changed, sourced from the ""Privacy Policy Guide"" settings page.
The Privacy Policy itself is a Page, and the numeric ID of that page is saved as a Setting.
If the WordPress Page (that matches the ID that is set as the Privacy Policy Page setting) is permanently deleted, WordPress still attempts to query the database to look for this Page.
This results in a single database read query that will never find what it is looking for, and is not cached because it does not exist, causing it to happen again on every subsequent page that any logged in user navigates to inside of WordPress Admin.
* This user would normally never know this database chatter is happening because it isn't anything they are intentionally looking for
* I discovered this misbehavior while using the Query Monitor plugin on a dev site, and noticed that there was always 1 uncached database read
Screenshot of the query & call stack will be attached below.",johnjamesjacoby
Candidates for Closure,56695,Twenty Eleven: pull quote block font weight and style is not working properly,,Bundled Theme,6.0.2,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-09-30T05:47:05Z,2024-03-28T18:41:26Z,"Activate theme Twenty Eleven.
Choose Pullquote block.
Give font style and weight from the appearance.
I have attached video for better undestanding.
Video URL :- [https://share.cleanshot.com/vjHrOF1a5qy0dVuqsHBH]",nidhidhandhukiya
Tickets Awaiting Review,56719,Twenty Nineteen: Tag cloud block not centering,,Bundled Theme,6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-10-03T06:29:00Z,2022-10-03T08:34:07Z,"1)Activate the Twenty Nineteen theme.
2)Add the tag cloud block and select taxonomies from list
3)Now set the center alignment. You can see it will not be in center alignment.",multidots1896
Tickets Awaiting Review,56728,Can we fix featured image view issue when allowed SVG image type?,,"Posts, Post Types",6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-10-04T09:17:51Z,2022-10-04T09:17:51Z,"Hi,
I am facing issue when allowing to upload SVG image on wordpress media.
You can see mentioned SS.
Thank you ",sumitsingh
Candidates for Closure,56729,Vulnerability in plugin update notification (impersonation of plugins with possible RCE),,Plugins,,normal,normal,Awaiting Review,defect (bug),new,close,2022-10-04T09:21:13Z,2022-10-04T09:32:00Z,"During the development of a private plugin (not uploaded to the WordPress market https://es.wordpress.org/plugins/) with our own metadata, we noticed that the WordPress plugin update notification system informs us that an update is available for our plugin, how is this possible?
Well, the only explanation for this is that the update review system is based solely on the plugin's folder name, ignoring any authorship metadata and project URIs.
To make sure that the update system is evidently ignoring any data in the plugin's metadata, we proceed to download it (the plugin). This confirms our suspicions, the update system is only governed by the name of a directory.
Due to this lack of security in the metadata check, the only solution so far is to never activate the auto-update and to manually check each update.
If you click on the ""update now"" link, the system will install the possible malicious plugin without any confirmation.
Criticality:
HIGH [8.8] - Exploitation of this vulnerability would affect the server in remote code execution (RCE) mode. It is downgraded from critical to high because it requires human action on plugin configuration.
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected environments:
All installations with custom plugins that are not in the official WordPress marketplace.
Aggravated if the unattended updater is accidentally activated.
If a maintenance technician is unaware of the custom plugin development and hits the update button.
Conclusion:
As there is no signature checking system in the plugin update review system, there is a possibility of impersonation of our plugin if an attacker created a plugin in the official market with the same name as the directory of our custom plugin, being able to execute remote code on our server.
Temporary solution:
Disable the automatic update systems and generate plugin page with a so that no one can get to take that name to perform the impersonation.
Having today as a warning, process to request a CVE ID for the formal vulnerability write-up.
",sylm87
Tickets with Patches,56747,Twenty Seventeen: Image Block captions are Italic on frontend but not in editor,audrasjb,Bundled Theme,,normal,normal,Future Release,defect (bug),reopened,has-patch,2022-10-06T13:17:05Z,2023-08-21T15:36:13Z,"If you add a caption to an image in the Image Block, the caption is in italics on the front end but not in the editor. This means that if you select the caption text you have the option to make it italic (which has no change on the front end) but not the option to deselect italics.
Either captions need to not be italic by default on the front end or the image block in Twenty Seventeen needs to have italic captions enabled by default.
Oliver",domainsupport
Tickets with Patches,56748,Twenty Twenty-One: Image stuck to text in responsive sizes,,Bundled Theme,5.6,normal,normal,Future Release,defect (bug),assigned,dev-feedback,2022-10-06T14:54:03Z,2023-03-25T15:21:22Z,"In responsive after 481px screen size image got stuck to text.
https://share.cleanshot.com/Ewl5TgZMdla8HDxLeERf",sagarladani
Tickets Awaiting Review,56762,PHP file being ignored in block theme hierarchy,,Themes,6.0.2,normal,major,Awaiting Review,defect (bug),new,,2022-10-07T21:00:26Z,2022-10-20T15:05:54Z,"Hi
I've tried the following in WP 6.0 and 6.1 as well as the TwentyTwentyTwo and TwentyTwentyThree themes.
Issue:
When using the ""Default Template"" option on a Page, the page.php file is ignored but page.html will work. You will see in admin that it is set to Index as it is ignoring the page.php file but if you have both .html and .php the .html will take precedence.
Admin + File structure: https://monosnap.com/file/0IwMr0nBwtXDkd8SEIb0QjUGTn7Qsb
It looks like the problem comes from the code below in this file `wp-includes/block-template-utils.php` line 313
{{{
$template_slug = substr(
$template_file,
// Starting position of slug.
strpos( $template_file, $template_base_path . DIRECTORY_SEPARATOR ) + 1 + strlen( $template_base_path ),
// Subtract ending '.html'.
-5
);
}}}
I'm not certain but I also found this in the Gutenberg side and wondering if it didn't make it across (unless I'm mistaken).
https://github.com/WordPress/gutenberg/pull/31478/files
It's been driving me mad!
",ryanpluckrose
Tickets Awaiting Review,56774,Need more options on pre-existing blocks.,,Formatting,6.0.2,normal,normal,Awaiting Review,enhancement,new,,2022-10-09T20:46:32Z,2022-10-09T20:46:32Z,"I have the following queries regarding css customisation through pre-existing blocks.
I want to add an option to:
Add borderRadius to featured/post-image/cover/image
Add breakpoints (let's say Bootstrap 5 responsive grid)
More control over navigation/header padding/margin
Set a default image when the post featured image is missing
More control on the drop-down, especially translucent background-color and border-radius",adsingh14
Tickets Awaiting Review,56781,"Missing ""Deactivated"" filter at top of ""All Sites"" on multisite installation.",,Administration,,normal,normal,Awaiting Review,enhancement,new,,2022-10-10T14:10:55Z,2022-10-14T23:42:46Z,"The administration screen /wp-admin/network/sites.php has several filter links at the top of the page.
They are ( All (#) | Public (#) | Archived (#) | Deleted (#) )
The filter ""Deleted"" inaccurately includes sites that are ""Deactivated.""
A filter to handle those sites that are ""Deactivated"" should be added.
WordPress version: 6.0.2 - Multisite
",richardkrone
Tickets Awaiting Review,56784,Optimization in wp_staticize_emoji function,,Emoji,6.0.2,normal,normal,Awaiting Review,defect (bug),new,,2022-10-10T17:26:32Z,2022-12-05T19:16:19Z,"In the `wp_staticize_emoji` function there is a piece of code which seems to be there to optimize the process, but in fact does the opposite.
The piece i'm writing about:
{{{
// Quickly narrow down the list of emoji that might be in the text and need replacing.
$possible_emoji = array();
foreach ( $emoji as $emojum ) {
if ( false !== strpos( $text, $emojum ) ) {
$possible_emoji[ $emojum ] = html_entity_decode( $emojum );
}
}
}}}
Feeding all of 3575 emoji enitities into `strpos` function generates much more overhead than passing all existing emojis for further processing. This can be easily observed by entirely skipping the `false !== strpos( $text, $emojum )` check and adding all entities to `$possible_emoji` array – the whole execution of the `wp_staticize_emoji` function becomes nearly 10x faster. This effect happened to me every time I tested it no matter the content or length of the passed text.",kac1per
Tickets Awaiting Review,56794,Add linting for `gutenberg_*` functions,,Build/Test Tools,,normal,normal,Awaiting Review,defect (bug),new,,2022-10-11T15:32:06Z,2023-06-29T16:11:03Z,"When Gutenberg functionality is deemed ready and merged into Core, all `gutenberg` prefixes should be replaced with` wp_*` or other more context appropriate ones.
There should be some type of automated process that attempts to detect occurrences that accidentally make their way in.",desrosj
Tickets Awaiting Review,56821,meta_query late row lookup for performance improvement,,"Options, Meta APIs",,normal,normal,Awaiting Review,enhancement,new,,2022-10-13T20:46:34Z,2022-10-14T11:59:24Z,"Is it possible to do a late row lookup for meta_query to make large postmeta sets run much faster?
In some benchmarking I've done with load testing, queries that would take 8s to load with the current meta_query ended up loading in 500ms after implementing late row lookup.
My suggestion would be to modify the get_posts function in the WP_Query class to have a flag pass through to use late lookup, like passing through `""meta_late_lookup""=>true`:
{{{#!php
meta_query->queries ) ) {
$clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this );
if(isset($q['meta_query_late_lookup']) && $q['meta_query_late_lookup']){
// perform a late lookup instead of a join
$clauses['where'] = ' AND ID in (SELECT post_id FROM '.$wpdb->postmeta.' WHERE 1=1 '.$clauses['where'].')';
} else {
$join .= $clauses['join'];
}
$where .= $clauses['where'];
}
}}}
At the moment, this can be accomplished with a filter like so:
{{{#!php
' AND ID in (SELECT post_id FROM '.$meta_table.' WHERE 1=1 '.$sql['where'].')');
return $sql;
}
}}}
",brmoore252
Candidates for Closure,56825,Customiser colour picker and popups broken in 6.1 RC1,,Customize,,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-10-14T15:10:39Z,2022-10-18T08:35:55Z,"When using the customiser, and selecting a colour, using a colour picker, in the 6.1RC1, the colour selector hovers under the page, rendering it badly, and making it hard to make changes within the colour picker.
Here is how it looks in 6
https://www.bathroom-images.com/wp-content/uploads/2022/10/Wordpress_6.png
Here's how it looks in 6.1
https://www.bathroom-images.com/wp-content/uploads/2022/10/Wordpress_6__RC1.png
As you can see, it's obscured by the scrollbar, making the editing of colours impossible. It seems to happen to all of the popups for editing things in the customiser, killing usability.
https://www.bathroom-images.com/wp-content/uploads/2022/10/typography_6_1_RC1.png
Showing a typography selector drifting offscreen to the left, making it unusable.
I noticed this issue in Gutenberg releases before, when testing, so it's somewhere inside the Gutenberg part of the code.
Sorry I'm not technical enough to identify the cause.",tecazwebdev
Tickets Awaiting Review,56842,WordPress performance drop due to introduce Gutenberg,,Build/Test Tools,6.0,normal,major,Awaiting Review,defect (bug),new,has-patch,2022-10-18T09:49:54Z,2022-10-19T04:52:19Z,"Using Siege benchmark tool to stress WordPress with transaction per second as KPI
After upgrading WordPress from v5.9.3 to v6.0, we found that the performance dropped.
After experiment on ` git cherry -v 5.9-branch 6.0-branch |cat -n > ~/commits_on_6.0_branch.txt` totally 707 commits, root cause addressed due to [https://github.com/WordPress/wordpress-develop/commit/bab610091d59f6dd21c7db84ba3e1ca0bab6a211 this commit].
||= NO =||= Commit ID =||= Commit Message =||= Transaction/sec =||
|| 1 || 5fc6f2a || Trunk is now 6.0-alpha. Built from [https://develop.svn.wordpress.org/trunk@52448 52448] || 217.25 ||
|| 354 || 7b96116 || Twenty Twenty: Fix aria-expanded handling in search toggle. || 209.71 ||
|| 443 || 476e731 || Users: Improve wording of the ""New Admin Email Address"" email. || 212.07 ||
|| 454 || bc0f186 || Administration: Clarify some sentences after [53131]. || 207.59 ||
|| 455 || ab8a964 || Editor: Update WordPress packages based based on Gutenberg v13.0 RC3 || 186.43 ||
|| 456 || bb723f9 || Widgets: Avoid 27 duplicate translations in Media Widgets constructor. || 182.69 ||
|| 457 || 4dd4aec || Administration: Add unit test for term supplementary notice. || 185.76 ||
|| 459 || 1d29cb6 || Media: Enable edits to custom image sizes. || 184.88 ||
|| 465 || e1a2ae3 || Post WordPress 6.0 Beta 1 version bump. Built from [https://develop.svn.wordpress.org/trunk@53167 53167] || 184.04 ||
|| 487 || 407e802 || Docs: Use third-person singular verbs for function descriptions in `author-template.php`... || 188.67 ||
|| 531 || 943e956 || Feeds: Use latest comment date for the `Last-Modified` header of comments feed. || 182.66 ||
|| 707 || a9c0050 || Post WordPress 6.0.2 version bump. || 181.87 ||
",dylan2intel
Tickets Awaiting Review,56846,"All test classes that use the ""wp"" prefix should be renamed for consistency",,General,,normal,minor,Awaiting Review,enhancement,new,has-patch,2022-10-18T18:42:18Z,2023-07-25T21:15:25Z,"About 170 PHP test classes use lowercase `w` and only 34 test classes use capital `W` in the `wp` prefix.
Examples:
`wp` : `Tests_Formatting_wpParseStr`
`Wp` : `Tests_Category_WpListCategories`
According to [https://make.wordpress.org/core/handbook/testing/automated-testing/writing-phpunit-tests/#test-classes| this document], the correct spelling is `Wp`.
So, all test classes that use the `wp` prefix should be renamed for consistency.",antonvlasenko
Tickets Awaiting Review,56847,Template parts and patterns,,Themes,6.0.3,normal,normal,Awaiting Review,defect (bug),new,,2022-10-18T21:13:38Z,2022-10-18T21:13:38Z,"Good day,
I am developing a WordPress theme (published, but still work in progress, W3CSSPress).
While I was trying to get a value from a function (in functions.php) into a component of the theme I noticed a strage behavior.
If I try to develop a normal template part in HTML and include in it a pattern which contains a dynamic content, then I move away the templates and reload the website (classic version of the theme) and then I move back the templates (block version of the theme) I find that the dynamic generated part got cached and is not generated again anymore.
Istead, if I avoid to use a template part and I put its content inside a pattern and I call it from the templates of the pages (like, front-page.html) the content gets dynamically regenerated correctly.
This could be a good behavior from a caching and performance point of view, but if a template part has got some dynamic content it should be regenerated.
Is it fixable in some way?",matteomarchiori97
Tickets Awaiting Review,56870,Introduce a general `pre_site_option` filter in `get_network_option()`,,Networks and Sites,,normal,normal,Awaiting Review,enhancement,new,,2022-10-20T13:13:09Z,2023-03-20T13:39:15Z,"Similar to the new filter from #37930 I suggest to also add a general `pre_site_option` filter.
I attach a patch to add the filter.
Don't know how to create the test for it.",Drivingralle
Tickets Awaiting Review,56873,Core Blocks validation error from wordpress 6.0.3,,Editor,6.0.3,normal,minor,Awaiting Review,defect (bug),new,,2022-10-20T21:47:17Z,2022-10-21T01:46:23Z,Hello! There seem to be some validation errors of some core block patterns from version 6.0.3 (they seem to be inconsistencies of the style attribute). They can be viewed in the developer console.,gigito78
Unpatched Bugs,56878,Remove Desktopserver references from the docs,,General,,normal,normal,WordPress.org,defect (bug),new,,2022-10-21T14:58:55Z,2024-03-20T20:45:35Z,"[https://serverpress.com/ DesktopServer] has shut down and isn't available anymore.
=== URL of the Pages with the Issue
- [https://make.wordpress.org/core/handbook/tutorials/installing-a-local-server/ Installing a local server]
- [https://make.wordpress.org/core/handbook/tutorials/installing-a-local-server/desktopserver/ Installing DesktopServer]
- [https://make.wordpress.org/core/handbook/tutorials/installing-wordpress-locally/from-zip Installing from Zip]
- [https://make.wordpress.org/core/handbook/tutorials/installing-a-local-server/wampserver/ WampServer]
- [https://make.wordpress.org/core/handbook/tutorials/installing-wordpress-locally/from-svn/ SVN]
- [https://make.wordpress.org/core/handbook/tutorials/getting-started/ Getting Started]
- [https://make.wordpress.org/core/handbook/contribute/ Contribute]
=== Section of Page with the issue
- [https://make.wordpress.org/core/handbook/tutorials/installing-a-local-server/#which-local-server-should-i-install Which local server should I install?]
- Whole Document Page of [https://make.wordpress.org/core/handbook/tutorials/installing-a-local-server/desktopserver/ Installing DesktopServer]
=== Why is this a problem?
DesktopServer has already announced that they're shutting down.
=== Suggested Fix
Replace it with Open-source tool, DDEV. (#56879)",mayankgupta
Tickets Awaiting Review,56879,Add DDEV Page to Install Local Server Docs,,General,,normal,normal,Awaiting Review,feature request,new,needs-docs,2022-10-21T15:07:44Z,2022-10-21T19:36:15Z,"**What is the new page you are requesting?**
https://make.wordpress.org/core/handbook/tutorials/installing-a-local-server/
On this page, I'd request to add [https://ddev.com DDEV], an open-source command line tool that helps install multiple WordPress local installs and it works across multiple OSes (Windows, Linux, OSX, WSL2)
**How will this new page help you?**
It helps developers launch new local WordPress projects with ease and saves time and effort to do trivial local development tasks, like backing up databases, snapshots, local domain mapping, push to different hosts etc.
**Is there a help document created?**
Here are the [https://docs.google.com/document/d/1JGEoZtaVUv5LiPPvgd3Monf7jTlziTKc-2TSovyS0jY/edit#heading=h.fgqs9gmg2byr instructions to setup DDEV].
**Related Ticket**
#56878 Remove DesktopServer from docs",mayankgupta
Tickets Awaiting Review,56883,Feeds of non-existent tags and categories displays an empty feed instead of 404,,Feeds,6.0.3,normal,normal,Awaiting Review,defect (bug),new,,2022-10-21T19:27:09Z,2022-10-21T19:27:09Z,"I noticed in Google Search Console that Google often visits feeds of tags that no longer exist. It turns out that the RSS feeds still work instead of returning a 404.
Recreating the issue is simple:
Go to the page of the non-existent tag, e.g. `/tag/asdsdsad/` and append `feed/` to the end of the address, eg. `/tag/asdsdsad/feed/`. An empty feed will be displayed instead of a 404.
This should return a 404 so that search engine bots can forget about it instead of fetching it every so often.
I have thousands of such deleted tags on my site. It would be better for the environment if the bots didn't waste resources on this.",rafaucau
Tickets with Patches,56886,Admin facing add site screen missing search engine visibility field,,Networks and Sites,,normal,normal,Future Release,enhancement,new,has-patch,2022-10-22T11:05:39Z,2024-02-12T20:48:21Z,"When a user wants to add a new site on Multisite configs, they can use the site privacy radio buttons, see screenshot below:
==== /wp-signup.php ====
[[Image(https://cldup.com/0bMdIrVLRE.png)]]
But when a super admin wants to add a new site, they have no way to choose this setting during site creation, they need to create a ""public"" site, then go into the Reading settings to eventually switch to hidden to search engines. In this particular case, a super admin has less power than a regular user :)
==== /wp-admin/network/site-new.php ====
[[Image(https://cldup.com/Tg7E2F-bwR.png)]]
The attached patch is adding these missing site privacy radio buttons to let a super admin decide whether a new site should be ""public"" or not.
==== patched /wp-admin/network/site-new.php ====
[[Image(https://cldup.com/hiFEfNw3_V.png)]]
",imath
Candidates for Closure,56894,"Add new param for ""register_taxonomy"" for required taxonomy",,Taxonomy,2.3,normal,normal,Awaiting Review,feature request,new,reporter-feedback,2022-10-24T10:22:46Z,2023-03-20T13:47:07Z,"Hi,
It would be great if we have the possibility to set new param in ""register_taxonomy"" function to force user set term for post type.
Currently, we did the trick with some Javascript but if this was the default setting, it would probably be cleaner
My patch is coming ;-)",Spidlace
Tickets Awaiting Review,56895,SEO tools can't differ from Tag and Categories,,Taxonomy,,normal,normal,Awaiting Review,feature request,new,,2022-10-24T14:59:08Z,2022-10-24T15:39:05Z,"To avoid duplicate titles, we need to make it possible to differ between the tag archive and the category archive.
Today we need a plugin like Yoast to fix it.
If we change general-template.php line 1208-1217
From:
{{{#!php
apply_filters("",Array)#3(...)/htdocs/wp-
includes/plugin.php(476):WP_Hook->do_action(Array)#4
/(...)/htdocs/wp-includes/ms-functions.php(892):
do action('after_signup_us...,
'(...)', '(...)
'36db891bc11cbbc..., Array) #5
(...)/wheaty_v3/htdocs/wp-admin/user-new.php(226):
wpmu_signup_user('oliver2', 'technik@hansetr..
, Array) #6 {main} thrown in
/(...)/htdocs/wp-includes/ms-functions.php on line
1105
}}}
Presumably, the web site title needs to be escaped somewhere in the `apply_filters()` call.
",pekka.gaiser
Unpatched Bugs,57048,Handle trailing slashes in rest_preload_api_request,,REST API,4.7,normal,normal,Future Release,defect (bug),new,,2022-11-09T16:36:35Z,2022-11-09T16:36:35Z,"When passing a path to `rest_preload_api_request` that ends in query string, ensure that the parsed path also is untrailingslashit. Follow up to #51636",spacedmonkey
Candidates for Closure,57059,add complete phpinfo() to site health,,Site Health,,normal,minor,Awaiting Review,enhancement,new,close,2022-11-10T13:23:26Z,2024-03-07T10:14:03Z,"We regularely run into situations where we need detailed information from the `phpinfo()` page.
Currently the site health page is pretty nice when trying to get a quick overview of what is working and what is missing.
But it would be nice if there is a link inside the Site Health page to a complete render of the `phpinfo()` method (similar to other CMS like Drupal).
This page/link/tab (e.g. https://mysite.at/wp-admin/phpinfo.php) or whatever should only be accessible to logged in WordPress admins so no potentially critical information is leaked for not logged in users.",beardcat
Tickets Awaiting Review,57064,"Add individual ""Support"" links to the plugin list page / theme page",,Plugins,,normal,normal,Awaiting Review,feature request,new,,2022-11-10T15:23:38Z,2022-11-10T22:27:58Z,"Finding context-relevant support can be challenging for new users and many of them are not aware of the fact that each plugin has its own support forum.
One simple way to bridge this gap could be to include a ""Support"" link underneath the plugin description. This link would take to that plugin's forum.",mrfoxtalbot
Tickets Awaiting Review,57104,The Default Border color in the Code block is different in backend and frontend.,,General,,normal,critical,Awaiting Review,defect (bug),new,,2022-11-14T14:04:52Z,2022-11-14T17:01:37Z,"In the Twenty Twenty-Three theme, The Default Border color in the Code block is different in the backend and frontend.
When I add a border in the code block the default border color is {{{#ccc}}} in the backend and {{{black}}} in frontend. ",krunal265
Candidates for Closure,57109,WP 6.1.1 > PHP 8.0/8.1/8.2 Dev Note is missing,,General,6.1,normal,major,Awaiting Review,defect (bug),assigned,close,2022-11-14T21:27:38Z,2023-03-02T20:28:58Z,"see https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/
Just add a post in the core make dev blog to clarify what PHP version WP 6.1 is compatible with, and link it to the handbook page.
Because PHP 7.4 is reaching EOL by 28 Nov 2022, some could get in a hurry in a few days... to find if WP runs ok against PHP 8.0/8.1/8.2
i ping desrosj because the 6.1.1 release date is very soon :-)",mdxfr
Tickets Awaiting Review,57129,Wrong Page Template Displayed in 6.1.x,,Administration,6.1.1,normal,major,Awaiting Review,defect (bug),new,,2022-11-16T13:14:15Z,2023-02-23T21:49:10Z,"Starting with 6.1, the wrong (newly revamped?) page template display in the page editing screen shows the wrong template.
In the attached screen shots, the page in question is using a template called ""Blog Landing Page"", but the display says ""Default template"". When you click ""Default template"", it brings up the selector box which shows that it is indeed the Blog Landing Page template, but even when the selection is made again and the ""Update"" button is clicked, the wrong template name is displayed.
I first noticed this error with WordPress 6.1, and it is still there in 6.1.1.",taupecat
Candidates for Closure,57131,get_the_terms(): Parameter #1 ($post) of type is nullable.,,Taxonomy,3.6,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-11-17T04:26:34Z,2022-11-18T01:23:45Z,"Follow-up to [24616].
From documentation on the return value of `get_the_terms()`, and the usage of `get_the_category()`, it may be assumed that this function may be used in the following manner.
{{{#!php
Site Health > Info. Often users try to react immediately and spontanously click the button before the health check is completed and the status is shown above. This results in an incomplete report, showing the text ""loading …"" for the size of the entire website and some subdirectories. We are then missing an important piece of information to fully evaluate the website.
**As an ''enhancement'' I kindly suggest that the button gets grayed out until the Health Check is completed.**",pixolin
Tickets Awaiting Review,57149,get_table_from_query() doesn't properly handle a prepared escape_like() table name,,Database,,normal,normal,Awaiting Review,defect (bug),new,,2022-11-18T15:15:43Z,2023-01-04T19:33:26Z,"A common way to check if a table exists is to run a query like the following, the same way that `maybe_create_table()` currently works:
{{{#!php
prepare( 'SHOW TABLES LIKE %s', $wpdb->esc_like( $table_name ) );
}}}
This results in the prepared query for a table name such as `wp_my_custom_table` to end up being:
{{{
SHOW TABLES LIKE 'wp\\_my\\_custom\\_table'
}}}
While the above isn't necessarily a proper query, it is still valid.
The problem is that `$wpdb->get_table_from_query()` ends up returning the table name with extra slashes, e.g. `wp\_my\_custom\_table`. This specifically breaks HyperDB which is attempting to use that table name to determine the dataset to use.",prettyboymp
Tickets Awaiting Review,57154,"Twenty Twenty-Three: Changing Size Preset from Button Typography is not affecting on front page ""Get in Touch"" button",,Bundled Theme,6.1.1,normal,normal,Awaiting Review,enhancement,new,,2022-11-19T17:36:09Z,2023-03-20T16:54:55Z,"1. Go to **Appearance > Editor > Styles**(top right corner) **> Typography > Buttons**
2. Change the values(ie. S, M, L, XL, XXL) from Size Preset
3. Check the ""**Get in Touch**"" button from the left side preview. That's not affected by the size changes.
Here is the video as well: https://youtu.be/UcOcMcHGK9s
Thank you!",abidhasan112
Candidates for Closure,57156,Icons missing in iOS Lockdown Mode,,Administration,,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-11-19T19:52:21Z,2022-11-21T20:39:34Z,"Have you made any progress on a back-end workaround or better explanation for why all of the icons on mobile devices (WordPress, and numerous other third party applications) all have broken ""squares"" on all of these products.
The superficial cause is iOS16 in lockdown mode. But it's breaking all of our products including yours.
It will get worse when MacOS Ventura gets released into GA and has the same behavior.
I suspect it is a result of loading external JS in the https zone, such as previous problems with XSS and mixed content that have broken other web technologies in the past.
There is a workaround called ""How to exclude apps or websites from Lockdown Mode"" at the URL below. Best, https://support.apple.com/en-in/HT212650",noexitorescape
Tickets with Patches,57157,Reduce external resources for wp-login.php,rajinsharwar,Login and Registration,,normal,normal,Future Release,enhancement,assigned,has-patch,2022-11-20T05:18:42Z,2024-02-12T14:58:34Z,"The login page is quite heavy.
- The `user-profile` script adds `zxcvbn`, `wp-util`, jQuery, etc. (about 1MB together). When not resetting the password, a small inline script might be used.
- The Dashicons stylesheet (about 60kB) is rather large for 3 icons if they could be inline SVG instead.
- Because the login page does not include `locale-` body classes, `l10n.css` only change the body font for RTL languages. If login.css sets that font instead, the stylesheet could also specify 'Arial Hebrew' with `body.rtl:lang(he-IL)`.
However, the separate `buttons` and `forms` stylesheets could remain as dependencies.",sabernhardt
Unpatched Bugs,57162,out of date More Info on code reference for get_option,,"Options, Meta APIs",,normal,normal,WordPress.org,defect (bug),new,,2022-11-21T11:18:07Z,2022-11-21T13:29:17Z,"[https://developer.wordpress.org/reference/functions/get_option/#more-information More information section] has been updated for `get_option` reference page, as reported and proposed in [https://github.com/WordPress/Documentation-Issue-Tracker/issues/376 #376 Docs Issue Tracker].
Props @joyously @jaedm97",milana_cap
Tickets Awaiting Review,57176,Table pagination issue,,General,6.1.1,normal,normal,Awaiting Review,enhancement,new,,2022-11-22T11:46:58Z,2022-11-23T14:13:42Z,"Example: the Users -> All Users admin page.
When there are many users, one might want to go to page 50 out of 100.
For this to do there is a page number input field in the pagination top display.
Entering a number has unfortunately no effect.
Over ten years i use wordpress and develop plugins on a dayly basis, but i never discovered the function of the enter key for this purpose.
I also did not suspect the Apply button to do it because going to a different page is not a bulk action.
So either i am very dumb or they are no obvious features.
My request is an enhancement request, to either add an onchange event handler to the page number input field or add some text (e.g. to the Help section) or title to the input field to point the users in the right direction.",opajaap
Tickets Awaiting Review,57195,Twenty Eleven: Padding issue in Media & Text Block,,Bundled Theme,6.1.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2022-11-24T12:07:48Z,2022-12-03T00:45:50Z,"In Twenty Eleven Theme, when we add Media & Text Block block on the editor side and add the Image and multiple texts then the padding issue occurs.
Steps to replicate:
1: Activate the Twenty Eleven Theme
2: Add Media & Text Block
3: Add Image
4: Crop the Image
5: Add multiple line Text
6: Add button block
7: Select background color
8: View the page/post at editor side
9: Save Page/Post
10: View the page/post at the front side
For better understanding, I provide a video attachment link.
Video link: https://share.cleanshot.com/GPXVlqF9TjaouNqYEMJ5
Thanks",kajalgohel
Tickets Awaiting Review,57200,WP_List_Table::pagination use singular and plural,,Administration,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-11-24T23:33:23Z,2022-12-03T11:23:40Z,"WP_List_Table::pagination() currently hardcodes the number of records display as ""1 item""/""XX items"". It would be nice if it used the singular and plural set in the constructor, defaulting to item/items if none are set.",RoscoHead
Tickets with Patches,57213,Coding standards : Use Strict Comparison except Loose Comparison wp-includes/class-wp-hook.php,,General,4.7,normal,normal,Future Release,enhancement,new,has-patch,2022-11-27T05:55:40Z,2023-02-06T19:50:50Z,It's help for coding standardization when get the Integers data type then use Strict Comparison except Loose Comparison,rockonshajib
Tickets Awaiting Review,57219,Additional CSS not visible in editor on List block,,Editor,6.1,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-11-28T11:21:52Z,2022-12-23T05:58:13Z,"List block doesn't have Additional CSS classes loaded in the Gutenberg editor.
For test, I opened a post that has Additional classes on List, they are not visible in the editor.
Then I just saved the post without making any change.The result:
Before:
{{{
}}}
{{{
After:
}}}
This means that after every old post update, we have to add back additional classes.
",ivojerkovic
Tickets Awaiting Review,57220,New plugin header for requiring network installation,,Plugins,,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-11-28T21:17:19Z,2023-08-03T23:56:38Z,"There is currently no way for developers to mark a plugin as “only working on a multisite installation”. If such a requirement is necessary, the plugin has to run a check during the plugin initialization and stop its execution (and maybe show an error notice to the user).
Alternatively, users have no obvious way to know is a plugin explicitly require a multisite to work.
WordPress provides a “Network” header for plugins which allow plugins to specify if they should be activated at the network level when use in a multisite, but it doesn’t stop activation on non-multisite installations.
This proposal is for adding a new header `Requires Network` to allow plugins to specifically require a multisite installation to be activated.
{{{#!php
}}}
",shailu25
Candidates for Closure,57280,Security automatic updates for plugins and themes,,Upgrade/Install,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-12-06T02:50:08Z,2022-12-06T17:04:31Z,"The option to enable automatic security updates for plugins and themes would allow users to secure their websites without worrying too much about significant/major breaking features.
This enhancement would allow more granular control of auto-updates without forcing users to update to major releases.
I propose new toggles in the WordPress Updates page under the Plugins and Themes section at wp-admin/update-core.php:
This site's plugins are automatically kept up to date with each new version
**Switch to automatic updates for maintenance and security releases only.
**
This site's plugins are automatically kept up to date with maintenance and security releases.
**Enable automatic updates for all new versions.
**
The same logic would be applied to themes.
Defining what kind of updates apply to security would be challenging, so I propose starting with popular or problematic plugins.",JosVelasco
Tickets Awaiting Review,57284,IMG tag in Custom HTML widget and also in post made w/ Classic Editor causes 404 on save/update,,Widgets,6.1.1,normal,major,Awaiting Review,defect (bug),new,,2022-12-06T15:51:46Z,2022-12-06T16:41:39Z,"I am running two blogs, both with the latest version of WordPress, 6.1.1. (I first noticed this on my previous version installed, 6.0.3 but have since updated, which did not solve the problem.)
This issue exists on both WordPress installs I am running, to be clear.
No need to walk through my discovery process here, but I noticed I could not save and edit I made to an existing Custom HTML widget - it would just sit w/ the save gif spinning. I noticed in the console it threw a ""Failed to load resource: the server responded with a status of 404 (Not Found)"". I then created a new test Custom HTML widget and it saved and was editable no problem. Much experimenting later, I found that the presence of a standard HTML ""img"" tag broke the save. I added full alt, title, src attribs to the tag - no change. I even used a blank ""img"" tag with no attribs at all -- the save still broke. 404.
I had earlier run across an inability to edit and save old posts created with the Classic HTML plug-in, which was something I used to do all the time. I could create a new post and save it and edit it fine. Seemed odd. I just went back and added an ""img"" tag to the post and -- boom -- ""page not found."" Same issue, it seems. That's why I could not save my edit of the old posts -- all of them have an ""img"" tag or two in them.
It seems that the presence of such a tag causes the AJAX submit to be corrupted somehow. The error, on Widget save, points to the file admin-ajax.php. I will attach a screenshot of the situation, for what it's worth.
I can't say when this issue (which seems the same issue, to me as a web developer, between the two different examples here) began, but I've certainly edited content in the above fashion without incident in the past year. Right now I cannot edit or create Custom HTML widgets with images, and must -- for posts -- resort to using the block editor on the classic posts and dealing with the less-than-ideal HTML Source view it presents to make edits.
Many thanks and I do hope this can soon be resolved.
blakespot@gmail.com",blakespot
Candidates for Closure,57287,Type error calling Styles > Customize > Blocks from FSE,,Editor,6.1.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-12-07T03:48:59Z,2022-12-13T16:29:10Z,"From FSE, When I open Styles pane, Then click ""Blocks"" I receive an error:
{{{
TypeError: Cannot use 'in' operator to search for 'color' in
at http://localhost:10043/wp-includes/js/dist/edit-site.min.js?ver=3ab3e2570a5c4c270c72:12:72801
at Array.forEach ()
at ll (http://localhost:10043/wp-includes/js/dist/edit-site.min.js?ver=3ab3e2570a5c4c270c72:12:72639)
at Tl (http://localhost:10043/wp-includes/js/dist/edit-site.min.js?ver=3ab3e2570a5c4c270c72:12:82514)
at Cl (http://localhost:10043/wp-includes/js/dist/edit-site.min.js?ver=3ab3e2570a5c4c270c72:12:82422)
at Xl (http://localhost:10043/wp-includes/js/dist/edit-site.min.js?ver=3ab3e2570a5c4c270c72:12:103806)
at ct (http://localhost:10043/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1:9:43430)
at os (http://localhost:10043/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1:9:111136)
at Ur (http://localhost:10043/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1:9:77643)
at Ir (http://localhost:10043/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1:9:77571)
}}}",ritterml
Candidates for Closure,57299,Implement array key type notation,,General,,normal,normal,Awaiting Review,enhancement,new,dev-feedback,2022-12-08T22:42:41Z,2022-12-08T23:56:33Z,"I'd like to propose that array key type notation is introduced into PHP docblocks where appropriate. This notation uses the syntax `array` for arrays, for example a list containing strings is documented thus:
{{{#!php
/**
* @param array $foo
*/
}}}
An associative array of booleans (where the shape is not known) is documented thus:
{{{#!php
/**
* @param array $foo
*/
}}}
The benefit of this syntax over, for example, `string[]` or `array` is it allows the types of the array keys to be specified. This allows both lists and associative arrays to be documented more completely even when their shape is not known.
When used in combination with a static analysis tool such as PHPStan this allows for greater type safety and more accurate analysis of structures such as array access and array iteration. It allows developers looking at the documentation to understand the type of the array keys, and thus whether an array is a list or associative. That said, I appreciate that this syntax is comparatively rare within the WordPress ecosystem and therefore can be foreign to developers who've not seen it elsewhere.
This notation is supported by all of the static analysis tools and code editors (either natively or via a PHP add-on) that I could find, including VS Code, PHPStorm, Sublime Text, PHPStan, Psalm, and Phan, and it's used by countless other frameworks and libraries such as Symfony, Laravel, and PHP Parser. It's not a new syntax, it's just new to WordPress core.
== Benefits
* Increased awareness of whether an array is a list or an associative array for developers reading inline documentation
* Increased accuracy provided to static analysis tools
* Increased accuracy in editors and IDEs that either natively support this syntax or support the PHP implementation of the language server protocol
== Concerns
* Syntax that can be jarring for developers who've not seen it before
* Not part of a phpDocumentor or PSR-5 PHPDoc standard (although PSR-5 has been stalled for 9 years so probably not a concern)
== Implementation
Much like the general ongoing improvements to inline docs, this will be a gradual process. There won't be a patch or PR that updates all the existing `type[]` notation at once.
Any objections?",johnbillion
Tickets Awaiting Review,57302,Twenty Twenty-Three: Query loop pattern not working,,Bundled Theme,,normal,normal,Awaiting Review,defect (bug),new,,2022-12-09T17:18:36Z,2023-03-20T16:55:13Z,"Hello,
I am not able to see a selected (First) Query Loop pattern of grid view on the front side in the Twenty Twenty-Three theme",hiren1094
Tickets Awaiting Review,57303,"wp_get_posts() for post_type=""any"" + post__in creates not optimized database query",,"Posts, Post Types",6.2,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-12-09T20:42:21Z,2022-12-09T20:42:21Z,"Hi all.
I have a case where the database query is not very optimal and (probably) needs to be improved.
Case: I have a list of post ids that belong to several different post types. Now I need to get the WP_Post objects for this list of posts. So I do the following:
{{{#!php
'any',
'post__in' => [10,20,30,40,50]
]);
}}}
This code works well, however I have a lot of different post types (15+) on my site and as a result the database query looks like this:
{{{
SELECT wp_posts.*
FROM wp_posts
WHERE 1=1
AND ((wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)) OR (wp_posts.post_type = ? AND (wp_posts.post_status = ?
OR wp_posts.post_status = ?)))
WHERE wp_posts.ID IN (?)
GROUP BY wp_posts.ID
ORDER BY FIELD(wp_posts.ID,?,?)
}}}
As you can see, it checks post_type + post_status for every public post type on my site. But the wp_get_posts() attributes explicitly declare a list of ids and that the post type can simply be ignored in this case (because the post_type is set to ""any"").
The relevant query should be like this (because it covers all requirements):
{{{
SELECT wp_posts.*
FROM wp_posts
WHERE 1=1
AND (wp_posts.post_status = ?)
WHERE wp_posts.ID IN (?)
GROUP BY wp_posts.ID
ORDER BY FIELD(wp_posts.ID,?,?)
}}}
I checked class-wp-query.php and didn't find a solution without making changes to the WordPress code. There may already be a workaround implemented - it would be nice to know it. But this can be easily implemented by adding something like post_type=""all"" (similar to ""any""). The implementation of the idea has been added to the patch file (attached).
Thanks in advance!",madeinua
Tickets Awaiting Review,57314,Update all references to wp/v2 to namespace field in class-wp-rest-comments-controller.php,,Comments,,normal,normal,Awaiting Review,enhancement,reopened,has-patch,2022-12-11T18:11:02Z,2022-12-12T11:17:55Z,This is a very minor change to make it easier for other classes to extend this class and define their own namespace.,ihenetudan
Tickets Awaiting Review,57316,Twenty Twenty-Three: Alignment issue in Button block,,Editor,6.1.1,normal,normal,Awaiting Review,defect (bug),new,,2022-12-12T07:31:19Z,2022-12-12T11:33:57Z,"In Twenty Twenty-Three Theme, when we add Button block on the editor side and change the alignment of Button then the ""Align right"" is not reflected in the backend as well as frontend side.
Steps to replicate:
1: Activate the Twenty Twenty-Three Theme
2: Add Button block
3: Choose ""Align right"" from Align option
4: View the page/post at editor side
5: Save Page/Post
6: View the page/post at front side
For better understanding, I provide a video attachment link.
Video link: https://share.cleanshot.com/9VyrSCgD5fUNDgxYSJ1u
Thanks",kajalgohel
Candidates for Closure,57330,Show number of scheduled posts in calendar popup when scheduling,,Editor,,normal,normal,Awaiting Review,enhancement,new,close,2022-12-14T18:35:48Z,2022-12-14T19:41:49Z,"When scheduling a post using default wordpress scheduler, there is a nice feature – I see a blue dots under a day numbers what means, that there I have some posts already scheduled for that day.
But there is only a blue dot – it would be nice to see also a number of posts scheduled for that day.
That number is already in the html code visible – when I right click on the blue dot and click “Inspect” in HTML code I see an information like this:
“December 10, 2022. Selected. There is **1** event”",sokrates4612
Tickets Awaiting Review,57337,Docs: WP Theme class reference properties don't match code,,Themes,,normal,normal,Awaiting Review,defect (bug),new,,2022-12-16T04:31:00Z,2022-12-19T01:48:47Z,"I was developing a plugin based on the information on https://developer.wordpress.org/reference/classes/wp_theme/ . This page implies that I should be able to get the theme author using the Author property and the URI of the Author's website using the AuthorURI property. However, in reality the AuthorURI property is always NULL and the Author property contains the author embedded inside an tag with the AuthorURI. The docs should more clearly reflect this, and ideally mention a way to get the bare Author and URI (I ended up not finding a way to even do this, so I'm parsing the HTML now, really silly).",bertvandepoel
Candidates for Closure,57355,Twenty Twenty-Three Theme bug: marking text in backend is black,,Bundled Theme,6.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-12-19T12:51:47Z,2023-03-06T05:57:26Z,"Wordpress.com
Twenty Twenty-Three theme
Electric Design with change: color 2 blue >> black
In the Gutenberg editor or Site Editor:
BUG: when I mark text, the marking is black. As the text is also black, it is not possible to see the marked text. This has been in another color in the previous theme (Twenty Twenty-Two).
",nmschaller
Tickets Awaiting Review,57361,"WP_REST_Attachments_Controller::get_media_types not returning existing mime types, but the ones allowed for upload",,REST API,4.7,normal,normal,Awaiting Review,enhancement,new,,2022-12-20T14:04:31Z,2022-12-20T16:18:55Z,"While debugging an [https://github.com/WordPress/gutenberg/issues/46658 issue in Gutenberg's new media tab], it has been [https://github.com/WordPress/gutenberg/pull/46676 pointed out] that the REST API does not actually allows to list items which are already in media library, but can no longer be uploaded (eg.: the list of allowed mime types changed over time).
That's different from what the wp-admin does, as it lists all items in the media library, no matter what their (mime)type is, and whether it can be uploaded or not.
The `WP_REST_Attachments_Controller::get_media_types` method [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php#L1253 uses the `get_allowed_mime_types()` function], which is upload oriented (returns a list of mime types which can be uploaded), while the [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-media-list-table.php#L137 listing in wp-admin uses a logic based on existing mime types in the library].
Thus I wonder, if the same logic as used in wp-admin should be used in the REST API, allowing users and developers to get a listing of all existing items in the media library, no matter whether new ones can be uploaded or not.",david.binda
Candidates for Closure,57364,remove_meta_box for commentstatusdiv stores null value for comments configuration.,,Administration,6.1.1,normal,normal,Awaiting Review,defect (bug),new,reporter-feedback,2022-12-21T10:46:15Z,2023-06-17T12:23:15Z,"Removing meta box commentstatusdiv for e.g. some user roles stores null value for comments configuration in database, after a user without that meta box stores the post.
Example:
- post edit as admin **with** commentstatusdiv meta box
- meta box commentstatusdiv -> Allow comments is **activated**
- Post edit as user **without** commentstatusdiv meta box
- save post as user
- post edit as admin
- meta box commentstatusdiv -> Allow comments is **deactivated**",phlegx
Tickets Awaiting Review,57365,"""Attempt Block Recovery"" functionality broken for buttons ""Convert to.."" click",,Editor,6.1.1,normal,normal,Awaiting Review,defect (bug),new,,2022-12-21T12:16:37Z,2022-12-30T05:56:34Z,"When i edit the HTML manually and click away, the ""Attempt Block Recovery"" error appears.
== BUG:
**Clicking on the ""''Convert to HTML''"" or ""''Convert to Blocks''"" does nothing.**
[[Image(https://i.imgur.com/fzLTpaH.png)]]
The button ""Attempt Block Recovery"" itself works and reverts the action to the previous state before I edited the html.
I also screenshotted the red text from the console:
[[Image(https://i.imgur.com/1l0PjIv.png)]]",mikulabc
Tickets Awaiting Review,57366,WP 6.1 - Performance Regression,,Cache API,6.1.1,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2022-12-21T12:45:49Z,2023-04-20T13:25:04Z,"Hi team,
I am experiencing some significant performance regression when I upgrade from 6.0 to 6.1 (and 6.1.1). Page load time roughly triples across the site.
I do not have a profiler running but using Query Monitor I can see a significant increases in object cache hits (14k to 110k). I understand this is partially expected due to the caching improvements.
I am running a fairly large (170k posts) site with Woocommerce and a number of plugins.
I am happy to provide more detailed analysis but not sure what is the best profiling tool or method to understand where the regression is coming from. If you can provide some guidance I will try to collect more data.
Thanks,
Jason",galapogos01
Tickets Awaiting Review,57368,Twenty Twenty-Three: unnecessary borders for linked images in Whisper variation,,Bundled Theme,6.1,normal,normal,Awaiting Review,defect (bug),assigned,has-patch,2022-12-21T18:14:44Z,2022-12-21T19:14:29Z,"Since the Whisper style variation currently uses CSS `border` to give links an underline throughout. It is problematic in some scenarios where images have links wrapped around them.
This can easily be overcome with a little further addition to the `styles/whisper.json`.
",colorful tones
Tickets Awaiting Review,57369,Insert Media dialog gets ad-hoc controls: Thumbnails squared/proportional + Sort order by date/name asc/desc,,Media,6.1.1,normal,normal,Awaiting Review,enhancement,new,,2022-12-21T21:16:02Z,2023-07-28T10:50:06Z,"== Reproduction
- Edit a page
- Insert an image gallery
- The ""Create gallery"" (aka ""Insert Media"") popup opens.
== The user experience in this dialog is problematic
- Screenshot with annotations and proposed improvements
- (If inline embedding failed, please see attached below)
[[Image(https://www.dropbox.com/s/i3nx5ewqkp5itne/wordpress-insert-media-dialogue.png?raw=1)]]
== Problems
- This dialog follows the WordPress design philosophy ""decisions not choices"" but here I'd propose ""good defaults (=decision) which satisfy the majority but extra ad-hoc choices for users and use cases which require otherwise"".
=== Order is by upload date, newest first
- A good default suited for the majority of typical bloggers.
- In case you want to insert numbered image series or image stories (where upload order occurred not exactly in the lexicographical order) this gets a nightmare! Especially in combination with the other issue, read on.
=== Squared thumbnails
- Very bad if you have many similar images, where the significant differences may be in the hidden areas.
== Proposals
- The dialog gets extra controls. As illustrated in the mockup.
=== Sort preference
- Dropdown menu with the choices ""Date, Name""
- Nearby a toggle button for ascending or descending order
- ""Date with newest on top"" remains the default.
=== Display preference
- Dropdown with these values:
- ""Thumbs"" --> image fits container
- Original image ratio is kept
- Has no effect ofc if the source files were cropped due to: Settings > Media > Crop thumbnail to exact dimensions (normally thumbnails are proportional) = ON. But by default this is OFF as the remark in brackets indicates.
- ""Thumbs (squared)"" --> image fills container
- ""List"" with thumbs
- ""List (with micro thumbs)""",abitofmind
Tickets Awaiting Review,57385,Disable foreign key checks when dropping tables inside wp_uninitialize_site() function,johnjamesjacoby*,Database,,normal,normal,Awaiting Review,defect (bug),accepted,dev-feedback,2022-12-24T15:01:09Z,2024-01-12T18:07:05Z,"By default when removing the tables from a subsite, if the table has foreign key constraint it wont drop the table resulting in tables not being removed.
so this line should be changed from this to
{{{
foreach ( (array) $drop_tables as $table ) {
$wpdb->query( ""DROP TABLE IF EXISTS `$table`"" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
}
}}}
{{{#!php
query('SET FOREIGN_KEY_CHECKS=0;');
foreach ( (array) $drop_tables as $table ) {
$wpdb->query( ""DROP TABLE IF EXISTS `$table`"" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
}
$wpdb->query('SET FOREIGN_KEY_CHECKS=1;');
}}}
or any other better alternative.",naveen17797
Tickets with Patches,57393,Unify checkbox handling and match wording with function on the User Profile screen,,Administration,4.9,normal,normal,Future Release,enhancement,new,needs-unit-tests,2022-12-28T16:53:48Z,2023-02-07T06:14:36Z,"[The focus of this ticket shifted from discussing a potential functional bug to an improvement of wording and a more consistent behavior of checkboxes.
Using texts like ""Disable"" for toggled-on checkboxes can be confusing to users. For a better user experience, the toggled-on state should mean ""enabled"".]
Original ticket description:
CodeMirror highlighting, line numbers, code-folding, brace-matching and other customizations are disabled when highlighting is disabled. This is a real issue for plugins like code-snippets which rely on these features.
Here is the condition in question:
{{{
function wp_enqueue_code_editor( $args ) {
if ( is_user_logged_in() && 'false' === wp_get_current_user()->syntax_highlighting ) {
return false;
}
}}}
I believe that the user-form-variable syntax_highlighting is probably misnamed as it should be something like disable_syntax_highlighting to reflect the choice being made.
As it is, when ticked (true), highlighting should be disabled. When un-ticked (false), highlighting should be enabled.
{{{
if ( ! is_user_logged_in() || 'true' === wp_get_current_user()->syntax_highlighting ) {
return false;
}
}}}",mjdewitt
Tickets Awaiting Review,57405,wp_localize_script() doesn't decode html entities in nested arrays,,I18N,,normal,normal,Awaiting Review,enhancement,new,has-patch,2022-12-30T09:27:39Z,2023-01-03T10:02:26Z,"If we localize a script with an array like this:
{{{
$data = [
'key1' => 'Value 1',
'key2' => [
'subkey1' => 'String contains ' single quote encoded',
'subkey2' => 'String contains " double quote encoded',
],
];
// Encoded strings stay encoded.
wp_localize_script( 'myhandle', 'myname', $data );
}}}
Then the outputted values of `$data` on the front end is exactly the same, e.g. encoded strings stay encoded:
{{{
array(2) {
[""key1""]=>
string(7) ""Value 1""
[""key2""]=>
array(2) {
[""subkey1""]=>
string(43) ""String contains ' single quote encoded""
[""subkey2""]=>
string(43) ""String contains " double quote encoded""
}
}
}}}
However, `wp_localize_script()` decode strings correctly if the array is not nested. So this code works correctly;
{{{
$data = [
'key1' => 'Value 1',
'key2_1' => 'String contains ' single quote encoded',
'key2_2' => 'String contains " double quote encoded',
];
// Encoded strings are decoded.
wp_localize_script( 'myhandle', 'myname', $data );
}}}
Output:
{{{
array(3) {
[""key1""]=>
string(7) ""Value 1""
[""key2_1""]=>
string(38) ""String contains ' single quote encoded""
[""key2_2""]=>
string(38) ""String contains "" double quote encoded""
}
}}}
This inconsistent behavior might cause issues when JS outputs/uses the text directly.
I'd suggest making the `wp_localize_script` function decoded strings in all cases.",rilwis
Tickets Awaiting Review,57408,Show at which sites in the multisite a plugin or theme is installed,,Networks and Sites,6.1.1,normal,normal,Awaiting Review,feature request,new,,2022-12-31T15:42:49Z,2023-12-18T12:19:13Z,"Please add to each item in the lists of plugins and themes in the multisite WordPress list of sites for which this plugin or theme is installed.
It is especially useful to find plugins that are not installed (installed on zero sites) for candidates for removal.",porton
Tickets Awaiting Review,57413,Updating a user email via rest api doesn't trigger confirmation email,,Users,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-03T07:08:17Z,2023-01-03T07:46:30Z,"When a user changes their email address through `wp-admin/profile.php` the email change is delayed until the user clicks a confirmation link in their email. This was implemented via #16470.
This doesn't happen when an administrator changes another users email address.
When a user updates their own email through the rest API (ie. `POST /wp-json/wp/v2/users/1`) the confirmation email is also not triggered, and the email change occurs instantly.
This is because the code for the email confirmation is a UI-only method, it's not attached to the user update event, simply the profile.php page submission.
The PR that will be attached to this will re-work the existing code to more generalise it and call it from the REST API.[[BR]]
As part of that, the confirmation link being changed from `wp-admin/profile.php` to `/wp-login.php?action=confirm-email-change...` makes more sense to me.
This could have unintended effects, as those using the REST API might be expecting changes to occur without any further action from the user, such as when there is a custom front-end, which this will break. Implementations would need to be updated to use a filter to remove the email confirmation step.",dd32
Tickets Awaiting Review,57415,Twenty Twenty One: Text color not reflected backend and Front side in media & text block,,Bundled Theme,6.1.1,normal,normal,Awaiting Review,defect (bug),new,,2023-01-03T13:34:51Z,2023-01-17T08:13:05Z,"In Twenty Twenty One Theme: when we add a media & Text Block on the
Editor side and add the Text after apply the link on the Text and change color to the text but changes are not reflected backend and Front side.
Steps to replicate:
1: Activate the Twenty Twenty One Theme
2: media & text block
3: Add Image and Text
4: add Link on the Text after change color
For better understanding, I provide a video attachment link.
Video link: https://www.loom.com/share/ceea0db29302412b8bc2b3fb8dcea151
",umesh84
Tickets Needing Feedback,57416,Do not split query if requesting one post,spacedmonkey,Query,3.0,normal,normal,Future Release,enhancement,assigned,needs-unit-tests,2023-01-03T13:49:30Z,2023-11-16T12:36:42Z,"When using WP_Query and requesting posts_per_page = 1, there is little to no value in splitting the query and priming posts using _prime_post_caches. This results in one query to get the posts and another to prime it. This means two database queries when this could simply be one. ",spacedmonkey
Tickets Awaiting Review,57421,Editor: add new parameter to hook when enqueuing block assets,,Editor,,normal,normal,Awaiting Review,enhancement,new,has-patch,2023-01-05T10:12:09Z,2023-01-10T18:16:16Z,"This trac ticket is part 1 of a larger discussion spanning multiple issues, about the **potential issues plugin authors may face when developing blocks that rely on the @wordpress/editor dependency**.
- This trac ticket is **part 1**: it suggests an option to make conditional asset enqueuing easier in the different block editors.
- In **part 2**, I would like to suggest an option to declare support for specific editors at block registration. Discussion about this is happening in [https://github.com/WordPress/gutenberg/issues/46900 this Gutenberg issue].
----
When enqueuing assets for a block registered in a plugin, one can rely on `block.json`, or hook into the `enqueue_block_editor_assets` hook to enqueue necessary scripts and styles in the block editor.
This works well, but offers some challenges with some specific blocks. For instance, your block may rely on the `@wordpress/editor` dependency to handle some of its functionality. That dependency is available in the post editor, but cannot be used in the widget editor or the site editor. See #53569 and [https://github.com/WordPress/gutenberg/issues/33203 33203-gutenberg] for more information on this topic.
In this scenario, one may want to enqueue the block's scripts (and its `wp-editor` dependency) **only in the post editor**.
The `enqueue_block_editor_assets` hook doesn't currently offer this flexibility. As a result, folks wanting to do that must add a check before they enqueue. Something like this for someone not wanting to load in the widget editor for example.
{{{#!php
Export > Select what to export
3. Select the Data you want to export. Capture this request using a web-proxy like BurpSuite
4. Since this is a GET request, Copy the URL to which request is made.
5. Send this URL to another admin or user with equal rights.
6. When he clicks on the URL, he shall download the file automatically.
The endpoint vulnerable:
`http:///wp-admin/export.php?download=true&content=all&cat=0&post_author=2&post_start_date=0&post_end_date=0&post_status=0&page_author=0&page_start_date=0&page_end_date=0&page_status=0&attachment_start_date=0&attachment_end_date=0&submit=Download+Export+File`
Recommendations
Enforce CSRF protection like wpNonce Token for file export endpoint.
Impact
Unauthorised File Download on an administrator's PC
An attacker can write a script which sends 100s of GET requests at once to the endpoint, and share the script to another user, and when he downloads 100 files at once, it shall also consume his disk space",f41z4n
Unpatched Bugs,57453,Newly created sub-site in multisite not appearing immediately in My Sites list,,Networks and Sites,6.1.1,normal,normal,Future Release,defect (bug),new,,2023-01-12T13:53:20Z,2023-01-19T20:47:48Z,"Hello:
**Issue**
When, as a super-admin, a sub-site is created while in a multisite environment, the newly created sub-site does not appear immediately in the toolbar's site list dropdown.
**Expected Behavior**
The expected result of adding a new sub-site is that while logged in as a super-admin, the super-admin would immediately see all sub-sites on the multisite.
**Findings**
New sub-sites will not appear to even a super-admin until the super-admin is manually added to the new site as a user.
**Question-Request**
Should WordPress require a super-admin to manually add themselves to a sub-site to include that sub-site in the super-admin's toolbar list of sites dropdown?
",richardkrone
Tickets Awaiting Review,57454,Multisite: Users without a role are not returned in sub-site search results,,Users,,normal,normal,Awaiting Review,defect (bug),new,,2023-01-12T14:47:58Z,2023-01-18T01:04:00Z,"We recently came across this issue after migrating off WooCommerce. Our default role was the 'Customer' role provided by WooCommerce. When WooCommerce was removed from our sites, that role was subsequently deleted - leaving a large percentage of users without a role.
Generally this would not be an issue, but users without a role are not returned in the search results on a multisite sub-site.
I am able to find the user by searching by name or email on the parent site, and the sub-site is also listed under the user's sites, but they don't display in search results without a role. This makes it very difficult to find or edit a user on the sub-site.",travisanderson99
Tickets Awaiting Review,57472,Twenty Twelve theme: Pullquote block alignment issue in backend site,,Bundled Theme,6.1.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-16T13:21:57Z,2023-01-23T03:08:38Z,"In Twenty Twelve Theme: when we add a Pullquote Block on the
Editor-side alignment is not proper.",umesh84
Tickets Awaiting Review,57476,hash characters at start of wp post titles are stripped upon pasting,,General,6.1.1,normal,normal,Awaiting Review,defect (bug),new,dev-feedback,2023-01-16T22:28:24Z,2023-02-02T13:14:54Z,"There is a bug in the latest version of WP 6.1.1.
When I paste a wordpress post title that has a # pound hash character as the first character, that character is stripped from the title upon pasting.",robinbrinkler
Tickets Awaiting Review,57483,Improve optimizations for WP_Site::get_instance and WP_Network::get_instance,,Networks and Sites,5.3,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-17T13:49:43Z,2023-06-08T12:14:07Z,"Following up on #42251 and r45910.
I recently ran into a problem with this specific optimization. In one case it resulted in an existing site being redirected to the main site as if it did not exist. In a second case it went all the way to `dead_db()`. In both instances the existing site in question had a `-1` stored in the object cache. Both problems persisted until the object cache was flushed.
I think the main problem is that in `WP_Site::get_instance` (and Network) we do not account for `wpdb::get_row` failing, we don't check `last_error`. This means that a brief database outage can cause a permanent `-1` be saved in object cache for a site that actually does exist.
It's not easy to reproduce, as the existing/valid sites will be in cache most of the time, so that portion of the codebase is rarely executed. However, there is one core function that helps with this tremendously. It's `wpmu_update_blogs_date` and it invalidates the site cache every time it needs to update the timestamp (when a post is published or update for example).
I wrote this little mu-plugin to help reproduce the problem:
{{{
add_action( 'muplugins_loaded', function() {
switch_to_blog( 3 );
wpmu_update_blogs_date();
restore_current_blog();
die();
} );
}}}
I fire some traffic at the site and observed the MySQL query log to confirm a significant amount of `UPDATE` queries for the site timestamp, as well as `SELECT * FROM wp_blogs ...` queries which came from `WP_Site::get_instance()`.
Next, I simulated some turbulence in the network, by killing all established connections on the MySQL port 3306 (using tcpkill), resulting in a few ""MySQL has gone away"" errors in the PHP error log. I did this a couple of times until the site with the ID of 3 disappeared from My Sites in the Network Admin.
I confirmed the object cache state in Redis:
{{{
127.0.0.1:6379> get sites:3
""-1""
}}}
I was able to reproduce this quite reliably with about 50 concurrent requests to the site, and 2-3 rounds of tcpkill. Of course it doesn't happen all that often under normal conditions, though I was unlucky enough to see it happen twice in the last 6 months (on very high traffic sites with plenty of updates).
Personally I feel like we should revert this entire optimization. As much as I appreciate all the hard work, I don't see much benefit of caching IDs that don't exist, much like we don't cache posts that do not exist.
At the very least though, we should check the `last_error` before caching a `-1` in both cases.",kovshenin
Tickets Awaiting Review,57488,"The ""Showing X of Y media items"" area in Media Upload screen gives wrong information.",,Media,6.1.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-18T05:24:38Z,2023-01-25T03:52:45Z,"I followed the following steps and got this error:
1) Freshly created a new WordPress site.
[[Image(https://i.paste.pics/L1SUI.png)]]
2) Created a new page and opened it in the block editor
[[Image(https://i.paste.pics/L1SW2.png)]]
3) Added a new gallery block
[[Image(https://i.paste.pics/L1SY2.png)]]
4) Clicked ""Media Library""
[[Image(https://i.paste.pics/L1SYB.png)]]
5) Uploaded new images
[[Image(https://i.paste.pics/L1SYG.png)]]
6) Uploaded 20 images, but the counter showed, ""Showing 20 of 19 media items""
[[Image(https://i.paste.pics/L1SYQ.png)]]
It showed the correct number when I closed it and opened it back up. I know it's a minor issue but thought about informing the experts.
Here are my setup details:
i) OS: Ubuntu 20.04.5 LTS
ii) Using Local by Flywheel
iii) Web server: Nginx
iv) PHP Version: 8.1.9
v) MySQL: 8.0.16
vi) WordPress: 6.1.1
vii) Browser: Opera
",shamayel007
Tickets Awaiting Review,57489,"Media items, which have already been uploaded, disappear when the upload dialog box is closed and then opened again.",,Media,6.1.1,normal,major,Awaiting Review,defect (bug),new,has-patch,2023-01-18T05:45:34Z,2023-01-24T20:00:34Z,"I followed the following steps and got this error:
1) Freshly created a new WordPress site.
[[Image(https://i.paste.pics/L1SUI.png)]]
2) Created a new page and opened it in the block editor
[[Image(https://i.paste.pics/L1SW2.png)]]
3) Added a new gallery block
[[Image(https://i.paste.pics/L1SY2.png)]]
4) Clicked ""Media Library""
[[Image(https://i.paste.pics/L1SYB.png)]]
5) Uploaded new images
[[Image(https://i.paste.pics/L1SYG.png)]]
6) Uploaded 20 images
[[Image(https://i.paste.pics/L1SYQ.png)]]
7) Closed the dialogue box and opened it back up.
[[Image(https://i.paste.pics/L1T7T.png)]]
8) Selected a few images and clicked ""Create a new gallery""
[[Image(https://i.paste.pics/L1T81.png)]]
9) After it went to the ""Edit Gallery"" window, I closed it by clicking the cross button
[[Image(https://i.paste.pics/L1T8W.png)]]
10) Clicked ""Media Library"" again to create the Gallery block
[[Image(https://i.paste.pics/L1TAA.png)]]
11) Selected photos again and clicked ""Create a new gallery""
[[Image(https://i.paste.pics/L1TBI.png)]]
12) When it again went to the Edit Gallery window, I clicked ""Add to gallery""
[[Image(https://i.paste.pics/L1TCL.png)]]
13) Shows ""No media items found"", even though I have a lot of images uploaded.
[[Image(https://i.paste.pics/L1TDG.png)]]
Here are my setup details:
i) OS: Ubuntu 20.04.5 LTS
ii) Using Local by Flywheel
iii) Web server: Nginx
iv) PHP Version: 8.1.9
v) MySQL: 8.0.16
vi) WordPress: 6.1.1
vii) Browser: Opera
",shamayel007
Unpatched Enhancements,57496,Lazy load post meta,,"Posts, Post Types",4.5,normal,normal,Future Release,enhancement,assigned,,2023-01-18T12:33:40Z,2023-05-10T11:15:00Z,"Introduced in [36566], there is was a API introduced to lazily load metadata using the class `WP_Metadata_Lazyloader`. Currently this is only used comment and term meta data. However, this could be expanded to support over meta types like posts.
WP_Query is now run multiple lines per page load. Meaning that post meta is primed even when it is not needed. Using the `WP_Metadata_Lazyloader` class, post meta could be loaded on demand and save database queries and object cache lookups. ",spacedmonkey
Tickets Awaiting Review,57507,"function wp_unique_post_slug inconsistent for numerical page slugs, e.g. 404",,"Posts, Post Types",6.1.1,normal,minor,Awaiting Review,defect (bug),new,dev-feedback,2023-01-19T11:03:36Z,2023-01-19T11:03:36Z,"
{{{
if ( $post_name_check
|| in_array( $slug, $feeds, true ) || 'embed' === $slug
|| preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug )
|| $is_bad_hierarchical_slug
)
}}}
Will always return true for preg_match as long as 'page' is optional and it is a numerical slug, e.g. 404
{{{
preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug )
preg_match( ""@^(page)?\d+$, 404"") => 1
}}}
Assuming pagination is the point for this check, a possible solution could be to check if post pagination navigation exists first.
{{{#!php
$pagination_based = get_the_post_navigation() ? preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug ) : false;
if ( $post_name_check
|| in_array( $slug, $feeds, true ) || 'embed' === $slug
|| pagination_based
|| $is_bad_hierarchical_slug
)
}}}
Suggestion: Either allow numerical slugs if it does not interfere with paginations, or disallow it with a warning.
",arve5
Tickets Awaiting Review,57517,Expose MutationObserver instance in wpEmoji,,Formatting,,normal,normal,Awaiting Review,enhancement,new,has-patch,2023-01-20T19:30:38Z,2023-01-20T20:05:34Z,"The current implementation of MutationObserver in wpEmoji keeps the instance private, making it impossible to disconnect/reconnect the observer if necessary.
This has performance implications whenever a page performs large/complex DOM updates frequently.
A typical workaround is to disable wpEmoji altogether, but I believe there's a better way.
If we expose the observer instance, we can call connect/disconnect as needed.
{{{#!javascript
// Before doing something expensive
wp.emoji.getObserver().disconnect();
// render 10k nodes in your favorite frontend framework
// Re-enable later
wp.emoji.getObserver().observe( document.body, {
childList: true,
subtree: true
} )
}}}
",rinatkhaziev
Tickets Awaiting Review,57519,Sundry Menu Bugs,,Menus,6.1.1,normal,major,Awaiting Review,defect (bug),new,,2023-01-21T06:05:19Z,2023-01-21T16:36:36Z,"My ""TEST MENU (don't use)"" has a submenu. Bugs:
1. For ages the color of that menu text was black, it is now white (nothing was changed by me).
2. It is a custom link with the ""disable link"" option set, yet clicking it still goes to the URL (which I had to enter as it wouldn't save otherwise. OK I see the issue now, even though it is below the URL you have to click it first. The checkbox is a UI only option and no check is performed for the URL being empty.
3. The menu is impossible to open as it displayed off the right of the screen, I can only display it by reducing the width of the window such that the next level up menu displayed on a new line (plenty of room to open a submenu). All menus I have seen handle this problem by opening to the left in this scenario.
4. If used on the footer it doesn't even display submenus correctly. It displays them at the same level.
[No image attached after all as I haven't got a clue how to do so]
ANOTHER BUG:
GOT ""You've not yet selected a component. Please check the ""Component"" option above or select from one of the following"" even though ""Menus"" was selected
",dbareis
Tickets Awaiting Review,57525,Twenty Twenty-Three: Incorrect home link,,Bundled Theme,6.1,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-22T14:44:58Z,2023-09-09T09:37:41Z,"I've noticed that Twenty Twenty-Three Theme does not add a trailing / onto the Home page link when used in a sub-directory. Could also be happening in a top level situation although I've not tested.
example.com/test -instead of- example.com/test/
This cause a 301 redirect and slows down page load.
Not a big deal but then again, the fix is quick and easy.
",Website Rob
Tickets Awaiting Review,57542,Twenty Twenty-Two: Label text alignment issue in comment form,,Bundled Theme,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-24T11:25:48Z,2023-02-24T15:41:39Z,"In the Twenty Twenty-Two theme, there is a comment form at the end of each post. In this form, label text should be aligned on top so it looks good when the comment box area is big. For more information please check the attached screenshot.",patelhitesh
Tickets Awaiting Review,57544,Twenty Twenty: Incorrect Colour in editor for Separator Block,,Bundled Theme,,normal,normal,Awaiting Review,defect (bug),new,has-patch,2023-01-24T13:01:49Z,2023-06-27T05:06:15Z,"The colour selection in the Separator Block settings shows incorrectly. The colour shown in the block setting is different from the one the separator has in the editor and the front end.
Please refer to the video link for a better understanding: https://share.cleanshot.com/8PpMy6fxLxRJ2KbrY8Gm
Bug Screenshot: https://share.cleanshot.com/pgGnkPC03PYbzZNtS9ml
Also, the sepeator behaves weirdly on clicking it: https://share.cleanshot.com/BpSRGJX7f8MYVw80rcGD",bhaveshdesai13
Tickets with Patches,57577,Admin: Color schema is not applied correctly to beta labels in site editor,,Administration,,normal,minor,Future Release,defect (bug),new,has-patch,2023-01-29T10:33:02Z,2023-06-27T05:47:51Z,"When the color schema is not the default, the ""beta"" label assigned to Editor in the Appearance menu does not apply the correct background color.
When you mouse over ""Appearance"" in the top menu, the background color of the beta label disappears.",wildworks
Tickets with Patches,57579,Replace most strip_tags() with wp_strip_tags(),,General,,normal,normal,Future Release,defect (bug),new,needs-unit-tests,2023-01-29T16:55:41Z,2024-02-05T12:35:55Z,"Originally reported as an issue with `strip_tags()` in `wp-admin/admin-header.php`, this ticket's scope as grown to initiative to replace `strip_tags()` with `wp_strip_tags()`.
Proposal:
* Replace most calls to `strip_tags()` with calls to `wp_strip_all_tags()`
@peterwilsoncc [#comment:1 notes]:
>this is a slight compatibility change as it will strip the contents of `