__group__ ticket summary owner _component _version priority severity milestone type _status workflow _created modified _description _reporter Slated for Next Release 59991 Included imagesLoaded libary broken External Libraries 6.4 normal normal 6.6 defect (bug) new dev-feedback 2023-11-30T10:48:57Z 2024-02-17T14:24:15Z On the current WordPress release version, the included imagesLoaded javascript file is broken. The minified file appears to include two minified versions of the actual script and breaks functionality. To reproduce, see wp-includes/js/imagesloaded.min.js. physalis Slated for Next Release 59580 Test_Diff: sync with upstream External Libraries normal normal 6.6 enhancement new 2023-10-10T11:11:54Z 2024-02-17T14:23:27Z "Follow up on ticket #58298. The `Text_Diff` library, as included in WP, is an external dependency, which hasn't been kept up to date with the original source - i.e. with ""upstream"". The WP local version has also received some WP-only patches, typically for issues related to compatibility with new PHP versions. It should be investigated if there are changes upstream which need to be included in the WP version of the library and if the WP version of the library contains any fixes which aren't included yet upstream and should be (and don't have an open pull request upstream). Relevant parts from the conversation in #58298: @SergeyBiryukov in https://core.trac.wordpress.org/ticket/58298#comment:3: > > The `Text_Diff` library is an external dependency, however, AFAIK it is no longer externally maintained. > > The [https://github.com/pear/Text_Diff pear/Text_Diff] project on GitHub had a release in 2019 and appears to have [https://github.com/pear/Text_Diff/commit/14a70077f643739639845cebaea36a58d647b8c7 recent commits], though is indeed no longer actively maintained, as it has been deprecated and superseded by [https://github.com/horde/Text_Diff Horde_Text_Diff]. > > We could probably consider switching to the newer package. On at least one occasion though, we encountered a bug in the upstream version, see comment:5:ticket:41526, that was patched using a different approach in [42028] / #41526. As far as I can tell, there were [https://github.com/horde/Text_Diff/commits/master/lib/Horde/Text/Diff/Engine/Native.php no further changes] upstream after the [comment:12:ticket:41526 commits in question], so the issue still exists there. > > I have not yet checked whether a [https://github.com/pear/Text_Diff/pull/7 similar fix for pear/Text_Diff] has the same issue. > > > I wonder if it may be prudent to create a repo to maintain this code as a package within the WP organisation ? > > Would it be worth comparing the current code in core with the [https://github.com/pear/Text_Diff pear/Text_Diff] version and checking if a switch would be possible? Otherwise, it looks like we may indeed have to continue maintaining this package for the time being, either in core or separately, to ensure compatibility with newer PHP versions. @jrf in https://core.trac.wordpress.org/ticket/58298#comment:6: > Yes, I think it would be very good if we could take the following actions (probably in a separate ticket though): > * Compare the current version of the package in WP Core with the upstream version of `pear/Text_Diff`. > * Compare the current version of the package in WP Core with the upstream `horde/Text_Diff` package. > > Based on the findings, discuss follow-up steps. > > If we'd decide to upgrade to either the newer version of `pear/Text_Diff` or to `horde/Text_Diff`, I do still think adding at least _some_ tests to safeguard the integration would be a good thing. That way we can also safeguard that the upgrade does not cause any avoidable problems (at least for those situations which we are testing for). @oglekler in https://core.trac.wordpress.org/ticket/58298#comment:10: > This open PR is addressing the issue we had fixed from our side: https://github.com/pear/Text_Diff/pull/8/files" jrf Tickets Awaiting Review 54739 Upgrade PHPMailer to 5.2.27 for WordPress < 5.3 (and to 6.5.3 for above 5.4) External Libraries normal normal Awaiting Review defect (bug) new dev-feedback 2022-01-04T16:59:56Z 2022-01-19T13:18:43Z "In WordPress 5.3 the PHP Mailer library was updated to the latest version from the 5.2-branch. See #40472 In WordPress 5.5 the PHP Mailer library was updated to the new version 6. See #41750 As background updates are available from 3.7 on we could update the PHP mailer library down to version 3.7 to protect those installations from being abused for spamming. I checked https://wordpress.org/about/stats/ and WordPress installations with version smaller than 5.3. These sum up to 24.15 %. We only can background update from 3.7, so we need to look at WordPress 3.7 to 5.2 which shows us 18,52 % of all installation which are unprotected. This would at least close two from those three known security problems with this version: https://www.cybersecurity-help.cz/vdb/phpmailer_sourceforge_net/phpmailer/5.2.22/ Quoted from https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27: > Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. The same goes for WP 5.5 to 5.8 -> WordPress 5.5 (PHP Mailer 6.1.6) -> WordPress 5.6 (PHP Mailer 6.2) -> WordPress 5.7 (PHP Mailer 6.3) -> WordPress 5.7.2 (PHP Mailer 6.4) -> WordPress 5.7.3 (PHP Mailer 6.5.0) WordPress 5.9 will contain PHP Mailer 6.5.3 as the latest version. As version 6.4.1 and 6.5 are security releases this could be relevant too: https://github.com/PHPMailer/PHPMailer/releases?q=security&expanded=true Although this is related to security it seems that the other tickets about updating this library are handled in public so I created this one here too." zodiac1978 Tickets Awaiting Review 32597 mediaelement.js high CPU usage triggered by the buffering CSS animation External Libraries normal normal Awaiting Review defect (bug) new 2015-06-09T15:37:08Z 2020-09-17T14:14:30Z "Noticed by @iseulde, see discussion here: https://wordpress.slack.com/archives/core-editor/p1433862939000659 Also reproduced on my (very old) machine that makes things very evident. Looks like mediaelement.js audio uses a linear gradient animation on the `mejs-time-buffering` element which triggers a Firefox bug. I remember similiar issues in Firefox reported years ago and probably never fully fixed. Should probably be reported upstream. See screenshot: [[Image(https://cldup.com/tAifYTyqQw.png)]] Removing that element from the DOM makes the CPU usage go down to 0." afercia Tickets Awaiting Review 52926 mobile compatibility library sortable list input field ignores touch event External Libraries 5.7 normal normal Awaiting Review defect (bug) new 2021-03-27T03:54:44Z 2021-05-26T02:22:35Z "The ability to edit a WP backend menu item custom url input field has not worked on my iPad iOS 14.4.1 using Safari and Chrome. Any text input field simply doesn't respond. Select choice list controls recognize touch. I am using Admin Menu Editor Version 1.9.9 plugin. On Mar 26, 2021, at 08:56, Janis Elsts wrote: Unfortunately, it looks like it's currently not feasible to fix this issue. It appears that problem is in one of the JS libraries that is part of WordPress itself. It's a mobile compatibility library that's supposed to translate touch events into simulated mouse events. It doesn't seem to work correctly when you tap an input field that's inside a sortable list, like the menu item list in Admin Menu Editor. I don't have enough mobile development experience to replace the existing JS library with something better, so this bug may remain unfixed until/unless WordPress core developers fix the underlying issue." edtorrey Tickets Awaiting Review 60207 regarding WP 6.4.2 - masonry 4.2.2 and imagesloaded 5.0.0 js not compatible External Libraries 6.4.2 normal normal Awaiting Review defect (bug) new 2024-01-07T14:06:52Z 2024-01-15T22:06:48Z "Hi, The following combination is running on WP 6.4.2: imagesloaded 5.0.0 masonry 4.2.2 When running imagesloaded function on a masonry object, imagesloaded throws following error: ""obj is not iterable"" see: https://github.com/desandro/imagesloaded/issues/308 It seems version 5.0.0 is the most recent verion of imagesloaded. Right now we have to fix that problem manually after every WP Upgrade, which is a real problem for us. Is it possible a patch your version of imagesloaded for WP 6.4.3? Kind Regards, Reza Anwar " ranwar Tickets Awaiting Review 49837 JSDoc correction for wp-includes\js\colorpicker.js External Libraries normal normal Awaiting Review enhancement new has-patch 2020-04-07T06:30:09Z 2020-05-06T17:01:46Z In this function, Comment section is not proper with parameter and return type. jitendrabanjara1991 Tickets Awaiting Review 39714 Proposal: Use Full PHPMailer library External Libraries normal normal Awaiting Review enhancement new has-patch 2017-01-26T22:20:40Z 2023-02-02T15:34:11Z "Currently we're using a customized version of phpMailer that strips out some features. This is most evident when you compare class.smtp.php: Ours: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-smtp.php#L465 Official: https://github.com/PHPMailer/PHPMailer/blob/v5.2.21/class.smtp.php#L465-L527 We're missing sections which plugin developers are using to support extended features (oauth, ntlm, etc). By leaving this out, we introduce a reason for them to include versions of PHPMailer which they then have to update in the case of security issues (such as the sort that predicated the 4.7.1 core release). If we were to include the full library, it would be easier (and faster) for core to update in case of security issues, and it would provide more flexibility and security for plugins and (by extension) users of WordPress." Ipstenu Tickets Awaiting Review 60515 Update `regenerator-runtime` polyfill External Libraries normal normal Awaiting Review enhancement new has-patch 2024-02-12T19:51:19Z 2024-02-19T10:00:47Z "A new version of the `regenerator-runtime` polyfill (0.14.1) is available. The [https://github.com/facebook/regenerator/compare/v0.14.0...v0.14.1 full of changes] are on [https://github.com/facebook/regenerator/ GitHub]." desrosj Tickets Awaiting Review 60512 Update backbone.js to the latest version (1.6.0) External Libraries normal normal Awaiting Review enhancement new has-patch 2024-02-12T17:27:37Z 2024-02-19T09:11:23Z Version 1.6.0 of Backbone.js is available (see [https://backbonejs.org/#changelog changelog]). desrosj Tickets Awaiting Review 60514 Update whatwg-fetch library External Libraries normal normal Awaiting Review enhancement new has-patch 2024-02-12T19:49:10Z 2024-02-19T09:23:11Z "A new version of the `whatwg-fetch` polyfill (3.6.20) is available. The [https://github.com/JakeChampion/fetch/blob/main/CHANGELOG.md changelog] and [https://github.com/JakeChampion/fetch/compare/v3.6.17...v3.6.20 full of changes] are on [https://github.com/JakeChampion/fetch/ GitHub]." desrosj Tickets Awaiting Review 60516 Upgrade Moment.js to the latest version External Libraries normal normal Awaiting Review enhancement new has-patch 2024-02-12T20:02:55Z 2024-02-19T08:46:30Z "A new version of the `moment` (2.30.1) is now available. The [https://github.com/moment/moment/blob/develop/CHANGELOG.md changelog] and [https://github.com/moment/moment/compare/2.29.4...2.30.1 full of changes] are on [https://github.com/moment/moment GitHub]." desrosj Tickets Awaiting Review 48499 request: bundle unminified jQuery External Libraries 5.2.4 normal normal Awaiting Review enhancement new 2019-11-05T10:24:47Z 2019-11-05T15:53:15Z "This is a follow-up to #47020. WordPress is including a patched jQuery 1.12.4 now as we require this version but need to patch in security related fixes; whereas jQuery is supporting only newer versions. However we do not include an unminified jQuery. As a result this makes this makes it very hard to verify certain which patches are included, as the source code is not available, and the minification process differs from jQuery's therefore an online diff contains a lot of false positives. To have verifiable patches I'd like to request that we please keep a list of fixes somewhere (whether it's ticket numbers or full documentation), start including an unmodified jQuery, and verify the bundled jQuery contains all patches post 1.12.4. " pacifika Tickets Awaiting Review 52012 Bundle jQuery plugin temporarily to encourage adoption of auto-updates External Libraries 5.5 normal normal Awaiting Review feature request new 2020-12-10T10:48:30Z 2020-12-19T17:53:52Z "**Some background: ** I wanted to include some comments here that I see as representative of the user experiences I have read about across the interwebs when they upgraded to to WordPress 5.6: {{{ Hello Wordfence team, Thank you for this very interesting post. Every update of WP makes me worried, especially lately because of all the plugin and themes update needed after... and the risk of big bug... For the security, Wordfence is installed in all my websites for many years now and it really help me to sleep well ;) Merry christmas time for all Cécile }}} {{{ Thank you for this useful rundown of the newest WordPress update. While it does sound exciting, I'm going to hold off for the time being and make sure all my plugins have caught up. }}} {{{ Do you think I should postpone the WordPress update to the latest? And I have to test the latest WordPress first on my local site? And is there no problem if I delay updating WordPress to the latest version? Are there no security holes or other bugs if I delay updating WordPress to the latest version? }}} {{{ i had upgraded my website to latest version of wordpress from 5.5 to 5.6. after few hours from upgrade my site started showing blank popup on screen which was not removeable even this have a cancel icon at top. my whole structure of [readacted] was disturbed. so I've downgraded back to 5.5 now it's working fine. so if you want to upgrade your version. do it at your own risk. }}} The above comments are from the WordFence blog: https://www.wordfence.com/blog/2020/12/wordpress-5-6-introduces-a-new-risk-to-your-site-what-to-do/ **The Problem: ** There were a large number of questions on the Forums during 5.5. and 5.6. where sites experienced fatal errors or other unexpected behaviour. While plugins that have not updated to the latest version of jQuery libraries are certainly not the only reason for fatal errors or unexpected behaviour - and while the number of active installations of the jQuery Helper plugin are probably inflated at this point - the number of downloads for the plugin and trends regarding questions on the Forums and other WordPress-related Help sites, in combination with other indicators like the number of plugins in the repository that make reference to outdated jQuery libraries suggest that the problem is not trivial. When sites break, non-technical users tend to want to roll back. This breaks trust in auto-updates and is highly likely to lead to users staying on older Core versions for longer and not trying to update again for years. **The Proposed Solution:** Please note that this solution on its own won't magically solve all update problems. However, it is one part that seems like it can be mitigated to reduce the ""noise"" (not suggesting that the concerns are not valid - suggesting that word of mouth is highly effective) / friction in the ecosystem. Bundle the jQuery Helper into Core (like Hello Dolly). Strongly consider running a cron job to disable (and possibly delete) the plugin after a certain number of admin logins (say 20). Have a prominent message (possibly redirect to a ""landing page"") to show the admin user how many logins they have left before the plugin is automatically disabled / deleted. Consider allowing the admin to extend the number of admin logins (perhaps to 200), or to enable the plugin until disabled (for sites that use plugins reliant on the outdated jQuery libraries). If possible, consider making use of Site Health to give an indication to the admin user as to whether or not the plugin is needed on their current setup or not. A bundled plugin approach could potentially be used for other breaking changes in the future - as one of the main constraints .org has always had to contend with was that there hasn't really been a good way to communicate these to a large number of site owners / admins. The goal here is **not** to let people use insecure libraries indefinitely - the goal is to get them **off** those libraries as soon as possible by facilitating communication and by not leaving them with a broken site (potentially during the middle of the night without them even being aware that the auto-update is happening) and scaring them off updating at all." carike Tickets Awaiting Review 43733 Replace Underscores.js with Lodash.js adamsilverstein External Libraries normal normal Awaiting Review task (blessed) assigned dev-feedback 2018-04-10T14:30:08Z 2023-07-17T23:20:28Z "Should we replace Underscores.js with Lodash.js? [https://wordpress.slack.com/archives/C5UNMSU4R/p1523367735000195 Discussed in Slack today (April 10th, 2018)]. It was suggested for converting WP Core to lodash, [https://github.com/facebook/jscodeshift jscodeshift] could be leveraged. Here is a list of [https://github.com/lodash/lodash/wiki/Migrating API pairings between lodash and underscores]. Concerns: Lodash 5.0 is set to have some [https://github.com/lodash/lodash/wiki/Roadmap backwards incompatible changes] that could make the migration awkward. General backwards compatibility concerns as well. How do we want to handle Backwards Compat? Most likely only core will be changed, and a migration path/tool will be offered out to theme/plugin authors." ChopinBach Candidates for Closure 51990 Codemirror does not support JSX by default as mentioned External Libraries 5.5.3 normal major Awaiting Review defect (bug) new reporter-feedback 2020-12-09T13:57:14Z 2022-08-24T19:04:52Z "Hi, I found an issue with the core code. It is mentioned on this link that the CodeMirror lib will support JSX by default in the editor. https://make.wordpress.org/core/2017/10/22/code-editing-improvements-in-wordpress-4-9 But when I use JSX mode, I do see an invalid System error in the editor. Please see this image: https://user-images.githubusercontent.com/1482075/100721177-eab92a00-33b6-11eb-84c8-a15da679d79d.png {{{ { indentUnit: 2, tabSize: 2, mode: 'jsx' } }}}" webbdeveloper Candidates for Closure 59423 Datepicker in wordpress do not follow the Date format set in the settings External Libraries normal normal Awaiting Review defect (bug) new reporter-feedback 2023-09-21T12:21:16Z 2023-09-24T03:43:08Z "Go to wordpress > Settings > General over there select ""Date Format"" > ""Custom date"" and set it to ""jS F Y"" Once you do this it will show you date to be like this 21st September 2023 Now Add the below code in your theme function.php file this code will create a shortcode [datepicker] {{{#!php ""); tb_show(TB_PrevCaption, TB_PrevURL, imageGroup); return false; } jQuery(""#TB_prev"").click(goPrev); function goNext(){ jQuery(""#TB_window"").remove(); jQuery(""body"").append(""
""); tb_show(TB_NextCaption, TB_NextURL, imageGroup); return false; } jQuery(""#TB_next"").click(goNext); jQuery(document).bind('keydown.thickbox', function(e){ if ( e.which == 27 ){ // close tb_remove(); } else if ( (e.which == 190) || (e.which == 39) ){ // display next image jQuery(""#TB_next"").trigger( ""click"" ); } else if ( (e.which == 188) || (e.which == 37) ){ // display previous image jQuery(""#TB_prev"").trigger( ""click"" ); } return false; }); }}}" Eric3D Candidates for Closure 60689 Concerning use of external libraries External Libraries normal normal Awaiting Review feature request new dev-feedback 2024-03-05T08:20:16Z 2024-03-27T15:27:01Z "As you get more advanced in using wordpress the need arises to use external libraries like bootstrap,font library,icon libraries,tailwind etc,off course this can be added using insert code plugins.the biggest disadvantage of this is that 1.you cannot maintain libraries version 2.You cannot delete the libraries. This problem can be solved through a feature request to create an interface to manage external libraries.In this feature: 1.User adds external libraries through a url 2.user can edit the libraries url 3.user can delete the libraries,libraries ceases to exist in the wordpress environment 4.Ability of the interface to distinguish/or give user opportunity to distinguish between and