__group__ ticket summary owner component _version priority severity milestone type _status workflow _created modified _description _reporter Untriaged tickets (that need a patch) 33940 Double spaces in term names can cause problems XML-RPC normal normal Awaiting Review defect (bug) assigned 2015-09-20T22:56:04Z 2019-08-15T06:46:02Z "Create a tag called 'test term'. Use XML-RPC to create a post with a tag of: {{{ test term }}} (two spaces). You'll get an error thrown, with the post not created: {{{ A term with the name already exists in this taxonomy }}} This appears to be due to the `_insert_post` function in XML-RPC using `get_term_by( 'name', $term_name, $taxonomy );`, which is returning false - thus it tries to create the term as new, and fails. Most other aspects of WP seem to filter the term name to strip double spaces first - is that what is necessary here? Or could the issue affect more than just XML-RPC?" smerriman Untriaged tickets (that need a patch) 51891 Multiple xmlrpc attacks after last update XML-RPC 5.5.3 normal major Awaiting Review defect (bug) new 2020-11-28T14:23:16Z 2021-01-07T18:17:13Z "Hello, After the latest WP update, I have began noticing an increasing amount of xmlrpc attacks for exploits that reached new peaks some 20 hours ago and without signs of slowing down. With each attack I am getting the following entry in the error.log : PHP Warning: call_user_func_array() expects parameter 1 to be a valid callback, array must have exactly two members in /home/.../public_html/wp-includes/class-wp-hook.php on line 289 I have de-activated the majority of the plugins and specifically those updated during the last week but that didn't change the scenery. I am not a developer, I am a power WP user operating a multisite for a couple of years now and this is the first time I am noticing this aggressive hacking activity (hundreds of different IPs per hour just as to avoid immediate blacklisting). Also this is the first time I am opening a ticket in WP.org Thank you for your attention. " attunist Future Releases 20070 Deprecate Blogger XML-RPC Methods XML-RPC 3.3 normal normal Future Release enhancement new dev-feedback 2012-02-18T18:32:26Z 2020-09-21T19:41:58Z "The XML-RPC API supports the legacy Blogger API methods, but these methods have apparently not been very well tested or maintained. Given that the `wp.*` XML-RPC namespace now covers everything that the Blogger API does, I suggest the blogger methods be officially deprecated with an eye towards removing them in a future version. At the very least, the MetaWeblog API should be used by clients instead, as it was explicitly designed to enhance and supersede the Blogger API." maxcutler Future Releases 59414 XML-RPC - add updateMedia endpoint XML-RPC normal normal Future Release enhancement new 2023-09-20T19:33:26Z 2024-03-05T15:53:56Z "In #58582, @thomashorta reported on alt attributes missing from the XML RPC endpoints. Fetching that data was fixed in [56637], but adding an endpoint to update media that specifically handles media data like alt attributes requires a more substantial enhancement. From #58582: Updating MediaItems through the XML-RPC API is also done directly by the Posts API, more specifically through wp.editPost (codex), which also doesn't support an alt field. This makes sense, as this API is more generic, but at the same time, there are no specific updateMedia methods in the Media API. Suggestion for updating I'm not sure about this one, but I think a new method in the Media API would be needed (e.g.: wp.updateMediaItem) to properly manipulate a specific input struct and call the Post update functions internally." joedolson Future Releases 25037 XML-RPC : Can't remove all the categories from a post by using metaWeblog.editPost XML-RPC 3.6 normal normal defect (bug) assigned 2013-08-14T17:41:00Z 2019-06-05T06:39:22Z "Seems that you can't remove all the categories from a post by calling mw_editPost. I tried both passing an empty array, or skipping the entry 'categories', in the content struct, but none of them worked. The post still has the previous categories attached to it." daniloercoli Future Releases 25016 "XMLRPC method ""wp.getUsers"" not working correctly in Multisite" XML-RPC 3.5 normal normal defect (bug) assigned 2013-08-12T18:53:13Z 2019-06-05T06:39:20Z "Hi, I have been testing some functionality in our app which uses XMLRPC, and it appears that I've found a bug with how the ""wp.getUsers"" method works on WordPress.com blogs. Basically, the blog I'm testing this on has 3 administrators. Regardless of which one of those administrators' credentials I use, whenever we call the ""wp.getUsers"" method we ONLY get details for the SAME user back. So, if we have 3 admins ('admin1', 'admin2', 'admin2'), whenever 'admin1' queries for all users, they only get back 'admin1'. I also tried adding a different type of user, specifically an author, and then used any of the above-mentioned administrator credentials to try and retrieve info on that author, but nothing is returned. It should be noted that all the above functionality works as it should on self-hosted blog, just NOT on WordPress.com blogs. " dinomic Future Releases 17382 XMLRPC wp_getUsersBlogs Scalability XML-RPC 3.0 normal normal defect (bug) new 2011-05-11T20:32:15Z 2019-06-05T06:38:07Z "If there is a root blog with many sub blogs on it and a user that is an admin on each sub blog, then when the when the XML RPC method wp_getUsersBlogs() is called it does not scale very well. My PHP memory_limit setting was 128MB, and the XML RPC request died when a user was a member of 230+ blogs. I noticed that the number of queries made to the database for a single user that has many blogs that they are an admin is very high. Affected line: http://core.trac.wordpress.org/browser/tags/3.0.1/xmlrpc.php#L443 I don't know exactly how the code would have to change so I am not providing a patch." bmorneau Untriaged tickets (that need a patch) 49044 Links in the text widget now require quotes audrasjb Widgets 5.3.1 normal normal Awaiting Review defect (bug) reviewing 2019-12-19T15:12:09Z 2020-01-07T19:37:52Z "Up until this release, if I had a link a text widget like this it would work. New Patient Packet the recent updated made the same link format like this when you click on it: https://www.aspirefamilydental.com/%22/wp-content/uploads/NT-transfer-records-to-sister-office-form.pdf/%22 I had to go in and change the text to this in order to make it work. New Patient Packet I manage over 200 sites. I have easy way of finding every link in every widget on all the sites I manage. Please fix the text widget to accept links without quotes like it used to. " spherman Untriaged tickets (that need a patch) 52730 Mixed content error with RSS widget Widgets 5.6.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2021-03-07T20:06:37Z 2021-03-12T19:27:36Z To avoid SSL Mixed content warning, it is needed to force the RSS icon to load with https gregmagn1 Untriaged tickets (that need a patch) 52877 The Widget's Callback Array Stores Wrong Values Widgets 5.7 normal major Awaiting Review defect (bug) new 2021-03-21T12:45:09Z 2022-12-05T07:12:37Z "While trying to get Widget's saved settings I stuck a very weird issue, The objects [number] and [id] in the Widget's Object [callback][0] always refer to the last widget created. Create **Two or more of the same Widget**, Then print out the settings, You will notice that the [number] and [id] inside the [callback] array different than the main [id] and [number] inside the [params] array, So when use the [number] from the callback array it refers to a wrong index which is the last created widget's index not the current. {{{ add_action( 'wp', 'test_widgets' ); function test_widgets() { global $wp_registered_widgets; $widgets_ids = retrieve_widgets( FALSE ); foreach( $widgets_ids as $sb_id => $widgets ) { if( 'wp_inactive_widgets' === (string) $sb_id ) { continue; } foreach( $widgets as $active_widget_id ) { if( ! isset( $wp_registered_widgets[ $active_widget_id ] ) ) { continue; } echo print_r( $wp_registered_widgets[ $active_widget_id ] ); /** * Widget Object * @var \WP_Widget * */ $obj_widget = $wp_registered_widgets[ $active_widget_id ]['callback'][0]; /* If you use the callback object to get the Widget's index it'll refer to a wrong index */ /* TRY: echo $obj_widget->number; */ } } } }}} **Output:** {{{ Array ( [name] => Meta [id] => meta-4 [callback] => Array ( [0] => WP_Widget_Meta Object ( [id_base] => meta [name] => Meta [option_name] => widget_meta [alt_option_name] => [widget_options] => Array ( [classname] => widget_meta [customize_selective_refresh] => 1 [description] => Login, RSS, & WordPress.org links. ) [control_options] => Array ( [id_base] => meta ) [number] => 4 [id] => meta-4 [updated] => ) [1] => display_callback ) [params] => Array ( [0] => Array ( [number] => 4 ) ) [classname] => widget_meta [customize_selective_refresh] => 1 [description] => Login, RSS, & WordPress.org links. ) 1Array ( [name] => Meta [id] => meta-3 [callback] => Array ( [0] => WP_Widget_Meta Object ( [id_base] => meta [name] => Meta [option_name] => widget_meta [alt_option_name] => [widget_options] => Array ( [classname] => widget_meta [customize_selective_refresh] => 1 [description] => Login, RSS, & WordPress.org links. ) [control_options] => Array ( [id_base] => meta ) [number] => 4 [id] => meta-4 [updated] => ) [1] => display_callback ) [params] => Array ( [0] => Array ( [number] => 3 ) ) [classname] => widget_meta [customize_selective_refresh] => 1 [description] => Login, RSS, & WordPress.org links. ) }}} " oxibug Untriaged tickets (that need a patch) 42568 Text Widget: Media Uploader Button Label Widgets normal normal Awaiting Review enhancement new 2017-11-16T06:03:35Z 2021-06-14T15:50:14Z I was wondering if the '''Media Uploader''' in the new '''Text Widget''' has a button with label '''Insert Into Widget''' instead of '''Insert Into Post''' as shown here: http://prntscr.com/hb38jv . It would be more meaningful I guess :) saurav.rox Untriaged tickets (that need a patch) 27405 Widget Customizer: Fade out sidebar sections that lack any rendered widgets Widgets 3.9 normal normal Awaiting Review enhancement new 2014-03-13T21:44:19Z 2017-06-07T00:24:28Z "Currently when there is a widget that is not rendered in the current URL being previewed (e.g. via Widget Visibility), the widget control in the customizer will become semi-transparent to indicate it is not being rendered. The same semi-transparent indicator would be useful for sidebars that are empty or which lack any rendered widgets. Originally reported in https://github.com/x-team/wp-widget-customizer/issues/76" westonruter Future Releases 53693 Block icons too big on 5.8 widgets page Widgets 5.8 normal normal Future Release defect (bug) new 2021-07-19T17:23:22Z 2021-11-01T21:51:21Z "[https://en-ca.wordpress.org/plugins/yet-another-related-posts-plugin/ Our plugin] adds a block using an SVG image which still looks fine on the blocks page. But on the widgets page introduced in WP 5.8, our block's icon is way too big and spills into the surrounding areas. See [[Image(https://i.imgur.com/ut0vOSv.png)]] On the post editing page, where the icon still looks fine, I see this critical CSS: {{{ .block-editor__container img { max-width: 100%; height: auto; } }}} It seems on the widgets page there is no `block-editor__container` so the styles don't apply, and icons like ours are unstyled. " mnelson4 Future Releases 42822 CodeMirror: HTML attributes values hints not fully operable with a keyboard Widgets 4.9 normal normal Future Release defect (bug) new 2017-12-07T09:38:16Z 2018-09-26T14:43:42Z "To reproduce, add an HTML widget either in the Widgets screen or in the Customizer: - start typing a HTML tag, for example ""

Custom HTML

Custom HTML Content
}}} Text Widget - The widget-wrap div has only that class. {{{

Text Widget

Text Widget Content

}}} As a result, any theme that has styled widget_text may have unintended styling issues. " dreamwhisper Future Releases 53552 Inactive Widgets prevent placement of new widget if `multiple` is false Widgets 5.8 normal normal Future Release defect (bug) new 2021-06-29T16:03:42Z 2021-11-01T22:05:49Z In the new Widget page, moving a Widget to Inactive stops placement of a new copy of that widget is 'multiple' is defined as false in the block code. MattyRob Future Releases 55220 Legacy widgets lack access to some usual server-side globals Widgets normal normal Future Release defect (bug) new 2022-02-22T00:59:03Z 2022-03-02T13:21:05Z "Copied from https://github.com/WordPress/gutenberg/issues/33404. --- ## Description Legacy widgets whose behavior depends on the `$pagenow` global might not render as expected via the new `/wp/v2/widget-types/fm-demo/encode` REST API endpoint because `$pagenow` during these requests is `index.php`, not `widget.php`. Additionally, legacy widgets are no longer able to rely on the `$_POST['action']` variable during requests to save widget data, which is usually set to `save-widget`, and these widgets might not be able to save data as expected. Similarly, legacy widgets are no longer able to rely on `DOING_AJAX` or `wp_doing_ajax()`, although that is typical of the REST API. ## Step-by-step reproduction instructions The easiest way to observe this behavior is to observe `$pagenow` and `$_POST` using Xdebug with a breakpoint inside of `WP_REST_Widget_Types_Controller::encode_form_data()`. To see the effect of the behavior on a real-world library: 1. Clone and include the Fieldmanager library: https://github.com/alleyinteractive/wordpress-fieldmanager 2. Clone and include the Fieldmanager Widgets extension: https://github.com/alleyinteractive/fm-widgets/ 3. Load the demo widget included in the README: https://github.com/alleyinteractive/fm-widgets/blob/296d5aef0585f3ff9bcf223e30867e069c13e2ca/README.md 4. Step through the `\fm_widgets_calculated_context()` function, which relies on all of the signals mentioned in the description. ## Expected behaviour With respect to legacy widgets, `$pagenow` will be `widgets.php` during form rendering, and `$_POST['action']` will be `save-widget` during saving. ## Actual behaviour `$pagenow` is `index.php`, and `$_POST['action']` is unset. ## Code snippet (optional) See README link above. ## WordPress information - WordPress version: 5.8-RC2 - Gutenberg version: Not installed - Are all plugins except Gutenberg deactivated? No, see repro steps. - Are you using a default theme (e.g. Twenty Twenty-One)? Yes ## Device information - Device: Desktop - Operating system: macOS 10.14 - Browser: Chrome 91" noisysocks Future Releases 53920 "Missing ""Title"" Field for Category / Latest Posts / Custom HTML Block Widgets" Widgets 5.8 normal normal Future Release defect (bug) new 2021-08-12T18:11:53Z 2021-11-02T15:21:03Z "The ""Title"" field is missing in block widget area for ""Category"" widgets (both products & pages), missing from ""Latest Post"" widget, AND missing from ""Custom HTML"" widget. Other widgets still have the ""Title"" field. Not sure if this was intentional or got overlooked... : (" lynaeash Future Releases 32183 Widget ID auto-increments conflict for concurrent users westonruter* Widgets 2.8 normal normal Future Release defect (bug) accepted 2015-04-29T09:20:46Z 2017-06-07T00:20:40Z "Each WP_Widget 2.0 “multi-widget” gets an index number associated with each instance of a give type. When you add a widget, this number gets incremented (`widget.set( 'multi_number', widget.get( 'multi_number' ) + 1 );`). The initial multi-number is calculated from the `next_widget_id_number()` function which takes the max number currently used, and increments it by one. The same approach is used in the widgets admin page and the Widget Customizer. For frequently-used widgets, the above problem will happen frequently where two users will try to add the same widget at the same time, and thus they will start out with the same initial `multi_number`, resulting in the same widget ID. When they both save their changes, one user's widget will override the other user's widget: whoever saves last. Likewise, it is possible for multiple widgets to be deleted in one session (from the widgets admin page, since Customizer only removes widgets by moving them to the Inactive Widgets sidebar) then new ones added back in other sessions and the initial `multi_number` will not be consistent. In other words, the `multi_number` for each widget type needs to be synced across each Customizer session along with the actual setting values. For concurrent editing of widgets, see: #31436: Handle conflicts in concurrent Customizer sessions #12722: Concurrent editing of widgets (on admin page)" westonruter Future Releases 36851 Widgets don't remove hooks after being unregistered Widgets 2.8 normal normal Future Release defect (bug) new 2016-05-16T15:28:57Z 2017-06-28T16:29:44Z "In `WP_Widget_Recent_Comments::__construct()`, there is this bit of code: {{{#!php id_base ) || is_customize_preview() ) { add_action( 'wp_head', array( $this, 'recent_comments_style' ) ); } }}} If `unregister_widget( 'WP_Widget_Recent_Comments' )` is called, this added `wp_head` action is still going to persist unexpectedly. At the moment, I believe the only way to remedy this inside such widgets themselves would be to check to see if the widget is still among `$wp_widget_factory->widgets` when the action callback is called (here the `recent_comments_style` method). From outside the widget, the alternative is would be to do: {{{#!php widgets['WP_Widget_Recent_Comments']; unregister_widget( get_class( $widget ) ); remove_action( 'wp_head', array( $widget, 'recent_comments_style' ) ); }}} Neither of these options are great. Perhaps there should be new `widget_registered` and `widget_unregistered` actions that widgets could listen to to do this cleanup? Or there could be a new `unregister` method on `WP_Widget` that a subclass could have this logic inside of. (We wouldn't be able to use the PHP destructor since it would never be called since the reference to the class would be still captured among the registered hooks.) Likewise, instead of adding the hooks inside of the constructor, perhaps there should also be a `WP_Widget::register()` method that gets called inside of the faux-private `WP_Widget::_register()` (and `_register` should be `final`, no?)" westonruter Future Releases 42965 Widgets not restored to previous widget area after switching back to previous theme Widgets 4.9 normal normal Future Release defect (bug) reopened 2017-12-22T15:06:13Z 2020-11-04T01:59:08Z There's a bug in widgets when switching themes. Before, on version 4.8.4, if you switch themes and return it back to previous, widget will retain on its widget column. In the latest version 4.9.1, every time you switch themes and return it back to previous one, all widgets will automatically placed to Inactive widgets. probewise Future Releases 42987 is_active_sidebar returns true on after plugin deactivation Widgets 2.8 normal normal Future Release defect (bug) new 2017-12-27T12:44:45Z 2018-01-26T21:12:12Z "Hi, Steps to reproduce: code: {{{#!php Sidebar is active, and it contains widget(s). Sidebar doesn't contain any widget. }}} 1. Add a widget plugin to the `custom-sidebar` 2. Disable the widget plugin 3. Reload the page The page is still showing sidebar is active. and `wp_get_sidebars_widgets()` still contains the disabled plugin's widget info. Is this something intended? Or is it a bug? " tpaksu Future Releases 52399 Remove widget accessibility mode joedolson* Widgets normal normal Future Release enhancement accepted 2021-01-29T16:44:29Z 2021-10-30T19:51:07Z "With the introduction of the new block editing experience for widgets management, WordPress will have four separate interfaces for managing widgets: block editing, customizer, classic widgets, and accessbility mode. The accessibility team would like to explore merging the characteristics that accessibility mode uses for better accessibility into the classic widget screen, to cut down to only three modes of operation for widgets. This will require identifying the characteristics of accessibility mode and finding ways to reproduce those characteristics within the existing widget UI. The key differences that are obvious are: 1) Use of a text link to 'Add' or 'Edit' 2) Links target each widget via a URL to manage independently. 3) Selection options to choose which sidebar and position will be used for a widget. These characteristics allow a single widget to be edited in isolation, the ability to assign a location without drag and drop, and visible text tools for handling widgets. One possibility to explore is having an add/edit option that opens a given widget in a modal that includes the location selection tools provided in accessibility mode. " joedolson Future Releases 43045 Trigger events equivalent to editor:image-edit and editor:image-update in media-image-widget.js Widgets normal normal Future Release enhancement new 2018-01-08T20:51:24Z 2020-06-17T04:22:54Z "The `wpeditimage` TinyMCE plugin has helpful `editor:image-edit` and `editor:image-update` events for hooking additional metadata onto the Image object. Here's an example: {{{ wp.media.events.on('editor:image-edit',function(event){ event.metadata.pinterest_text = event.editor.$(event.image).attr('data-pin-description'); }); wp.media.events.on('editor:image-update',function(event){ event.editor.$(event.image).attr('data-pin-description', event.metadata.pinterest_text); }); }}} Although the new Image Widget reuses the `image-details` frame, it doesn't fire these equivalent events, making integration difficult. It would be helpful if the `ImageWidgetControl` implemented equivalent events." danielbachhuber Future Releases 28747 $.wpColorPicker cannot duplicate elements Widgets 3.9.1 normal normal defect (bug) new 2014-07-04T09:26:00Z 2019-06-05T06:40:07Z "I can't `clone()` wrap `div` when I use with `wpColorPicker`. If I just running the `$.wpColorPicker` method again, I see two instance about this. What I can to do for duplicate?" KingYes Future Releases 21396 Categories widget reports categories without posts when they have custom posts Widgets 3.4 normal normal defect (bug) new 2012-07-27T02:36:46Z 2019-06-05T06:38:44Z "This problem may be related to #14084, but this report is specific to the behaviour of the Categories Widget. - Create a custom post type eg. ""Products"" - Create a category eg. ""Photographs"" - Add some posts of type Products, assign them to category Photographs - go to the blog page and the Categories widget lists Photographs as a category - click on Photographs - the ""Nothing Found"" post is shown. There are no normal posts of category Photographs, but the widget lists a category that returns nothing. I would have expected the widget not to list a category that has no normal posts. " pkwooster Future Releases 27236 Custom Widgets lost when theme is re-activated while the widget plugin is inactive Widgets 3.8.1 normal normal defect (bug) new 2014-02-28T15:27:29Z 2019-06-05T06:39:46Z "It could be a rare issue for others, but it's a regular process for my use-case. Custom Widgets are no longer shown in the widget area when theme is de-activated and re-activated while the plugin that provided one of the widgets is inactive. Steps: (Assumes, twenty fourteen is active) 1. Install Slim Jetpack plugin (or any other plugin that provides a widget). I enabled the Extra Sidebar Widgets from Settings > Slim Jetpack. 2. Add one of the Slim Jetpack widgets to the ""Primary Sidebar"" for example ""Gravatar Profile (Jetpack)"". 3. De-active Slim Jetpack. 4. Activate ""Twenty Thirteen"" theme. 5. Activate ""Twenty Fourteen"" theme. 6. Activate ""Slim Jetpack"". Unfortunately, the custom widget is lost. If you had normally de-activated and re-activated Slim Jetpacks, the Primary Sidebar would be fine. If you had done 4 and 5 without 3, everything would be good. But doing the steps as above, the widget is no longer in the sidebar - not even under Inactive Widgets. " asadkn Future Releases 27180 Remove Hidden Widget UI Widgets 3.8 normal normal defect (bug) new 2014-02-21T22:09:25Z 2019-06-05T06:39:44Z "I have come up with a issue with the new widget enhancements. The fact that we have to drag the widget a long way to move it to inactive status. On most screens this is below the visual area of the screen. Yet the only UI to collapse and expand the available widget area is hidden and you don't see it until your hover over text that doesn't appear or look like something you would hover over to see a user interaction. This makes it hard to us or even know it is their or available. The other UI issue also have to do with the widget placement as well. When you go to add a widget it asks you if which area do you want it added to. (For example: Main Widget Area or Secondary Widget Area) But when removing the widget the only options you have (without dragging them) is close and delete. There is no ""Move to Inactive"" Once a widget is in the Inactive Widgets area you can't add the widget via the button you once could in the new widget area. Can we have just one experience for both New and Inactive Widgets? I also have a Screencast which you can see here: http://f.cl.ly/items/0a293y0P363W1p0V2A11/Widget-Screen-Recording.mov " RDall Future Releases 31189 Widgets editing screen don't handle expired nonces gracefully Widgets normal normal defect (bug) new 2015-01-31T02:12:19Z 2019-06-05T06:40:38Z "The Widgets screen doesn't handle an expired nonce gracefully, and can result in the user thinking something saved, when in actual fact it was silently discarded. For example - Adding/Removing Widgets appears to work, doesn't take effect - Editing a Text Widget (or any titles of other widgets) and hitting save will result in a spinner, and then disappear the same way a successful save operates, even though the ajax calls returned `-1` to signify a nonce error / not logged in error " dd32 Future Releases 23909 Widgets settings loaded and instances registered unnecessarily Widgets 3.5.1 normal normal defect (bug) new 2013-03-30T16:02:05Z 2019-06-05T06:39:14Z "The settings for all registered multi-widgets get loaded with each request in `widgets_init`, and all widgets get registered even if they are never used (e.g. inactive ones). As the total number of inactive widgets tend to grow over time, the result is slower and slower page loads across all of a WordPress install. Ideally only the widgets returned by `wp_get_sidebars_widget()` would only get loaded and registered, though this would have an impact on how the widgets in the Customizer work." alex-ye Future Releases 14876 wp_get_sidebars_widgets() assumes that widgets are enabled Widgets lowest minor defect (bug) reopened 2010-09-15T02:05:43Z 2019-06-05T06:45:15Z "When a theme does not have any sidebars defined, wp_get_sidebars_widgets() will return the database option anyway. This reveals a bug where a theme that does not have any widgets may still get the recent comments CSS injected into it. is_active_widget() is returning true because that widget was active when the sidebar option was last used." nacin Future Releases 23008 Add a Hook To Hide Inactive Widgets Widgets 3.5 normal normal enhancement new dev-feedback 2012-12-19T19:59:12Z 2019-06-05T06:38:58Z "Hello, This is my first feature request so hopefully I'm going through the process correctly. Onto the request... Adding a hook to remove or hide the Inactive Widgets sidebar on the WordPress Admin Widgets page would be very useful for developers who don't use the area and want to be able to hide it for better UX. If this is approved I would love to submit a patch. :)" BFTrick Future Releases 20596 Adding more actions to a widget Widgets normal normal enhancement new dev-feedback 2012-05-02T00:14:28Z 2019-06-05T06:38:33Z "On the Widget UI, there is a ""Close"" button, aside with the ""Delete"" button, and I that developers should have a way to add more of those. For exemple, I would see as a good use case when you have a way of previewing the widget. Because right now the only way is by JS which is kinda of lame. Thanks," webord Future Releases 36532 Allow Reordering of Available Widgets Widgets normal normal enhancement new 2016-04-14T21:12:22Z 2019-06-05T06:44:15Z "It's common to see sites with 20 or even 30 widgets, even when the site user only needs a few of them: - Example 1: Core still ships with Tag Cloud and Meta widgets that I'd guess are barely ever used. - Example 2: It's always a bummer that the Text widget starts with ""T""... - Example 3: Jetpack adds a bunch of widgets, but I often only need one. Yesterday, I observed a client trying to drag-and-drop reorder the list of Available Widgets. I thought that was a perfectly reasonable thing to try, and realized I would love to do that on every site. This seems even more reasonable considering that a user can already reorder Inactive Widgets. I considered requesting that each widget be togglable via Screen Options, but I realize this wouldn't quite make sense given that a user could then hide an existing widget type. So among the options I can think of, I think the ability to reorder Available Widgets would be a relatively minor UI change with a potentially large UX improvement!" mrwweb Future Releases 26112 Available widgets drag-and-drop causes trouble on touch devices Widgets normal normal enhancement new 2013-11-19T15:57:32Z 2019-06-05T06:39:35Z "Now that we have click-to-add for available widgets, I think it makes sense to disable the drag-and-drop for available widgets on touch devices. The interaction tends to cause troubles on touch devices when you intend to scroll through the list of widgets, and instead initiate the draggable. Since active and inactive widgets don't have any alternative for reordering, we can keep the draggable interaction there on touch devices — but maybe we should think of a new way of reordering these widgets without requiring drag-and-drop." shaunandrews Future Releases 16613 Extend Widget API to allow sidebar/widget manipulation Widgets 3.1 normal normal enhancement new 2011-02-21T22:55:17Z 2019-06-05T06:37:51Z "There is currently no easy way to add a widget to a sidebar using code. We should add methods of doing this. A good example usage of such an API could be when a new theme is activated, it could add it's custom widgets to it's sidebar. API should provide support for adding widget X to sidebar Y (or even just the first sidebar) along with setting some options for the widget and where in the sidebar to add it (top vs. bottom)." Viper007Bond Future Releases 28188 Make Natively-Outputted .widget_rss CSS Selector HTML5-Appropriate Widgets 3.9 normal normal enhancement new 2014-05-09T05:57:31Z 2019-06-05T06:40:00Z "In regards to the natively outputted RSS Widget entitled `.widget_rss`, the post Author's name is currently outputted as wrapped in a `` tag. An example of a natively outputted RSS feed block looks something like this for reference: `Example RSSed Post April 14, 2014
This is the space where the RSSed information appears. […]
Author` Please note that the author of the RSSed post is being natively outputted as wrapped in the `` tag. As per #27944 (ocean90's comment in particular) which references #24522 (re: proper way to tag comment authors), the natively outputted CSS selectors for the `.widget_rss` widget probably ought to be wrapped in something like: `` as opposed to ``. Reiterating what ocean90 said: The `` tag is supposed to be used for a cited block of text (like a citation) rather than used to tag the/an author. Additionally, changing the `` to `` will provide additional sitewide code uniformity (there's a word or phrase I am looking for and I can't remember it!) for a natively/vanilla outputted WordPress site (and especially if using a default WordPress theme) re: how author names are wrapped in tags. Thanks!" EMG Future Releases 29155 Widgets: is_active_widget returns true even when the widget is not displayed on specific page Widgets 2.3 normal normal enhancement new 2014-08-08T17:51:22Z 2021-11-23T15:55:22Z "Steps to reproduce: 1. Activate Twenty Eleven 2. In Appearance > Widgets, add a widget to the Showcase widget area (only displayed on pages using the Showcase Page Template) 3. Load your home page. {{{is_active_widget}}} will return true for that widget, even if it is not displayed on the home page. It seems like it would be nice if {{{is_active_widget}}} only returned true when the widget was actually displayed on the page. I'm not sure how to do that, though." jeherve Untriaged tickets (that need a patch) 59746 Adding User Biographical Info without space breaks the container and adds horizontal scroll Users 6.3.2 normal normal Awaiting Review defect (bug) new 2023-10-26T10:43:35Z 2023-10-27T04:30:09Z "I found one issue in User Biographical Info module. Whenever I am adding bio without spacing, it breaks the container and adds horizontal scroll ! - Environment: fresh WordPress with no additional plugins - Theme: Twenty Twenty-One ( 1.9 ) - Screen recording: https://screenrec.com/share/H6zALe1fXd" mihirdev21 Untriaged tickets (that need a patch) 51781 Code not pulling website URL Users 5.5.3 normal normal Awaiting Review defect (bug) new 2020-11-15T18:45:42Z 2021-09-23T08:06:20Z "Hello people, I have activated the multisite network. And when a user signs up on one of the network’s sites (main site or subsite), that user receives an email with a confirmation link. After the user clicks on the confirmation link, he receives another email stating that his account is ok, and the signature of that email shows the code (###SITEURL###) that should call the URL of my site: https://prnt.sc/vjjaxz Thank you!" vejapixel Untriaged tickets (that need a patch) 47618 Email sent to blank address on email change for user with no previous email address Users normal minor Awaiting Review defect (bug) new 2019-06-27T14:24:25Z 2019-06-27T20:05:07Z "1. Install/active some email logger og logging functionality for outgoing emails 2. Import some content from other WP site 3. Let importer create a new username for some of that content, when prompted 4. Edit the newly created user and add an email address 5. Observe the email log: ""To:"" field is empty Expected: No email (attempted to be) sent when previous email is blank." knutsp Untriaged tickets (that need a patch) 38898 Lost password form not working with plugins that rename login URL Users 4.6.1 normal normal Awaiting Review defect (bug) reopened 2016-11-22T02:13:12Z 2017-07-19T08:20:43Z "When any given user, belonging to any given site, within a Multisite environment, try to recover its password, AND IF any security plugin which renamed the login URL is in place, the submission of that lost password form will fail because the action form has the wp-login.php URL hardcoded within. It should submit the form to the same URL you are currently on. You can refer to this support thread to learn more: https://wordpress.org/support/topic/bug-found-lost-password-form-outputting-incorrect-action-url-under-multisite/ So, the submit form URL at wp-login.php file should be outputted programatically rather than hardcoded. Best regards Marcelo " Kent Brockman Untriaged tickets (that need a patch) 38037 Maximum User ID Issue Users lowest normal Awaiting Review defect (bug) new 2016-09-13T10:46:57Z 2019-04-10T07:47:18Z "Hi, We found that if you set the AUTO_INCREMENT value to 18446744073709551614 (which is 1 less than the maximum value of BIGINT), it creates a blank user in the admin user table. upon checking the mySQL database details, we found that the ID (_users) is 18446744073709551614 and the user_id (_usermeta) is 9223372036854775807. the reason for the test is, we have created a plugin that allows an admin to change the user ID of any user, so we where testing the maximum upper limits of. The only way to delete this user is manually, the delete option fails. it would seem the ID (_users) supports 0 to 18446744073709551615 and it would seem the user_id (_usermeta) supports -9223372036854775808 to 9223372036854775807 this can be checked in https://dev.mysql.com/doc/refman/5.5/en/integer-types.html thanks" akaracing Untriaged tickets (that need a patch) 40835 Password and email change emails should not contain site-specific wording on multisite Users normal normal Awaiting Review defect (bug) new dev-feedback 2017-05-22T12:20:14Z 2017-05-22T12:20:14Z "With multisite enabled, the following three actions (there may be more) result in an email being sent to the user which contains wording specific to the site that the user happens to be on when they perform the action: * Attempt to change their email address. * Confirmed change of email address. * Changed password. As an example, here's the text from the ""Notice of Password Change"" email: {{{ Hi john, This notice confirms that your password was changed on Site B. If you did not change your password, please contact the Site Administrator at siteb@example.com This email has been sent to john@example.com Regards, All at Site B http://mtrunk.wp/siteb }}} This is misleading because it's not immediately clear whether my password was changed on all the sites on the network, or whether the change was specific to ""Site B"". In addition, the email address shown is the email address of the site administrator, not the network administrator. The site administrator does not necessarily have the ability to manage users. There may be similar considerations to those raised in #21352 regarding a user's awareness of the site being part of a network of sites." johnbillion Untriaged tickets (that need a patch) 44374 Remove deprecated contact methods Users 4.9.6 normal normal Awaiting Review defect (bug) new 2018-06-15T15:32:17Z 2020-06-01T16:14:10Z "AIM is dead (December 15, 2017), Yahoo Messenger will be shut down on July 17, 2018. I'm not sure about Google Talk, I think it's been retired a long time ago. In May 2013, Hangouts replaced Google Talk. The way people are managing the contact methods nowadays is: {{{#!php user_email || $user_pass !== $old_user_data->user_pass ) { $data['user_activation_key'] = ''; } }}} In the above code the variable $user_email is **daniel.o'brian@gmail.com**, but the $old_user_data->user_email is escaped and appears to be **daniel.o\'brian@gmail.com**, so there isn't the match and user activation key is cleared. Can you confirm and provide a fix? In the meantime, I can change this behavior by escaping the $user_email myself in the filter wp_pre_insert_user_data which is a few lines above the checking, I guess. Thanks!" daniele.perilli Untriaged tickets (that need a patch) 54310 WP_User_Query does not return results in the same format if fields set to all_with_meta and doesn't return any metadata Users normal normal Awaiting Review defect (bug) new needs-unit-tests 2021-10-22T17:54:26Z 2021-10-25T23:32:25Z "Digging into WP_User_Query if you set the fields to all_with_meta it returns an array index by the user_ID veers a keyed list for all other results this is the {{{ if ( 'all_with_meta' === $qv['fields'] ) { cache_users( $this->results ); $r = array(); foreach ( $this->results as $userid ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); } $this->results = $r; } elseif ( 'all' === $qv['fields'] ) { foreach ( $this->results as $key => $user ) { $this->results[ $key ] = new WP_User( $user, '', $qv['blog_id'] ); } } }}} I feel we should return the same shape array for both so propose to set the all to array index to the User_ID's with a change like this {{{ if ( 'all_with_meta' === $qv['fields'] ) { cache_users( $this->results ); $r = array(); foreach ( $this->results as $userid ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); } $this->results = $r; } elseif ( 'all' === $qv['fields'] ) { foreach ( $this->results as $user ) { $this->results[ $user->ID ] = new WP_User( $user, '', $qv['blog_id'] ); } } }}} And better still it doesn't return the meta values !!! So let's add this as well {{{ if ( 'all_with_meta' === $qv['fields'] ) { cache_users( $this->results ); $r = array(); foreach ( $this->results as $userid ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); $r[ $userid ]->meta = get_user_meta( $userid ); } $this->results = $r; } elseif ( 'all' === $qv['fields'] ) { foreach ( $this->results as $key => $user ) { $this->results[ $key ] = new WP_User( $user, '', $qv['blog_id'] ); } } }}} " pbearne Untriaged tickets (that need a patch) 55413 on user save apostrophes cause wp_mail error Users 5.9.2 normal normal Awaiting Review defect (bug) new 2022-03-17T16:22:40Z 2022-05-30T10:54:28Z "This is a follow-up to #18039. On user save from the admin the input is not unslashed and so the 1. wordpress thinks that the email has changed, has it is compared against a unslashed value 2. it uses the slashed input which isn't a valid email address to send the email was changed message Can we unslash the email input in the wp_insert_user and wp_update_user functions" dg12345 Untriaged tickets (that need a patch) 53109 wp_insert_user should return a WP_Error when passing a too long first_name parameter audrasjb Users normal normal Awaiting Review defect (bug) reviewing 2021-04-29T09:01:21Z 2021-04-29T22:55:35Z "When I call the wp_insert_user function to which I pass too long first_name, I do not get an error, but I get a 0-integer. Although the documentation says, either wp_error or integer-ok. P.S. I create user with this function .." superpuperlesha Untriaged tickets (that need a patch) 46035 Add set_display_name method to WP_Roles class Users normal normal Awaiting Review enhancement new dev-feedback 2019-01-18T13:44:45Z 2019-02-01T05:29:27Z "Currently, people are following tutorials on line on how to 'change' the display name of certain user roles in WordPress, by basically overwriting the name property every time on either `init` or `admin_init` hook. This is total overkill, and a hacky way to change the role display name (not role name which governs the capabilities stored in the database). If there was a method `set_display_name` (and a corresponding getter `get_display_name`) this cosmetic change could be done only once on plugin activation - this change would then be permanent in the database and you wouldn't need to run the 'rewrite' all the time just to change name (Editor to Blog Editor for instance, or Administrator to Operations). Only way, to do this now is to copy the entire `WP_Role` object, then remove the original one, change one property and add a 'new' role. This feels super hacky to me. Thoughts, opinions, suggestions?" dingo_d Untriaged tickets (that need a patch) 57508 Redirect after clicking reset password link does not return to original users table display page position Users 6.1.1 normal normal Awaiting Review enhancement new 2023-01-19T20:31:52Z 2023-01-31T15:13:34Z "It looks like the redirect does not pick up the search and paged variables in effect at the time the link is clicked. This resets the display of users back to the beginning. in users.php line 250: $redirect = add_query_arg( array( 'reset_count' => $reset_count, 'update' => 'resetpassword', ), My end users find this an annoyance and so bring it to your attention. For destructive actions, this is less of an issue as the display changes." mjdewitt Untriaged tickets (that need a patch) 34316 User status inconsistent between single-site & multisite Users 1.5 normal normal Awaiting Review enhancement new needs-unit-tests 2015-10-15T19:00:15Z 2017-09-27T15:30:10Z "The way a user's status is defined in WordPress differs between single-site and multisite: * In single-site, the `user_status` column is used * In multisite, there are two additional columns for `spam` and `deleted` Not only this, but the `update_user_status()` function is multisite only, and the `user_status` column is an integer without an API to help announce what values equate to what results. On the plus side, user statuses aren't really ever used in core. Marking users as spammers in multisite installations is the only real benefit of this feature as it exists today. I'd like to propose the following: * Stop creating the the `spam` and `deleted` columns in `wp_users` on new installations * ALTER the `user_status` column from `INT(11)` to `VARCHAR(20)` ala `wp_posts` * A bevy of `wp_register_user_status()` like functions to introduce bonafide support for them * A database upgrade routine to move user status `0` to `active` and `1` to `spammer` * A new index on the `wp_users` table for the updated `user_status` column type. We may need a few, based on how users are commonly queried in core, BuddyPress, etc... * Update the `WP_User` and `WP_User_Query` classes to suss out any `user_status` inconsistencies A few considerations worth noting: * Large installations would need to manually perform these DB upgrades. I'm embarrassed to say I've personally frozen WordPress.org for several minutes years ago by missing a `DO_NOT_UPGRADE_GLOBAL_TABLES` check on the `wp_users` table * Several plugins use their own values in the `users_status` column, assuming their numeric ID is unique and special. The authors of these plugins would need notifying, and their code updating to support the above ideas * This work *could* parlay into the Post Status API that's on infinite back-burner. There are some really excellent ideas floating around about how `post_status` could work that would translate nicely to users, too" johnjamesjacoby Untriaged tickets (that need a patch) 53405 short circuit before current filters for get_edit_user_link Users normal normal Awaiting Review enhancement new 2021-06-15T07:50:14Z 2021-06-29T05:37:24Z "currently the function get_edit_user_link can be filtered BUT it is only after it has gone searching for an appropriate value. This is problematic as on multisite this search may call get_edit_profile_url and then get_dashboard_url which in turn then runs get_blogs_of_user which pulls all the options for every site that the user is a member of into memory. This can be huge and completely unnecessary!! There needs to be a way to short cicuit this function at the start before all this occurs. " shawfactor Future Releases 17370 Screen options and meta box settings can lose per-blog meta box positions Users 3.1 normal normal Future Release defect (bug) new 2011-05-10T21:13:37Z 2022-10-03T12:10:08Z "User preferences for admin interface appearance of the Dashboard and the Edit/Add New pages are stored in per-user options in `wp_usermeta`: `closedpostboxes_$page`, `metaboxhidden_$page`, `meta-box-order_$page`, and `screen_layout_$page`, where `$page` is one of 'post', 'page', or 'dashboard'. Users can customize the order of the Dashboard and editing meta boxes to better suit their workflow using the drag-and-drop AJAX interface to move the meta boxes into ordered columns and the Screen Options tab to show and hide the boxes. Many plugins add custom meta boxes to the Edit/Add New Post page. In a multisite installation, with different plugins active on different blogs, users who rearrange an Add New Post page on a blog with a custom meta box and then rearrange it on a different blog without that meta box will lose the position of the custom meta box. Blogs can have different features and workflows implemented, and having per user options for the appearance instead of per user, per blog options limits the ability of a user to customize the interface. The expected behavior for moving things around is that it changes on one blog, not on all blogs." jmdodd Future Releases 38851 WP_User_Query cannot retrieve multisite users who have not been assigned a role on a site Users normal normal Future Release defect (bug) new needs-unit-tests 2016-11-18T15:11:32Z 2017-12-01T05:20:30Z "If you add a user to a multisite at network level, but do not proceed to assign them a role on a site within the network, `WP_User_Query` cannot retrieve those users (even if the query is run at network level), as they have no associated `wp_capabilities` meta_key. To reproduce the problem: 1) Add a user to a multisite via Network Admin > Users > Add New. 2) Run a WP_User_Query at network level (e.g. by doing something like: {{{ add_action('load-users.php', 'myAction'); function myAction() { $screen = get_current_screen(); if( $screen->base === 'users-network' { $query = new WP_User_Query(); $users = $query->results; } } }}} The returned results will not include the user added in step 1. In fact, it will only return users who have capabilities set on the first site in the network, even though this query is not occurring at site level. This could be fixed by allowing something like `'blog_id' => 'all'` in a `WP_User_Query`." robdxw Future Releases 18161 Bulk action: Add user to multiple sites Users 3.2 normal normal Future Release feature request reopened 2011-07-18T19:07:04Z 2021-04-27T20:01:18Z "Currently, to add a single user to multiple sites, the super admin has to edit each site, add the user to the site, and then go on to the next site. To improve this workflow, it would tremendously useful to be able to add a single user to multiple sites in the network admin. This ticket could have scaling problems to solve." danielbachhuber Future Releases 12720 Delete user and hook confusion when deleting users in Multisite Users 3.0 normal normal defect (bug) new 2010-03-26T12:42:59Z 2019-06-05T06:37:23Z "Currently: The hook ''wpmu_delete_user'' fires when deleting user in Super Admin->Users. The hook ''remove_user_from_blog'' when deleting user under site Users->Authors & Users. In standard WP: The hook ''delete_user'' is called when deleting users it should be the same in MultiSite when deleting from Super Admin->Users. Or add new hooks and deprecate previous. ''delete_user_from_network'' for when deleting a user totally. ''delete_user_from_site'' for when deleting a user from a specific site. This is hook also then fires in non-MultiSite mode since that then corresponds to one site." andreasnrb Future Releases 36405 User creation fails for users with long names. Users normal normal defect (bug) new 2016-04-03T05:49:00Z 2023-05-28T11:52:50Z "Summary: When creating a user with a long first or last name, the query that inserts the user into the DB is assumed to have succeeded, but that fact is never verified. Sign in as an admin and create a new user, giving it the first name `ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQ` (or any 251-byte string). After submitting the form, you'll see a handful of error messages (line numbers are from trunk just now, but I can reproduce the bug as far back as 4.2.1): {{{ Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1716 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1717 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1730 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1738 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1740 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1742 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1746 Warning: Cannot modify header information - headers already sent by (output started at wp-includes/pluggable.php:1716) in wp-includes/pluggable.php on line 1171 }}} What happens is that the `$wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) );` call in `wp_insert_user()` fails, but there's no check to ensure that it succeeded, so the code proceeds to try and create a new `WP_User` with ID `0`. This results in unexpected behavior, like sending a ""New User Registration"" email to the admin with blank ""Username"" and ""Email"" values. The failure is due to `$wpdb->process_fields()` calling `$wpdb->strip_invalid_text()`, which truncates the `display_name` field (because the `display_name` field only allows 250 bytes), and because it then doesn't match the value passed into `$wpdb->process_fields()`, it returns `false`. So this isn't so much a bug about a text string that's too long, it's really a bug about not checking the return value of `$wpdb->insert()`. I think the resolution of #10377 is probably the same kind of approach that could be taken here, since the problems seem similar." cfinke Future Releases 23857 Delete User Should Delete Comments Users 3.5 normal normal enhancement new 2013-03-25T07:10:55Z 2019-06-05T06:39:10Z The delete user function should also delete that user's comments or attribute that users comments to the person specified. That way, deletion of accounts goes a lot smoother. jamcat22 Future Releases 26962 in wp-admin/profile.php no restoration filled if an error occurs fields. Users 2.0 normal normal enhancement new 2014-01-30T11:55:59Z 2019-06-05T06:39:41Z "I just saw that if the fields are filled and that we delete such a required fields (or causing an error in the syntax of email for example), no mechanism is in place to restore the information specified by the user, everything is reset. This mechanism is however in place in the ""wp-admin/user-new.php"" when we disable javascript." QuarkSEO Future Releases 21910 wpmu_create_user() standardization Users 3.0 normal normal enhancement new 2012-09-17T18:03:24Z 2019-06-05T06:38:47Z "There seems to be some inconsistencies between wpmu_create_user(), create_user(), and wp_insert_user(). The former two are wrappers, and do different things but potential to consolidate and clean up some old code. Per Nacin: >nacin: wpmu_create_user() should probably just go away. >nacin: fairly useless function >nacin: by default, it looks like wp_insert_user() would create a role-less user. >nacin: as would wp_create_user() Looking at wp_insert_user() it sets the default role if none is provided, where wpmu_create_user() would actually delete the default roles and caps. Although, I'm not really sure there's a use case where you'd be using both the wpmu_new_user and user_register hooks simultaneously so possibly depreciate the former in favor of the latter. One real issue with wpmu_create_user is that it returns false instead of the WP_Error object which is probably not desired since the error could be useful. The false return is used in wpmu_activate_signup() to either set the returned ID or create it's own WP_Error. Lastly... documentation for create_user says it returns the ID, but it looks like it could potentially also return a WP_Error object. Didn't test, but possible documentation fix there. " ryanduff Untriaged tickets (that need a patch) 50098 CSVs that contain HTML fail upload test Upload normal normal Awaiting Review defect (bug) new 2020-05-06T06:42:45Z 2020-05-06T06:42:45Z "WordPress 5.0.1 (I believe) introduced file type checking so that uploaded files needed to be the correct MIME type for its extension. This caused CSVs detected as `text/plain` to fail the upload test. WordPress 5.0.3 fixed this so that .csv files can be uploaded if detected as `text/plain` (#45615, [44443]). However, in trying to uploaded CSVs exported from WooCommerce, I have encountered CSVs that are detected as `text/html` if they have enough HTML in the product descriptions. So these files exported from WooCommerce cannot be re-uploaded to WooCommerce. I have worked around the issue using the `wp_check_filetype_and_ext` filter, but ideally a similar carve-out for `text/plain` would be made for `text/html`. I don't have time to write a patch right now, but I might be able to take a crack at it later this week/next week if no one else can. For reference, this is how I bypassed the issue with the filter: {{{ add_filter( 'wp_check_filetype_and_ext', function( $wp_check_filetype_and_ext, $file, $filename, $mimes, $real_mime ) { $wp_filetype = wp_check_filetype( $filename ); if ( 'text/html' === $real_mime && 'text/csv' === $wp_filetype['type'] ) { $wp_check_filetype_and_ext = [ 'ext' => $wp_filetype['ext'], 'type' => $wp_filetype['type'], 'proper_filename' => $filename, ]; } return $wp_check_filetype_and_ext; }, 10, 5, ); }}}" JakePT Untriaged tickets (that need a patch) 22150 Customizer: Remove Image doesn't remove from Media Library Upload 3.4 normal normal Awaiting Review defect (bug) new 2012-10-10T05:35:15Z 2019-05-15T21:12:16Z "After uploading an image using the Theme Customizer, a ""Remove Image"" link appears - this seems to imply that clicking it will cause the image to be deleted entirely, rather than just hidden from the current view. " pento Untriaged tickets (that need a patch) 23188 Hardcoded relative url 'async-upload.php' in plupload/handlers.js Upload 3.5 normal normal Awaiting Review defect (bug) new 2013-01-12T11:47:48Z 2018-01-18T20:34:04Z "On line 127 in plupload/handlers.js you can find relative path to 'async-upload.php'. It rather should use wpUploaderInit.url (or something like that), so you could use WP Plupload in front-end for example or with your custom uploading scripts. Now you can write your custom uploader script and provide it via wpUploaderInit, but on that line in handlers.js it is ignored (and if you run it in front-end, bad request to ./async-upload.php is made)." drozdz Untriaged tickets (that need a patch) 23483 Incorrect image URL for subsites when using UPLOADS constant on multisite subdirectory installation Upload 3.5.1 normal normal Awaiting Review defect (bug) new 2013-02-15T18:56:54Z 2017-07-08T00:41:31Z "If the UPLOADS constant is used on a Wordpress Multisite installed to subdirectory, using subdirectory mode, then image URLs for subsites are incorrect. Example: * WP MS installed to www.domain.com/wordpress, subdirectory not subdomain * UPLOADS set to 'assets' Main site uploads images to /wordpress/assets/... [[BR]] Main site image URL is www.domain.com/wordpress/assets/... 1. Create subsite called 'subsite'; 2. Subsite uploads images to /wordpress/assets/sites/2/... 3. Subsite image URL is www.domain.com/subsite/assets/sites/2/... when it should be www.domain.com/assets/sites/2/... This is because wp_upload_dir() uses get_option('siteurl') to derive the URL. It is probably right for subdomain multisite but wrong in this use case." creativeinfusion Untriaged tickets (that need a patch) 46775 Cannot allow multiple MIME for same file extension Upload 5.1 normal major Awaiting Review enhancement new 2019-04-02T15:55:20Z 2023-08-27T08:06:45Z "Using 5.1.1, .zip are being detected as application/zip on my PC, but the same file (exact same) is being detected as application/x-zip-compressed on another PC. I've attempted to DISABLE_UNFILTERED_UPLOADS and temporarily removed the is_super_admin constraint from wp-includes/functions.php but still no luck. I also wasn't able to add this as an array without throwing a PHP exception. This prevents me from allowing users to upload .zip from their PC. It's not appropriate for me to ask the user to make any changes to their PC. Any advice?" thedanhealy Untriaged tickets (that need a patch) 30384 Cannot hook plupload's JavaScript consistently Upload 4.0 normal normal Awaiting Review enhancement new 2014-11-18T16:03:56Z 2019-05-15T21:15:59Z "Visit /wp-admin/media-new.php and enter the following into the console: window.uploader.bind('FileUploaded', function (){alert(1)}) Upload a file and once that's complete your function will be executed. However if you visit /wp-admin/upload.php or /wp-admin/post-new.php and run that JavaScript you'll find that window.uploader is undefined. I'm trying to prompt users to add additional information about the images they upload, but without access to the Uploader object that appears to be impossible." tomdxw Future Releases 44868 Upload plugin and theme functionalities do not check on PATHINFO_EXTENSION before upload. Upload normal normal Future Release enhancement new 2018-08-30T13:18:42Z 2018-08-31T06:39:52Z If you go to /wp-admin/plugins.php click the button **Add new** and you upload a .sql file or whatever file then this is possible. The fille end-up in the wp-uploads/ folder and will not be removed. There should which will check the extension and removes it if it is not a .zip file. csorbamedia Future Releases 27860 Media Upload: Incorrect renaming increment for retina files Upload 3.9 normal normal Future Release feature request new 2014-04-17T12:23:40Z 2019-05-15T21:14:35Z "If a file is uploaded `myimgage.png` and then a second image is uploaded with the same name the file is renames `myimgage.png` to `myimgage1.png` this is fine. However if a Retina image is uploaded using the Apple retina standard @2x i.e. `myimage@2x.png` The increment is `myimage@2x1.png` this is not correct and should be `myimage1@2x.png` Should be `myimage[[prefex]]@2x.png` NOT `myimage@2x[[prefex]].png` " phillbooth Untriaged tickets (that need a patch) 53298 Checking if wp-config-sample.php file exists before checking if wp-config.php exists Upgrade/Install 5.7.2 normal trivial Awaiting Review defect (bug) new dev-feedback 2021-05-29T20:34:43Z 2023-07-12T06:17:11Z "Currently in WordPress core, wp-admin/setup-config.php checks if wp-config-sample.php file exists before checking if wp-config.php exists. If the sample file exists, it then checks if the wp-config.php file exists, and if so, suggests deletion if necessary. For security, some WordPress users may delete the sample file, and restrict open_basedir for directory above that of the web root directory. Because of these two cases, the current order produces the follow error: `PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/example/wp-config-sample.php) is not within the allowed path(s): (/var/www/example/web:/var/www/example/private:/var/www/example/tmp:/tmp:...) in /var/www/example/web/wp-admin/setup-config.php on line 46` If the check for existence of sample file could be moved after checking if wp-config.php exists, we could avoid this error and avoid checking if sample file exists if wp-config.php does and not checking both if they both do. i.e. Moving the section commented `Support wp-config-sample.php one level up, for the develop repo.` to after the section commented `Check if wp-config.php exists above the root directory but is not part of another installation.` in `wp-admin/setup-config.php`" machineitsvcs Untriaged tickets (that need a patch) 60397 Invalidate opcache after theme / plugin updates seebeen Upgrade/Install 6.4.2 normal normal Awaiting Review defect (bug) assigned dev-feedback 2024-01-31T10:10:01Z 2024-01-31T12:29:13Z "Depending on the server opcache configuration, there is a high possibility of getting an Internal Server Error, or similar after updating a plugin / theme. Specific opchache settings I've verified that trigger the error are: {{{ [opcache] opcache.enable=1 opcache.enable_cli=1 opcache.memory_consumption=256 opcache.interned_strings_buffer=24 opcache.max_accelerated_files=130987 opcache.max_wasted_percentage=2 opcache.use_cwd=1 opcache.validate_timestamps=1 opcache.revalidate_freq=5 opcache.revalidate_path=0 opcache.save_comments=1 opcache.enable_file_override=1 }}} Error happens because validate_timestamps is set to 1 and revalidate_freq is greater than 0. This means that after plugin update, error 500 will stay for up to revalidate_freq seconds due to invalid opcache. This can be mitigated by adding a opcache_invalidate or opcache_reset call upon successful update." seebeen Untriaged tickets (that need a patch) 49014 Silence set_time_limit() call in wp-admin/includes/class-wp-upgrader.php Upgrade/Install normal trivial Awaiting Review defect (bug) reopened 2019-12-17T15:39:09Z 2019-12-24T04:03:22Z "Aggiornamento delle traduzioni per Twenty Twenty (it_IT)… Warning: scandir(/home/.dummy/temp/): failed to open dir: Permission denied in /home/user/wp/wp-includes/functions.php on line 2479 Warning: scandir(): (errno 13): Permission denied in /home/user/wp/wp-includes/functions.php on line 2479 Warning: array_diff(): Argument #1 is not an array in /home/user/wp-includes/functions.php on line 2479 Notice: set_time_limit() has been disabled for security reasons in /home/user/wp-admin/includes/class-wp-upgrader.php on line 468 Le traduzioni sono state aggiornate con successo. Tutti gli aggiornamenti sono stati completati. {{{#!php support forums.' ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $response = wp_remote_post( $http_url, $options ); } }}} The message ""Something may be wrong with WordPress.org or this server's configuration. If you continue to have problems, please try the support forums"" could be better. Right now if wordpress.org is up (which code can check?) then the problem is with their host. If they post to the Support forums there is no easy answer there. While there is a solution to this mentioned in #27091 that solution is not suitable for most users. I would suggest a longer timeout and a message that they could copy to their webhost to assist the host if a connection is being blocked." podz Untriaged tickets (that need a patch) 58808 Proposal: track object cache type in update checks Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2023-07-14T10:54:07Z 2023-07-14T16:49:23Z "Related: #56751, #48116 I think it would be helpful to send the `wp_using_ext_object_cache()` value as part of the update requests. We already send the list of installed PHP extensions, so it's possible to know whether e.g. redis or memcached are installed, but not if they are actually used. Ideally we would also know the exact type of object cache that is being used (e.g. if it's actually redis or memcached or something else). That would be also very useful for the `wp cache type` command, [https://github.com/wp-cli/cache-command/issues/68#issuecomment-1433755427 as suggested here]. This could be done via `WP_Object_Cache::get_type()` and a `wp_cache_type()` function for example." swissspidy Untriaged tickets (that need a patch) 51496 Scroll to the first plugin which is going to be updated after clicking on 'Apply' while Bulk actions 'Update' is selected to show that process is in a progress. audrasjb Upgrade/Install 5.5 normal normal Awaiting Review enhancement assigned 2020-10-11T18:54:23Z 2023-06-08T08:35:51Z "If you are clicking on 'Apply' while Bulk actions 'Update' it looks like nothing is happening and it's why you want to click several times in a row. This functionality can be combined with an improvement according to #40966 ticket. If this multiple update issue is hard to fix, possibly to add a scroll to the first plugin which is going to be updated can be easier." oglekler Untriaged tickets (that need a patch) 43916 Auto update translations when the respective plugin/theme is updated Upgrade/Install normal normal Awaiting Review feature request new dev-feedback 2018-05-01T13:41:41Z 2019-01-06T02:23:13Z "I find updating translations a bit of a pain because they only seem to appear (rightly so though) once you've updated a plugin or a theme. It'd be great if translations could be automatically updated after the respective plugin or theme has been updated removing the need to check if there are any translations waiting. Most often I find myself updating a plugin and then committing the update into version control and it's not until the commit has gone through that I reload the page to see that I now have new translation strings waiting. They really should be bundled with the main update of the plugin/theme." danieltj Untriaged tickets (that need a patch) 49515 SSL requirement during installation with SQL command through admin if mixed content Upgrade/Install normal normal Awaiting Review feature request new dev-feedback 2020-02-26T14:08:12Z 2021-05-11T07:07:35Z "Would it not be a good idea to highlight / warn the user if they try to use http instead of https? Furthermore, it would be very beneficial if wp admin offered a solution in terms of a SQL command for fixing mixed content if SSL is added after the fact. This might already be in the pipeline?" bjornenio Untriaged tickets (that need a patch) 20947 feature request: one-click update for core, themes and plugins (all in one) Upgrade/Install normal normal Awaiting Review feature request new dev-feedback 2012-06-13T22:48:50Z 2018-08-13T17:00:35Z I'd love to have the one-click update be truly one-click so that you can click once and update core, themes and plugins all at once as opposed to having to initiate three different updates. jkudish Future Releases 36887 Database upgrades should fail gracefully Upgrade/Install low normal Future Release defect (bug) new 2016-05-19T03:48:30Z 2022-07-07T14:19:10Z "Currently, `wp-admin/upgrade.php` and `wp_upgrade()` don't check that the database has actually upgraded properly, before returning a success message. Making them fail gracefully would be nice." pento Future Releases 47315 Download authenticity message has no actionability Upgrade/Install 5.2 normal normal Future Release defect (bug) new 2019-05-18T11:11:24Z 2023-08-22T01:57:18Z "== Problem While testing some upgrades of themes I noticed the following message: The authenticity of twentynineteen.1.4.zip could not be verified as no signature was found. As a user I have no idea what this means and more importantly, what I can do about it. == Proposed solution Add more context about what it means, why it is a not a blocker (soft-fail) when this is the case. This could be a page on WordPress.org or explained in-line. Provide a context on where this should be solved, locally/server/WordPress.org === Expectations I would have expected the theme update to be verified as it is downloaded from WordPress.org directly. " jipmoors Future Releases 24579 Add Drag'n'Drop UI to plugin and theme manual uploaders Upgrade/Install normal normal Future Release enhancement new 2013-06-14T17:03:38Z 2023-12-18T16:24:54Z "We have this nice looking easy to use drag-n-drop UI for our media, is there anything stopping us from having it for our plugin and theme uploaders? I know most people use the search that goes through the .org repo, but it's foolish to think that's the only place people ever get their products. This would help facilitate a consistent user experience throughout the entire WP Admin. Edit: If possible, support multiple uploads too." tw2113 Future Releases 44894 Add support for an optional `$roles` parameter to `populate_roles()` flixos90 Upgrade/Install normal normal Future Release enhancement assigned needs-unit-tests 2018-09-05T08:05:50Z 2019-01-23T23:22:19Z It should be possible to provide custom roles (and capabilities) to `populate_roles()` when populating a new site with its roles. This came up during work on #41333. flixos90 Future Releases 37130 Auto-download language packs when installing manually Upgrade/Install normal normal Future Release enhancement new 2016-06-20T09:08:17Z 2020-09-23T20:45:03Z "Themes and plugins can be downloaded from Rosetta sites (locale.wordpress.org). When they're downloaded, they are only available in English and whatever locale packages a theme/plugin author has decided to ship. They do not include language packs made available from translate.wordpress.org. As a result, if I download a plugin from the German plugin directory and manually install it, even if it's fully translated into German and a language pack is available, I won't see the interface in German. Thus, this ticket. On manual install, we should check for an available language pack and auto-download the language pack." samuelsidler Future Releases 51695 Include Upgrade Notice in post-auto-update emails Upgrade/Install 5.5 normal normal Future Release enhancement new 2020-11-02T01:22:59Z 2021-06-05T13:58:46Z "When a plugin update is released, an optional `Upgrade Notice` is visible on the Updates page explaining anything important about a plugin release. In the current age of automatic updates for plugins, those messages are not seen. I'm proposing that the Upgrade Notice field should be included in the post-auto-update emails related to the plugin - if the author has set the field that is. This would also be of benefit where a plugin receives a pushed force fix from WordPress.org for a security reason, a recent example was where someone who had not opt'd in to plugin auto updates received the update and was confused/concerned there was a bug. In that case, had the upgrade notice been included the end-user would've seen a pretty generic, but helpful text of `Version %s contains security fixes and is highly recommended for all users.` " dd32 Future Releases 12671 Installer page doesn't check if MySQL tables were created successfully Upgrade/Install 2.9.2 normal normal Future Release enhancement assigned 2010-03-22T17:47:33Z 2018-12-15T22:52:14Z "When running the web-based setup script - My Mysql user didn't have create permissions so no tables were created but the message (underneath all the MySQL errors) said setup was successful. I think it would be worth doing a check for no MySQL errors before proclaiming the installation a success." thedotproduct Future Releases 14393 Maintenance mode overkill. Please refine usage of it Upgrade/Install normal normal Future Release enhancement new 2010-07-22T22:12:14Z 2017-03-18T14:52:11Z "Though many tickets have been posted about the Maintenance Mode not resolving, I think that the problem is on a different level. It is unacceptable that even a failed upgrade of an inactive theme can break a complete Site or even Network. Case in point: I just followed the upgrade alert for an inactive theme, hosted on the WordPRess theme repository. (Apparently it had an error (Incompatible Archive. PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature.) But the point is, this should not have put the entire network in maintenance mode for 10 minutes. Maybe a check can be done for plugins, themes etc: if they are active, then maintenance mode can be used (though I am definitely not a fan of it anyway)." bike Future Releases 50674 Plugin and Theme Update Hooks pbiron* Upgrade/Install normal normal Future Release enhancement accepted dev-feedback 2020-07-15T22:48:19Z 2020-10-19T18:10:59Z With plugin and theme auto-updates shipping with core in 5.5, I think it's worth considering adding some more hooks around the plugin and theme process to perhaps run prior to and after a particular update is run. Hooks like `plugin_updated` and `theme_updated`, and maybe some `pre_*` versions of those. davidbaumwald Future Releases 58380 Setting time limit for updates doesn't always work. pbiron* Upgrade/Install normal normal 6.6 enhancement accepted dev-feedback 2023-05-23T13:34:30Z 2024-02-12T09:05:39Z "Warning: set_time_limit(): Cannot set max execution time limit due to system policy in /customers/7/5/e/lucasgent.be/httpd.www/***/wp-admin/includes/class-wp-upgrader.php on line 475 I usually comment out these lines since on my host one.com I ALWAYS get this additional warning line after succesfull updates. Is there something that can be done, so I don't have to do this for each new WP site...? Maybe a sort of option where you can enable/disable this? " NekoJonez Future Releases 26822 During upgrade, no errors thrown when file permissions are wrong Upgrade/Install normal normal defect (bug) new 2014-01-13T10:58:08Z 2019-06-04T21:10:10Z "I am, for the first time, attempting a Wordpress auto-upgrade. I was quite shocked to immediately see an FTP credentials dialog, as these credentials I treat as secret and do not wish to randomly spew them into the system that theoretically should simply be able to modify itself -- if filesystem permissions were proper. I wish to see an error message ""tried X, failed, exact failure error message, now trying FTP"" A number of current chatters in #wordpress on FreeNode state that this is actually not an error -- a position I vehemently disagree with. If _any_ operation fails, in the due-course of a program, SOMETHING should elaborate this within the normal course of execution for the task, especially the app itself that cannot write its own files. I would much rather like to see this from within the app updating itself, and not have to deduce it via any number of other, less-obvious methods, such as error logs on the server, filesystem access denial audits, etc. " mystica555 Future Releases 28300 Two issues in the code for auto-uploading to subfolders Upgrade/Install 3.9.1 normal normal defect (bug) new 2014-05-18T17:05:26Z 2023-03-15T18:21:55Z "There are two issues in the code for auto-uploading to subfolders within a change rooted FTP (wp-admin/includes/class-wp-filesystem-base.php). First, it adds a ""/"" to the replacement expression when the source replacement already contains a ""/"" (Note that ABSPATH has a trailing slash): {{{ $potential_folder = preg_replace( '#^' . preg_quote( $dir, '#' ) . '/#i', trailingslashit( constant( $constant ) ), $folder ); }}} This should be: {{{ $potential_folder = preg_replace( '#^' . preg_quote( trailingslashit($dir), '#' ) . '#i', trailingslashit( constant( $constant ) ), $folder ); }}} Second, it checks that the directory exists. This is not the case during theme and plugin installs, where the not existing directory is specified. Instead, only the parent should be checked. After: {{{ if ( $this->is_dir( $potential_folder ) ) { $this->cache[ $folder ] = $potential_folder; return $potential_folder; } }}} Adding: {{{ else { $potential_parent_folder = trailingslashit(preg_replace('#[^/]*/$#', '', $potential_folder)); if ( $this->is_dir( $potential_parent_folder ) ) { $this->cache[ $folder ] = $potential_folder; return $potential_folder; } } }}} Would test for a valid parent, instead. (E.g. wp-content/themes instead of wp-content/themes/newtheme)" wiziapp Future Releases 32652 Use `ignore_user_abort()` to avoid some update failures Upgrade/Install normal normal defect (bug) new 2015-06-15T05:50:51Z 2023-03-15T18:42:39Z "As mentioned in [comment:5:ticket:16066] and [comment:5:ticket:29679] we should consider using `ignore_user_abort()` to prevent the potential issue of an upgrade process being aborted mid-way due to a browser cancellation. This could be called before any update activity starts, or perhaps only after actual changes start happening (ie. after the zipfile download, before the file alterations)." dd32 Future Releases 27758 WP_Error data is false in _unzip_file_ziparchive Upgrade/Install 3.7 normal normal defect (bug) new 2014-04-11T14:25:07Z 2019-06-04T21:10:49Z "This is a follow-up to #22704, and the short version because after my long version crashed on 'continue to preview' :( {{{ return new WP_Error( 'mkdir_failed_ziparchive', __( 'Could not create directory.' ), substr( $_dir, strlen( $to ) ) ); }}} `substr( $_dir, strlen( $to ) )` results in false for the 'upgrade' folder and the zipfile folder itself. For the other folders the 'data' is simply not very informative and could be even confusing. Before [25780], it used to be just `$_dir`; isn't that a much more informative feedback? " ruud@… Future Releases 35536 WP_Upgrader goes too far up when enumerating parent paths on a network share Upgrade/Install 3.7 normal normal defect (bug) new 2016-01-19T22:43:29Z 2019-06-05T06:43:16Z "In `/wp-admin/includes/class-wp-upgrader.php`: When `is_vcs_checkout()` is walking up parent folders, the behavior of `dirname()` causes WordPress to check for folders that couldn't possibly exist. For example, if ""inetpub-share"" was the name of a share on machine ""myserver"", the following folders might be searched for source control folders: * `\\myserver\inetpub-share\wwwroot\.git` * `\\myserver\inetpub-share\.git` * `\\myserver\.git` * `\.git` Note that the last two are not even subfolders of `""inetpub-share"".` That is, the search should stop at `""\\myserver\inetpub-share\.git""` because `""inetpub-share""` should be considered a top-level folder. Even more concerning is that checking for `""\\myserver\.git""` and `""\.git""` are very expensive operations in a network environment, which means that the upgrade logic takes a very long time or will time out. My proposed remedy is to change this line: {{{#!php if ( $context_dir == dirname( $context_dir ) ) }}} to {{{#!php if ( $context_dir == dirname( $context_dir ) || (substr($context_dir , 0, 2)=='\\\\' && strpos(dirname( $context_dir ), '\\', 2)===false) }}} Thoughts?" vfs_hobbes Future Releases 36428 Weird default value of option 'default_link_category' Upgrade/Install 3.5 normal normal defect (bug) new needs-unit-tests 2016-04-06T15:15:19Z 2020-06-05T06:22:07Z "The option `default_link_category` has value `2` after installing WordPress. It makes no sense since 3.5. Generally, it's not a big problem, but we check referential integrity in our plugin and this fails because there's no `term_taxonomy` with ID `2`. " JanVoracek Future Releases 26710 Wrong redirect URL after core update when WP is in subdirectory Upgrade/Install 3.8 normal normal defect (bug) new 2013-12-24T11:05:58Z 2019-06-04T21:10:06Z "When updating WP 3.7.1 to 3.8 on a WP install that is located in a subdirectory (using the ""Giving WordPress Its Own Directory"" method), after the update, the browser forwards to a non-existing URL which causes a 404 error. In this configuration, in the wp-config file, WP_SITEURL is set to example.com/wp and WP_HOME to example.com. The update is triggered from the admin area located at example.com/wp/wp-admin/update-core.php When the update finishes, instead of forwarding to example.com/wp/wp-admin/about.php?updated, it sends the user to example.com/wp-admin/about.php?updated. Because of the missing subdirectory, this displays a 404 error. Upon returning to the dashboard, the user will notice that the update has been correctly applied, but he won't ever see the ""Welcome to 3.8"" page." tar.gz Future Releases 23487 is_blog_installed gives erroneous result on moved database Upgrade/Install 3.0 normal normal defect (bug) new dev-feedback 2013-02-16T13:11:37Z 2021-03-30T14:02:15Z "I resently moved my blogs to a new database, but when I tried it out, on of the blogs wanted a new install. Of course I did not want to do an install and overwrite my blog. I indirectly found the reason in is_blog_installed, which suppresses database errors. Thus I did not see this error. SELECT command denied to user 'techblog'@'localhost' for table 'wp_options' Of course it was my fault, but I virtually had to take the wordpress code apart to find out why my migration failed. Of course this is not a big problem on new installs, but very likely to happen on moving databases. " Kjeld Flarup Future Releases 28630 "wordpress ""check for updates"" fails silently behind proxy server with https POST 501 Error" Upgrade/Install 3.8.1 normal major defect (bug) new 2014-06-25T14:58:24Z 2019-10-18T14:01:46Z "I was running wordpress 3.8.1 on a webserver inside a LAN where wordpress needs to use a proxy to access the web. This is taken care of by defining WP_PROXY_HOST and WP_PROXY_PORT in wp-config.php, so Wordpress and plugins worked correctly. When checking the dashboard for updates, Wordpress and all plugins were always shown as up-to-date even as WP 3.9 and 3.9.1 were out. I checked the network traffic when forcing an update check, and it turns out that in wp-includes/update.php, if ssl is available, the url used to check for updates is transformed from http url to https url. This happens in three places, e.g. : {{{ $url = $http_url = 'http://api.wordpress.org/themes/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) $url = set_url_scheme( $url, 'https' ); }}} Thus a HTTPS POST request is sent, and the proxy we have here (Squid) answers with an error 501 “Unsupported Request Method and Protocol” It seems HTTP GET and POST works, I know HTTPS GET works with the proxy, but not HTTPS POST from WP. After that, WP display that everything is up-to-date, no error message, even with WP_DEBUG set to true. I commented the lines that switch to ssl if it is available, and everything worked fine : the updates were detected and installed with no further problem. Unfortunately my 'fix' isn't one as I will have to do it again after each WP update. Fixing this: - At the minimum : If the update check fails (error 501 here) WP should NOT say there is no update, but display an error message to let the user know there may be updates available but that it could not check for it (displaying the error itself would be even better). - Better : Maybe this is due to the way WP connects to the server using the proxy, as SQUID should work with HTTPS POST (at least it does from my browser). It seems a similar problem is described in [http://www.perlmonks.org/?node_id=78114] and is due to the connection : apparently it should be : ''create TCP connection to proxy, send ""CONNECT xyz\r\n"", and only then establish SSL connection.''. If this can be fixed in proxy support for https (not sure this is the problem), that's the best solution. - fast and unsecure fix: There could be a way (a wp-config var ?) to disable SSL when checking for updates but there are security implications as I assume SSL is used to confirm that the server is getting the updates from a legitimate WP server. " manikb Future Releases 27814 Automatic updates should not be silently disabled if I have .hg in file system root Upgrade/Install 3.7 normal normal enhancement new 2014-04-15T09:17:56Z 2019-06-04T21:10:55Z "My WordPress does not apply updates automatically, although it is told to via define('WP_AUTO_UPDATE_CORE', 'minor');. WordPress did not send any mail with an error report, so I had no idea how to debug that issue. I then found http://wordpress.org/plugins/background-update-tester/ which told me that all conditions pass except for {{{ FAIL: The folder / was detected as being under version control (.hg). }}} '''What?''' Yes, indeed, I am managing system configuration files via Mercurial. The repo is placed in the root of my file system. This is *'''completely'''* unrelated to my WordPress installation. I see the rational (http://make.wordpress.org/core/2013/09/24/automatic-core-updates/): {{{ If the install is running as a SVN or GIT checkout, automatic updates are disabled }}} But the way it is currently detected is in my opinion strongly over-generalized: {{{ It looks for .svn, .git, .hg, and .bzr folders in ABSPATH, and every directory above that up to / }}} It is fine if WordPress makes assumptions about its own eco system. However, the current implementation assumes that any DVCS placed in any directory when going up the file system hierarchy up to the root is controlling WordPress. What is this assumption based on? That WordPress should be the only thing running on a Linux box? :-) Seriously, this is not a good way to detect if the current ""''install is running as a SVN or GIT checkout''"". I think everybody agrees that I should not be forced to get rid of my system configuration repository in order to make automatic updates work again. I think WordPress should change this behavior. What are other good ways of determining ""if the install is running as a SVN or GIT checkout""? One could also question the rational behind this: ''If it is a SVN/GIT/... checkout then *'''most likely'''* it is a development version and the developer *'''most likely'''* does not want automatic updates to be enabled?'' Too many assumptions in this for my taste, even if we could reliably determine whether the current WP installation is a DVCS checkout. Could that whole thing be done more explicitly? What would be a quick workaround for me, if I really want to have automatic updates without getting rid of /.hg? " jgehrcke Future Releases 28845 Better error messages when uploading theme as plugin and vice versa pbiron Upgrade/Install normal normal enhancement assigned 2014-07-11T22:36:14Z 2023-03-15T18:29:52Z "When uploading a plugin package in the theme upload section, you will get an error message like: {{{ Unpacking the package… Installing the theme… The package could not be installed. The theme is missing the style.css stylesheet. Theme install failed. }}} You get a similar message when you try uploading a theme as a plugin. Because a plugin or a theme package is detectable, the error message should be more helpful. It should point the user where to go to upload the package. Ideally, we could just detect have the package installed anyone as the correct package type; however, for now, improved messaging could be really helpful." tollmanz Future Releases 31902 Shiny Updates: Language packs updates Upgrade/Install 4.2 normal normal enhancement new 2015-04-06T10:25:26Z 2023-07-09T16:13:52Z "Installing or updating plugin WP 4.1: There is also language packs update triggered and users are notified what was updated. Current trunk: There is only message ""Updated!"" and nobody knows if language packs update was also triggered and which languages were updated?" pavelevap Future Releases 34649 Support for filtering constants and .htaccess message in network setup Upgrade/Install normal normal enhancement new 2015-11-10T18:18:41Z 2023-03-15T18:42:10Z "It would be helpful if there were filters to modify the suggested constants and .htaccess message in network setup. For instance, I'd like to be able to include a switch statement to define `DOMAIN_CURRENT_SITE` based on an environment variable. Similarly, I'd like to be able to disable the .htaccess message when WordPress is running on a Nginx / PHP-FPM setup." danielbachhuber Future Releases 29260 Update site transients response differences Upgrade/Install 2.8 lowest normal enhancement new 2014-08-19T06:18:59Z 2019-06-05T06:45:21Z "Why do the update_themes and update_plugins have a different response type, one is an stdObject another is a simple array. That being said the plugin and theme upgrader have the same discordance. Please make them so they are consistent with one another. " krotz Future Releases 22076 WP Upgrader: update_bulk_plugins_complete_actions and update_bulk_theme_complete_actions should pass information about all plugins/themes to the filter Upgrade/Install 3.0 normal normal enhancement new 2012-10-02T07:56:19Z 2019-06-04T21:07:48Z "In class-wp-upgrader.php, line 1214 there is this line: {{{ $update_actions = apply_filters('update_plugin_complete_actions', $update_actions, $this->plugin); }}} When adding a filter to it like this: {{{ add_filter('update_bulk_plugins_complete_actions','test_filter',99,2); function test_filter( $update_actions, $plugins ) { echo print_r( $plugins, 1); return $update_actions; } }}} Only the last updated plugin info will be printed. However, it should contain information about all the plugins that were updated (since we are dealing with a bulk upgrade here)." ragulka Untriaged tickets (that need a patch) 33574 Add ability to scroll through long toolbar menu items morganestes Toolbar 4.4 normal normal Awaiting Review enhancement assigned 2015-08-27T17:45:49Z 2022-06-24T11:55:06Z "Related to #15317, when a toolbar menu has many items, it cuts off at the window height. We should make long menus in the toolbar (like the New... menu) scrollable by default to enhance UX." morganestes Untriaged tickets (that need a patch) 53184 Toolbar Enhancements: turn off labels / disable plugins / auto-hiding Toolbar normal normal Awaiting Review feature request new dev-feedback 2021-05-11T16:48:44Z 2021-07-14T00:10:19Z "Something that can get pretty crowded quickly is the Toolbar. I have three suggestions for improving this: - The option to turn on/off text labels next to the icons - The option to disable / enable certain plugins to add things to the toolbar - The option to enable / disable auto-hiding, where the toolbar hides until you move your mouse up (similar to what lots of people use with their Mac's dock) I'd love to hear your thoughts." tomjdevisser Future Releases 22660 "Admin bar in multisite: mobile tap on ""My Sites"" dropdown in back-end doesn't work" Toolbar 3.4.2 normal normal Future Release defect (bug) new 2012-11-30T20:40:17Z 2021-06-14T20:50:25Z "Quick steps here to reproduce an issue where the ""My Sites"" dropdown (multisite networks) will drop down and show the ""Network Admin"" link and the list of your sites. But, clicking on a site (to expand and see ""Dashboard"", ""New Post"", etc.) does not happen. Tapping the blog name just closes the dropdown. I'm not sure what's different but I can consistently reproduce this when in the admin back-end (but works OK on front-end admin bar when viewing a site): From /wp-admin/ on a mobile device (tested on iOS 6, iPhone 5, iPad) with a multisite network: 1. Tap ""My Sites"" in admin bar 2. See ""Network Admin"" and list of sites below 3. Tap one one of the site names Expected: Site name expands to show ""Dashboard"", ""New Post"", etc. (same behavior as front-end when viewing site). Screenshot: http://d.pr/i/reOi Actual: Tapping site name simply closes the ""My Sites"" dropdown, does not browse anywhere nor expand menu" devinreams Future Releases 60685 Keyboard focus order mismatch in adminbar in front-end joedolson Toolbar 3.3 normal normal 6.6 defect (bug) assigned 2024-03-04T21:10:29Z 2024-03-05T15:38:45Z "When viewing the Admin bar on the front-end, the search tool is added visually in the far right corner, after the profile menu. In the DOM, however, the search bar is located before the profile menu. These should be reversed in the DOM so that keyboard order matches visual order. See r19518." joedolson Future Releases 46003 Improve toolbar CSS Toolbar normal normal Future Release enhancement new 2019-01-16T10:42:03Z 2020-03-04T06:42:01Z "The admin toolbar has been around for years and has been iterated on many times. Its [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/css/admin-bar.css?rev=44544 CSS file] is now over 1000 lines long and weighs 24 KB. Even minified it's still over 20 KB, which I think is way too much. Given that the admin bar is loaded most of the time for many users, this just slows things down unnecessarily. I believe there's an opportunity to clean up the CSS file, get rid of legacy selectors targeting things like IE 7 and IE 8, and perhaps even make it DRY by leveraging Sass. It should be possible to reduce the size of the admin bar CSS without reducing functionality or usability." swissspidy Untriaged tickets (that need a patch) 54109 Classic Editor - Image edit popup toolbar no longer appears when image has link TinyMCE 5.8 normal normal Awaiting Review defect (bug) new 2021-09-11T07:55:44Z 2021-09-21T13:29:02Z "After inserting an image into the Classic Editor, you can click on it and a small popup toolbar will appear with several alignment buttons and an Edit button. Image without link, showing popup toolbar after being clicked: [[Image(https://p377.p0.n0.cdn.getcloudapp.com/items/o0uPJNdL/c547caaf-3ab0-4d26-9f4a-f413da275bbf.png?source=viewer&v=7d5ba87b66148f1b317100ac3baa1cf0)]] After you add a link to the image, or if you add a link while inserting the image, this popup toolbar no longer displays when clicking on the image. The popup will flash and then disappear. Vid: https://share.getcloudapp.com/8Lu5YGzD macOS Big Sur 11.5.2 Firefox 92.0 WP 5.8.1 TwentyTwenty Classic Editor (No other plugins) " ahortin Untriaged tickets (that need a patch) 58486 Using WordPress 5.7.8 (but also all other more recent branches) - characters are stripped through TinyMCE Copy paste from Word TinyMCE 5.7.2 normal normal Awaiting Review defect (bug) new 2023-06-08T09:44:51Z 2023-06-08T09:44:51Z "Hi Using WordPress 5.7.8 (but also all other more recent branches) - characters are stripped through TinyMCE Copy paste from Word. Under conditions: Bulleted list, from word, pasted, containing a dot at the end of the word. Detailed descpription with fix here: https://github.com/tinymce/tinymce/issues/3480 https://github.com/aautio/tinymce/commit/b5f4db5a8377d2beb9ca3a1a7164587b280acbf4 Seems implemented in TinyMCE since March 31 2021, however the update of TinyMCE editor has not yet been included in current WordPress versions. Can this still be applied? Kind regards, Ralph Gortzen Application manager Atos.net Group site. " rgortzen Future Releases 50817 TinyMCE: default_link_target is ignored TinyMCE normal minor Future Release enhancement new 2020-07-30T10:56:21Z 2021-06-02T23:49:28Z "I use the following filter, to set the default_link_target for TinyMCE to _blank: {{{#!php { console.log(editor.getParam('default_link_target')) }) // output is: ‘_blank’ }}} The problem is, that the default_link_target-setting is never taken into account inside the wplink-Plugin of WordPress: {{{ src/wp-includes/js/tinymce/plugins/wplink/plugin.js }}} I have a Bugfix ready on a cloned repository of https://github.com/WordPress/wordpress-develop Unfortunately there is the following inside the .gitignore-file of the repository: {{{ /src/wp-includes/js }}} Is there any other place, where I could commit changes to the JavaScript code? Did I miss something? How could I create a pull-request on the github-repository with changed JS-Code? " utoppo Untriaged tickets (that need a patch) 55902 Block theme rendering issue Themes normal blocker Awaiting Review defect (bug) new 2022-06-02T11:27:45Z 2022-08-03T16:50:28Z "Hi, I am from Pagelayer team. And we have checked and found that in the `wp-includes/template-canvas.php` file, you have called the function `get_the_block_template_html()` above the header that breaks the flow of the calling hooks like (`get_header`, `wp_enqueue_scripts`, `wp_header`). For example, If we add any `the_content` hook inside the `wp_enqueue_scripts` hook, then the `the_content` hook not working properly. Please check and try fix the issue ASAP if possible. " jivansoft Untriaged tickets (that need a patch) 57246 Duotone SVG function does not check for CSS variable color format Themes normal normal Awaiting Review defect (bug) new 2022-12-01T15:12:35Z 2022-12-02T23:03:27Z "The function `wp_get_duotone_filter_svg` and/or `wp_tinycolor_string_to_rgb` do not verify the format of the color code passed to it. My theme uses a CSS variable `var(--nv-text-dark-bg)`. After getting `$color` from `wp_tinycolor_string_to_rgb`, it assumes the color array has valid values. Since the original color is not one of the expected formats, this generates the following warnings: {{{ PHP Warning: Trying to access array offset on value of type null in /wp-includes/block-supports/duotone.php on line 422 PHP message: PHP Warning: Trying to access array offset on value of type null in /wp-includes/block-supports/duotone.php on line 423 PHP message: PHP Warning: Trying to access array offset on value of type null in /wp-includes/block-supports/duotone.php on line 424 PHP message: PHP Warning: Trying to access array offset on value of type null in /wp-includes/block-supports/duotone.php on line 425 }}} Please change one or the other method to check for CSS variables before using values from `$color` array." mattf10 Untriaged tickets (that need a patch) 57817 Navigation block frame responsive issue Themes 6.1.1 normal normal Awaiting Review defect (bug) new 2023-02-28T07:21:31Z 2023-02-28T07:21:31Z I was editing header template part. As I added a navigation block and reduced the width size of the frame screen, the mobile view was showed. Then I clicked on the hamburger icon and opened the menu. Now, when I increased the size of the frame screen, the layout didn't change, and I couldn't close the menu even when I reduce the frame screen. amitpomu Untriaged tickets (that need a patch) 56762 PHP file being ignored in block theme hierarchy Themes 6.0.2 normal major Awaiting Review defect (bug) new 2022-10-07T21:00:26Z 2022-10-20T15:05:54Z "Hi I've tried the following in WP 6.0 and 6.1 as well as the TwentyTwentyTwo and TwentyTwentyThree themes. Issue: When using the ""Default Template"" option on a Page, the page.php file is ignored but page.html will work. You will see in admin that it is set to Index as it is ignoring the page.php file but if you have both .html and .php the .html will take precedence. Admin + File structure: https://monosnap.com/file/0IwMr0nBwtXDkd8SEIb0QjUGTn7Qsb It looks like the problem comes from the code below in this file `wp-includes/block-template-utils.php` line 313 {{{ $template_slug = substr( $template_file, // Starting position of slug. strpos( $template_file, $template_base_path . DIRECTORY_SEPARATOR ) + 1 + strlen( $template_base_path ), // Subtract ending '.html'. -5 ); }}} I'm not certain but I also found this in the Gutenberg side and wondering if it didn't make it across (unless I'm mistaken). https://github.com/WordPress/gutenberg/pull/31478/files It's been driving me mad! " ryanpluckrose Untriaged tickets (that need a patch) 57390 [ wp-includes/template.php - get_archive_template() ] - archive for post doesn't load the correct template Themes 1.5 normal normal Awaiting Review defect (bug) new 2022-12-28T09:41:31Z 2022-12-28T10:10:02Z "Good morning everyone, while making templates for the post-type 'post' I discovered that: The get_archive_template() function ( in wp-includes/template.php line 150 ) for a post archive returns archive.php instead of archive-post.php while the get_single_template() function for a post returns single-post.php. In my opinion, the two results don't agree each other and the first function should work for posts as well. Thanks in advance. " riccardodicurti Untriaged tickets (that need a patch) 40221 switch_theme action + Live Preview = confusion Themes 4.7.3 normal normal Awaiting Review defect (bug) new 2017-03-21T17:09:49Z 2019-03-13T04:04:10Z "The switch_theme function has inside a hook named the same: switch_theme, it is used for theme deactivation actions, but the problem is that after you activate the theme via Live Preview - this action is executed, so can create confusion. (switch_theme hook is for theme deactivation functions - https://codex.wordpress.org/Plugin_API/Action_Reference/switch_theme) When we activate a theme (not via Live Preview) - then this hook is executed together with old theme, not with new theme, but when we have a Live Preview with a new theme, then this hook will be used with the theme that is inside the Live Preview, with it's files. That's why this hook is called incorrectly. So if this is not by design and it is a bug then the fix would be to skip this hook after a theme activation via Live Preview. " alexvorn2 Untriaged tickets (that need a patch) 32326 Improve Support for Structured Data Themes normal normal Awaiting Review enhancement new 2015-05-09T14:50:00Z 2019-10-13T00:52:06Z "There has been discussion before on various types of structured data. WordPress has limited support for microformats and it is a long-standing part of WordPress. New standards for structured data continue to appear, and there have been some proposals in support. However, different people want support for different things. I think there is a solution with more general appeal. body_class and post_class add classes to the body and post containers. What if they were superseded by two new functions with a broader scope? body_attributes and post_attributes which could add any attribute from a provided array into the body and post containers? Most of the structured data works on an attribute of the tags it is attached to, be it class or property or otherwise. The body_class and post_classes continue to work as they always have. Newer themes could use the attributes function, which could remove hentry adding by default, for example, and transfer control of structured data back to the theme. There is also the possibility, if it isn't going too far, of adding a similar function for the content container. " dshanske Untriaged tickets (that need a patch) 51726 proposal: make specialized header name available inside header.php Themes 5.5.2 normal normal Awaiting Review enhancement new 2020-11-07T15:23:26Z 2020-11-08T08:26:43Z "You can call `get_header()` with an extra argument. For example: `get_header('wp-signup')`. This allows theme authors to create a specific header: `header-wp-signup.php`. But it would be nice to also this name inside the regular `header.php` file, to allow for a small tweak instead of completely duplicating the header.php file. My proposal is to modify this function in `wp-includes/general-template.php` line 27: {{{#!php $name ]) ) }}} Then, inside `header.php` it would be possible to access the header name like this: `$header_name = $args['__name']`" Jules Colle Untriaged tickets (that need a patch) 21256 New theme feature - add_theme_support( 'content-width', $defaults ) chriscct7 Themes 3.4.1 normal normal Awaiting Review feature request assigned dev-feedback 2012-07-13T10:08:34Z 2018-11-22T22:16:27Z "Themes use '''$content_width''' variable to set the content area width, they use: {{{ if ( ! isset( $content_width ) ) $content_width = 500; }}} This method has two flaws, it's not flexible and it does not support different sizes for different post-types. WordPress has to make the content-width to be a builtin theme feature using '''add_theme_support()''', and make it more flexible and easy to update. I want to update this value using the Theme Customizer rather editing the function.php file. The code needs to be easy to set and to support CPT, some thing like this: {{{ $defaults = array( 'post' => '500', 'page' => '500', 'attachment' => '650', 'artist' => '300', 'movie' => '400' ); add_theme_support( 'content-width', $defaults ); }}} Just an idea for 3.5." ramiy Future Releases 59464 Images hard-coded in block theme templates lack `width` and `height` attributes Themes 6.4 normal normal 6.6 defect (bug) new 2023-09-26T17:10:25Z 2024-03-13T15:33:21Z "All images hard coded into block templates and patterns should have height and width attributes (applies e.g. to the TT4 theme). It also prevents loading optimization attributes from being added to these images, so effectively this harms both load time performance and leads to layout shifts." spacedmonkey Future Releases 39083 Introduce singular capabilities for managing individual themes Themes normal normal Future Release enhancement new needs-unit-tests 2016-12-04T22:12:26Z 2017-07-14T19:41:15Z "As we did in #35614 for taxonomy terms, singular capabilities should be introduced for switching, editing, deleting, and updating individual themes. This would allow fine-grained cap checks such as `current_user_can( 'switch_theme', $theme )` and `current_user_can( 'delete_theme', $theme )`." johnbillion Future Releases 53356 Themes admin page: make theme details, active, and preview links always visible Travel_girl Themes normal normal Future Release enhancement assigned 2021-06-07T23:21:42Z 2024-01-29T20:21:48Z "Follow up from #52649 In ticket 52649, we fixed a number of accessibility issues in the theme navigation. In the course of discussing that, there was a proposal to modify the layout so that the three action buttons for a theme were always visible, without obscuring the theme screenshot. Since it was beyond the scope of the original ticket, we opted to complete that ticket and open the design issue as a new ticket. See: https://core.trac.wordpress.org/ticket/52649#comment:15 https://core.trac.wordpress.org/ticket/52649#comment:27 " joedolson Future Releases 12839 Themes should be sandboxed on activation to prevent fatal errors Themes 3.0 normal normal Future Release enhancement new 2010-04-04T06:16:25Z 2021-01-02T20:23:28Z "I've just made a child theme of TwentyTen by copying the folder over, renaming, and adding a Template: header to the style.css file. Upon activation, I've been thrown to a page with a fatal error due to redefining a twentyten function. Ideally, theme activations should be passed through a sandbox style activation the same as plugins." dd32 Future Releases 60644 When theme installation fails, add a link to return to theme installer page Themes normal normal Future Release enhancement reopened 2024-02-27T05:51:47Z 2024-02-27T10:52:28Z "When for any reason a theme installation fails (If the user uploads a zip file other than the theme zip file) you will be confronted with an error and there is no way out. Screenshot: https://nimb.ws/OK9mRU1 Of course, you can use the browser's built-in back button, but still it would be nice to offer an additional link ""Go to Theme Installer"" (leading to wp-admin/theme-install.php)" pmbaldha Future Releases 51072 Add action hook after theme skip links sarahricker Themes 5.5 normal normal Future Release feature request assigned 2020-08-20T01:48:13Z 2020-10-16T14:42:38Z "Not sure if this is the right place. My feature request is to add a default hook in themes that is after skip links. I was recently working on a code project where I had a widget loaded in wp_footer but had no idea how to dynamically add a trigger link in the header for screen readers. If I used jQuery to add it before the first link, it could come before skip links and this is bad UX. If I added it after the first link, there could be multiple skip links creating a mess or maybe the theme doesn't have skip links, it could insert after a logo. There are also themes with top navigation, etc. that makes this rather difficult to figure out how to dynamically insert a trigger link. If theme guidelines were updated to require a hook after skip links, I could simply add my trigger link like this. {{{#!php Trigger Link'; }); ?> }}} In the header.php file, it might look something like this. {{{#!php Skip to main content'; do_action( 'theme_after_skip_links' ); ?> }}} Hopefully others will agree that there are situations this could be really useful to plugin and even child theme developers. Thanks." alexstine Future Releases 28734 Back button doesn't work when in the theme previewer Themes 3.9 normal normal defect (bug) new 2014-07-03T15:35:53Z 2019-06-04T21:11:44Z "To reproduce: * Go to theme-install.php; * Go to ""popular"", then to ""featured"" (clicking the back button here works); * Click on ""Details and Preview"" for a theme; * Click next; * Click the browser's back button and you'll be pointed to theme-install.php." iseulde Future Releases 24026 No /themes/ folder causes strange behaviour Themes 3.1 normal normal defect (bug) new 2013-04-10T07:05:04Z 2019-06-04T21:08:29Z "I know, that it's a tricky behaviour, but the problem exists. 1. Unzip WordPress files to appropriate place 2. Go to /wp-content/ and delete /themes/ folder 3. Install WordPress using it's wizard (ignore error in Dashboard that no theme activated) 4. Go to Plugins page in admin area 5. Install BuddyPress (this plugin register the theme BP Default that is situated in plugin folder - '''this is very important''') 6. Activate BuddyPress and complete its wizard to make BP functional 7. Go to Themes page in wp-admin 8. You will now see BP Default Theme. Try to activate it 9. Ta-da! You've just unlocked a new badge for catching an error." slaFFik Future Releases 35280 Should feed_links_extra run when current theme doesn't support automatic-feed-links ? Themes 4.4 normal normal defect (bug) new 2016-01-01T19:31:10Z 2019-06-20T09:43:05Z `feed_links()` will return early if the current theme doesn't support `automatic-feed-links`, shouldn't `feed_links_extra()` do the same? tiqbiz Future Releases 20859 Theme Installer: Preview should be scrollable on iPad and Kindle Fire Themes 3.4 normal normal defect (bug) new 2012-06-06T21:51:09Z 2019-06-04T21:07:35Z "Related to #20805. We've added techniques for smoothly scrolling iframes when they're the only frame on the page, but the theme installer still uses the overlay technique. We may be able to iron this out in a similar fashion. Given that the old installer also used an overlay technique, this is not a regression." koopersmith Future Releases 29555 Theme details allowed HTML Themes 3.9 normal normal defect (bug) new dev-feedback 2014-09-06T11:50:17Z 2019-06-04T21:12:13Z "Theme authors can use some HTML in their theme's style.css Description (and Theme Name and Author). If I'm not wrong, sanitize_header() in WP_Theme class sets the allowed HTML tags and attributes and for Description they are: {{{ 'a' => array( 'href' => true, 'title' => true ), 'abbr' => array( 'title' => true ), 'acronym' => array( 'title' => true ), 'code' => true, 'em' => true, 'strong' => true, }}} This works in the installed themes browser, where theme details are grabbed from the theme's style.css. But in the theme install views, where theme details come from WordPress.org API, some HTML tags (for example ""a"") are completely stripped out (don't know if this is intentional) while others (for example ""abbr"") are not unencoded before being used as HTML in the view and they end up being displayed as plain text, even in the WordPress.org site (see the last two screenshot). I've found the someway related #27641 but please notice HTML is returned by the API already encoded so even using triple braces `>` etc. will still be `>` Installed themes browser: [[Image(http://i.imgur.com/B9TdIUa.png)]] Themes install: [[Image(http://i.imgur.com/JoP1yjp.png)]] WordPress.org themes site: [[Image(http://i.imgur.com/fyYmdeK.png)]]" afercia Future Releases 14824 WordPress is not updating Theme option after making a theme a child theme by adding the line 'Template' to the child`s css without refreshing Theem activation Themes 3.1 normal normal defect (bug) new 2010-09-09T23:27:35Z 2019-06-04T21:05:56Z "Situation: If you have 2 Themes on a 2 sites MultiSite install (each site is using one theme) and want to make one of them a child Theme of the other, you will go to one of them and add the line 'Template: NAME OF THE PARENT THEME' and save it. After doing so the Child Theme will not inherit any Template Files from the parent until you deactivate/activate the Child Theme again. Although it says in the ""Themes/Appereance"" section of the Child Themes backend 'CHILD THEME NAME uses templates from PARENT THEME NAME. Changes made to the templates will affect both themes.' even before deactivating/activating the Child Theme. Looks like the template page might be checking the style.css and not update the option." drale2k Future Releases 22414 validate_current_theme() should validate cached theme roots Themes normal normal defect (bug) new 2012-11-11T21:57:54Z 2019-06-04T21:07:55Z See ticket:22252#comment:14. To handle edge cases like the same theme being in multiple roots, validate_current_theme() should validate the cached theme roots, and update or delete them as appropriate. nacin Future Releases 16883 "Add check for ""Template Version"" on theme activation" Themes 3.1 normal normal enhancement new dev-feedback 2011-03-18T03:28:36Z 2019-06-04T21:06:36Z "Related: #16395 In addition to adding Template Version to the standard meta information extracted from style.css in `get_theme_data()`, I think that for this information to be useful, a child theme shouldn't be able to be activated unless the template template the child theme uses (parent theme) meets the minimum version requirement identified in ""Template Version"". A polite and graceful failure, with an error notice, would be preferable :-) Reason: many times child themes utilize functionality that only exists in the latest version of a parent theme. They're stuck either writing backward compatibility into into their code, or risking whitescreens. This not only prevents that, but it could be used to gently encourage the user to update the parent theme. Certainly not a candidate for 3.1.1, but perhaps 3.2?" nathanrice Untriaged tickets (that need a patch) 45076 Category counter is not updated Taxonomy normal normal Awaiting Review defect (bug) new dev-feedback 2018-10-11T06:08:01Z 2018-12-09T21:13:46Z "When we create new category from admin panel category successfully added in right category panel but it's counter is not updated. Suppose i have create five category like !''Category 1!'', !''Category 1.1!'', !''Category 2!'', !''Category 2.1!'', !''Uncategorized!'' system show counter as 5 items but when i create new category called !''Category 3!'' it will added successfully in category list but total counter still show 5 items it should show 6 items but when i refresh that page it show counter as 6 items. Check video https://youtu.be/rBmziC5_0XQ" mukesh27 Untriaged tickets (that need a patch) 52904 WP_Term_Query does not return deeper descendants of child_of when direct children of child_of are not part of the results Taxonomy normal major Awaiting Review defect (bug) new 2021-03-24T22:38:31Z 2021-03-24T22:38:31Z "Let's say for the hierarchical taxonomy `mytax` we have the following terms and term ids(in parentheses): {{{ - A (1) -- AB (2) --- ABC (3) - B (4) -- BD (5) -- ABC (6) }}} The following query works fine and it returns both terms with ID 2 and 3 {{{ print_r( get_terms( [ 'taxonomy' => 'mytax', 'name__like' => 'AB', 'child_of' => 1, 'hide_empty' => false ] ) ); }}} However, the following query returns an empty array (since term_id=2 will no longer be in the results): {{{ print_r( get_terms( [ 'taxonomy' => 'mytax', 'name__like' => 'ABC', 'child_of' => 1, 'hide_empty' => false ] ) ); }}} but it is expected that it returns the term ABC with term_id=3. This seems to be a bug with the logic in `_get_term_children()` where if direct children of the asking ancestor are not within the initial set of the terms, the recursion will never happen and deeper descendants are then removed from the query results." xParham Untriaged tickets (that need a patch) 33585 Improve wp_list_categories to support multiple taxonomies Taxonomy 2.3 normal normal Awaiting Review enhancement new 2015-08-28T09:43:16Z 2020-06-04T10:31:18Z "Hi folks, I was working on a plugin feature request and from what I see it's not possible to pass an array on the `taxonomy` param from `wp_list_categories`, which prevents multiple taxonomies to be fetched at once. I wanted to know if I can work on this ""enhancement"" for version 4.4, should be an easy modification since `get_terms` is an easy replacement for `get_categories`." bordoni Untriaged tickets (that need a patch) 38278 Only query taxonomies assigned to the post types being queried Taxonomy 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-10-10T20:28:53Z 2017-04-20T03:02:26Z "While working on #31383 (Add `WP_Tax_Query` support to `WP_User_Query`), it was brought up that taxonomy queries do not check to see whether the requested taxonomies are registered to the requested post type. Opening this ticket to discuss further. Should taxonomies always match the queried `post_type`? From @boonebgorges on the other ticket: Here's a way to frame the issue: are we likely to confuse developers if we allow (ie, don't throw errors for) queries like `get_users( ... 'tax_query' => ... 'taxonomy=post_tag' )`? Or `get_posts( ... 'tax_query' => ... 'taxonomy=some_user_taxonomy' )`? Or maybe these queries will just always end up empty? We should think through the possible confusions (or, maybe, lack thereof). " desrosj Untriaged tickets (that need a patch) 49559 Post Category Restoration Taxonomy 5.3.2 normal normal Awaiting Review enhancement new 2020-03-02T08:09:46Z 2020-03-02T08:36:54Z "Hi, It is quite expecting nowdays that Post Category can be restored after we delete. Something like Trash Options should be there for it. Thanks to Core Team. Tristup" tristup Untriaged tickets (that need a patch) 44762 Suggested changes to get_cat_name and get_cat_link to provide support for custom taxonomies Taxonomy normal minor Awaiting Review enhancement new 2018-08-09T10:53:19Z 2018-08-09T11:31:32Z "I discovered today that these functions only support the taxonomy 'category'. Can I suggest something along the following lines so that a custom taxonomy can easily be used?: {{{#!php name; } }}} {{{#!php Even if we don't have anything as robust as a ""term status API"", we still have to be sure that, at the very least, term_status != 'publish' terms are excluded from most queries - a change that has the potential for weird back compat issues. - An internal taxonomy for draft terms, which may be more conservative but also more complex, especially if we want to support things like hierarchy for draft terms. > It may be easier (maybe more code, but fewer hacks) to do on-the-fly registration of a separate internal taxonomy for each taxonomy that's getting a draft term added via the Customizer. We'll want a future-proof solution that can support term meta being previewable as well. `auto_draft` posts are the inspiration on the posts end for the customizer approach." celloexpressions Future Releases 38308 Accept 'meta_query' parameter in `WP_Tax_Query` Taxonomy 4.4 normal normal Future Release feature request new 2016-10-14T08:27:03Z 2017-07-30T15:37:16Z "It would by possible to extend like that? {{{#!php 'post', 'tax_query' => array( array( 'taxonomy' => 'people', 'field' => 'meta', 'meta_query' => array( array( 'key' => 'map', 'compare' => 'EXIST' ) ) ), ), ); $query = new WP_Query( $args ); ?> }}} " Hrohh Future Releases 13816 There should be built-in index pages for taxonomies Taxonomy normal normal Future Release feature request new dev-feedback 2010-06-10T12:20:29Z 2023-01-31T20:36:11Z "By default, if you enable 'pretty' permalinks, you get URLs like this for categories and tags: /category/slug, /tag/slug. The same pattern is used when adding custom taxonomy types. These URLs often suggest to people that it should be possible to go 'up' one level, and access index pages at /category and /tag which list all of the available categories or tags (or maybe just the top x most popular ones for tags). I'd suggest that we add a new template type of is_archive_index() which uses, in order of preference, taxononmyname-index.php (eg category-index.php), archive-index.php. Within these templates, the 'loop' should return taxonomy items rather than posts. This is all possible already using custom templates and get_terms(), but it'd be handy if it was built-in. " frankieroberto Future Releases 27412 Category meta box: cannot see chosen subcategory if many items in subcategory Taxonomy 3.8 normal normal defect (bug) new 2014-03-14T06:34:02Z 2019-06-04T21:10:38Z "Hi there, if you have many items in a subcategory then you are not able to see that selected item in the meta box in admin unless it's alphabetically in the top 10 (or thereabouts) of the subcategorie items. The meta box only shows the parent, you will have to scroll down a lot to find the child too. In my eyes it would make sense to move the chosen items in subcategories directly under their parents, ignoring the alphabetical ordering, so that you are able to see what has been chosen. " landwire Future Releases 16230 Category slugs not cut at 200 characters as it should under some conditions Taxonomy 3.1 normal normal defect (bug) new 2011-01-14T14:10:23Z 2019-06-04T21:06:22Z "When a category name is longer than 200 characters, it is cut to 200 and so is the slug automatically created upon category creation. Now, if you edit the category name or slug afterwards, again trying to set a name longer than 200 characters it is cut again. But, if you edit the name or slug and use a very long string like this one: %d1%85%d1%80%d0%b0%d0%bd%d0%b0/%d1%80%d0%b5%d1%86%d0%b5%d0%bf%d1%82%d0%b8/%d0%b4%d0%b5%d1%81%d0%b5%d1%80%d1%82%d0%b8-%d1%80%d0%b5%d1%86%d0%b5%d0%bf%d1%82%d0%b8-%d1%85%d1%80%d0%b0%d0%bd%d0%b0/%d1%81%d0%bb%d0%b0%d0%b4%d0%ba%d0%b8%d1%88%d0%b8-%d0%b4%d0%b5%d1%81%d0%b5%d1%80%d1%82%d0%b8-%d1%80%d0%b5%d1%86%d0%b5%d0%bf%d1%82%d0%b8-%d1%85%d1%80%d0%b0%d0%bd%d0%b0-%d1%80%d0%b5%d1%86%d0%b5%d0%bf%d1%/ Then the slug ends up being longer than the 200 chars limit. Now if on the Categories list dashboard page you have more categories than visible on one page, and the category you edited above is not on page 1, the page it is on will appear empty (while successive pages will be all right if they contain regular categories) This has been reproduced on 3.1-RC2-17283" paolal Future Releases 30379 Creating multiple Categories with same name under 1 parent Taxonomy 3.9 normal normal defect (bug) new 2014-11-18T05:50:40Z 2019-06-04T21:12:53Z "At present this structure is allowed: {{{ Parent - C (slug: c) - C++ (slug: c-parent) }}} Attempting to add another 'C' category will fail with `A term with the name and slug already exists with this parent.`. However, you can create this structure: {{{ Parent - C (slug: c) - C++ (slug: c-parent) Parent2 - C (slug: c-parent2) }}} and then move the term: {{{ Parent - C (slug: c) - C (slug: c-parent2) - C++ (slug: c-parent) Parent2 }}} without issue. The question that remains here, is this what is expected?" dd32 Future Releases 31665 Duplicate slugs in DB, created for hierarchical terms with long, non-latin names, when the default slug already exists Taxonomy 4.1.1 normal normal defect (bug) new needs-unit-tests 2015-03-17T10:43:33Z 2019-06-04T21:14:42Z "When WP automatically generates a slug for a child term, and if the produced slug (which is normally generated just from the term's name) already exists in that taxonomy, it forms a slug by concatenating all the parent terms' slugs hierarchically For example, in a term structure like: Parent -Child If a term with the name ""Grandchild"" is to be inserted under ""Child"", normally it would get the slug ""grandchild"". However if that slug already exists in the taxonomy, WP generates the slug ""parent-child-grandchild"". When the slugs have long, non-latin names, they are stored urlencoded in wp_terms, and the stored string's length can easily overflow the field's size ( varchar(200) ). Any terms created under that condition end up having the same slug stored in the DB (the produced urlencoded one, truncated to 200 chars). To reproduce the issue: Create a term (e.g. category) with this name (without the quotes): ""Ένα δύο τρία τέσσερα πέντε"" Create another term with the same name, defining the first term as its parent. Create a third term with the same name, defining the second term as its parent. The second and third terms end up having duplicate slugs in the DB, a situation which is normally an error. This issue is also not detected if the same procedure is repeated using wp_insert_term(). Normally an attempt to insert a duplicate slug to the same taxonomy would raise a ""duplicate_term_slug"" WP_Error, which is not the case." nevma Future Releases 36610 Loss of multibyte category and tag names Taxonomy normal normal defect (bug) new 2016-04-20T22:40:40Z 2019-06-04T21:22:20Z "Some multibyte category and tag names can be lost during creation. Example: create a category with the name `テテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテAAA`. It is 201 bytes long and will be truncated by `$wpdb->strip_invalid_text_for_column()` to 200 bytes (`テテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテAA`) before the category is created. However, the category name `AAAテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテ` is also 201 bytes, but when it is truncated to 200 bytes, it splits a multibyte character, so when `wp_check_invalid_utf8()` gets called, it will truncate the string to zero bytes out of an abundance of caution, since the string ends with something that is not valid utf8. It's clear that the category creator was not submitting invalid utf8, and the true goal of `$wpdb->strip_invalid_text_for_column()` was to ensure that the text would fit in the DB column without auto-truncation by the DB engine, so the ideal behavior should be that the string is truncated to the longest possible length that remains valid and fits within the column. One way to get around this data loss would be a wrapper around `wp_check_invalid_utf8()`. If `wp_check_invalid_utf8()` fails, chop a single byte off the end of the string and check it again, up to the point where you have checked the string without the last five bytes (as I believe that the longest a single character can be is six bytes, although I'm not positive about that and I think anything longer than four bytes is mostly theoretical). Or, fix `$wpdb->strip_invalid_text_for_column()` so that it doesn't truncate in the middle of a multibyte character. There might be a solution lurking in mb_strlen(). If `wp_check_invalid_utf8()` returns an empty string, take bytes off of the original string (up to 5 bytes) until `mb_strlen()` returns a smaller number and then try `wp_check_invalid_utf8()`. Configuration details: Tested in WordPress trunk (4.5-RC1-37153) and PHP 5.2.17 Here's my `wp_terms` structure: {{{ CREATE TABLE `wp_terms` ( `term_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) NOT NULL DEFAULT '', `slug` varchar(200) NOT NULL DEFAULT '', `term_group` bigint(10) NOT NULL DEFAULT '0', PRIMARY KEY (`term_id`), KEY `slug` (`slug`(191)), KEY `name` (`name`(191)) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; }}} See #36393 for discussion of a similar (but now-fixed) bug." cfinke Future Releases 14093 Malformed category hidden from edit-tags, but shows in meta box Taxonomy low normal defect (bug) new 2010-06-25T19:11:49Z 2019-06-04T21:26:33Z "Came from a report in IRC by xomp. In the following example, category 1's parent is category 2, and vice versa. {{{ mysql> select term_taxonomy_id, term_id, taxonomy, parent from wp_term_taxonomy; +------------------+---------+---------------+--------+ | term_taxonomy_id | term_id | taxonomy | parent | +------------------+---------+---------------+--------+ | 1 | 1 | category | 2 | | 2 | 2 | category | 1 | | 3 | 3 | category | 0 | | 4 | 4 | category | 1 | +------------------+---------+---------------+--------+ 4 rows in set (0.00 sec) mysql> select term_id, name from wp_terms; +---------+-----------------+ | term_id | name | +---------+-----------------+ | 1 | Category 1 | | 2 | Category 2 | | 3 | Category 3 | | 4 | Category 4 | +---------+-----------------+ 4 rows in set (0.00 sec) }}} On edit-tags, you'll see only Category 3. In the hierarchical meta box, you'll see: {{{ Category 3 Category 1 - Category 2 - Category 4 }}} If we decide to show corrupted data, we should be consistent. At the very least, edit-tags should reveal more than the meta box, not the other way around." nacin Future Releases 35995 Registering taxonomies for attachment mime types Taxonomy 3.5 normal normal defect (bug) new 2016-02-29T05:13:30Z 2019-06-04T21:20:43Z "I stumbled across [https://core.trac.wordpress.org/browser/trunk/tests/phpunit/tests/query/taxQuery.php#L1008 an interesting unit test] in core that led me down a bit of a rabbit hole. The test `test_tax_query_taxonomy_with_attachments()` in `phpunit/tests/query/taxQuery.php` calls: {{{#!php register_taxonomy_for_object_type( 'post_tag', 'attachment:image' ); }}} I never knew that you could register a taxonomy to a mime type, so I looked into it, but from what I've found the support seems spotty. First off, calling `register_taxonomy_for_object_type( 'post_tag', 'attachment:image' );` fails and returns `false`. As best I can tell, this is because `get_post_type_object( 'attachment:image' )` fails, since `$wp_post_types['attachment:image']` is not set. For the purposes of testing the query support, I added a taxonomy to an attachment mime type ""the hard way"" using the following: {{{#!php $GLOBALS['wp_taxonomies']['post_tag']->object_type[] = 'attachment:image'; }}} On the querying side of the equation, support seems much better. The only area that's iffy is if you register a taxonomy to the `'attachment'` post type, but pass the mime type (e.g. `'attachment:image'`) to `get_object_taxonomies()`, you won't get the registered taxonomy. Since `attachment:image` is a subset of attachment, I would expect to get all the ""attachment"" taxonomies as well. Breaking this all down, the main bug here is that '''it doesn't seem to be possible to register a taxonomy to an attachment mime type, despite there being support for this feature otherwise.''' Side note, since the unit test `test_tax_query_taxonomy_with_attachments()` fails in registering a taxonomy to an attachment mime type, the rest of this unit test probably should have failed (for a couple of reasons)." mboynes Future Releases 22511 Taxonomy manage screen checks for manage_terms and edit_terms, instead of just manage_terms. Taxonomy 3.0 normal normal defect (bug) new 2012-11-19T23:13:56Z 2019-06-04T21:07:57Z "I'm trying to set up permissions so the Contributor role can add terms but not edit or delete terms. I setup my taxonomy so it looks like this: {{{ register_taxonomy( 'custom_taxonomy', array( 'post' ), array( ... 'capabilities' => array ( 'manage_terms' => 'edit_posts', 'edit_terms' => 'manage_options', 'delete_terms' => 'manage_options', 'assign_terms' => 'edit_posts' ) ) ); }}} However, when logged in as a contributor I get the error ""You are not allowed to edit this item."" In edit-tags.php there are two checks for caps, one is for manage_terms and one is for edit_terms. I don't believe the second one should be there, because looking at the other code it should be like this: * User with manage_terms can access the main taxonomy page * They can also add terms * There are checks in WP_Terms_List_Table to restrict showing the Edit/Quick Edit/Delete links for users without those capabilities (edit_terms/delete_terms). * There is even plenty of other checks on edit_terms in edit-tags.php to include/change the content shown to the user.. if the entire page is restricted for users without edit_terms, why are any of those necessary? Even if I'm wrong on the fact that roles with edit_terms can't add new terms (it's not completely clear anywhere, it seems like manage_terms should be enough), I still think that this page should be viewable at the very least considering the other code in that page and the list table. Recommended solution: move the edit_terms check back into case 'edit' (line 121 of edit-tags.php in trunk, currently) as it was before [15491]. This was introduced in: [15441] and [15491]. Related: #14343." andrewryno Future Releases 32789 Abstract get_category_by_path into get_term_by_path Taxonomy normal normal enhancement new needs-unit-tests 2015-06-25T15:59:01Z 2019-06-04T21:15:41Z "Having a function like `get_term_by_path` would be great as currently you have to fork the `get_category_by_path` function on your own to get a term by path for any other custom taxonomy. Would there be any opposition to a patch for this? The abstracted function wouldn't house the `_make_cat_compat` usage, which would remain in the backwards compatible `get_category_by_path` function after checking to see if $category is not null." sc0ttkclark Future Releases 23422 Add query filter argument to register_taxonomy Taxonomy normal normal enhancement new needs-unit-tests 2013-02-08T12:38:35Z 2019-06-04T21:08:16Z "Following on from the #21240 ticket which introduced the show_admin_column functionality I would like to suggest an additional argument to easily add the select list query filter for a taxonomy to the post-type list. Currently a taxonomy query can be added via the 'restrict_manage_posts' action and 'parse_query' filter. It would be useful to add an additional register_taxonomy argument of 'show_column_filter' to define a standard select option list of the taxonomy terms. Things like default option and hierarchy could be optional settings is an array is passed instead of boolean. " tifosi Future Releases 34173 Edit locking for term management Taxonomy normal normal enhancement new 2015-10-06T18:41:30Z 2020-03-26T17:06:12Z "If you give a WordPress developer term meta, they'll want to add fields to the term edit page. If there are numerous editable fields on the term edit page, then WordPress should make sure User B's changes don't accidentally override User A's changes. Related #32202" danielbachhuber Future Releases 33975 Improve capabilities management when registering custom taxonomy Taxonomy normal normal enhancement new needs-unit-tests 2015-09-23T12:02:12Z 2019-06-04T21:17:04Z "Currently we have such caps when using `register_taxonomy()` [https://codex.wordpress.org/Function_Reference/register_taxonomy#Arguments codex]: {{{ 'manage_terms' - 'manage_categories' 'edit_terms' - 'manage_categories' 'delete_terms' - 'manage_categories' 'assign_terms' - 'edit_posts' }}} IMO, setting `manage_terms` to false block access to page (cheating message), setting `edit_terms` to false displays this message: ""You are not allowed to edit this item."", which is very odd. Editing means editing, So I should not be able to use Quick Edit and Edit links (they should be hidden). Also, I propose to add a `create_terms` capability maping - for displaying the add term form and giving ability to create them, separately from editing/deleting. Related: #22511" slaFFik Future Releases 27079 Very long waiting if we have a lot taxonomy terms. Taxonomy normal normal enhancement new 2014-02-09T20:10:10Z 2019-06-04T21:10:31Z "I've observed a very very long waiting if we have a lot taxonomy terms (8K in my case) when i open a new post, my browser (Chrome 32) froze while 50 sec before to generate all
  • categories. Other problem, in my category taxonomy page who lists 20 first items per default (excellent for fast loading) BUT in same time, it generates the parent drop-down with ALL cats ! Same thing above, browser froze a few seconds.. Maybe would be interesting to use ajax instead ?" QuarkSEO Future Releases 29852 wp_update_term() should use wp_insert_term() internally Taxonomy 2.3 normal normal enhancement new 2014-10-03T16:59:38Z 2019-06-04T21:12:37Z "`wp_update_term()` and `wp_insert_term()` have a large amount of overlapping functionality. Things like argument sanitization, `term_exists()` checks, parent and alias_of validation, and even some hook names are shared between the two. Having the logic separate means twice the unit tests and twice the bug fixes for shared functionality. (See #29848 for an example.) This, in turn, has the potential to hold up future refactoring (#5809). As much as possible, the duplicate logic should be pulled out of `wp_update_term()`. Update-specific validation should take place there, and then call `wp_insert_term()` with a `term_id` or `term_taxonomy_id` param. (Suggestions for syntax are welcome.) In `wp_insert_term()`, break out the logic specific to the creation of new terms, and only run it when no existing term ID is passed to the function. Then, choose whether to run `$wpdb->update()` or `$wpdb->insert()` as appropriate." boonebgorges Future Releases 51280 wp_register_sitemap_provider() breaks sitemap functionality if provider name contains a dash (-) pbiron Sitemaps 5.5 normal minor Future Release defect (bug) assigned 2020-09-09T16:32:32Z 2023-07-12T09:47:19Z "The announcement post for the functionality (https://make.wordpress.org/core/2020/07/22/new-xml-sitemaps-functionality-in-wordpress-5-5/) includes the following snippet: wp_register_sitemap_provider( 'awesome-plugin', $provider ); However, I believe that the name doesn't work in practice. From my experiences, using a dash in the sitemap provider name causes the following: The map is listed on the index, but when trying to view it, you just view your site's home page (not a 404, and not anything sitemappy). If you register the provider with the name 'awesome-plugin', render_sitemaps() sees the following data: $sitemap => 'awesome' (Expected: 'awesome-plugin' ) $object_subtype => 'plugin' (Expected: null ) and then it returns early due to if ( ! $provider ) As another test, I tried simply changing the name of Core's User Sitemap from 'users' to 'foo-users' and got the same result. The map was listed on the index, but when trying to browse it, you just see your site's home page (not a 404). Doing some debugging, render_sitemaps sees the following data: $sitemap => 'foo' $object_subtype => 'users' and then it returns early due to if ( ! $provider ) " MadtownLems Untriaged tickets (that need a patch) 47266 Template of shutdown handler for fatal errors should not be displayed for CLI scripts Site Health 5.2 normal normal Awaiting Review defect (bug) new 2019-05-14T17:27:13Z 2019-06-24T16:10:01Z "When running a CLI script that has a syntax error, the template's raw HTML and CSS are output to the command line. I don't think that the shutdown handler for fatal errors should be loaded in a CLI context; instead, the default PHP behavior should be used instead. This should handle the case where the CLI script is being run through WP-CLI, and also older scripts that were built before WP-CLI existed, which just load WP manually (i.e., check `'cli' === php_sapi_name()` rather than `defined( 'WP_CLI' )` )." iandunn Untriaged tickets (that need a patch) 52945 wp_cache settings not recognized in site health / plugins Site Health 5.7 normal normal Awaiting Review defect (bug) new reporter-feedback 2021-03-30T23:19:14Z 2021-03-31T00:09:12Z "maybe only a false positive message: wp_cache is set to false (must set to true for wprocket). and in plugins (drop in): advanced-cache.php inactive (needs wp_cache true in wp-settings.php) I did manually downgrade to wp 5.6.2 (without changing anything) and the errors disappears." pwallner Untriaged tickets (that need a patch) 50055 Add more user-actionable information to the timezone health check Site Health 5.3.1 normal normal Awaiting Review enhancement new 2020-05-02T14:17:36Z 2020-06-15T20:14:58Z "The timezone health check added in #48692 is very handy, but it doesn't provide much information for a user to action to remedy the issue. Other health checks, such as the error display health check, provide a link to more information on the support handbook. It would be great to: * Get a page added to the support handbook about `date_default_timezone_set()` and how you can go about finding and removing it from your site * Adding a link to this page in the timezone health check" johnbillion Untriaged tickets (that need a patch) 57159 Add scheduled events in the site health report. Site Health normal normal Awaiting Review enhancement new dev-feedback 2022-11-21T10:18:15Z 2023-01-31T18:34:13Z "Hello, Do you think it should be possible to have a list of scheduled events in the Site Health report ? Having this information may help to debug some ""strange"" behaviour. Thank you" sebastienserre Untriaged tickets (that need a patch) 47210 Allow html on site health titles and description Site Health 5.2 normal minor Awaiting Review enhancement new dev-feedback 2019-05-10T07:37:41Z 2022-09-05T20:27:28Z "Hello there, In /wp-admin/site-health-info.php#L115 we have this: {{{ }}} So we don't allow HTML content ? why!? I propose the usage of wp_kses_* to allow clean html content. Also line#141 we have this: {{{ printf( '

    %s

    ', $details['description'] ); }}} We clearly allow any html, so I propose to sanitize using wp_kses_* too, we don't want embed/iframe/script here right? Thank you for your feedback." juliobox Untriaged tickets (that need a patch) 51527 Debugging in Multisite context: list of plugins Site Health normal normal Awaiting Review enhancement new dev-feedback 2020-10-15T06:41:03Z 2020-10-19T16:24:15Z "Hello, On site Health in Multisite context, it could be cool to know if a plugin is site activated or network activated. I'm currently debugging a conflict and I've deactivated all plugins. I'm reactivating one by one with the Site Health Active plugin list, but now I have activated all site plugin, several are network only and I have to re-check all one by one because it's not in the report. Should be good to add in the plugin line ""network activated"" by example as it is in the plugin list" sebastienserre Untriaged tickets (that need a patch) 59070 child theme should not be counted as additional theme Site Health 6.3 normal normal Awaiting Review enhancement new 2023-08-11T10:45:27Z 2023-10-25T00:28:15Z "Child theme should be notified as sub-theme, and not additional theme. If you have installed 2 theme, like Twenty Twenty-Three and Beelove+Beelove child, WP notified it is 3 theme and in notification is: 👉Your website has 3 themes installed, in the latest versions. Your website has 1 inactive theme besides Twenty Twenty-Three, the original WordPress theme, and Beelove_Custom, your active theme." MMZx Future Releases 54351 Checking for temp update directories may throw warnings Site Health 6.0 normal normal Future Release defect (bug) new dev-feedback 2021-10-31T15:47:41Z 2022-04-04T05:25:30Z "in [51815] the Site Health function `get_test_update_temp_backup_writable` was introduced, which is meant to check if upgrade directories exist, and are writable. When visiting the Site Health screen in a scenario where `WP_Filesystem` uses `ftpext` for manipulating the filesystem, this causes multiple warnings as the various calls to check for directories, and if they are writable, are causing PHP's `ftp_*` functions to fire, when there may not be a valid FTP connection available. (see [https://github.com/WordPress/wordpress-develop/blob/07ad6efdf7157d22424496d39d8c5635f28ecfbb/src/wp-admin/includes/class-wp-site-health.php#L1968-L1978 class-wp-site-health.php:1968-1678] I wonder if the best solution here might be to inject a connection call, which could then be used to determine if any other fields should be checked, or revert to a default value, I'm thinking along these lines: {{{#!php $filesystem_is_connected = $wp_filesystem->connect(); $wp_content = ( $filesystem_is_connected ? $wp_filesystem->wp_content_dir() : false ); $upgrade_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade"" ) : false ); $upgrade_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade"" ) : false ); $backup_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade/temp-backup"" ) : false ); $backup_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade/temp-backup"" ) : false ); $plugins_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade/temp-backup/plugins"" ) : false ); $plugins_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade/temp-backup/plugins"" ) : false ); $themes_dir_exists = ( $filesystem_is_connected ? $wp_filesystem->is_dir( ""$wp_content/upgrade/temp-backup/themes"" ) : false ); $themes_dir_is_writable = ( $filesystem_is_connected ? $wp_filesystem->is_writable( ""$wp_content/upgrade/temp-backup/themes"" ) : false ); }}} It should be noted that by providing `false` as the default value for all fields, we are essentially marking this check as valid, which may not be true at all, because if WordPress can't connect to the filesystem, it should instead be a failed test. The directories should probably be considered non-writable if they can't even be reached, this needs different logic further into the checks as well? This may still lead to a warning as well, if the `connect()` function is missing variables, in testing where no information is provided, it only complained about a missing hostname, we'll handle that in a separate ticket for the Filesystem API component." Clorith Future Releases 53024 List https functionality health check failures as critical Site Health 5.7 normal normal Future Release enhancement assigned 2021-04-12T23:36:30Z 2021-11-10T14:06:47Z "In #52783 site health check https failures were reduced to warnings pending some documentation improvements due to false negatives increasing the load on hosting companies' tech support teams. This follow up ticket is to return the warning level to critical with the following considerations: * Fine tune when failures should report warnings or critical errors * Improve documentation on WordPress.org to avoid overburdening hosting support teams * Link to WordPress.org documentation as a primary call to action rather than contacting the user's host. " peterwilsoncc Future Releases 43989 "Allow plugin searches to be filtered by ""Requires PHP"" version information" Site Health normal normal Future Release task (blessed) new needs-unit-tests 2018-05-07T14:24:41Z 2019-06-24T16:10:01Z "**Note: This ticket is a subtask for the overarching #40934 ticket.** If plugins now start making use of the ""Requires PHP"" version information in their plugin header, we should make sure that plugin searches can be filtered by their required PHP version. This might include changes to the indexing infrastructure (indexing that information and allowing indexed queries against it) as well as changes to the UI (giving users the possibility to either use search flags in text form or faceted search mechanisms to communicate such a query." schlessera Future Releases 47880 Extend unit tests for Site Health component. Site Health 5.2 normal normal Future Release task (blessed) new needs-unit-tests 2019-08-15T00:49:49Z 2020-07-06T23:20:09Z "A file for site health check unit tests has been added in `tests/phpunit/tests/site-health.php`. At the time of writing it only includes tests for various states of cron, expanding these would help with future development of the component." peterwilsoncc Untriaged tickets (that need a patch) 57790 Parsing of Shortcode Attributes: bug locating a final attribute Shortcodes 6.1.1 normal normal Awaiting Review defect (bug) reopened dev-feedback 2023-02-22T19:00:16Z 2023-02-28T12:38:15Z "`shortcode_parse_atts()` uses the `get_shortcode_atts_regex()` pattern to return all `attribute=""value""` matches, however the pattern does not account for shortcode strings where the final attribute pair does not have a space between `""` and `]` \\ \\ {{{ shortcode_parse_atts('[shortcode-name category=""banana-stand"" money=""yes""]'); //no space }}} returns {{{ Array( [0] => [shortcode-name [category] => banana-stand [1] => money=""yes""] ) }}} \\ whereas \\ {{{ shortcode_parse_atts('[shortcode-name category=""banana-stand"" money=""yes"" ]'); //has space }}} returns {{{ Array( [0] => [shortcode-name [category] => banana-stand [money] => yes [1] => ] ) }}} I ran the `get_shortcode_atts_regex()` pattern through a couple regex testers and verified that the issue is the non-capturing group conditional following the end-quote of a value. " lemernbag Untriaged tickets (that need a patch) 59509 Shortcode attributes named 0 are ignored Shortcodes 6.3.1 normal normal Awaiting Review defect (bug) new needs-unit-tests 2023-09-30T12:14:06Z 2023-10-04T10:02:59Z "Shortcode attributes in the form `0=...` are not picked up during parsing. This is because the parser checks for an empty name with `empty(..)`, which also returns true for the string `'0'`." ourous Future Releases 6984 wpautop() formats the the contents of shortcodes Shortcodes 2.6 normal normal Future Release defect (bug) new 2008-05-17T10:34:02Z 2019-04-01T10:04:10Z "`wpautop()`, the bane of my existence as a plugin developer, is at it again. Here's an example of some PHP wrapped in a valid shortcode in a post of mine: {{{ [code lang=""php""]$text = str_replace( array('

    ', '

    '), array('

    ', '

    '), $text);[/code] }}} The content that gets passed to my shortcode function is this: {{{ $text = str_replace( array('

    ', '

    '), array('

    ', '

    '), $text); }}} Expected result: it shouldn't touch the insides of valid shortcodes (like adding line breaks or anything as it is doing now)." Viper007Bond Untriaged tickets (that need a patch) 59824 PHP Warning raised in pluggable.php when passing NULL instead of a string Security 6.3.3 normal normal Awaiting Review defect (bug) new 2023-11-07T07:53:48Z 2023-11-07T07:53:48Z "The error message is related to the **hash_equals()**: Expected ''known_string'' to be a string, ''null'' given in /var/www/../wp-includes/pluggable.php on line 2577 Hackers often pass NULL when attempting to trigger a leaked server warning message while accessing **wp-login.php**. This can be easily fixed by introducing type checking in pluggable.php: {{{ function wp_check_password( $password, $hash, $user_id = '' ) { global $wp_hasher; // If the hash is still md5... if (is_string($hash) && strlen( $hash ) <= 32 ) { $check = hash_equals( $hash, md5( $password ) ); //$hash is the **known_string** and it must be of type string //The rest of the function }}} " budiony Untriaged tickets (that need a patch) 50027 Retire Phpass and use PHP native password hashing Security normal normal Awaiting Review defect (bug) new needs-unit-tests 2020-04-29T10:36:12Z 2023-10-13T01:11:52Z "PHP comes with built-in password hashing functions since PHP 5.5. Now that we have updated the minimum requirements to PHP 5.6, we can rely on PHP to provide us with password hashing mechanisms that ensures a cryptographically secure random numbers are are used for salt, and the hashes are backwards compatible. I created and maintain [https://wordpress.org/plugins/password-hash/ PHP Native Password Hash] plugin to swap WordPress's baked in Phpass with PHPs. **0.Phpass recommends to use PHP native hashing** > At this time, if your new project can afford to require PHP 5.5+, which it should, please use PHP's native password_hash() / password_verify() API instead of phpass. I propose that we upgrade the hashing mechanisms to password_hash()/password_verify/password_needs_rehash() combo. **1.We do not need to force users to change their passwords.** Phpass-hashed passwords have the signature `$P`, and the very old MD5 hashes are fewer than 32 characters long. We will inspect the signature first, and if the password is using the old standard, we will validate the password one last-time, and then use password_hash() to rehash it. From this point forward, that user is ""upgraded"" to the new mechanism. **2.Expose a filter for plugins** The plugin I maintain supports BCrypt, Argon2I, and Argon2ID for hashing. We can expose a filter that WordPress core emits so plugins can change the hashing algorithm if necessary. **3.Use BCrypt as the default algorithm** If a plugin does not take over, WordPress core will use BCrypt. BCrypt is secure, and is available in any PHP version 5.5, 5.6, 7.* and 8.*. **4.Do not remove Phpass** We will **not** remove Phpass from WordPress core. This is needed for backwards compatibility to ensure that existing users will eventually be updated. The end goal is that we seamlessly migrate active users passwords to better mechanisms without breaking functionality for existing users. Frameworks such as Drupal and phpBB (which used phpass in the past) have moved to better mechanisms since the minimum required PHP versions have been updated, and we can easily follow suit. If the maintainers agree, I would be overjoyed to collaborate on patches. " ayeshrajans Untriaged tickets (that need a patch) 57882 User that has capability to create user can make only administrator. Security 6.1.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-03-07T20:58:47Z 2023-03-07T23:58:11Z "I have user role ""Manager"" that has capabilities: add users create users delete users edit users list users remove users That users should be able to create users with different roles except administrators (they doesn't have ""promote users"" capability) When manager opens Add new user page he doesn't see dropdown with roles and created user becomes administrator." dangerd512 Untriaged tickets (that need a patch) 40237 Educate users about modern password best-practices Security normal normal Awaiting Review enhancement new 2017-03-22T17:00:51Z 2022-06-06T10:10:15Z "We've done several things over the past few years to encourage users to use stronger passwords, but we've never tried to educate them about ''why'' it's important. It's obvious to most of us, but I think it's common for the average user to think things like, ""Why would anybody want to hack into this small site I created for a non-profit?"" If someone doesn't understand ''why'' having a strong password is important, they're not going to be motivated to take any steps in that direction, and they may respond to any attempts to push them in that direction by adopting insecure workarounds to avoid it, like post-it notes stuck to their monitor with the password they reuse on all sites. It seems like educating users about the risks of weak passwords, and easy ways to follow modern best practices, could be very effective. My first thought would be something like this: 1. When a user is manually entering a password, if `zxcvbn` detects a low entropy score, then they're shown a message saying something like, `That password won't protect your account from hackers. Automated bots attempt to gain access to all accounts on the Web 24/7, no matter how small. Don't worry, though, there's an easy way to use very strong passwords, and you'll never have to type or remember them. Learn more.` 1. Clicking on `Learn more` would reveal a modal with a brief explanation of how to use password managers, with a link to a longer article (maybe [https://en.support.wordpress.com/selecting-a-strong-password/ similar to WordPress.com's], but more .org-specific). 1. The modal would also have a video embedded, since many people are more willing to watch a video than read a long article. We could put the video on WordPress.tv and subtitle it in all of the locales. That's just one idea though, does anybody have any others?" iandunn Future Releases 34041 Tying nonces to sessions breaks when users are switched Security 4.3 normal major Future Release defect (bug) new 2015-09-27T10:09:00Z 2019-06-04T18:12:27Z "Because of the way we have tied nonces to session tokens they are broken if you write code that follows the following pattern: * Code switches user using wp_set_current_user * Code generates a nonce * ...time happens * Nonce is verified for the switched user. The underlying issue is that while we are switched to the different user we still generate nonces using the session token from the current logged in users cookie. This is because wp_get_session_token only checks the cookie and either gives you back a token for the cookie or an empty string. This also means if you are authenticating by an alternative method and not setting cookies - say OAuth Authorization headers - then your nonces don't get session tokens in them at all." westi Future Releases 36087 Migration plan from insecure RNG fallback Security normal normal Future Release enhancement reopened 2016-03-04T00:08:44Z 2020-09-30T18:16:11Z "== Where we are today== WordPress uses paragonie/random_compat to polyfill PHP 7's new CSPRNG functions in PHP 5 projects, (on PHP 7 it just used the new functions directly). However, it currently catches the `Exception` that is thrown when used on an environment in which PHP cannot access the kernel's CSPRNG (usually `/dev/urandom`). If an exception is caught, it then proceeds with the old way of doing things: #28633 After nearly one year into random_compat, we've only just recently received our first complaint about an `Exception` being thrown: https://github.com/paragonie/random_compat/issues/91 (If you note, the resolution was: ""Our host made `/dev/urandom` available to us"".) == Scott's Proposal == Let's transition away from this insecure RNG fallback. Not all at once, of course. 1. Implement a telemetry feature. How many systems will trigger the fallback code in the first place? Is it negligible (i.e. less than 0.0001% of WordPress installs)? Let's call this a 4.5.0 or 4.5.1 feature. 2. If the telemetry identifies *any* systems that cause random_compat to throw an `Exception`, let's identify common points of failure. Are they all from the same webhost? Same operating system? 3. Get in touch with as many of the hosting providers as possible and help them remedy these issues. 4. Finally, once we've done everything we can, remove the fallback code entirely. Let's call this a 4.6.0 or 5.0.0 feature, for the sake of argument. (Tagging @dd32 since he's my usual point of contact for these discussions.)" sarciszewski Future Releases 51438 Use CSP directive upgrade-insecure-requests when using HTTPS Security 5.7 normal normal Future Release enhancement new needs-unit-tests 2020-10-02T20:08:07Z 2021-11-09T00:01:22Z "While looking at ways on how to streamline HTTPS support in WordPress core, [https://core.trac.wordpress.org/ticket/47577#comment:4 one suggestion has been to include a `Content-Security-Policy` directive of `upgrade-insecure-requests`] for sites using HTTPS. This directive would ensure that browsers automatically replace (old) insecure requests for inline content (e.g. images) to use HTTPS (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests). This could be as simple as injecting `` into `wp_head` for sites that use HTTPS (see `wp_is_using_https()` from #47577). Alternatively, since this is mostly beneficial for sites that may still (""accidentally"") have insecure URLs in their content after migrating from HTTP to HTTPS, it might make sense to rely on `wp_should_update_insecure_urls()` from #51437 instead." flixos90 Future Releases 52388 Use HTTPS URL already during installation if supported Security normal normal Future Release enhancement new needs-unit-tests 2021-01-28T03:06:59Z 2021-01-28T03:06:59Z "Following up on #51437, WordPress should try to check already during installation whether the current domain and server can be used over HTTPS. If so, it should suggest to use the HTTPS version of the URL by default. This was originally brought up by @westonruter in https://core.trac.wordpress.org/ticket/51437#comment:1, but was out of scope for that ticket which focuses on migration from HTTP to HTTPS." flixos90 Untriaged tickets (that need a patch) 34591 "BugFix to WP_Scripts::do_item(), remove doubled ""//""" Script Loader 4.3.1 normal normal Awaiting Review defect (bug) new needs-unit-tests 2015-11-05T11:01:37Z 2017-02-05T09:08:07Z "Current code in `do_item()` of class.wp-script.php on line 172: {{{ $src = $this->base_url . $src; }}} may produce duplicate slashes `""//""`, resulting in problems. This might be fixed with code: {{{ $src = $this->base_url . $src; }}} Currently: * WP_Scripts contains: `""public $base_url; // Full URL with trailing slash""` and * script-loader.php contains calls `$scripts->add()` with initial `""/""` in relative paths Together this produces doubled slashes `""//""`. For example: http://www.ocelovehaly.cz/ll//wp-includes/js/jquery/jquery.js?ver=1.11.3 This makes W3TC include script in minified version, but not to remove it from the original HTML. Including jQuery twice makes LayerSlider not to work. Please, could you bugfix class.wp-script.php on line 172? Thank you :-)" jan.mazanek Untriaged tickets (that need a patch) 54956 "[5.9] wp_block_type args - ""style"" and ""script"" are always loaded on Frontend" Script Loader 5.9 normal normal Awaiting Review defect (bug) new needs-unit-tests 2022-01-27T17:15:29Z 2022-07-19T13:58:22Z "Before 5.9 - `style` and `script` are loaded when the block is added to specific page. After 5.9 - `style` and `script` are always loaded, on all pages, all the time, everywhere, regardless if the block is displayed on specific page or not. More info about my use case: - `style` and `script` both reference a registered script/style, which have multiple dependencies (`wp_register_style` has `$deps` array defined that references more registered styles) Temporary fix I did to the client code: - Replacing `style` and `script` with `styles` and `view_script` fixed the issue However this ""fix"" requires specific WP Core version - 5.8.3 should use `style` and `script`, while 5.9 should use `styles` and `view_script`." pkostadinov Untriaged tickets (that need a patch) 58075 wp_enqueue_scripts action not firing at the right time with block themes Script Loader 6.2 normal major Awaiting Review defect (bug) new 2023-04-04T05:01:44Z 2023-05-26T09:44:21Z "How to reproduce: Use this piece of code somewhere in the (child) theme or a plugin {{{#!php > This feature only works on the front end, not within the wp-admin area, is this intentional? > > It's not. Feel free to add a new ticket to add hooks for the admin." johnbillion Future Releases 37756 Allow inline scripts on script aliases Script Loader 4.5 normal normal Future Release defect (bug) new needs-unit-tests 2016-08-21T06:46:10Z 2019-12-13T22:21:50Z "It appears if {{{add_inline_script}}} is called on {{{jquery}}} then it gets ignored, and requires to use {{{jquery-core}}} The same may apply to styles but not tested. Inline scripts should work on both the main script and the aliases. " pcfreak30 Future Releases 15833 Script concatenation fails to take external dependencies into account. Script Loader 3.0 normal normal Future Release defect (bug) new 2010-12-15T17:35:17Z 2019-05-21T10:42:05Z "Script concatenation places the concatenated script include first, before any scripts loaded separately. If one of the scripts in the concatenation relies on a script outside the concatenation the dependency order is ignored. When the dependencies are all internal to the concatenation things work fine (for example script4 relies on script3): * concat=script1,script2,script3,script4,script5 But when script3 is loaded externally, script4 will break: * concat=script1,script2,script4,script5 * external-script3 This becomes apparent if jQuery is loaded from a non-standard location (via a plugin or the [http://codex.wordpress.org/Function_Reference/wp_enqueue_script#Load_a_default_WordPress_script_from_a_non-default_location code from the Codex]) in that the visual editor fails to function correctly because source:/trunk/wp-admin/js/editor.js uses jQuery (which it fails to register as a dependency, see ticket:15830, but when I fixed that locally the results were the same). I'm working around this in [http://wordpress.org/extend/plugins/use-google-libraries/ Use Google Libraries] by globally disabling concatenation, but it would be nice if this was fixed. If possible, it would be nice if the loader was smart enough to do something like: * concat=script1,script2 * external-script3 * concat=script4,script5 Or at least flagged the script with the dependency as unsafe for concatenation: * concat=script1,script2,script5 * external-script3 * script4 " jczorkmid Future Releases 49470 Script loader: simplify maintenance Script Loader 5.0 normal normal Future Release defect (bug) new 2020-02-18T22:11:18Z 2020-07-21T19:03:13Z "The main functionality of script-loader is to provide a list of all WordPress scripts and stylesheets together with their dependencies, translation objects and extra/inline code. During the WP 5.0 development a few (shorthand) functions were introduced that output hard-coded data used to ""construct"" that list by running several loops instead of the simpler, one-line definitions like in the pre-existing list. This makes it harder to ""see"" and maintain the entries in the list, and doesn't bring any benefits (all data is still hard-coded, but is now in separate places). It also makes it harder to ""dynamically"" extract and construct the scripts list like in #48154. For best results and easier maintenance the ""helper functions"" introduced in WP 5.0 should be removed and the list of scripts in `wp_default_scripts ()` should include all entries." azaozz Future Releases 51317 Remove deprecated JavaScript i18n globals Script Loader 5.5.1 normal normal Future Release enhancement new early 2020-09-16T00:35:58Z 2021-05-25T22:55:27Z "Background: #51123 [48923] added backward compatibility for JavaScript i18n globals and properties deprecated in WordPress 5.5. Per the corresponding [https://make.wordpress.org/core/2020/09/01/deprecated-javascript-globals/ dev note on make/core], the plan is to remove this fallback code in two major versions, so it should be deleted in WordPress 5.7. This gives plugin and theme developers ample time to remove the conflicting code and switch to using `wp.i18n`. This ticket serves as a reminder to address this in 5.7." SergeyBiryukov Future Releases 60597 Script Modules API: Allow list of enqueued module data to be exposed Script Loader trunk normal normal 6.6 enhancement new 2024-02-21T23:24:22Z 2024-03-01T12:30:33Z "There's no means for a plugin to fetch a list of registered or enqueued script modules for debugging purposes from the Script Modules API as there is from the existing Scripts Dependencies API. Most likely the `get_import_map()`, `get_marked_for_enqueue()`, `get_dependencies()`, and `get_versioned_src()` methods of the `WP_Script_Modules` should be made public to facilitate this." johnbillion Future Releases 26113 Create a WordPress-specific, dependable reference to the WP-bundled jQuery object. Script Loader normal normal defect (bug) new 2013-11-19T16:46:11Z 2019-06-04T21:09:37Z "When enqueueing jQuery for use on the front end of a site in a plugin or theme, a common concern is that the theme or another plugin has injected its own version of jQuery (probably an older version). This causes no end of support headaches for me as a plugin author. I've recently taken drastic measures in one of my plugins: I'm hooking in to `wp_enqueue_scripts` at -9999 and starting a buffer, then collecting it at `wp_head` 9999. I'm looking for the WP-included jQuery script tag, and then inserting this immediately after it: `` Then in my JS, I do: {{{ ;(function (w) { var jQ = w.jQueryWP || w.jQuery; // my jQuery code here, using jQ })(window); }}} I think that having a dependable reference to WP's jQuery object would be quite useful. One way to solve it would be to just add the line to our copy of jQuery. But that will cause issues with people who use well-behaved CDN plugins to swap out WP's jQuery for a Google-hosted copy of jQuery (note: THE SAME VERSION). So maybe a better way to do it would be to create a way to append inline JS code immediately after the inclusion of a particular script handle. We could then do what I'm doing in my plugin, but without the nasty PHP output buffers. " markjaquith Future Releases 20558 allow wp_localize_script data to be added to existing objects Script Loader 3.3 normal normal enhancement new dev-feedback 2012-04-27T16:44:03Z 2019-06-04T21:07:31Z "Re: WP_Scripts::localize() located in wp-includes/class.wp-scripts.php Currently when `WP_Scripts::localize()` handles the printing of wp_localize_script data to JavaScript, it starts the string with a `var` declaration, like this: {{{ $script = ""var $object_name = "" . json_encode($l10n) . ';'; }}} Because this is printed in the global scope, it becomes a global variable regardless of whether it's preceded by `var`. As far as JavaScript is concerned the above string would be equivalent to: {{{ $script = $object_name . ' = ' . json_encode($l10n) . ';'; }}} or {{{ $script = 'this.' . $object_name . ' = ' . json_encode($l10n) . ';'; }}} or {{{ $script = 'window.' . $object_name . ' = ' . json_encode($l10n) . ';'; }}} But I suppose it's possible thru hooks to make it so that the localization data prints outside of the global scope, in which case you might want the `var` to be there (if it we're wrapped in a closure). So I think the '''overall best solution''' would to check if the `$object_name` contains a period `.` character. If it does, omit the `var`. In other words, make it so that: {{{ wp_localize_script('myplugin', 'myPluginData', $object ) }}} would print: {{{ var myPluginData = {...}; }}} but that: {{{ `wp_localize_script('myplugin', 'myPlugin.data', $object )` }}} would print: {{{ myPlugin.data = {...}; }}} By default the localization data runs before any enqueued scripts, in which case `myPlugin` would not yet be defined, but we should leave that for the JavaScript dev work out. My point is that the flexiblity should be there. Another route would be to apply a filter on that line but I don't think a filter is necessary if the above change is made." ryanve Untriaged tickets (that need a patch) 50123 Roles & Caps: give anonymous users the `read_post` meta cap for public posts. Role/Capability normal normal Awaiting Review defect (bug) new needs-unit-tests 2020-05-07T23:30:23Z 2024-01-26T07:45:24Z "The meta capability `read_post` is used to determine if a user is permitted to read a post. For public posts (ie, both a public post type and public post status), it returns the `$post_type->cap->read` as the required primitive capability. As logged out users do not have any primitive capabilities, this causes `current_user_can( 'read_post', $post_id )` to return a false negative for logged out users wishing to read a public post. **Approach one:** For public posts the `read_post` meta capability returns an empty array of primitives. **Approach two:** Logged out users are given the `$post_type->cap->read` capability for public post types. **Approach three:** WP gives logged out users the `read` primitive capability, if a developer uses an alternative primitive for public custom post types, then the developer is responsible for ensuring anonymous users have the capability. **Notes:** * ~~Private multisite sites should not allow logged out users to see such posts~~ ''Edit: removed as it's not a core feature of Multisite'' * Many, many unit tests will be required " peterwilsoncc Untriaged tickets (that need a patch) 49345 User with admin privileges cannot edit some pages/posts Role/Capability 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-02T20:05:29Z 2020-02-02T20:05:29Z "It happened to me when I deleted the admin user with ID = 1 and moved all its posts and pages to another user with admin privileges. As soon as I did it, some older pages could not be edited anymore (only seen or deleted). In order to regain control of those pages, I had to patch wp-includes/capabilities.php as follows: {{{ function current_user_can( $capability, ...$args ) { $current_user = wp_get_current_user(); if ( empty( $current_user ) ) { return false; } if ($current_user->has_cap(‘create_users')) return true; // line added return $current_user->has_cap( $capability, ...$args ); } }}} " malamiao Untriaged tickets (that need a patch) 47338 is_super_admin() should check a different capability Role/Capability normal normal Awaiting Review defect (bug) new 2019-05-21T14:07:18Z 2019-09-23T09:56:35Z "Currently is_super_admin() returns true in case the user has the delete_users cap (in case of a single site). Since admins may want to delegate users managemente capability, IMHO a more appropriate capability to check is 'activate_plugins' or, better, check more than a single capability." lllor Untriaged tickets (that need a patch) 43421 The $capabilities argument in the `add_role()` function is incompatible with `user_can` Role/Capability 4.9.4 normal normal Awaiting Review enhancement reopened needs-unit-tests 2018-02-26T17:19:26Z 2018-03-20T17:21:03Z "Reproduce: Add a role to WP using `add_role()`, and pass it custom capabilities using the third argument. Like: {{{#!php add_cap($cap); } }}} And repeat testing, it returns true as expected. This has to do with how the caps are saved. The first way, when capabilities are retrieved in `WP_User::has_cap()`, they look like this: {{{#!php ""read"", [1]=> ""my_cap"", [""my_new_role""]=> bool(true) [""exist""]=> bool(true) } }}} And when done via `add_cap`, they look like this: {{{#!php bool(true) [""my_cap""]=> bool(true) [""my_new_role""]=> bool(true) [""exist""]=> bool(true) } }}} The subsequent `empty` array check is true for the first, and false for the second. " eclev91 Untriaged tickets (that need a patch) 23391 User in contributor role can add images to post only via the text editor Role/Capability normal normal Awaiting Review enhancement new 2013-02-05T07:34:26Z 2018-10-03T12:18:01Z "1. Create a user with contributor role 2. start new post with it 3. notice there is no ""add media"" button anywhere 4. switch to text editing 5. use the img button to insert a URL to a valid img on the web 6. request approval for the post 7. let admin/editor approve it 8. go the the post's URL and notice that the image is shown So, it is not that contributors are not allowed to use images, it is just that WP makes it hard to do so. Either HTML needs to be sanitized and have all img tags removes for contributors, or access to the media library should be allowed for contributors denying only access to uploading. I vote for the second option." mark-k Future Releases 38997 delete_private_posts capability doesn't prevent user from deleting private posts Role/Capability 4.6.1 normal normal Future Release defect (bug) assigned needs-unit-tests 2016-11-30T21:09:31Z 2019-05-25T14:02:40Z "Attempting to prevent users from deleting a published post works, but if they set a post to 'private' they can delete it even if 'delete_private_posts' capability is set to 0. {{{#!php allcaps['delete_published_posts'] = 0; // doesn't work $current_user->allcaps['delete_private_posts'] = 0; }}} ""doesn't work"" means that ""Trash"" link appears on hover over the post in edit.php and ""Move to Trash"" shows up on post.php " yboris Future Releases 33240 Introduce a capability for previewing posts Role/Capability normal normal Future Release enhancement assigned needs-unit-tests 2015-08-03T11:36:52Z 2017-07-14T19:41:15Z "In order to preview an unpublished post (ie. draft or pending), a user needs the `edit_posts` capability for that post type ([https://core.trac.wordpress.org/browser/tags/4.2.3/src/wp-includes/capabilities.php#L1174 src]). There is a valid use case where a site requires a user role which has the capability to preview unpublished posts but not edit them, for example for editorial review/sign-off, layout review, early access, etc. You can [http://wordpress.stackexchange.com/a/196209/27051 get around this by using a combination of the posts_results and the_posts filters], but this isn't very future-proof because the post results skip a bunch of logic that occurs between those two filters. A `preview_post` meta capability and a `preview_posts` primitive capability could be introduced and implemented wherever the `edit_posts` capability is used in regard to previewing unpublished posts. By default, it will simply map to the `edit_posts` capability. Thoughts?" johnbillion Future Releases 42405 Introduce singular capabilities for enabling individual themes on Multisite Role/Capability normal normal Future Release enhancement new needs-unit-tests 2017-11-01T22:14:24Z 2017-11-01T22:14:24Z "Related: #39083 The ability to enable or disable individual themes for a site from the Network Admin -> Sites -> Edit -> Themes screen should be controlled by singular capabilities. * `enable_theme` * `disable_theme`" johnbillion Future Releases 41701 Introduce singular capabilities for further management of individual plugins Role/Capability normal normal Future Release enhancement new needs-unit-tests 2017-08-22T14:14:11Z 2017-08-22T14:14:28Z "This is a follow-up to #38652 which introduced singular capabilities for activating and deactivating individual plugins. Singular capabilities should be added for controlling the ability to do the following: * Edit an individual plugin. * Delete an individual plugin. * Update an individual plugin. Low priority stretch goals which might end up in another follow-up ticket: * Edit an individual file in a plugin. * Install an individual new plugin. * Upload an individual new plugin. Network activation and deactivation for Multisite will be handled in a separate ticket." johnbillion Future Releases 41703 Introduce singular capabilities for network activation and deactivation of individual plugins Role/Capability normal normal Future Release enhancement new needs-unit-tests 2017-08-22T14:16:06Z 2020-09-20T12:12:58Z "This is a follow-up to #38652 which introduced singular capabilities for activating and deactivating individual plugins. Singular capabilities should be added for controlling the ability to network activate and network deactivate individual plugins on Multisite. See also #41701." johnbillion Future Releases 39174 Introduce network roles Role/Capability normal normal Future Release feature request new needs-unit-tests 2016-12-08T02:00:45Z 2019-03-15T02:07:55Z "We have been discussing introducing network roles during multisite office-hours several times. The original concept for roles on multisite/multinetwork was the following: ''Site Administrator < Network Administrator (currently also called ""Super Admin"") < Global Administrator < Super Admin (special access via `$super_admins` global, has all capabilities automatically)'' This ticket is about network roles in particular, but we need to figure out the entire concept we'll be going with beforehand. After the initial discussions which happened several weeks ago, I started playing around with that idea and created a plugin with network roles which is available at https://github.com/felixarntz/wp-network-roles. The details on that plugin are described in this Google doc (and are probably worth reading to understand the following discussion better): https://docs.google.com/document/d/1MWwwKmhBJookr5dEcYga4sBtCwvx-K8uSucBFx6SP9U/edit# I just had a long conversation with @johnbillion around this topic where we agreed on some ideas, disagreed on others, were entirely unsure about others. The following bullet points sum up what we talked about / which questions we raised. * The original idea of network roles was that these roles behave similar to regular site roles: They all have a set of capabilities they can perform. These capabilities can apply to either the site or network level. This allows for roles like the current ""Super Admin"" / ""Network Administrator"" that has access to everything a site administrator has, but also to any network admin functionality - however it also allows for roles like a possible ""Network Editor"" which would be the same as if a user had the ""Editor"" role on every site of the network. * Should we support both of these concepts? Or should network roles only affect the actual network admin area? If the latter, which roles would we even need in Core itself (in addition to the ""Super Admin"" / ""Network Administrator"")? This decision would also affect whether we should support inheritance of network capabilities to site capabilities or whether network roles would just be additional kind of roles for a user. An example to clarify: * First approach: The ""Super Admin"" / ""Network Administrator"" has all the capabilities a regular site administrator has, plus the network admin area capabilities (like `manage_network` or `manage_network_options`), so they automatically behave as if they were a site administrator on every site in the network. * Second approach: The ""Super Admin"" / ""Network Administrator"" role only has network admin area capabilities (like `manage_network` or `manage_network_options`), so the user also needs to have the site administrator role for each site they want to access. (probably not?) * If we support inheritance, can we handle the two kinds of roles together? A ""Network Administrator"" that has access to the network admin area is conceptually a bit different from a ""Network Editor"" who can only access all site admin areas on that network. If we find solid descriptive names, we're probably good here. For example, instead of having a ""Network Administrator"" being the role where one can access the network admin and at the same point be an administrator on all the network's sites, maybe that role should rather be called ""Network Manager"", while ""Network Administrator"" is a different role which basically means that user is an administrator on all the network's sites, but cannot access the network admin area. * We would certainly need to handle that in a slow migration path: If we introduce a network role system with a predefined set of capabilities in let's say 4.8, we write a dev-note at the same time that tells plugin authors that they now need to add their custom capabilities to the new network role because that role no longer automatically can do anything. At this point however we still keep the current super admin functionality in sync so that the role actually still can do anything. We wait until 2-3 releases later to actually remove the sync thing, which means we get rid of the `site_admin` network option and from that point on use `is_super_admin()` and `get_super_admins()` only to retrieve users specified in the `$super_admins` global. * Is this the right approach at all? Currently the ""Super Admin"" / ""Network Administrator"" can do ""anything but..."" rather than having a predefined set of capabilities. While we can address that with a migration like described above, we still need to think about whether it ''is'' the right way to do it. Maybe we need a concept like ""Role X can do anything under certain circumstances unless specifically denied"". * How should we handle Multisite / Multinetwork? Multisite is the ""easy"" thing here - for all of the changes here we need to consider Multinetwork especially, even though it is not really supported by Core at this point. * What do we think a ""Super Admin"" is? Is that a network administrator with specific capabilities, is it kind of a global administrator or is it a special thing that can do anything, thus not having a predefined set of capabilities? Core itself doesn't really know what a super admin is at this point. In most setups it is a network administrator / network manager as it's stored in a network option. But if you use the `$super_admins` global, it suddenly turns into some kind of a global administrator. Which of the two are we going to stick with for that terminology? * Can we rename the term ""Super Admin"" at all (in terms of BC)? It would probably become either ""Network Administrator"" or ""Network Manager"" depending on the approach. If we can't rename it and keep the name for the ""network administrator"" role, how are we going to handle the higher role level? This will likely become a feature project, but this ticket is for more discussion beforehand." flixos90 Future Releases 29594 Basic Cookie Authentication from External Database Role/Capability 4.0 normal normal defect (bug) new 2014-09-09T05:42:46Z 2019-06-04T21:12:21Z "Several bridges (WP plugins) linking different forum software packages rely on the wp_set_auth_cookie($user_id,0,0) to get the user logged into WordPress. With the change in WP 4.0, this single line no longer works. Instead, the user is logged into the site but can no longer publish a post or page, nor update a plugin etc. Whereas the same user would be able to do all those things in 3.9.2 and below. I've come across this issue for three different bridges. The change is the addition of the token. [Suggestion] Maybe there needs to be some instruction in the documents on how WP developers want the external authorization to happen for login plus capabilities to post. Is this a bug with just the single line (wp_set_auth_cookie) not functioning as intended or do devs expect plugin developers to use other lines of code to get the user logged in .. and authorized to publish, post, etc. ?" LPH2005 Future Releases 27670 Plugin Information tab - inaccesible without install_plugin capability Role/Capability 3.8.1 normal normal defect (bug) new dev-feedback 2014-04-04T14:01:03Z 2019-06-04T21:10:44Z "Hello, if I understand it correctly through the '''Plugin information tab''' you can also install/update plugins. But if you permit installing plugins with f.e. with add_cap(""install_plugins"", FALSE) to some user, whole '''Plugin information tab''' is '''unusable''' for him, so you cant view details, install update even if you are allowed to. I suppose the problem is in wp-admin/plugin-install.php where is {{{ if ( ! current_user_can('install_plugins') ) wp_die(__('You do not have sufficient permissions to install plugins on this site.')); }}} so maybe extending the condition above to something like this {{{ if (( ! current_user_can('install_plugins') ) && plugin_not_installed($plugin_name)) }}} could help? Thanks Jozef Repáň " FolioVision Future Releases 14986 Make WordPress roles/capabilities more secure (edit_users related) Role/Capability normal normal enhancement new 2010-09-28T20:39:03Z 2022-12-05T12:09:09Z "We've discussed this before, but after some thought, I think we can do this and make it work. Right now, the edit_users capability is the key to the kingdom. Anybody with edit_users can change their role to anything, including to something with more capabilities than they already have. Back in #6908 and #6014, this was thought about in terms of the old user levels system, which of course shouldn't be used and makes no sense. In #8770, an editable_roles filter was introduced, which allows a plugin to limit the roles that a user can change themselves too. This works for one aspect of the problem, but a) it doesn't solve the passwords problem(1), and b) it assumes that the roles are still only in one chain of command. That is to say, that all the roles have an ordering, where each role has all the capabilities of the role ""below"" it. To solve these, I think we need a capability comparison system. To wit, code that implements these two rules: 1. No user can change the role of another user to a role that has capabilities that the changing user does not also have. 2. No user can change either the role or the password of another user who has any capability that the changing user does not also have. For rule 1, this means that if Adam was to try to assign Bob a role, he would only be given the choice of assigning roles that have a subset of the capabilities Adam himself had. For rule 2, if Adam was to try to change the role or the password of Bob, he would not be able to change either unless Bob already had a subset of Adam's own capabilities. This makes the roles have a sort of definable hierarchy, where roles with lesser capabilities can be multi-faceted. I can define more than one chain of roles which are ""above"" each other in hierarchy, allowing me to build a tree of groups and users capable of different things. For things like bbPress-as-a-plugin, this sort of enforcement is going to be a must-have feature. Note 1: The ""passwords problem"" is that any user who can change another users password can easily change the password of somebody of ""higher"" rank, log in as them, and then have their capabilities. It's detectable, but in some cases, may not be so detectable. Admins who don't log in often, say. Note 2: We also need role management in core, but that's a topic for a separate day. I'm speaking only of enforcement of a security model here for now." Otto42 Untriaged tickets (that need a patch) 34683 Default .htaccess config creates rewrite infinite loops for path-based multisite installations Rewrite Rules 4.3.1 normal normal Awaiting Review defect (bug) new 2015-11-14T20:16:54Z 2020-03-27T14:11:01Z "Default .htaccess config for path-based multisite installations looks like that: {{{ RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule . index.php [L] }}} The problem is in these lines: {{{ RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] }}} `?` sign makes expression `([_0-9a-zA-Z-]+/)` optional, so rule works also for request like `http://example.com/wp-config/file.png` and basicly try to internal redirect request to the same address. If file does not exist, it creates infinite internal loops that causes internal server errors. There is no sense create rewrite rules for main site of network and site prefix should no be optional for rewrites. Correct .htaccess content should be: {{{ RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)(.*\.php)$ $2 [L] RewriteRule . index.php [L] }}} " rob006 Untriaged tickets (that need a patch) 40339 If $home_path=='wp' then WP::parse_request() will remove 'wp' from 'wp-json/wc/v1/products' in $pathinfo Rewrite Rules 4.7.3 normal normal Awaiting Review defect (bug) new 2017-04-02T13:32:06Z 2018-01-12T02:33:28Z "I have installed WordPress in a subdirectory 'wp' so $home_path is 'wp'. The statement {{{#!php pathinfo = preg_replace( $home_path_regex, '', $pathinfo ); }}} is called with arguments {{{ $home_path_regex = '|^wp|i' $pathinfo = 'wp-json/wc/v1/products' }}} and returns {{{ $pathinfo = '-json/wc/v1/products' }}} Since, $_SERVER[ 'PATH_INFO' ] is the trailing part of the path wouldn't the leading home path be already removed? Here is the $_SERVER variable: {{{ $_SERVER=Array ( [SERVER_SOFTWARE] => PHP 5.6.30 Development Server [REQUEST_URI] => /wp/wp-json/wc/v1/products [DOCUMENT_ROOT] => C:\\WWW [REMOTE_ADDR] => 192.168.1.113 [REMOTE_PORT] => 54207 [SERVER_PROTOCOL] => HTTP/1.1 [SERVER_NAME] => me.local.com [SERVER_PORT] => 80 [REQUEST_METHOD] => GET [SCRIPT_NAME] => /wp/index.php [SCRIPT_FILENAME] => C:\\WWW\\wp\\index.php [PATH_INFO] => /wp-json/wc/v1/products [PHP_SELF] => /wp/index.php/wp-json/wc/v1/products [HTTP_HOST] => me.local.com [HTTP_CONNECTION] => keep-alive [HTTP_CACHE_CONTROL] => max-age=0 [HTTP_UPGRADE_INSECURE_REQUESTS] => 1 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,en-AU;q=0.6 [HTTP_COOKIE] => wp-settings-1=libraryContent%3Dbrowse%26mfold%3Do%26editor%3Dhtml%26posts_list_mode%3Dexcerpt%26widgets_access%3Don%26post_dfw%3Don%26hidetb%3D1; wp-settings-time-1=1489742056; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_82a92e8b6fd4f1e7bd35e69acfebe645=mc%7C1491295996%7ClSYWOrX5ljiNvjMUuOsdx3Hqd3B4PsyM6sdhaHx3VHB%7C0f85cc8928c44377d339344bd93f970151fb018ad0623b09964e252bc6104127 [REQUEST_TIME_FLOAT] => 1491131923.8711 [REQUEST_TIME] => 1491131923 ) }}} " Magenta Cuda Untriaged tickets (that need a patch) 44773 Non Existing Child Page of Custom Post Redirects Instead of 404 Rewrite Rules 4.9.8 normal critical Awaiting Review defect (bug) new dev-feedback 2018-08-10T19:33:17Z 2020-09-11T05:07:03Z "Steps to reproduce: 1. Register Custom Post Type with hierarchical set to true (We'll call it events) 2. Create the following structure in the CPT: * Test * Test 2 * Child (Child of Test 2) 3. Go to https://localhost/events/test/child and this will redirect you to https://localhost/events/test-2/child instead of returning a 404. Extra Step: If you create a normal page of ""Test"" and try to navigate to https://localhost/test/child, it will redirect to https://localhost/test-2/child. All this was done on vanilla WordPress on Twenty Seventeen theme. {{{ function register_my_cpts_events() { /** * Post Type: Events. */ $labels = array( ""name"" => __( ""Events"", """" ), ""singular_name"" => __( ""Event"", """" ), ); $args = array( ""label"" => __( ""Events"", """" ), ""labels"" => $labels, ""description"" => ""Event overview and resource pages"", ""public"" => true, ""hierarchical"" => true, ""menu_icon"" => ""dashicons-calendar-alt"", ""supports"" => array( ""title"", ""editor"", ""thumbnail"", ""excerpt"", ""revisions"", ""page-attributes"" ), ); register_post_type( ""events"", $args ); } add_action( 'init', 'register_my_cpts_events' ); }}} " Asitha Untriaged tickets (that need a patch) 19896 Non-WP rewrites not saved on a multisite install Rewrite Rules 3.0 normal normal Awaiting Review defect (bug) new 2012-01-25T16:14:20Z 2017-08-22T14:29:46Z "The following code adds a rewrite rule which is classed as a non-WP rewrite rule because its redirect doesn't begin with `index.php`, and is stored in the `non_wp_rules` member variable of the `WP_Rewrite` class. {{{ function my_rewrite() { add_rewrite_rule( 'login/?$', 'wp-login.php', 'top' ); } add_action( 'init', 'my_rewrite' ); }}} On a single site install, this rewrite rule gets saved directly to the .htaccess file rather than being added to WordPress' internal rewrite array. On a multisite install, this doesn't happen and the rewrite rule has no effect (probably because once a site is multisite-d WordPress no longer writes to .htaccess). The rule has to be manually added to .htaccess. Likely introduced in 3.0, reproduced in 3.3 and trunk." johnbillion Untriaged tickets (that need a patch) 50726 Pagination error on 4 digit page when category and year are in the permalink structure Rewrite Rules 5.5 normal minor Awaiting Review defect (bug) new 2020-07-21T17:40:38Z 2020-07-21T17:40:38Z "When looking at a category archive page where the page number has four digits, and the permalink structure has the category and year in it, WordPress lumps together the category name and the ""page"" part of the URL and assumes that the number refers to the year of publication. Steps to reproduce: 1) Update the permalink structure to /%category%/%year%/%monthnum%/%day%/%postname%/ 2) Create a category 3) Create and assign enough posts and/or update posts per page to generate at least 1000 pages. 4) Navigate to page 1000 or greater. Even though the resulting URL would be /%cat%/page/1000/, WordPress will assume that the category name is ""%cat%/page"" and that the year of publication is 1,000. The correct behavior is to go to page 1,000 of the specified category, just as it works in page 999. This issue leads to 404s being generated by the standard pagination component which get flagged on search engine crawls, resulting in lower search rankings for the entire website. Here is the immediate fix I added to my website: {{{#!php is_main_query() && is_archive() && substr_count($_SERVER['REQUEST_URI'], '/page/') ) { $year = $query->query_vars['year'] ?? 0; $page = $query->query_vars['paged'] ?? 0; if ($year && !$page) { unset($query->query_vars['year']); $query->set('paged', $year); } if (isset($query->query['category_name'])) { $query->set('category_name', str_replace('/page', '', $query->query['category_name'])); } } }); }}} " elpadi17 Untriaged tickets (that need a patch) 45970 "in IIS if web.confing section and the site craches with wrong web.config" Rewrite Rules 5.0.3 normal normal Awaiting Review defect (bug) new 2019-01-13T12:12:37Z 2019-01-13T22:34:19Z "in IIS if web.confing section and the site craches with wrong web.config error (2 sections). It happens/triggers by example if you are trying to change the ""Permalink Settings"". The code responsible for this check is located in \wp-admin\includes\misc.php (line 748) {{{ // First check if the rule already exists as in that case there is no need to re-add it $wordpress_rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]'); if ( $wordpress_rules->length > 0 ) return true; }}} The fix could be to register the namespace: {{{ $xpath->registerNamespace(""x"", ""http://schemas.microsoft.com/.NetConfiguration/v2.0""); }}} and then in `$xpath->query` to check also for `/x:configuration/x:system.webServer/x:rewrite/x:rules/x:rule[starts-with(@name,\'WordPress\')]` In this way it works without problem and does not break the site." boychev Untriaged tickets (that need a patch) 19493 post and archive pagination don't work with custom endpoints Rewrite Rules 2.1 normal normal Awaiting Review defect (bug) new 2011-12-09T23:55:09Z 2018-01-25T20:22:02Z "Archive pagination and post pagination are not endpoint-aware, so they break when endpoints are added to them. The following example code creates an endpoint, and then uses a filter to add that endpoint to various links on the rendered page: {{{ add_action( 'init', function() { global $wp_rewrite; add_rewrite_endpoint( 'foo', EP_ALL ); $wp_rewrite->flush_rules(false); } ); add_filter( 'post_link', 'gist_add_endpoint_to_url', 99 ); add_filter( 'get_pagenum_link', 'gist_add_endpoint_to_url', 99 ); function gist_add_endpoint_to_url( $url_base ) { $endpoint = 'foo'; $url_parts = parse_url( $url_base ); $url = ( isset($url_parts['scheme']) && isset($url_parts['host']) ) ? $url_parts['scheme'] . '://' . $url_parts['host'] : ''; $url .= isset($url_parts['path']) ? $url_parts['path'] : ''; $url = user_trailingslashit( $url ); if ( '' === get_option('permalink_structure') ) { $url .= isset($url_parts['query']) ? '?' . $url_parts['query'] : ''; $url = add_query_arg( $endpoint, 'true', $url ); } else { $url .= $endpoint . '/true'; $url = user_trailingslashit( $url ); $url .= isset($url_parts['query']) ? '?' . $url_parts['query'] : ''; } $url .= isset($url_parts['fragment']) ? '#' . $url_parts['fragment'] : ''; return $url; } }}} You'll see that it works perfectly using the theme unit test, except that paginated posts produce URLs like this: http://example.com/2008/09/layout-test/foo/true/2/ ...which doesn't work. The inverse -- http://example.com/2008/09/layout-test/2/foo/true/ -- also doesn't work, and produces a 404 on top of it. Also, the older posts / newer posts produce this format of link: http://example.com/page/2/foo/true/ .. .which also doesn't work. If you change gist_add_endpoint_to_url() to add a querystring param, older posts/newer posts links work fine, but post pagination still breaks: {{{ function gist_add_endpoint_to_url( $url_base ) { $endpoint = 'foo'; $url_base = add_query_arg( $endpoint, 'true', $url_base ); return $url_base; } }}} If you don't use a permalink structure at all, it works fine, since the pagination params are passed directly in the URL. I'm not sure if the fix lies in modifying add_rewrite_endpoint() so that it creates pagination urls in wp_rewrite, or modifying the way _wp_link_page() and get_next_posts_link() work. " mintindeed Future Releases 20520 Author Page Pagination Broken When Removing /author/ Slug Rewrite Rules 3.3 normal normal defect (bug) new 2012-04-23T04:16:03Z 2019-06-04T21:07:29Z "WP 3.3.1 Multisite Permalink setup: /author/post-name - If the request is ""domain.com/authorname"" the authors page pagination link is broken. - If the request is ""domain.com/author/authorname"" the authors page pagination link works fine." rbaccaro Future Releases 26885 Path Based Multisite Rewrite rule absolute path without trailing slash Rewrite Rules 3.8 normal normal defect (bug) new 2014-01-20T16:06:31Z 2019-06-04T21:10:12Z "The .htaccess rewrite rules generator output the absolute path to the files, but there is missing a slash at the begining to use it as absolute. I've seen the same problem at http://wordpress.stackexchange.com/questions/77818/multisite-configuration-fails-with-css-js-files The solution is to make it relative, or to add a ""/"" at the beggining of the two rewrite rules. I think the .htaccess code generated can be fixed for future users." skalex Future Releases 16832 Trouble if the slug of a custom taxonomy is the same as the url of page/post Rewrite Rules 3.1 normal normal defect (bug) new 2011-03-11T11:50:43Z 2019-06-04T21:06:35Z "I got some troubles with the 3.1 version of WordPress concerning the slug of custom taxonomy. '''An example that work in 3.0.5'''[[BR]] www.example.com/agency (url of a page)[[BR]] www.example.com/agency/john-smith (url of a custom type's detail) Apparently having the same ""folder"" 'agency' only works for one or the other url but not both. Hope I made myself clear." LucasHantz Future Releases 20109 Valid htaccess rule causes 404 after upgrade to 3.3.1 Rewrite Rules 3.3.1 normal normal defect (bug) new 2012-02-24T06:26:42Z 2019-06-04T21:07:25Z "On 2/18/2012, I upgraded WP from 3.2.1 to 3.3.1. on www.denverhomevalue.com. I later noticed that Google webmaster tools started reporting 404 errors on lots of pages that were fine before. WP was still returning the proper pages and content, not my custom 404 page, so the issue was not readily apparent except in WMT reports. Running http header response checkers confirmed 404 responses, despite good contents being returned. Deleting sections of the htaccess file until the problem went away, the issue was isolated to two rules meant to escape following rewrite rules on certain urls: {{{ RewriteRule ^city(.*) - [L] RewriteRule ^areas(.*) - [L] }}} These were the same family of urls that started returning 404s after 3.3.1 upgrade. These rules were in place since 12/5/2011, with WP 3.2.1 and never caused a problem. I was able to revert a backup of the site to 3.2.1, on the same exact server environment, and confirm that these same valid htaccess rewrite rules were not a problem in that release." ronnieg Future Releases 35916 WP_Rewrite::generate_rewrite_rules() ignores boolean $endpoints / $feed parameters for CPT Rewrite Rules normal normal defect (bug) new needs-unit-tests 2016-02-23T08:34:12Z 2019-06-04T21:20:24Z "Hello, I'm trying to declare custom rewrite rules for a custom post type without endpoints and feeds. As result, WP ignore the endpoint flag in the WP_Rewrite::generate_rewrite_rules(). What I did is as following. I created a custom post type called 'event' with the following arguments for register_post_type() : {{{#!php array( // Array of WP post type args 'labels' => array( 'name' => 'Events', 'singular_name' => 'Event', ), 'public' => true, 'publicly_queryable' => true, 'show_ui' => true, 'show_in_menu' => true, 'query_var' => false, 'rewrite' => false, 'capability_type' => 'post', 'hierarchical' => false, 'menu_position' => 5, 'menu_icon' => 'dashicons-tickets-alt', 'supports' => array( 'title', 'editor', 'thumbnail', ), 'taxonomies' => array( 'post_tag', 'my_category', ), ); }}} Then I called {{{#!php $args_post_type = array( 'feed' => false, 'paged' => false, 'ep_mask' => EP_NONE, 'endpoints' => false, ); add_permastruct('events', 'events/%event%', $args_post_type); }}} The resultings rewrite rules are : {{{ 'events/[^/]+/attachment/([^/]+)/?$' => string 'index.php?attachment=$matches[1]' (length=32) 'events/[^/]+/attachment/([^/]+)/trackback/?$' => string 'index.php?attachment=$matches[1]&tb=1' (length=37) 'events/[^/]+/attachment/([^/]+)/feed/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/attachment/([^/]+)/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/attachment/([^/]+)/comment-page-([0-9]{1,})/?$' => string 'index.php?attachment=$matches[1]&cpage=$matches[2]' (length=50) 'events/[^/]+/attachment/([^/]+)/embed/?$' => string 'index.php?attachment=$matches[1]&embed=true' (length=43) 'events/([^/]+)/embed/?$' => string 'index.php?event=$matches[1]&embed=true' (length=38) 'events/([^/]+)/trackback/?$' => string 'index.php?event=$matches[1]&tb=1' (length=32) 'events/([^/]+)(?:/([0-9]+))?/?$' => string 'index.php?event=$matches[1]&page=$matches[2]' (length=44) 'events/[^/]+/([^/]+)/?$' => string 'index.php?attachment=$matches[1]' (length=32) 'events/[^/]+/([^/]+)/trackback/?$' => string 'index.php?attachment=$matches[1]&tb=1' (length=37) 'events/[^/]+/([^/]+)/feed/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/([^/]+)/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/([^/]+)/comment-page-([0-9]{1,})/?$' => string 'index.php?attachment=$matches[1]&cpage=$matches[2]' (length=50) 'events/[^/]+/([^/]+)/embed/?$' => string 'index.php?attachment=$matches[1]&embed=true' (length=43) }}} Looking at class-wp-rewrite.php, I noticed in generate_rewrite_rules() that piece of code that forces the $post flag for CTP {{{#!php if ( ! $post ) { // For custom post types, we need to add on endpoints as well. foreach ( get_post_types( array('_builtin' => false ) ) as $ptype ) { if ( strpos($struct, ""%$ptype%"") !== false ) { $post = true; // This is for page style attachment URLs. $page = is_post_type_hierarchical( $ptype ); break; } } } }}} and that piece of code that unconditionnaly add extra endpoints / feeds... for post {{{#!php // If we're matching a permalink, add those extras (attachments etc) on. if ( $post ) { // Add trackback. $rewrite = array_merge(array($trackbackmatch => $trackbackquery), $rewrite); }}} Could confirm that problem? Thanks" solo14000 Future Releases 27276 wp_rewrite_rule does not update option when it's empty Rewrite Rules 3.7 normal normal defect (bug) new 2014-03-05T09:18:38Z 2019-06-04T21:10:32Z "This bug report about possible problems with situation when deleted options still present in cache. I'm using memcache so my cache is transistient. i've been adding rewrite_rule {{{ function duke_add_endpoints() { add_rewrite_rule('...','...'); global $wp_rewrite; $wp_rewrite->flush_rules(); } add_action( 'init', 'duke_add_endpoints'); }}} and discovered that i can't get it work because of it completely absence in further $wp_rewrite references. Intrigued by that fact (especialy with hard flushing) i've been lead to ''parse_request''of class-wp and due to it's {{{ $rewrite = $wp_rewrite->wp_rewrite_rules(); }}} i guided to '''wp_rewrite_rules''' method of wp-includes/rewrite.php where discovered that rewrite_rules option is loaded from wp_options but if it's not there - it loaded from cache (bacause of get_option behaviour). {{{ $alloptions = wp_load_alloptions(); if ( isset( $alloptions[$option] ) ) { $value = $alloptions[$option]; } else { $value = wp_cache_get( $option, 'options' ); if ( false === $value ) { $row = $wpdb->get_row(.... }}} Wondering why it was not overriden by flush_rules both in wp_options and in cache i've dig into '''flush_rules''' and discovered that it operates the same method {{{ function flush_rules($hard = true) { delete_option('rewrite_rules'); $this->wp_rewrite_rules(); ....... }}} but wait... IF THE REWRITE_RULES IS NOT IN THE WP_OPTION then it still taken from cache with previous value. {{{ function wp_rewrite_rules() { $this->rules = get_option('rewrite_rules'); ///at this point the value already deleted from table but still remains in cache so get_option returns OLD value till it remain in cache for indefinite time if ( empty($this->rules) ) { $this->matches = 'matches'; $this->rewrite_rules(); update_option('rewrite_rules', $this->rules); } return $this->rules; } }}} so if your rewrite rules not in table but in cache - they probably stuck there forever till cache gets cleared. i guess it has something to infere with delete_option and situation when cache is not cleared. but i guess it's next bug to catch. " mainpart Future Releases 21374 Add core support for letting custom permalink structure for different post types Rewrite Rules 2.9 normal normal enhancement new 2012-07-25T14:42:15Z 2019-06-04T21:07:39Z "By default, custom post types uses only the'' %postname%'' permalink structure (if using pretty links and not default query variables). Currently there is no native way to easily have different permastructs for different CPT. This features should be added to the '''register_post_type()''' function, letting different permalink structure be defined to each post_type being registered. I sugget adding another new key to the '''rewrite''' array that can be passed to the '''register_post_type()''' function. i.e. - {{{ register_post_type('event',array( ...... 'rewrite' => array('slug' => 'events', 'permastruct' => '%year%/%monthnum%/%event%' ), ..... )); }}} The register_post_type function should be changed, a suggestion for such a change may be that instead of this line in the function - (post.php line#1075) {{{ add_permastruct( $post_type, ""{$args->rewrite['slug']}/%$post_type%"", $args->rewrite ); }}} This example could be used - {{{ if ( $args->rewrite['permastruct'] ) { $perma_structure = $args->rewrite['permastruct']; $wp_rewrite->add_rewrite_tag(""%{$post_type}%"", '([^/]+)', ""{$post_type}=""); $wp_rewrite->add_permastruct($post_type, $archive_slug.'/'.$perma_structure, false); } else { add_permastruct( $post_type, ""{$args->rewrite['slug']}/%$post_type%"", $args->rewrite ); } }}} In order that the structure can interpret the permastruct tags, I added also this function to filter post_type_link, it is adapted from '''get_permalink''' function in ''wp-includes/link-template.php'' - {{{ add_filter('post_type_link', 'tc_permalink', 10, 3); function tc_permalink($permalink, $post_id, $leavename) { $post = get_post($post_id); $rewritecode = array( '%year%', '%monthnum%', '%day%', '%hour%', '%minute%', '%second%', $leavename? '' : '%postname%', '%post_id%', '%category%', '%author%', $leavename? '' : '%pagename%', ); if ( '' != $permalink && !in_array($post->post_status, array('draft', 'pending', 'auto-draft')) ) { $unixtime = strtotime($post->post_date); $category = ''; if ( strpos($permalink, '%category%') !== false ) { $cats = get_the_category($post->ID); if ( $cats ) { usort($cats, '_usort_terms_by_ID'); // order by ID $category = $cats[0]->slug; if ( $parent = $cats[0]->parent ) $category = get_category_parents($parent, false, '/', true) . $category; } // show default category in permalinks, without // having to assign it explicitly if ( empty($category) ) { $default_category = get_category( get_option( 'default_category' ) ); $category = is_wp_error( $default_category ) ? '' : $default_category->slug; } } $author = ''; if ( strpos($permalink, '%author%') !== false ) { $authordata = get_userdata($post->post_author); $author = $authordata->user_nicename; } $date = explode("" "",date('Y m d H i s', $unixtime)); $rewritereplace = array( $date[0], $date[1], $date[2], $date[3], $date[4], $date[5], $post->post_name, $post->ID, $category, $author, $post->post_name, ); $permalink = str_replace($rewritecode, $rewritereplace, $permalink); } else { // if they're not using the fancy permalink option } return $permalink; } }}} On a basic check this seems to be working, but ofcourse needed to be more deubgged.. I will be happy to here if you think such a feature should be added to core." maorb Future Releases 24853 Add endpoint support to CPT archives Rewrite Rules normal normal enhancement new 2013-07-28T19:25:06Z 2019-06-04T21:08:52Z #16303 aimed to introduce an endpoint mask for CPT archives. However, the way that CPT rewrite rules are set up means that there isn't actually support for endpoints. duck_ Untriaged tickets (that need a patch) 27244 'Restore This Autosave' immediately updates a published post Revisions normal normal Awaiting Review defect (bug) new 2014-02-28T23:43:29Z 2024-02-25T19:29:55Z "The ""Restore This Autosave"" button on the revisions screen immediately replaces the post with the autosave without making it clear that that is the case. Steps to reproduce: 1. Publish a post. 2. Edit the content of the post and trigger an autosave (either by waiting two minutes or by clicking the 'Preview Changes' button). 3. Navigate away from the post editing screen. 4. Return to the post editing screen and note the message stating ""There is an autosave of this post that is more recent than the version below"". Click ""View the autosave"". 5. On the revisions screen, click ""Restore This Autosave"". 6. Note that the autosave has been published rather than simply being restored to the editing screen." johnbillion Untriaged tickets (that need a patch) 53417 The revisions endpoints provide an incorrect JSON schema Revisions 4.7 normal normal Awaiting Review defect (bug) new 2021-06-15T23:20:51Z 2021-06-15T23:29:55Z "The schema provided by the REST API endpoints for revisions at `wp/v2/posts/{id}/revisions` and `wp/v2/pages/{id}/revisions` is incorrect. The schema states that `content.protected` and `excerpt.protected` properties exist for each revision, but these properties do not exist. * [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L736 The schema is constructed here] from the parent controller for posts, which does include this property * [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L600-L604 When the content data is prepared here] the `protected` property is not included * [https://github.com/WordPress/wordpress-develop/blob/afee26086fea307c2a5c31c0e2018cb6acd598f7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php#L608-L611 When the excerpt data is prepared here] the `protected` property is not included Two options: 1. Remove the `content.protected` and `excerpt.protected` properties from the schema 2. Add the `content.protected` and `excerpt.protected` properties to the response Here is the `content` property from the schema. Note the `protected.context` property states that the property exists for all three contexts. {{{ ""content"": { ""description"": ""The content for the post."", ""type"": ""object"", ""context"": [ ""view"", ""edit"" ], ""properties"": { ""raw"": { ""description"": ""Content for the post, as it exists in the database."", ""type"": ""string"", ""context"": [ ""edit"" ] }, ""rendered"": { ""description"": ""HTML content for the post, transformed for display."", ""type"": ""string"", ""context"": [ ""view"", ""edit"" ], ""readonly"": true }, ""block_version"": { ""description"": ""Version of the content block format used by the post."", ""type"": ""integer"", ""context"": [ ""edit"" ], ""readonly"": true }, ""protected"": { ""description"": ""Whether the content is protected with a password."", ""type"": ""boolean"", ""context"": [ ""view"", ""edit"", ""embed"" ], ""readonly"": true } } }, }}}" johnbillion Untriaged tickets (that need a patch) 47518 Add an explanatory message to the Revisions screen for locked posts adamsilverstein Revisions normal normal Awaiting Review enhancement assigned 2019-06-10T15:30:43Z 2021-04-30T17:44:27Z "It's possible for a user to navigate to the revisions screen for a post that's locked due to another user editing it, and not be able to restore any revisions due to the fact that the post is locked. In this situation no message is shown on the Revisions screen that explains why the `Restore This Revision` button is disabled. Under normal operating procedure it's not easy to get to the Revisions screen for a locked post, but it is possible. A workflow related plugin, audit trail, or revisions list can make it possible to navigate directly to a revision without going via the otherwise locked editing screen. 1. User A navigates to the revisions screen for a non-locked post. 2. User B visits the editing screen for the post. 3. User A clicks `Return to editor` on the revisions screen. 4. User A chooses not to take over, and clicks `Go back`. User A is now shown the revisions screen for a locked post and the `Restore This Revision` button is disabled for all revisions but with no explanatory information." johnbillion Untriaged tickets (that need a patch) 42086 Option to view condensed diffs for post revisions Revisions normal normal Awaiting Review feature request new 2017-10-04T16:08:37Z 2020-09-01T16:16:59Z "Viewing a revision of a post which has a lot of content in it can result in a very long screen. It would be great if there was a toggle somewhere on the revisions browser so a condensed diff view was shown. The condensed view would more closely resemble a traditional VCS diff view, which highlights only the changed lines and a handful of lines above and below each change. I haven't checked to see if the `Text_Diff` library that core uses supports such diff generation, I doubt it does but I'd like to be wrong." johnbillion Untriaged tickets (that need a patch) 53942 Non-single post meta multiple value update breaks post save through REST API REST API 5.8 normal blocker Awaiting Review defect (bug) assigned 2021-08-17T13:00:31Z 2021-08-17T15:21:25Z "This is a follow-up to #52787. Same situation as in #52787, but this time while updating **non-single** meta **multiple values at once** like `{ meta: { metaKey: [1, 2, 3] } }`, REST API fires `update_multi_meta_value()`, which tries first to delete old values in the database. When no meta value is present in database, `get_metadata()` returns defaults as `$current_values` and then trying to delete them anyway (non-existent in fact). This causes `update_multi_meta_value()` to return `WP_Error('rest_meta_database_error')` on `delete_metadata()` failure. BTW, error messages could be more specific from `'Could not update the meta value of %s in database.'` to `'Could not update/delete...'` and `'Could not update/add...'`." iknowsomething Untriaged tickets (that need a patch) 53622 Query Param status default is a string value, but an array is required rachelbaker* REST API normal minor Awaiting Review defect (bug) accepted needs-unit-tests 2021-07-07T17:24:41Z 2023-02-20T21:33:06Z "The default value in the collection params that is a string. https://github.com/WordPress/wordpress-develop/blob/953e1c5f8313a89d4d3b99ab5996b4660045c976/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L2847 Really, we should make that `['publish']`. Original commit: https://github.com/WordPress/wordpress-develop/commit/ede099a7047a150a37d43a380e661b99387bce41" austyfrosty Untriaged tickets (that need a patch) 56668 REST API calls are failed when cookies are cleared from the site REST API 6.0.2 normal normal Awaiting Review defect (bug) new 2022-09-27T14:46:34Z 2022-09-27T14:46:34Z "Hi, REST API calls are failed when the site cookies are cleared from browser console. Manually logging out and Logging in again will fix the issue but WordPress should automatically prompt for login in such cases right ? Please Ignore if I am wrong. Response from API: {{{ {""code"":""rest_cookie_invalid_nonce"",""message"":""Cookie check failed"",""data"":{""status"":403}} }}} " sarathgp Untriaged tickets (that need a patch) 59558 not documented information about changes in embedded data REST API normal normal Awaiting Review defect (bug) new 2023-10-06T11:17:40Z 2023-10-06T14:14:21Z Hello. In latest wordpress become changes,after which embedded data not works properly if in request we havent any fields. I mean rest api issue see #59552 for details. I expected to see this information with detailed examples at https://developer.wordpress.org/rest-api/using-the-rest-api/linking-and-embedding/#embedding or/and at https://developer.wordpress.org/rest-api/using-the-rest-api/global-parameters/#_embed. Please not ignore my issue #59552, because i not understand how to fix this issue. Thanks. sashakozlovskiy Untriaged tickets (that need a patch) 54293 Expand functionality of themes REST API REST API 4.7 normal normal Awaiting Review enhancement new needs-unit-tests 2021-10-20T09:30:08Z 2022-06-07T11:59:12Z "Current the REST API for themes is extremely limited. It only allows for listing themes and getting the current theme. However, there are lots theme related functions that are not possible to access via this api. This includes ( but it not limited to ) - Installing new themes - Network activating theme ( multisite only ) - Network deactivating theme ( multisite only ) - Active ( switch to theme ) - Deleting theme Any themes api should allow the patterns / structure of the plugins REST API, in it's params and responses. It is also worth noting, that have a multisite element, as themes can be network activated / deactivated." spacedmonkey Untriaged tickets (that need a patch) 44694 Extra and un-neccessary query when no posts found in Posts Rest Controller REST API 4.9.7 normal normal Awaiting Review enhancement new 2018-08-01T16:46:27Z 2018-08-02T06:15:21Z "In the 'get_items' method in class-wp-rest-posts-controller.php there is some conditional logic that re-executes the query without the 'paged' param if no results are found ( line 317 ). This seems like poor logic here. The query should only be executed again IF a paged parameter has been specified in the params. I have a REST request that returns an empty array, but the query is run twice even though the results are the same. This leads to some errors for me because I'm supplying non-standard parameters and using one time filters to handle them when building the request. After the initial query my filters have been removed so when the query executes again ( un-neccessarily ) my objects in the params end up triggering notices / warnings in the WP_Query class. Long story short, this extra query should have better logic protecting it. Something as simple as: {{{#!php 1 ) { // Out-of-bounds, run the query again without LIMIT for total count. unset( $query_args['paged'] ); $count_query = new WP_Query(); $count_query->query( $query_args ); $total_posts = $count_query->found_posts; } }}} " pat@… Untriaged tickets (that need a patch) 60426 Update WP_Test_REST_TestCase::assertErrorResponse() to allow custom failure messages REST API normal trivial Awaiting Review enhancement new 2024-02-02T12:21:08Z 2024-02-23T13:31:59Z "According to the WordPress coding standards, it is recommended that if there are more than 2 assertions in a single test method, these assertions should include custom failure messages to explain the nature of any failed assertions. However, in the current state of the `WP_Test_REST_TestCase::assertErrorResponse()` helper method, it contains 2 assertions, making it impossible to add a custom message explaining the error. To align with coding standards and improve the clarity of test failures, I propose updating the method's signature as follows: {{{ protected function assertErrorResponse($code, $response, $status = null, $failure_message) }}} This change will allow developers to include a custom message when using the `WP_Test_REST_TestCase::assertErrorResponse()` method, improving the ability to diagnose issues during testing. Furthermore, all the instances where this method is being used across the codebase need to be refactored to include the new `$failure_message` parameter, ensuring consistency." antonvlasenko Untriaged tickets (that need a patch) 58034 Post API can't get image URL on Endpoint REST API 6.2 normal normal Awaiting Review feature request new dev-feedback 2023-03-31T11:05:42Z 2023-04-06T10:09:15Z "We need to add the featured image URL to the endpoint of the POST API Instead of getting the featured_media id, we should get the attachment URL, which will be better for everyone" nodeweb Future Releases 52925 Autosaves controller: Post checks will never catch invalid IDs REST API 5.8 normal normal Future Release defect (bug) new needs-unit-tests 2021-03-27T00:28:03Z 2021-06-08T22:56:03Z "The `create_item` and `create_post_autosave` methods both try to check if the id parameter in a request is for a valid post, by calling the get_post function. The problem is that both methods expect that if it's not a valid post, it will return a WP_Error object, when in fact get_post only returns null on failure. The Posts controller has a protected get_post method that will generate an appropriate WP_Error for this case, but neither the Autosaves, nor its parent Revisions controller has a similar method. Copying that method to the Revisions controller, and then using it in the `create_*` methods seems like the best approach here." coreymckrill Future Releases 57048 Handle trailing slashes in rest_preload_api_request REST API 4.7 normal normal Future Release defect (bug) new 2022-11-09T16:36:35Z 2022-11-09T16:36:35Z When passing a path to `rest_preload_api_request` that ends in query string, ensure that the parsed path also is untrailingslashit. Follow up to #51636 spacedmonkey Future Releases 39889 Improve/Fix REST Response on Multisite when an endpoint for a non-existent site is hit. REST API 4.7 normal normal Future Release defect (bug) new needs-unit-tests 2017-02-16T15:52:54Z 2019-07-09T18:42:18Z "Currently if you hit the endpoint for a domain on a site that doesn't exist it will behave the same as on a normal request. - visit https://nonexistentsubdomain.eventsmart.com/wp-json in a REST client. - Take note of the ""Location"" header in the response: https://eventsmart.com/wp-signup.php?new=nonexistentsite. It's also returned with a HTTP 302 Granted this is kind of edgecase, but I think it'd be better to handle things a bit better on REST requests. The question is how? I think from the standpoint of the REST client it'd be better to just return a 404 and a ""site doesnt' exist"" message (or something to that affect)." nerrad Future Releases 48257 REST API: post-process endpoint cannot be discovered from media creation endpoint REST API 5.3 normal normal Future Release defect (bug) new 2019-10-08T14:24:14Z 2019-10-08T14:24:14Z "Split out from #47987: In #47987 we introduced a new `/wp/v2/media/{id}/post-process` endpoint, which may be hit with a POST to resume media processing in the event the initial POST to `/wp/v2/media` fails. Clients may know to utilize this new endpoint through the presence of a new non-standard header `X-WP-Upload-Attachment-ID`, but @rmccue caught that we do not provide any Link-based method of discovering the existence of this endpoint from the initial media collection. @TimothyBlynJacobs proposes using the `edit-media` relation for this link. We should add an additional `Link` to the header of the failing POST response (or any POST response, potentially, with the understanding a link is only necessary in the event of failure). Implementing this Link was punted from 5.3 because the `$response` object on which we can call add_link was not available at the time we set the initial X-header, which we can work around but did not have time to resolve before the final 5.3 beta. ''Aside:'' If we're able to resolve the order-of-operations issue, it's possible that the Link could become the preferred method of signalling that post-processing should occur, rather than the non-standard header. However the X-header is more appropriate for the other media paths in `media.php` and `admin-ajax.php`, so this may not be feasible." kadamwhite Future Releases 40410 Add chunked upload support to the REST API REST API 4.7 normal normal Future Release enhancement new 2017-04-11T05:57:29Z 2021-03-03T17:22:09Z "Split from #39553. Having support for chunked (partial) uploads would be super useful, and provide additional functionality not possible with the current upload API. This would be built off the existing upload endpoints. This needs a detailed proposal." rmccue Future Releases 58849 Document supported $args for register_rest_route() REST API normal normal Future Release enhancement new 2023-07-19T11:53:01Z 2023-07-19T17:00:04Z "`$args` seems awfully sparse for how important it is: [[Image(https://github.com/WordPress/gutenberg/assets/36432/3d6f6ef2-3e15-4c0a-9bb9-9c3b4822c118)]] It would be nice if all of the supported values were documented." danielbachhuber Future Releases 53603 Expose block data directly through REST API endpoints REST API 5.8 normal normal Future Release enhancement new dev-feedback 2021-07-06T10:05:57Z 2021-08-01T11:53:50Z "Part of ""PHP APIs Overview"" in Gutenberg: https://github.com/WordPress/gutenberg/issues/8352. Originally reported in https://github.com/WordPress/gutenberg/issues/4763 by @adamsilverstein. > Consider adding Gutenberg block data to the post endpoints - so when retrieving a post via the REST API you could get the block data as part of the content object. > > This provides a way to get the data/content of each block of a Gutenberg-built page from the front end. This would be very useful for building component based front ends, because the components could map one-to-one with gutenberg blocks. With these endpoints, an App could easily get the data it needs to render each component. This might also provide a patch for a standard component library matching Gutenberg blocks. > > POC PR for this: https://github.com/WordPress/gutenberg/pull/2649 Related ticket with changes proposed to `get_posts` function: #53602." gziolo Future Releases 47194 Posts endpoint: Enable collection parameters for querying by custom field REST API 4.7 normal normal Future Release enhancement new 2019-05-08T20:40:35Z 2020-10-25T03:29:27Z "Before the REST API was merged into Core, meta queries were possible via a filter parameter: {{{ posts?filter[meta_key]=foo&filter[meta_value]=bar }}} This was [ticket:38378 removed] when the API was merged. In a [https://wordpress.slack.com/archives/C02RQC26G/p1557261445107000 recent Slack discussion] @kadamwhite mentioned this was due to the potential for very expensive DB queries, but that improvements to meta registration in subsequent versions of WP may have made this more possible. There are abundant use cases for being able to query posts via the API based on postmeta values, but I haven't been able to find any other Trac tickets about this. So I'm asking the question: would this be feasible now?" coreymckrill Future Releases 45140 REST API: Increase upper bound allowed on per_page argument REST API normal normal Future Release enhancement new needs-unit-tests 2018-10-21T17:16:19Z 2018-10-31T11:38:29Z "In contexts where a REST API client needs to fetch ''all'' entries for a resource, it would be more practical to fetch entries in sets of 200, 300, or 400, instead of sets of 100. Fetching entries in sets of 100 can cause excessive memory usage because WordPress is loaded over and over again. Increasing the limit will provide a better balance between memory consumption in a single request vs. total memory consumption across all requests. The original `per_page=100` limit was [https://github.com/WP-API/WP-API/issues/1609#issuecomment-177169125 somewhat arbitrary]; if I recall correctly, we picked `100` as a nice round number that was reasonably certain not to cause performance issues. Before we pick `per_page=200` vs. `per_page=300` vs. `per_page=400`, we should: 1. Profile memory consumption of each. 2. Identify what amount of memory we can reasonably expect on shared hosting these days. After we've done this, we can pick the best available option. Notably, we can't go above `500` as we'll hit `split_the_query` which has negative performance implications. Previously https://github.com/WordPress/gutenberg/issues/6694" danielbachhuber Future Releases 49330 REST API: introduce block-editor context REST API 5.4 normal normal Future Release enhancement new 2020-01-30T16:48:59Z 2020-10-01T17:53:05Z "The block editor does not make use of rendered content, and rendering content for complex posts with a large quantity of dynamic blocks can take a non-trivial amount of time. The REST API maintainers and Gutenberg developers have previously discussed the need to be able to ""skip"" rendering of the content if it is not required. In [46184] we introduced the ability to provide an explicit list of nested fields to include. Specifying `_fields=content.raw` without mentioning `rendered` now causes the posts controller to skip computation of the rendered field, as it has not been requested. Unfortunately, this approach requires a developer to provide a comprehensive list of all fields they _do_ wish to include in the response, and cannot easily be used to specifically exclude one field. Because block editor developers may depend on registered rest fields or other additional properties, it is infeasible to have the block editor request ""all but the rendered content"" using this interface. A slack conversation ([https://wordpress.slack.com/archives/C02RQC26G/p1574361923322500]) with @aduth and @timothyblynjacobs addressed this problem and discussed two separate options, either providing an `_omit_fields` parameter to complement `_fields` and permit specific exclusions, or alternatively to introduce a new `block-editor` context that does everything that `edit` does except render content. This trac ticket is intended to move that discussion forward and aim towards introducing a solution that can be used to speed up response times within the block editor." kadamwhite Untriaged tickets (that need a patch) 29821 bulk_edit_custom_box hook causes tags to display within created fieldset Quick/Bulk Edit 4.0 normal normal Awaiting Review defect (bug) new 2014-10-01T23:04:40Z 2023-02-07T18:53:00Z "I have a custom post type that I am trying to add some fields to for bulk editing. My fieldset displays, but the tags field somehow is getting inserted into the fieldset being generated. It's extremely strange. Bulk Edit panel without my fieldset: [[Image(https://www.dropbox.com/s/fg3tcowz25rdqu1/Screenshot%202014-10-01%2018.53.56.png?dl=1)]] Bulk Edit panel with my fieldset: [[Image(https://www.dropbox.com/s/mlb4zr6mbvkbnmq/Screenshot%202014-10-01%2018.54.38.png?dl=1)]] My code to generate the bulk edit custom box: {{{ /** * Display the custom bulk edit box * * @since 3.0 * @access public * @action bulk_edit_custom_box */ public function bulk_edit_custom_box( $column_name, $post_type ) { if ( $post_type != MP_Product::get_post_type() || $column_name != 'product_price' ) { return; } ?>

    "" />
    }}} Notice how the tags field is being inserted into my fieldset. It seems as thought the tags field is being inserted via javascript into whatever the last fieldset in the panel is. Here's the same fields in the quick edit panel: [[Image(https://www.dropbox.com/s/haju5pkzu4f80ih/Screenshot%202014-10-01%2019.02.36.png?dl=1)]] This is how it ''should'' show up." webgeekconsulting Untriaged tickets (that need a patch) 42164 Conditional Tags not working when using ugly URL Query 4.8.2 normal normal Awaiting Review defect (bug) new needs-unit-tests 2017-10-10T10:23:14Z 2017-10-10T13:54:21Z "When accessing a category archive via its pretty URL e.g. {{{ example.com/category/whatever }}} the conditional tag {{{ is_category() }}} returns '''true'''. Accessing the same category archive via its ugly URL {{{ example.com?cat=whatever }}} the conditional tag {{{ is_category() }}} returns '''false'''. I'm pretty sure this concerns other conditional tags too. This is not only a cosmetic flaw because it causes WP to use the wrong template. I've tested it with Twenty Seventeen and the homepage template was used in case of using an ugly URL. Due tue the ugly URL always work independently of permalink settings this is a bug in my opinion." petersplugins Untriaged tickets (that need a patch) 54853 Search only searching phrases and not searching individual terms Query 5.8.3 normal normal Awaiting Review defect (bug) new 2022-01-19T03:00:51Z 2022-01-19T07:46:09Z " {{{ get_posts(array( ""post_type"" => ""fruit"", ""s"" => ""apple orange banana"" )); }}} should search for each term separately, but it does not. It searches the entire string as a phrase. Issue is within /wp-includes/class-wp-query.php line 1398. It's a simple change: {{{ $searchand = ' AND '; to $searchand = ' OR '; }}} " jchang Untriaged tickets (that need a patch) 56992 The Loop displays incorrect data for queries started with `fields => 'id=>parent'`. Query 3.1 normal normal Awaiting Review defect (bug) new needs-unit-tests 2022-11-04T01:17:36Z 2022-11-04T01:17:36Z "Using the Loop on custom `WP_Query` objects started with `fields => 'id=>parent'` will set the global post object incorrectly. Instead of containing all data, the global post object will only contain the post's ID and parent fields. All other fields are the default value. The following test demonstrates the issue: {{{#!php post->create( array( 'post_type' => 'page' ) ); $child = self::factory()->post->create( array( 'post_type' => 'page', 'post_parent' => $parent ) ); $query = new WP_Query( array( 'fields' => 'id=>parent', 'post_type' => 'page', 'page_id' => $child, ) ); $query->the_post(); $global_post = get_post( null, ARRAY_A ); $specific_post = get_post( $child, ARRAY_A ); $this->assertEqualSetsWithIndex( $global_post, $specific_post ); } }}} The cause of the error is within `WP_Query::next_post()` which assumes the `WP_Query::$posts` property contains full post objects which isn't nessesarily the cause if a sub-set of fields is requested. See the [https://core.trac.wordpress.org/browser/tags/6.0.3/src/wp-includes/class-wp-query.php?marks=3447-3449#L3447 source code]. Due to #56948 the test above will currently throw an error on trunk but it will demonstrate the problem if you check out the 6.0 branch. I suspect this has been an issue since the fields parameter was introduced in #14777 for version 3.1 but I am unable to test that far back due to PHP versions I have available on my local config." peterwilsoncc Untriaged tickets (that need a patch) 52971 WP_Query's meta_query With Multiple EXISTS keys and OR Relation Doesn't Work Properly Query 5.7 normal critical Awaiting Review defect (bug) new 2021-04-05T12:31:53Z 2021-04-05T12:31:53Z "Hi There! Another Very Weird Issue :) Using WP_Query's [meta_query] with **OR relation** and Multiple **EXISTS Keys** generates a very long unnecessary inner joins relation and **stuck in an infinite loop** and **consume the MySQL resources** with high load. I'm trying to get all post IDs that have one of 50 meta keys to replace with new keys, So I collect all meta keys using foreach statement with **OR relation** and pass it to the [meta_query] in WP_Query .. Very simple but I noticed that there's no result and infinite page load and using high resources of MySQL. I create the SQL statement with $wpdb and it works very fast, So I create a new WP_MetaQuery object to see the result and I noticed a huge unnecessary INNER JOINs relation. **Here's a full example:** 1. Insert 100 Test Posts and 50 Metas For Each: Append [?action=insert] in the URL 2. Try to get posts using WP_Query: Append [?action=wp_query_and_meta_query] in URL - **RESULT: Infinite Loop** 3. Try to use $wpdb instead: Append [?action=wpdb_query_get_ids] in URL - **RESULT: Success, Takes few seconds** 4. See the SQL statement generated by WP_MetaQuery: add [?action=show_meta_query_clause] - **RESULT: a Huge unnecessary **INNER JOIN x AS x# ON y** relation** 5. [?action=wpdb_query_delete] to delete all added posts only. {{{ add_action('wp', 'oxibug_trigger_action'); /** * Trigger Suitable Function * * @return void */ function oxibug_trigger_action() { if( ! isset( $_GET['action'] ) ) { return; } $action = wp_strip_all_tags( $_GET['action'] ); switch( strtolower( $action ) ) { case 'insert': { oxibug_insert_posts_and_metas(); } break; case 'wp_query_and_meta_query': { oxibug_WP_Query_and_meta_query(); } break; case 'show_meta_query_clause': { oxibug_show_meta_query_clause(); } break; case 'wpdb_query_get_ids': { oxibug_wpdb_query_get_ids(); } break; case 'wpdb_query_delete': { oxibug_wpdb_query_delete(); } break; } } /** * Return New Meta Key * * @param mixed $key * @return string */ function oxibug_get_new_meta_key( $key ) { return sanitize_text_field( sprintf( 'oxibug_xyz%s', $key ) ); } /** * Return Key-Value Pairs array with Old and New meta keys * * @return array */ function oxibug_legacy_and_new_meta_keys() { return [ 'oxibug_abc_post_main_color' => oxibug_get_new_meta_key('_page_main_color'), 'oxibug_abc_page_layout' => oxibug_get_new_meta_key('_page_layout'), 'oxibug_abc_post_sbwide' => oxibug_get_new_meta_key('_page_sb_wide'), 'oxibug_abc_post_sbnarrow' => oxibug_get_new_meta_key('_page_sb_narrow'), 'oxibug_abc_page_sbwide' => oxibug_get_new_meta_key('_page_sb_wide'), 'oxibug_abc_page_sbnarrow' => oxibug_get_new_meta_key('_page_sb_narrow'), 'oxibug_abc_self_video_m4v_url' => oxibug_get_new_meta_key('_format_video_selfhosted_mp4'), 'oxibug_abc_self_video_ogv_url' => oxibug_get_new_meta_key('_format_video_selfhosted_ogv'), 'oxibug_abc_self_video_webmv_url' => oxibug_get_new_meta_key('_format_video_selfhosted_webmv'), 'oxibug_abc_self_video_poster_url' => oxibug_get_new_meta_key('_format_video_selfhosted_poster'), /* Audio */ 'oxibug_abc_soundcloud_url' => oxibug_get_new_meta_key('_format_audio_oembed'), 'oxibug_abc_self_audio_mp3_url' => oxibug_get_new_meta_key('_format_audio_selfhosted_mp3'), 'oxibug_abc_self_audio_oga_url' => oxibug_get_new_meta_key('_format_audio_selfhosted_ogg'), 'oxibug_abc_self_audio_m4a_url' => oxibug_get_new_meta_key('_format_audio_selfhosted_m4a'), /* Post Formats: Image | Video */ 'oxibug_abc_lightbox_check' => oxibug_get_new_meta_key('_format_image_lighbox_enable'), 'oxibug_abc_post_banner_caption' => oxibug_get_new_meta_key('_format_status_banner_caption'), 'oxibug_abc_quote_text' => oxibug_get_new_meta_key('_format_quote_text'), 'oxibug_abc_quote_author' => oxibug_get_new_meta_key('_format_quote_author_name'), 'oxibug_abc_url_text' => oxibug_get_new_meta_key('_format_link_text'), 'oxibug_abc_url_destination' => oxibug_get_new_meta_key('_format_link_url'), /* * Layout Settings - if Old = [hide] turn ON the new option * * */ 'oxibug_abc_post_breadcrumb' => oxibug_get_new_meta_key('_hide_breadcrumb'), 'oxibug_abc_post_meta_info' => oxibug_get_new_meta_key('_hide_metas'), 'oxibug_abc_post_share_box' => oxibug_get_new_meta_key('_hide_share_icons'), 'oxibug_abc_post_tags' => oxibug_get_new_meta_key('_hide_tags_box'), 'oxibug_abc_post_author_box' => oxibug_get_new_meta_key('_hide_author_box'), 'oxibug_abc_related_posts' => oxibug_get_new_meta_key('_hide_related_posts_box'), 'oxibug_abc_posts_navigation' => oxibug_get_new_meta_key('_hide_nav_box'), /* Review Items */ 'oxibug_abc_post_review_types' => oxibug_get_new_meta_key('_review_type'), /* [disabled] => Add 0 to the new meta [_review_show] */ 'oxibug_abc_post_review_position' => oxibug_get_new_meta_key('_review_position'), 'oxibug_abc_post_reviews_summation' => oxibug_get_new_meta_key('_review_items_avg'), /* This field is Dynamic - SUM of all review items */ 'oxibug_abc_review_item' => oxibug_get_new_meta_key('_review_items'), 'oxibug_abc_post_review_title' => oxibug_get_new_meta_key('_review_title'), 'oxibug_abc_post_review_desc' => oxibug_get_new_meta_key('_review_desc'), 'oxibug_abc_post_review_summary_title' => oxibug_get_new_meta_key('_review_summary_title'), 'oxibug_abc_post_review_summary_desc' => oxibug_get_new_meta_key('_review_summary_desc'), 'oxibug_abc_post_review_user_rates' => oxibug_get_new_meta_key('_review_user_ratings_status'), 'oxibug_abc_post_review_user_rates_bgcolor' => oxibug_get_new_meta_key('_review_user_ratings_result_bgcolor'), 'oxibug_abc_post_review_btn_text' => oxibug_get_new_meta_key('_review_add_btn_text'), 'oxibug_abc_post_review_btn_icon' => oxibug_get_new_meta_key('_review_add_btn_icon'), 'oxibug_abc_post_review_btn_url' => oxibug_get_new_meta_key('_review_add_btn_url'), 'oxibug_abc_post_review_btn_bgcolor' => oxibug_get_new_meta_key('_review_add_btn_bgcolor'), 'oxibug_abc_post_review_pros_word' => oxibug_get_new_meta_key('_review_pros_word'), 'oxibug_abc_post_review_pros_icon' => oxibug_get_new_meta_key('_review_pros_icon'), 'oxibug_abc_post_review_pros_list' => oxibug_get_new_meta_key('_review_pros_list'), 'oxibug_abc_post_review_cons_word' => oxibug_get_new_meta_key('_review_cons_word'), 'oxibug_abc_post_review_cons_icon' => oxibug_get_new_meta_key('_review_cons_icon'), 'oxibug_abc_post_review_cons_list' => oxibug_get_new_meta_key('_review_cons_list'), /* Post Views */ 'oxibug_abc_post_views_count' => oxibug_get_new_meta_key('_post_views'), ]; } /** * Insert 100 Test Posts and some Meta Keys * */ function oxibug_insert_posts_and_metas() { $legacy_and_new_keys = oxibug_legacy_and_new_meta_keys(); $result = []; for( $i=0; $i<100; $i++ ) { $post_id = wp_insert_post( [ 'post_type' => 'post', 'post_title' => wp_strip_all_tags( sprintf( 'Test Meta Query Post #:%s', $i ) ), 'post_content' => sprintf( 'Test Meta Query Post Content #:%s', $i ), 'post_content_filtered' => '', 'post_excerpt' => '', 'post_status' => 'publish', // 'post_author' => 1, // 'post_category' => [], 'comment_status' => '', 'ping_status' => '', 'post_password' => '', 'to_ping' => '', 'pinged' => '', 'post_parent' => 0, 'menu_order' => 0, 'guid' => '', 'import_id' => 0, 'context' => '', 'post_date' => '', 'post_date_gmt' => '', ], TRUE, TRUE ); if( ! is_wp_error( $post_id ) ) { $result[ $post_id ] = []; foreach( (array) array_keys( $legacy_and_new_keys ) as $_legacy_key ) { $upstatus = update_post_meta( $post_id, $_legacy_key, '' ); $result[ $post_id ][ $_legacy_key ] = $upstatus ? 'Added' : 'Failed'; } /* Clean Cache */ clean_post_cache( $post_id ); } else { echo 'ERROR: Insert Post Failed!'; } } /* DEBUG */ echo sprintf( '%d Posts Inserted', count( $result ) ); // echo print_r( $result ); } /** * --- DEBUG --- * Show the Meta Query SQL Statement * */ function oxibug_show_meta_query_clause() { /** * * @var wpdb * */ global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $meta_query = [ 'relation' => 'OR' ]; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $meta_query[] = [ 'key' => $_legacy_key, 'compare' => 'EXISTS' ]; } $objMetaQuery = new WP_Meta_Query( $meta_query ); echo print_r( $objMetaQuery->get_sql( 'post', $wpdb->posts, 'ID', NULL ) ); } /** * Query using WP_Query and meta_query key inside it * */ function oxibug_WP_Query_and_meta_query() { /** * * @var wpdb * */ global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $meta_query = [ 'relation' => 'OR' ]; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $meta_query[] = [ 'key' => $_legacy_key, 'compare' => 'EXISTS' ]; } $obj_WP_Query = new WP_Query( [ 'numberposts' => -1, 'paged' => null, 'post_type' => 'post', 'post_status' => 'publish', 'meta_query' => $meta_query, 'fields' => 'ids', 'cache_results' => false, ] ); /* * Stuck in an Infinite Loop Because of the Huge SQL Statement * generated by [meta_query] * * */ if( $obj_WP_Query->have_posts() ) { echo sprintf( '%d Posts Found', $obj_WP_Query->found_posts ); /* DEBUG - NOT Working - */ // echo print_r( $obj_WP_Query->meta_query->get_sql( 'post', $wpdb->posts, 'ID', NULL ) ); } else { echo 'No Posts Found'; } $obj_WP_Query->reset_postdata(); wp_cache_flush(); } /** * Get Posts IDs by one of the meta_key(s) provided * */ function oxibug_wpdb_query_get_ids() { global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $qry = ""SELECT DISTINCT tbl_posts.ID FROM {$wpdb->posts} tbl_posts INNER JOIN {$wpdb->postmeta} tbl_metas ON ( tbl_posts.ID = tbl_metas.post_id ) WHERE""; /* Add [OR] in the second condition */ $where_clause = 0; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $where_clause++; $qry .= ( $where_clause === 1 ) ? $wpdb->prepare( ' tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ) : $wpdb->prepare( ' OR tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ); } $result = $wpdb->get_results( $qry ); $wpdb->flush(); echo print_r( wp_list_pluck( $result, 'ID' ) ); } /** * --- DEBUG --- * * DELETE all added Posts by meta_key(s) * */ function oxibug_wpdb_query_delete() { global $wpdb; $legacy_meta_keys = oxibug_legacy_and_new_meta_keys(); $qry = ""DELETE tbl_posts, tbl_metas FROM {$wpdb->posts} tbl_posts INNER JOIN {$wpdb->postmeta} tbl_metas ON ( tbl_posts.ID = tbl_metas.post_id ) WHERE""; $where_clause = 0; foreach( (array) array_keys( $legacy_meta_keys ) as $_legacy_key ) { $where_clause++; $qry .= ( $where_clause === 1 ) ? $wpdb->prepare( ' tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ) : $wpdb->prepare( ' OR tbl_metas.meta_key = %s', esc_sql( $_legacy_key ) ); } $result = $wpdb->get_results( $qry ); $wpdb->flush(); } }}} " oxibug Untriaged tickets (that need a patch) 44695 WP_Term_Query unexpected 'orderby' behaviour. Query 4.9.7 normal normal Awaiting Review defect (bug) new needs-unit-tests 2018-08-01T21:19:14Z 2019-08-27T18:33:22Z "I expected that `orderby` would behave in a similar way with `WP_Term_Query` as it does on other `*_Query` classes but it seems that `meta_value_date` and possibly some others is unsupported. Additionally `meta_type` doesn't function as expected either. These args: {{{ $args = array( 'taxonomy' => 'issues', 'number' => 5, 'meta_key' => 'issue_date', 'meta_type' => 'DATE', 'orderby' => 'meta_value_date', ); }}} Result in this query that has disregarded both `meta_type` and `orderby` in it's generation: {{{ SELECT DISTINCT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_termmeta ON ( t.term_id = wp_termmeta.term_id ) INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ('issues') AND tt.count > 0 AND ( wp_termmeta.meta_key = 'issue_date' ) ORDER BY t.name ASC LIMIT 5 }}} Could we get similar support for same named keys in `WP_Term_Query` as we have in other queries?" williampatton Untriaged tickets (that need a patch) 53495 incorrect (and confusing) DocBlock for get_page_by_title() Query 5.3 normal normal Awaiting Review defect (bug) new 2021-06-24T00:41:14Z 2021-06-24T00:42:10Z "The DocBlock of [https://developer.wordpress.org/reference/functions/get_page_by_title/ get_page_by_title()] says: > If more than one post uses the same title, the post with the smallest ID will be returned. Be careful: in case of more than one post having the same title, it will check the oldest publication date, not the smallest ID. That description was added in [45779]. Besides the fact that the text after `Be careful:` seems to contradict that the statement that `the post with the smallest ID will be returned`, there actually is no guarentee that if there is more than 1 post with the same title that the one with the smallest ID will be returned. The query performed by [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php#L5534 get_page_by_title()] is: {{{#!php $sql = $wpdb->prepare( "" SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type = %s "", $page_title, $post_type ); }}} (with a slight mod if an array of post types is passed). Since there is no `ORDER BY` clause in that query, if there are more than 1 posts with the same title the order in which they are returned is not defined by SQL (i.e., is implemented dependent). The SQL-92 spec [http://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt explicitly states]: > General Rules > > 1) All General Rules of Subclause 7.10, """", apply > to the . > > 2) Let Q be the result of the . > > 3) If Q is empty, then a completion condition is raised: no data. > > 4) If an is not specified, then the ordering of > the rows of Q is implementation-dependent. As far as I can tell, no later revisions of the SQL spec are available for free on the web, so I don't know if anything has changed in the what the language says happens in the absense of an `ORDER BY` clause I've looked through the MySQL and Maria DB docs for an explicit statement that says as much and haven't been able to find one. But I think the DocBlock should be changed to say something like: > If more than one post uses the same title, which of the multiple posts is returned is not defined. though I'm not completely happy with that wording, and welcome other suggestions. " pbiron Untriaged tickets (that need a patch) 56105 Call update_post_parent_caches in the_post function in WP_Query class Query normal normal Awaiting Review enhancement new needs-unit-tests 2022-06-30T12:01:38Z 2023-04-20T12:55:57Z "Hello Team, In {{{the_post}}} function {{{class WP_Query}}}, {{{update_post_author_caches}}} is already in use but not {{{update_post_parent_caches}}}. I am not sure if it is because of {{{update_post_parent_caches}}} calls the private function {{{_prime_post_caches}}} or what." priyankkpatel Untriaged tickets (that need a patch) 42082 Support compare custom fields in WP_Meta_Query Query 4.9.4 normal normal Awaiting Review enhancement new 2017-10-04T01:30:51Z 2018-02-28T13:32:39Z "The syntax of `WP_Meta_Query` currently is limited to values you already know. It's not possible to compare between two meta_values: {{{ SELECT posts WHERE meta_value_one > meta_value_two }}} I propose allow compare two meta_fields. For example, the pseudocode above would be represented as a meta_query argument that looks like this: {{{#!php 'meta_value_one', 'value' => 'meta_value_two', 'compare' => '>', 'type' => 'META_VALUE' ), }}} A workaround can be found [https://wordpress.stackexchange.com/a/164041 here] and [https://gist.github.com/mariovalney/e8646d8c64db36e9f239e6d05f2e5923 here] hahaha. Feedback is welcome." mariovalney Future Releases 56312 Appending ?name to home URL shows the posts page instead of a static front page Query normal normal Future Release defect (bug) reopened 2022-07-30T10:45:09Z 2023-01-06T09:17:54Z "I found something strange I installed a WordPress then from setting . Reading I set a sample page as homepage And when I opened website it was ok and showed content of sample page but when I added query string “?name” it showed latest blog posts I tried everything as query string nothing did that and all showed sample page content and that was ok Just just with ?name query string showed different thing For ex localhost/site/?name show latest posts but Localhost/site/?everythingyoutype Was ok and show content of the page Why ?name query string is like that??? I want to remove it actually you must test it just on homepage of your site not another pages it hurts SEO if you show something else with query string on your site (specially on your homepage) instead of the main content basically as you said when you enter the url of homepage with /?name you should see the homepage and nothing should change because it’s just a query string I can show you an example see this : https://amepro.at/ as you see everything is fine and homepage of website is ok but please see this one https://amepro.at/?name here you see the blog posts and it hurts SEO very bad I got too much errors on search console with these kind of urls Can you explan the logic behind it why should we show another thing like latest post when someone enter some parameter ? it’s not normal at all" masimoti Future Releases 39540 NOT EXISTS meta condition doesn't work if meta has NULL value. Query 4.7 normal normal Future Release defect (bug) new needs-unit-tests 2017-01-10T16:42:19Z 2020-07-14T05:36:51Z "It seems problem exists since meta query class release. Right now NOT EXISTS works only if meta doesn't exist at all, but if it has NULL value we got incorrect result. I understand that better not use NULL values with metas at all, but you allow to write NULL as meta value, so please add possibility to check it. Just need to change string in class-wp-meta-query.php: {{{ $sql_chunks['where'][] = $alias . '.' . $this->meta_id_column . ' IS NULL'; }}} For example on: {{{ $sql_chunks['where'][] = ""$alias.meta_value IS NULL""; }}} And both cases will be covered. Thank you in advance. " avahura Future Releases 60566 Posts Page as Draft remains publicly queryable Query normal normal Future Release defect (bug) new 2024-02-17T11:46:03Z 2024-02-19T11:04:08Z "When assigning a Posts Page at ""WP Admin > Settings > Reading"" and afterward setting that page to draft, the page remains publicly queryable. This is possible via the `?page_id=` query (not `?p=`) and the provisioned slug." Cybr Future Releases 37762 cache_results parameter doesn't prevent queried posts from being added to cache boonebgorges Query 4.6 normal normal Future Release defect (bug) assigned dev-feedback 2016-08-22T09:39:42Z 2022-06-15T13:23:14Z "Even when `cache_results` is set to `false`, the queried posts in `WP_Query` are still mapped to `get_post()` which will always add post instance to cache. For more info: http://wordpress.stackexchange.com/questions/236653/how-to-prevent-queried-posts-from-being-added-to-cache/236659. " Dang Vu Future Releases 46294 wp rest api fails to paginate page requests correctly when ordering on menu_order Query 5.4.1 normal normal Future Release defect (bug) new 2019-02-21T06:00:48Z 2021-04-12T21:58:19Z "**Describe the bug** Gutenberg and wordpress fails to render the parent page dropdown correctly when there are more than 100 pages and the pages have various menu_order values set. The problem is that gutenberg calls the wordpress rest api like this, getting 100 items at a time. http://server/wp-json/wp/v2/pages?per_page=100&exclude=890&parent_exclude=890&orderby=menu_order&order=asc&context=edit&_locale=user http://server/wp-json/wp/v2/pages?per_page=100&exclude%5B0%5D=890&parent_exclude%5B0%5D=890&orderby=menu_order&order=asc&context=edit&_locale=user&page=2 This results in the following 2 sql queries: `SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.ID NOT IN (890) AND wp_posts.post_parent NOT IN (890) AND wp_posts.post_type = 'page' AND ((wp_posts.post_status = 'publish')) ORDER BY wp_posts.menu_order ASC LIMIT 0, 100` `SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.ID NOT IN (890) AND wp_posts.post_parent NOT IN (890) AND wp_posts.post_type = 'page' AND ((wp_posts.post_status = 'publish')) ORDER BY wp_posts.menu_order ASC LIMIT 100, 100` When ordering on a non unique field like menu_order you need to also add a second unique ordering field like ID ,, See https://bugs.mysql.com/bug.php?id=72076 See the answer from Tor Didriksen. This is very critical bug because it means that if the current pages parent is missing in the parent page dropdown and you click update it means that the menu order for that page will be reset and this means i cant use gutenberg. **To Reproduce** Steps to reproduce the behavior: 1. Create around 200 pages. 2. Set menu_order != on some of the pages. 3. edit any of the pages. 4. the parent page dropdown is missing pages **Expected behavior** the rest api should add some unique order by field to prevent the same items from coming on page 1 and 2 of the requests. " hobzhobz Future Releases 38173 Meta query creates unecessary multiple left joins when using the same meta key Query 3.2 normal normal Future Release enhancement new 2016-09-27T16:36:27Z 2017-02-17T03:06:46Z "If you specify the below as a meta_query wordpress creates an extremely bad and inefficient query, it seems to unnecessarily create a left join for each array even though they have the same key when it could use the same join {{{#!php 'OR', array( 'key' => 'product', 'value' => '1', 'compare' => '!=' ), array( 'key' => 'product', 'compare' => 'NOT EXISTS' ) ); }}} {{{ SELECT SQL_CALC_FOUND_ROWS vvc_posts.ID FROM vvc_posts LEFT JOIN vvc_postmeta ON ( vvc_posts.ID = vvc_postmeta.post_id ) LEFT JOIN vvc_postmeta AS mt1 ON (vvc_posts.ID = mt1.post_id AND mt1.meta_key = 'product' ) WHERE 1=1 AND ( ( vvc_postmeta.meta_key = 'product' AND CAST(vvc_postmeta.meta_value AS CHAR) != '1' ) OR mt1.post_id IS NULL ) AND vvc_posts.post_type = 'news' AND ((vvc_posts.post_status = 'publish')) GROUP BY vvc_posts.ID ORDER BY vvc_posts.post_date DESC LIMIT 0, 10 }}} On my site this query takes a huge 6.640 sec, more than 80% of the page's ttfb. {{{ SELECT SQL_CALC_FOUND_ROWS vvc_posts.ID FROM vvc_posts LEFT JOIN vvc_postmeta ON ( vvc_posts.ID = vvc_postmeta.post_id && vvc_postmeta.meta_key = 'product') WHERE 1=1 AND (CAST(vvc_postmeta.meta_value AS CHAR) != '1' OR vvc_postmeta.post_id IS NULL ) AND vvc_posts.post_type = 'news' GROUP BY vvc_posts.ID ORDER BY vvc_posts.post_date }}} whereas an optimized version takes only 0.969 sec." neonWired Future Releases 23309 Not all WP_Query::query_vars get updated during WP_Query::get_posts() Query normal normal defect (bug) new needs-unit-tests 2013-01-28T15:40:56Z 2019-06-04T20:43:47Z "There is a lot of logic within the WP_Query::get_posts() method that fills in missing query vars with defaults and manipulates others based on the rest of the query. However, some of the final states for many of the variables aren't updated in the WP_Query::query_vars array. For example, the post type is lost as a local variable and post_status is used for building compiling mysql expressions, but never directly updated. The result is that any plugins that want to recreate the query for another system, (ie, an external search provider) must directly copy much of the business logic that WP_Query::get_posts() has embedded in it in order to fill in for the incomplete query_var array. " prettyboymp Future Releases 30911 Overhaul post_status logic in WP_Query Query normal normal defect (bug) new needs-unit-tests 2015-01-05T15:24:11Z 2019-06-04T20:48:22Z "`WP_Query` filters based on post_status in two different places: 1. When building the main SQL query (`SELECT ID FROM $wpdb->posts`...). https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/query.php#L2946 This block is responsible for parsing the 'post_status' query var, and rectifying these passed post_statuses with the 'perm' param, the logged-in user's permissions, and whether `is_admin()`. (The ability to query by 'post_status' dates from [5575].) 2. On `single` queries (`is_page()`, `is_single()`), additional filtering happens *after* the query. https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/query.php#L3511 The intended purpose of this block is to ensure that Preview works (since posts being previewed generally are not published). The current incarnation of the preview logic (ie, living in `WP_Query`) was introduced in [2523]. These two 'post_status' blocks have two different purposes and two different histories, but they interact in a number of problematic ways. Just a few of the problems: a. Querying posts with 'fields=ids' means that the post ids are returned before the second filter block gets a chance to run. As a result, certain `WP_Query` objects (eg 'p=123&post_status=trash') can return different post IDs depending on whether you request 'fields=ids'. b. Values passed to the post_status parameter of `WP_Query` are sometimes overridden forcibly, based on logged-in user status. In an ideal world, `WP_Query` would not make any essential reference to the logged-in user. Realistically, we can't change some of this behavior for reasons having to do with backward compatibility. But there are places where the current user logic could be reworked so that it provides defaults, which can then be overridden by the params passed to `WP_Query`. Some relevant tickets: #28568, #29167 c. Filtering out non-previewable posts after the main query has taken place means doing more SQL queries than necessary in cases where post_status=draft and `is_single()`. d. Filtering out non-previewable posts after the main query has taken place can result in certain sorts of data leakage. See eg #30910. e. Having two separate blocks that filter results based on post_status makes unnecessarily complicated to fix post_status bugs. See eg #30530, #22001, #23309. My initial thought is that the second block should be removed. Preview logic should either be merged with the first block of post_status parsing logic that runs when building the main post query, or it should be moved into a separate query_var, which would then be passed when making a Preview request. In general, the challenge here is to ensure that the default post_status whitelist is properly sensitive to the permissions of the logged-in user - which sometimes means building clauses like `(post_status = 'publish' OR ( post_status = 'private' AND post_author = 123 ))`. I've started to write some unit tests that describe the (weird and complicated) existing behavior. See #29167 [31047]." boonebgorges Future Releases 34211 Ability to specify fields WP_Query can search Query 4.4 normal normal enhancement new 2015-10-08T11:59:10Z 2019-06-04T20:52:08Z "Currently the `s` parameter in WP_Query is hardcoded to only search in the `post_title` and `post_content` fields. A decent enhancement would be if you could also specify which postmeta fields it can search into as well. Also allowing more fine-grained control so that it can search only postmeta fields and ignore `post_title` and `post_content` as well. Something along the lines of: {{{ 's' => 'foo', 's_fields' =>'title', 's_meta_fields' => array( 'custom_field_1', 'custom_field_2' ), }}} `s_fields` can a string/array of either post_title and/or post_content. Setting it to false would disable searching these fields and assume you have set custom meta fields to search for instead. By default it would be `array( 'title', 'content' )`. `s_meta_fields` can accept a string/array of postmeta field names to search for. By default it would be `false`. A decent use case would be the [https://wordpress.org/plugins/search-by-sku-for-woocommerce/ Search by SKU for Woocommerce] plugin which resorts to writing a custom query. I assume the only real concern would be performance." paulwilde Future Releases 25190 Improve name/pagename query variable mapping Query normal normal enhancement new needs-unit-tests 2013-08-30T08:12:13Z 2019-06-04T20:44:46Z `WP_Query` performs some mappings from custom query variables to `pagename` and `name` for custom post types. This could be improved so that `pagename` is not used for hierarchical post types when a top-level item has been requested. We could also do some mappings between `pagename` and `name` in case the incorrect query variable was used (see #16323). duck_ Future Releases 25180 Make it possible to select only posts with comment_count > 0 Query 3.6 normal normal enhancement new 2013-08-29T17:03:00Z 2019-06-04T20:44:44Z May need this when #11398 goes in. wonderboymusic Future Releases 29178 Using WP_Query only for result of SQL_CALC_FOUND_ROWS Query normal normal enhancement new 2014-08-11T15:56:32Z 2019-06-04T20:47:33Z "For certain web hosts who reject direct SQL queries and push for use of `WP_Query` everywhere, it would be nice if you could use `WP_Query` only for the result of `SQL_CALC_FOUND_ROWS` My use case is that I'm added limited faceting support to a search interface. For each facet, I'd like to indicate the number of matching results. Using `update_post_meta_cache => false` and `update_post_term_cache => false` means using `WP_Query` still produces two queries. Also, it would be interesting to compare the performance of `SQL_CALC_FOUND_ROWS` vs `COUNT(*)` when all you care about is the total count." danielbachhuber Future Releases 29823 WP_Date_Query across tables boonebgorges* Query normal normal enhancement accepted 2014-10-02T00:29:17Z 2019-06-04T20:47:50Z "The changes proposed in #29822 will make it possible to think about cross-table date queries. Things like: all posts from 2011 that have comments from 2013 or later. Using this ticket as a placeholder for ideas regarding syntax (do we allow table names to be passed as a param? or perhaps a 'type' argument like `WP_Meta_Query` has, which is then translated into table names?) and other discussion." boonebgorges Future Releases 15068 merging query objects/arrays Query 3.0 normal normal enhancement new 2010-10-08T04:27:58Z 2019-06-04T20:41:30Z "As multiple post type installations proliferate, I assume more and more people will come across a situation (like me) in which they need to display two (or more) sets of content units, say posts, and post-type ""audio"" in one stream - say on the main blog page. As long as the only condition is the post type itself, that will work fine. However, if those two sets need to be selected using different conditional criteria, say a category in one case, and a custom field in the other, then the current query_posts options will not be sufficient. While it is possible to retrieve multiple arrays via get_posts and merge them, then sort them using cusomt php, such a solution will break the paged navigation. If such situations will - as I assume - become more likely as more people use multiple post types and additional variables to specify content, I think it would be useful to be able to combine multiple queries into a meta query that will sort the combined object according to a common sorting variable, say date, and thus preserve the paged navigation. " youngmicroserf Future Releases 16910 Lazy evaluation for WP_Query Query normal normal feature request new 2011-03-21T01:04:39Z 2019-06-04T20:41:58Z "Suppose we have a 'city' post type, which is associated with a 'country' post type, such that each 'city' post has a 'country' parent post. Then the 'country' CPT has a 'language' taxonomy associated to it. Now, let's say we want to find all the cities which speak a certain language. Let's assume we already have the `'post_parent__in'` query var: #13927 We could construct a two-step query, like this: 1) Get all the countries with that language: {{{ $country_ids = get_posts( array( 'fields' => 'ids', 'post_type' => 'country', 'language' => 'french', 'nopaging' => true ) ); }}} 2) Get all the cities belonging to that country: {{{ $cities = get_posts( array( 'post_type' => 'city', 'post_parent__in' => $country_ids ) ); }}} No custom SQL queries; fantastic! But, if you have many many countries (not a good example, I know), you waste a lot of time passing the IDs back and forth from PHP to SQL. Final query: {{{ SELECT * FROM wp_posts WHERE post_type = 'city' AND post_parent IN (1, 2, 3, ...) }}} It would be a lot more scalable to put the first query into the second, directly, as a subquery. So, it would now look like this: 1) Get all the countries with that language: {{{ $country_ids = get_posts( array( 'fields' => 'ids', 'post_type' => 'country', 'language' => 'french', 'nopaging' => true, 'lazy' => true' ) ); }}} 2) Get all the cities belonging to that country: {{{ $cities = get_posts( array( 'post_type' => 'city', 'post_parent__in' => $country_ids ) ); }}} $country_ids would now be a WP_Lazy_Query object, which would just contain the subquery SQL. It would be appended to the second query, when needed: Final query: {{{ SELECT * FROM wp_posts WHERE post_type = 'city' AND post_parent IN ( SELECT ID FROM wp_posts WHERE post_type = 'country' INNER JOIN wp_terms ... ) }}}" scribu Untriaged tickets (that need a patch) 43588 Anonymize commenter IP address once a comment is no longer pending Privacy normal normal Awaiting Review enhancement new needs-unit-tests 2018-03-20T19:06:12Z 2019-01-09T19:17:26Z "A commenter's IP address is stored with each comment. The commenters IP address can often be used to identify a single individual or device at a location. To enhance commentor's privacy, and to reduce the amount of personal data stored by a WordPress site in preparation for upcoming laws like the GDPR, this issue proposes that once a comment transitions out of pending, core WordPress should zero the commentor's IP address final octet similar to how Google Analytics Anonymizes IP addresses The rationale for keeping it while a comment is pending is to continue to allow anti-spam access to the IP address which can be used to detect spam. The rationale for keeping all but the last octet is to still allow statistics to be gathered about the general geographic location of commenters based on the first three octets of the IP address." allendav Untriaged tickets (that need a patch) 43811 Licence & Policy notice during installation xkon Privacy normal normal Awaiting Review enhancement assigned 2018-04-19T13:56:37Z 2023-08-29T15:33:28Z "This was a thought mentioned in #43492 originally but it deserves it's own ticket at the moment. We all know about the lovely 5 minute installation process that WordPress provides. I feel like we can create a small placeholder during the installation process ( probably on the first page even ) to notify the users about GPL license and a text on Policy. Yes the license is included in a .txt, but people are more used when installing things to see a license / policy during the installation and then continue to the actual install. I'm not personally thinking about a full blown page with a wall of text but rather a discreet placeholder to hold just the right the information needed like an excerpt from the GPL and a link refering to the full text for the ease of use etc as well as the connection between WordPress and wp.org during updates and such as stated on other tickets so we can be even more clear and upfront to any given user. @melchoyce do you think you could check this as well so we can provide a mockup/patch to see how it feels and then we can go forth adding the texts needed here as well just in case this could make it to the release also ?" xkon Untriaged tickets (that need a patch) 44498 Make `_wp_personal_data_cleanup_requests()` run on cron Privacy 4.9.6 normal normal Awaiting Review enhancement new 2018-07-03T15:17:06Z 2018-07-30T15:56:24Z "When a data export or removal request is created, a user must confirm that request within x days. By default, this is 1 day (24 hours), but it can be changed using the `user_request_key_expiration` filter. If a user does not confirm the request within that time, it is marked as failed, and the request needs to be re-initiated. Currently, requests are only marked as failed when the Export/Erase Personal Data screens are accessed. By default, only administrators can access this page, and will most likely do so very infrequently. Because of this, a cron may be more appropriate for marking requests as failed. A `posts_per_page => -1` query arg is also used to fetch expired requests, which could cause issues when a large number of requests have failed. Moving this action to a cron should cut down on the number of requests that need to be transitioned at a time." desrosj Untriaged tickets (that need a patch) 44001 oEmbed two click / local emoji scripts Privacy 4.9.6 normal major Awaiting Review enhancement new 2018-05-08T06:10:40Z 2019-12-12T20:26:56Z "Hi, the first beta release 4.9.6 has a few optimziations due to the GDPR, but I think, WordPress is missing two very relevant features. With the latest beta release, WordPress would not be legal for use within the EU - except you´re using WordPress as private notepad! 1) oEmbed two click solution: similar to the shariff plugin, all embedded items via the core WordPress oEmbed function need a two click privacy. Only when the user first clicks on the embedded item, the scripts should be active and the user can view / listen to the embedded item. 2) The emoji script is loaded from Automaticc. There is no possibility to disable this behaviour or the best would be: load all scripts locally. This is one of the relevant of GDPR: you cannot tell your users or lawyers, why it is relevant for using your site, when specific scripts like emoji are loaded from a CDN. There is no need for a CDN. It would be great, if you could still imagine to implement those both things, because they are rather important than a general privacy policy page, which the most users of WordPress had already created as a single page. And I think not all related core features needs an extra plugin, when it´s time to develop the core further. WordPress should go ahead and implement more features to the core than letting even more plugins used for a proper website. Thanks and regards," yoursql719 Untriaged tickets (that need a patch) 44370 wp_privacy_delete_old_export_files runs too much on some setups Privacy 4.9.6 normal normal Awaiting Review enhancement new 2018-06-14T14:38:31Z 2019-06-19T12:10:21Z "The `wp_privacy_delete_old_export_files` cron job added in [43046] #43546 runs on an hourly schedule. On large multisite networks, this means that these cleanup are running more or less constantly. Yet they're almost never needed. It's possible to write a plugin that modifies the behavior, by changing the way that scheduling is done so that it conforms better to the needs of a large network. However, I thought it might be worth considering whether there are changes that WP itself could make that would mitigate the problem for all installations. A few ideas, some of which are mutually compatible: 1. Instead of scheduling the event on 'init', only schedule it when an export file is generated. 2. During the cleanup routine, check for the existence of export files. If none are found, unschedule the recurring event (or don't schedule the next one) 3. In combination with the above, use single events rather than recurring ones 4. Perhaps the cleanup routine itself would be a single event, while a less-frequent (say, daily) recurring event would be to check whether specific cleanup events need to be scheduled (these would be cases missed by 1) If the team thinks this is too complex, or should be left up to the maintainer of the site in cases where it makes a difference, feel free to close the ticket." boonebgorges Untriaged tickets (that need a patch) 52903 Consent Management within WordPress Core Privacy normal normal Awaiting Review feature request new 2021-03-24T15:31:29Z 2022-10-14T19:56:55Z "**Website visitor / user Privacy choices:** a. Users who are not registered on a site, or who choose not to log in when prompted, can set their consent preferences via a simple banner (Gutenberg block) on the front end, which will set a (functional) cookie value for consent. It should be possible for plugins to filter the banner contents and to change the appearance. b. Registered users can set their consent preferences via an interface in wp-admin, after logging in. The interface should extend the ""Edit Profile"" page. Once a registered user logs out, the consent cookie value should be updated to reflect their preferences as per the database (sync). **(Sane) Defaults:** Five default consent categories have been proposed: Functional; Preferences; Anonymous Analytics; Analytics and Marketing. Website owners / admins should be able to set site-wide defaults by setting a site option value, or by using a plugin to do so. [An alternative would be to allow them to do so via filter.] It should be possible for site owners / admins to add additional consent categories, or to add nested sub-categories, or to allow a plugin to do so. As privacy legislation varies across the globe, I believe that WordPress should default to TRUE for each category, if not overridden, to maintain backwards compatibility and avoid unexpected behaviour. **Proposed Consent Management hierarchy:** 1. If the user is logged in and has set consent preferences, obtain their preferences via an extension of the REST API. Using the REST API will allow us to cater for cookies that are set in JavaScript, rather than in PHP. The basic logic: {{{#!php TRUE, ""preferences"" => TRUE, ""anon_stats"" => TRUE, ""stats"" => TRUE, ""marketing"" => TRUE); return $consent; }}} **How to integrate all of this into the Developer community:** This would require a number of approaches and mechanisms, including: New functions: Creating a wp_setcookie(); function in PHP and a corresponding function in JavaScript that checks for consent before placing a cookie; Use of wp_setcookie(); can then be required for new plugin submissions to the WordPress.org repository. Updating existing functions: Updating other functions like wp_mail(); and the HTTP and REST APIs to check for the appropriate consent. In the case of wp_mail(); for example, this can be done by adding a new parameter variable for $consent_purpose. We can add a _doing_it_wrong(); if this variable is not present. In the case of the REST API, consent could possibly be integrated into a permission callback, but that is something we'd need Timothy's (and others) input on. Education drive: Voluntary compliance is preferred. By providing documentation, resources and discussing with as many stakeholders as we can (primarily on Slack), we can encourage adoption through education. **Related tickets:** I will be closing #51188 in favour of this ticket to make it easier for new contributors to get involved. Please do feel welcome to read the closed ticket if you need / want background. #51110 deals with the design of a wp-admin interface. There is not a ticket for the design of a Gutenberg block (as a front end ""interface"") yet." carike Future Releases 50141 Data erasure/export links should notify the user that the action has already been confirmed Privacy normal normal Future Release defect (bug) new 2020-05-11T02:16:56Z 2020-05-12T05:53:27Z "When a data erasure/export process is started, an email is sent to the email to confirm the action. That email contains only-use-once link that needs to be confirmed for the process to start. The first request to that url has a nice ""Thanks, you'll be notified when ready"" type message, but clicking the link a second time will just trigger a `wp_die( 'This link has expired.' );` message without any context as to why. It's also possible that some email scanners (Either on the server, or on an email client) may request the URL on the users behalf to verify if the URL contains any malicious content in which case the email owner would never actually see the success message, and only the expired link message." dd32 Future Releases 44204 Privacy export codebase in 4.9.6 doesn't use WP Filesystem API Privacy 4.9.6 normal normal Future Release defect (bug) new 2018-05-23T13:01:28Z 2020-08-22T21:11:04Z "The codebase added in WP 4.9.6 for privacy was written with low-level file APIs like fopen(), file_exists(), fwrite(), etc. rather than the WP Filesystem API. Quick to see in wp_privacy_generate_personal_data_export_file(). This restricts core parts of the privacy management functionality to only operate on hosts with direct access to the local filesystem. It is recommended to instead use the WP Filesystem API so that more secure hosts are supported and a broader set of filesystems can be used, e.g. SSH, FTPext, FTPsocket, etc. https://codex.wordpress.org/Filesystem_API" diablodale Future Releases 44222 Add Archive state to privacy requests garrett-eclipse Privacy 4.9.6 normal normal Future Release enhancement assigned 2018-05-25T06:34:37Z 2020-10-20T19:46:09Z "Hello, A suggestion for v2 of GDPR is to add an archive/trash state and list view to erasure requests. Currently, the last state/phase in the erasure process is 'Completed' with the 'Next Steps' action being 'Remove request'. This automatically prompts the admin to remove and clear the deck. In many if not most cases though the site holds backups which upon site failure will be used to restore the site/content and thus the users PII data. Under GDPR my understanding is the admin is required to re-remove the users data. Backups are partially safe with GDPR because they are required for site security/integrity, but under retention can only be kept for a reasonable timeframe. So I was thinking a way to safeguard admins would be to introduce a trash/archive which would have the action for Completed be 'Archive' instead of 'Remove'. This would place the request in the trash and remove from the 'All' view to reduce the clutter. On a new Trash view you're find these requests with the ability to delete permanently. And I think I heard something about privacy settings at some point in slack which could allow a retention period setting for these archives be set and a cron to auto-remove. So admins would be able to have their database retention and erasure archive retention periods basically match. This would enable them to use the archive list, export it possible, and use it to re-remove users upon database restore. Most of it is up to the admin to disclose their backup policy and how they'll re-remove users but would definitely help safeguard them from losing requests by running through the workflow too quickly. Hope that mostly makes sense, mainly just wanted the idea out there. All the best, *Note: Most of this is to 'my understanding' so I defer to those more versed in the new regulations." garrett-eclipse Future Releases 43822 Add UX in the Network Admin for exporting/anonymizing/deleting personal data across the entire network Privacy normal normal Future Release enhancement new 2018-04-20T20:12:18Z 2020-07-06T20:17:20Z "It's not practical for a super admin to hunt down personal data by going to the Dashboard of each site in the network. There should be one centralized place in the Network Admin to receive and process SARs. This should look similar to the UX in #43546 and #43602, but the underlying functionality for managing the data across the entire network is being discussed in #43738." coreymckrill Future Releases 44078 Add an email pseudonymization function that preserves first letter and TLD Privacy normal normal Future Release enhancement new 2018-05-14T18:16:11Z 2019-09-20T03:35:24Z "In addition to the existing behavior of wp_privacy_anonymize_data( 'email', $email_address) which returns deleted@site.invalid, it would be useful, e.g. for debug logging to have another type that would return pseudonymized email addresses that retain a little bit of the original address, e.g. {{{#!php my-mailbox@mailprovider.com.ca }}} could become something like {{{#!php m*********@****************.ca }}} Where the number of * corresponds to the letters removed, and only the first letter of the email address and the TLD are retained. See also https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/" allendav Future Releases 44320 Inform users when their site's privacy policy is not publicly visible Privacy 4.9.6 normal normal Future Release enhancement new 2018-06-06T19:55:31Z 2019-05-23T19:23:54Z "When a page is selected as the site's privacy policy and is not published, users that can edit the privacy policy should be notified that the page is not publicly visible. Currently, the only way to know that the selected privacy policy page is unpublished is to go to Pages in the admin and see the page listed with `- Draft` next to its title. #44100 will add `- Draft` to the page titles in the settings dropdown, but that is not visible unless viewing the Settings > Privacy page. #44131 aims to adjust some of the text on the Settings > Privacy page to indicate the page would be previewed and not viewed, but this is also only seen when on that settings page. Here are a few ideas that have been thrown tossed around. == Dashboard Widget A dashboard widget for Privacy that could indicate any issues with the site's privacy settings. Some examples of what could appear here: - ""Your site does not have a privacy policy selected."" - ""The privacy policy page selected is not publicly visible"" - Maybe further down the road, ""Several active plugins on your site do not declare support for data privacy features"" (see #43938, #43750). == Admin Notice This admin warning would be dismissible and only show up to users that have the ability to manage the privacy policy. Which pages to show this on and whether ''another'' admin notice should be introduced should be carefully considered. Related: #44100, #44131." desrosj Future Releases 44153 Plugin privacy polices and admin notification Privacy 4.9.6 normal normal Future Release enhancement new 2018-05-18T23:14:22Z 2019-04-22T16:54:53Z "If a plugin adds a privacy policy by hooking wp_add_privacy_policy_content(), the information shows up on example.com/wp-admin/tools.php?wp-privacy-policy-guide=1. However, there's no link on the dashboard menu (esp settings->privacy) regarding that. Settings->privacy does say ""Need help putting together your new Privacy Policy page? Check out our guide for recommendations on what content to include, along with policies suggested by your plugins and theme."" with a link in the text, but it's quite obscure. How about a 2nd line: If any plugins or themes have available privacy policies, you'll find them [link]here[/link]. You can them use them on your own privacy policy page." sterndata Future Releases 44145 Rework Privacy settings page to use the Settings API xkon* Privacy 4.9.6 normal normal Future Release enhancement accepted 2018-05-18T12:23:18Z 2020-09-26T00:04:24Z Now that the Privacy page is under Settings, it should be reworked to utilize the Settings API. desrosj Untriaged tickets (that need a patch) 49355 """Publishing failed. Error message: Could not update post in the database"" caused by encoding" Posts, Post Types 5.3.2 normal normal Awaiting Review defect (bug) new 2020-02-04T01:30:57Z 2023-07-02T14:44:32Z "I have some text that I am copying into the title of a post. I get the following error: ""Publishing failed. Error message: Could not update post in the database"" The text is: 𝐀 𝐖𝐢𝐧 𝐟𝐨𝐫 𝐚 𝐉𝐮𝐬𝐭𝐢𝐜𝐞 𝐂𝐞𝐧𝐭𝐫𝐞 𝐂𝐥𝐢𝐞𝐧𝐭! I am having trouble understanding what encoding this text is. Why is this failing to save to the database? My database is set to utf8mb4. Why WordPress is choking on it?" 1000camels Untriaged tickets (that need a patch) 39939 A Contributor cannot preview their own post if it's scheduled Posts, Post Types normal minor Awaiting Review defect (bug) new needs-unit-tests 2017-02-22T12:52:02Z 2017-02-23T05:36:25Z "Steps to reproduce: 1. A Contributor writes a post and submits it for review. At this point they can preview their post. 2. An Editor or Administrator approves the post and schedules it for publication at a later date. 3. The contributor viewing the Posts listing table can no longer preview their post. Previously: #33694 " johnbillion Untriaged tickets (that need a patch) 53195 Add $post or $post_id to the quick_edit_custom_box hook Posts, Post Types normal normal Awaiting Review defect (bug) new 2021-05-12T11:17:34Z 2021-05-12T11:17:34Z "Right now when you're adding a custom box to quick edit, you can't set an existing value without using JavaScript, cause you don't have acces to the post. For a more elaborate explanation, see the User Contributed Notes, top one by stevenlinx: https://developer.wordpress.org/reference/hooks/quick_edit_custom_box/ It would be more elegant if we could just use the post within the hook I think." tomjdevisser Untriaged tickets (that need a patch) 47072 Hierarchical post types missing attributes meta box if post type doesn't support 'page-attributes' or have templates Posts, Post Types 5.1.1 normal minor Awaiting Review defect (bug) new 2019-04-29T17:11:09Z 2019-04-29T17:11:09Z Setting the hierarchical argument to true in the register post type function doesn't enable the post parent automatically. In order for this meta box to show up you must also enable post type support for page-attributes or the post type must have templates. I would think the post parent dropdown should be visible by default if the post type is hierarchical. This applies to both the Classic and Gutenberg editor. natereist Untriaged tickets (that need a patch) 43752 ID, post_parent, menu_order on global $post object is a string in edit context; expecting int Posts, Post Types 4.9.5 normal normal Awaiting Review defect (bug) new needs-unit-tests 2018-04-12T23:34:08Z 2018-04-19T00:27:16Z "When I'm on an edit post screen, the ID, post_parent, menu_order attributes on the global $post object are strings. I expect them to be integers. To quickly check, put this in a plugin: {{{#!php ID); }); }); }}} Here's what's happening: 1. in wp-admin/post.php the edit case happens, and within that the post gets reloaded here: https://github.com/WordPress/WordPress/blob/4.9.5/wp-admin/post.php#L167 2. that function will run the post object through its own filter with filter edit here: https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L552 3. because at the time $this->filter = ""raw"", and the $filter is edit, that will run the object through sanitize_post here https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/class-wp-post.php#L354 4. sanitize_post will, in turn, run all the fields through sanitize_post_field here: https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L1940 5. and even though we have 3 fields set as int (https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L1973), by the time we get to this part (https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/post.php#L2027-L2034), those three will be ran through esc_attr 6. esc_attr will feed it through _wp_specialchars here https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/formatting.php#L3978 7. which begins with $string = (string) $string; here https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/formatting.php#L912 The part that throws me off is that `sanitize_post_field` declares these three properties to be integers at the beginning of the function, so I sort of expected them to come out as integers on the other end." javorszky Untriaged tickets (that need a patch) 59014 PHP Fatal error in post-template.php Posts, Post Types 6.3 normal minor Awaiting Review defect (bug) new 2023-08-09T03:40:21Z 2023-10-31T00:34:33Z "Hi there, I hope this email finds you well. Unfortunately, we've recently encountered a critical error that requires immediate attention. This issue pertains to the single page templates, specifically an example like this: https://volunteeringqld.org.au/governance/before-you-join/. The error was not present a week ago, and we're currently grappling to determine its cause. This problem was initially observed on both WP6.22 and WP6.3. The post https://volunteeringqld.org.au/governance/before-you-join/ connected to a single template php `mytemplate/single-governance-before-you-join.php`, what calls `` what throws error ""There has been a critical error in this website"" and output steam finishes. Log error gives this line: {{{ ""PHP message: PHP Fatal error: Uncaught TypeError: Unsupported operand types: WP_Post - int in /.../wp-includes/post-template.php:330 Stack trace: #0 /.../wp-includes/post-template.php(247): get_the_content() #1 /.../wp-content/themes/volunteeringAU/single-governance-before-you-join.php(411): the_content() #2 /.../wp-includes/template-loader.php(106): include('...') #3 /.../wp-blog-header.php(19): require_once('...') #4 /.../index.php(17): require('...') #5 {main} thrown in /.../wp-includes/post-template.php on line 330', referer: https://volunteeringqld.org.au/governance/"" }}} To address this, we have applied the following code snippet in `post-template.php` line 330: {{{ if( ! is_int($page_no)) { $page_no = 1; // Igor //echo ''; } }}} When echo ancommented it gives {{{ Array ( [page] => WP_Post Object ( [ID] => 5 [post_author] => 7 [post_date] => 2021-10-21 04:24:08 [post_date_gmt] => 2021-10-21 04:24:08 [post_content] => [post_title] => Home [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => home [to_ping] => [pinged] => [post_modified] => 2023-05-26 13:50:03 [post_modified_gmt] => 2023-05-26 03:50:03 [post_content_filtered] => [post_parent] => 0 [guid] => https://volunteeringqld.org.au/?page_id=5 [menu_order] => 0 [post_type] => page [post_mime_type] => [comment_count] => 0 [filter] => raw ) [more] => 1 [preview] => [pages] => Array ( [0] =>

    Achieving a good transition to the next volunteer who will take over from you has benefits for you, the organisation, and the incoming governance member. Let’s explore things you can do to ensure a good handover.

    In this stage of your Governance journey we explore:

    ) [multipage] => 0 ) }}} As you can see, instead of having 1 in `$elements['page']`, it contains a `WP_Post` object of the very first post from the database, even not the one that is displayed. We are hopeful that this information helps you in resolving the issue and that a solution will be included in an upcoming patch. Please don't hesitate to reach out if you require more details or assistance. Best regards, Igor " volqld Untriaged tickets (that need a patch) 58062 Positioning of custom post type submenu Posts, Post Types 3.1 normal normal Awaiting Review defect (bug) new 2023-04-02T22:48:57Z 2023-04-12T19:21:47Z "''Current Functionality (since 3.1.0):'' One can add a CPT as a submenu of another CPT by setting the `show_in_menu` argument of the `register_post_type()` function as `edit.php?post_type=CUSTOM_CPT_SLUG`. The submenu is then added into the administration menu by way of the `_add_post_type_submenus()` function. When this occurs, the submenu CPT's are displayed in the order the CPTs were registered. ''Problem:'' The current coding prohibits the ordering of CPT submenu items per the programmer's desires in the event CPT registration is unable to be controlled or in the event other submenu pages are added via the `add_submenu_page()` method. This occurs because the call to [https://developer.wordpress.org/reference/functions/add_submenu_page/#source add_submenu_page()] by [https://developer.wordpress.org/reference/functions/_add_post_type_submenus/#source _add_post_type_submenus()] only passes 5 arguments. (The sixth omitted argument is what handles menu positioning.) ''Solution:'' The `menu_position` argument passed to the `register_post_type()` function already exists, and defines a CPT's positioning within a menu. The solution is to incorporate this argument into the core by modifying line 2079 of [https://core.trac.wordpress.org/browser/tags/6.2/src/wp-includes/post.php#L2079 wp-includes/post.php] as follows: {{{ add_submenu_page( $ptype_obj->show_in_menu, $ptype_obj->labels->name, $ptype_obj->labels->all_items, $ptype_obj->cap->edit_posts, ""edit.php?post_type=$ptype"", isset($ptype_obj->menu_position) ? $ptype_obj->menu_position : NULL ); }}} " mort1305 Untriaged tickets (that need a patch) 53418 Post Status Transition missing Hook Posts, Post Types 5.7.2 normal blocker Awaiting Review defect (bug) new dev-feedback 2021-06-15T23:42:17Z 2021-06-15T23:42:17Z "REF: https://codex.wordpress.org/Post_Status_Transitions So I have been testing this and found there is an issue creating the post type **new to pending**: {{{#!php $id, 'post_content' => 'Hello, World!', ] ); }}} 3. Observe that a significant number of unnecessary taxonomy queries are performed" johnbillion Untriaged tickets (that need a patch) 58134 Use correct plural of status Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-04-15T06:58:24Z 2023-08-18T23:37:30Z "Core uses a variable named **$stati** (10 times to be found, in 3 files), but that's not the correct plural form of '**status**', neither in english, nor in latin or elsewhere. So I plead to change it to **$statuses**. While there seems to be no decent rule for variable names, so technically the variable could be named $stsii or whatever, still we are called to not {{{ ""abbreviate variable names unnecessarily; let the code be unambiguous and self-documenting."" }}} see https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/ Also, as we all know, ""**Code is Poetry**"", isn't it? Now you could argue poetry has some freedoms, but I strongly believe it should use correct grammar, at least in this case. So I may have convinced you finally of that one, but there's one more issue: There's also a function {{{ get_post_stati() }}} see https://developer.wordpress.org/reference/functions/get_post_stati/ c'mon, let's rename it to **get_post_statuses**, while we're on it. You may think this is petty, but it gave me some confusion and after all it's just wrong. Let's get rid of an usage of a plural form which doesn't exist. " Presskopp Untriaged tickets (that need a patch) 54964 get_permalink() does not use the correct slug rewrite base Posts, Post Types 5.9 normal blocker Awaiting Review defect (bug) new reporter-feedback 2022-01-27T22:10:49Z 2023-10-04T11:54:50Z "Hello, get_permalink does not work well for custom posts with slug rewrite. E.g. I have implemented articles post type: {{{#!php array('slug' => _x('articles','slug','mydomain')),...)); }}} 'articles' is translateD to slovak language as 'clanky'. But **get_permalink({id_of_article})** returns '''localhost:10010/articles/my-title'''. It is wrong and i have recieve error 404, because right link is '''localhost:10010/clanky/my-title'''. It works OK for older WP version. Thanks a lot for any result. Kind regards, Ondrej Jakuba " jakubaondrej Untriaged tickets (that need a patch) 60427 "small ""ü"" in page as anchor causes a mistake when try to save (wrong JSON-response)" Posts, Post Types 6.4.3 normal minor Awaiting Review defect (bug) assigned 2024-02-02T19:00:04Z 2024-02-02T19:00:04Z "I tried to make some changes on a page with pre-block content. It contains some anchors and everytime I tried to save the page after some small changes I got the alert ""Aktualisierung fehlgeschlagen. Die Antwort ist keine gültige JSON-Antwort."". The well know answer that there is something wrong with JSON. I found the reason is that in the anchors where small ""ü"" (a german umlaut). It happened with the anchor target as well as with the anchor link. And at the same time there are some anchors with other umlauts, namely with a big ""Ü"", which do not cause the issue." gregordoehnert Untriaged tickets (that need a patch) 54376 Add `is_post_publicly_viewable` filter Posts, Post Types normal normal Awaiting Review enhancement new 2021-11-04T22:33:22Z 2022-02-03T20:31:39Z "Related to #49628, #54375. Add a filter to the is_post_publicly_viewable() function to allow theme and plugin developers to override the default value. In some circumstances a developer may require the checks use different conditions to the default. " peterwilsoncc Untriaged tickets (that need a patch) 38599 Allow verbose rewrite rules with custom post types Posts, Post Types normal normal Awaiting Review enhancement new 2016-11-01T00:08:41Z 2021-07-27T05:50:55Z "Every time I create a custom post type (say, Book) I invariably want a structure like this: /books/ - static page where I can write all sorts of overview content with all of the formatting provided by the theme's page template (not a basic post type archive) /books/book-1/ /books/book-2/ - custom post type permalinks This is possible by using a rewrite slug of books. However, if someone then creates a subpage of books, they'll get a 404 error, full stop. This has been around a long time, and many workarounds have been provided in trying to get verbose rules triggered, such as: https://gist.github.com/mattberridge/2960966 Rewrite rules underwent some major changes a while ago for improved performance (to get %postname% permastructures working well, then there were pretty attachment URLs, etc), which results in these workarounds no longer working. (Custom post type rules get inserted at a place which isn't easy to reorder and conflicts with other rules). Instead, I have to keep using unique prefixes which make things look messy and confusing to visitors: /books/ /book/book-1/ (even though there is no /book/ page on my site) Having a nicer structure seems like a very common use case (especially given the number of search results you'll find about workarounds). I'd like to suggest allowing custom post types to trigger verbose rules in a way that will work." smerriman Untriaged tickets (that need a patch) 49428 Extend get_the_post_pagination() to consider total argument luludak Posts, Post Types normal minor Awaiting Review enhancement assigned 2020-02-13T16:57:34Z 2020-02-13T16:57:34Z "Right now, the usage of the_posts_pagination() is associated directly with the Global query. By investigating its code in [https://developer.wordpress.org/reference/functions/the_posts_pagination/ documentation], I noticed that, it practically retrieves the pagination arguments expected by {{{paginate_links($args)}}}, but it checks on global query ({{{$GLOBALS['wp_query']}}}) for the maximum number of pages. However, one of the arguments of {{{paginate_links($args)}}} is {{{total}}}, which, by documentation is: ""The total amount of pages. Default is the value WP_Query's max_num_pages or 1."". Since this exists as argument, my question is, why don't we check for the {{{total}}} in {{{get_the_posts_pagination()}}}? That way, we can allow its usage on custom queries (they can propagate the number of pages in the {{{total}}} argument), not using the global query at all - as this check can block the use of {{{total}}} as argument. This fix can be made by changing this code in **link-template.php**: {{{if ( $GLOBALS['wp_query']->max_num_pages > 1 ) {}}}} into: {{{if ( (! empty( $args['total'] ) && $args['total'] > 1 ) || $GLOBALS['wp_query']->max_num_pages > 1 ) {}}} Note I did not remove the previous check on global query, to ensure backwards compatibility - {{{paginate_links($args)}}} uses global query to retrieve default arguments - so this part of code is useful. I also check for emptiness and then checking for the argument check in order to apply partial evaluation. Please note I am adding this ticket for further discussion - since I am new to the community. If this is considered of value, I will be happy to work on the patch. " luludak Untriaged tickets (that need a patch) 48375 Introduce a separate capability for trashing a post Posts, Post Types normal normal Awaiting Review enhancement new 2019-10-20T20:40:44Z 2020-01-06T20:06:53Z "Related: #41674 It's sometimes desirable to allow users to trash posts but not permanently delete them once trashed, nor empty the trash. There should be a meta capability, `trash_post|trash_posts`, which by default maps to `delete_post|delete_posts` which is used when a post is trashed instead of deleted. This would allow a plugin to grant a user the ability to trash posts but not permanently delete them." johnbillion Untriaged tickets (that need a patch) 41674 More granular capabilities for restoring and permanently deleting trashed posts Posts, Post Types normal normal Awaiting Review enhancement new needs-unit-tests 2017-08-19T16:00:27Z 2017-08-19T16:00:27Z "Currently the user capability required for restoring a trashed post or permanently deleting a trashed post is `delete_post`, which maps to `delete_posts`. There should be a separate capability for each of these actions. Suggestion: * `restore_trashed_post` which maps to `restore_trashed_posts` which maps to `delete_posts`. * `delete_trashed_post` which maps to `delete_trashed_posts` which maps to `delete_posts`. Emptying the trash should use the `delete_trashed_posts` capability. This allows for more granular control over which users can or cannot restore or permanently delete posts." johnbillion Untriaged tickets (that need a patch) 41773 Page Templates // Post Type Templates | Any Post Type? Posts, Post Types 4.7 normal normal Awaiting Review enhancement new reporter-feedback 2017-09-01T00:39:03Z 2021-06-07T09:59:55Z "If I add a template like this: {{{#!php ID, 'post_meta' );`, which correctly updates the value of post_status, if you perform another `get_post()` right after. But, the `$post` object is then passed to the action `clean_post_cache`, with the outdated values instead. So if someone hooks a function on `clean_post_cache`, and uses the `$post` object passed, it's going to receive incorrect values compared to what would be expected. But if you perform a `get_post()` inside that function, you will get the correct values. I only tested this with the `post_status` parameter, but this might be affecting others too. I would expect that the `$post` object passed to the `clean_post_cache` action contains up-to-date values." tabrisrp Future Releases 46288 'get_extended' breaks when using 'more' gutenberg block Posts, Post Types 5.0 normal normal Future Release defect (bug) new 2019-02-20T10:21:14Z 2019-04-24T06:21:18Z "'get_extended' returns the closing tag ' in the extended content, which prevents 'the_content' filter from working correctly. Steps to replicate: {{{#!php ', '', $post); }}} " joewebber Future Releases 52389 Consistently check for non-empty post ID in attachment functions SergeyBiryukov* Posts, Post Types normal normal Future Release defect (bug) accepted 2021-01-28T10:53:31Z 2021-02-17T23:54:41Z "Background: #50679, #52196. As a result of the changes in [49084] and [50039], `wp_get_attachment_metadata()` conditionally calls `get_post()` if the attachment ID is not passed: {{{ $attachment_id = (int) $attachment_id; if ( ! $attachment_id ) { $post = get_post(); if ( ! $post ) { return false; } $attachment_id = $post->ID; } }}} This is not really consistent with other attachment functions, which just always call `get_post()` unconditionally: {{{ $attachment_id = (int) $attachment_id; $post = get_post( $attachment_id ); }}} Let's bring some consistency here, there is no reason for these minor differences. This applies at least to: * `wp_get_attachment_metadata()` * `wp_get_attachment_url()` * `wp_get_attachment_caption()` * `wp_get_attachment_thumb_file()` * `wp_get_attachment_thumb_url()`" SergeyBiryukov Future Releases 47637 Enhance excerpt_remove_blocks to handle more types of group blocks Posts, Post Types 5.2.2 normal normal Future Release defect (bug) reopened 2019-07-02T11:29:15Z 2021-11-22T07:21:00Z "The function excerpt_remove_blocks only considers top-level Blocks in an allowed list for the autogeneration of excerpts. However, since there is now a Group Block in Core (and a lot of self-developed Grouping Blocks out there), this can lead to autogenerated Excerpts being empty although there is plenty of content within the Post. I propose to add a new filterable ""group blocks"" array, which adds another level to be included in the autogeneration. Additionally, there should be a possibility to register a callback which can be used to generate a custom excerpt dynamically if needed for custom blocks. Change function excerpt_remove_blocks to this: {{{ function excerpt_remove_blocks($content){ $allowed_inner_blocks = array( // Classic blocks have their blockName set to null. null, 'core/freeform', 'core/heading', 'core/html', 'core/list', 'core/media-text', 'core/paragraph', 'core/preformatted', 'core/pullquote', 'core/quote', 'core/table', 'core/verse', ); $group_block_excerpt_functions = array( 'core/group' => 'parse_group_block_excerpt', ); $allowed_blocks = array_merge( $allowed_inner_blocks, array( 'core/columns' ) ); /** * Filters the list of blocks that can contribute to the excerpt. * * If a dynamic block is added to this list, it must not generate another * excerpt, as this will cause an infinite loop to occur. * * @since 4.4.0 * * @param array $allowed_blocks The list of allowed blocks. */ $allowed_blocks = apply_filters( 'excerpt_allowed_blocks', $allowed_blocks ); $group_blocks = apply_filters('excerpt_allowed_group_blocks',$group_block_excerpt_functions); $blocks = parse_blocks( $content ); $output = ''; foreach ( $blocks as $block ) { if(in_array($block['blockName'],$group_blocks,true)){ //We have a group Block with no extra excerpt function $output.= parse_group_block_excerpt($block,$allowed_inner_blocks); } elseif(in_array($block['blockName'],array_keys($group_blocks),true)){ //The Block registered a custom callback for autogenerating an Excerpt $output.=call_user_func($group_blocks[$block['blockName']],$block,$allowed_inner_blocks); } elseif( in_array( $block['blockName'], $allowed_blocks, true ) ) { if ( ! empty( $block['innerBlocks'] ) ) { if ( 'core/columns' === $block['blockName'] ) { $output .= _excerpt_render_inner_columns_blocks( $block, $allowed_inner_blocks ); continue; } // Skip the block if it has disallowed or nested inner blocks. foreach ( $block['innerBlocks'] as $inner_block ) { if ( ! in_array( $inner_block['blockName'], $allowed_inner_blocks, true ) || ! empty( $inner_block['innerBlocks'] ) ) { continue 2; } } } $output .= render_block( $block ); } } return $output; } }}} Add a function parse_group_block_excerpt {{{ function parse_group_block_excerpt($block,$allowed_blocks){ $output = """"; if(!empty($block['innerBlocks'])) { foreach($block['innerBlocks'] as $inner_block){ if('core/columns' === $inner_block['blockName']){ $output .= _excerpt_render_inner_columns_blocks( $inner_block, $allowed_inner_blocks ); continue; } // Skip the block if it has disallowed or nested inner blocks. foreach($inner_block['innerBlocks'] as $inner_inner_block){ if ( ! in_array( $inner_inner_block['blockName'], $allowed_inner_blocks, true ) || ! empty( $inner_inner_block['innerBlocks'] ) ){ continue 2; } } } } return $output; } }}} After that, a custom block can register itself as an group block just by using {{{ add_filter('excerpt_allowed_group_blocks','add_my_awesome_group_block_to_excerpt'); function add_my_awesome_group_block_to_excerpt($allowed_blocks=array()){ $allowed_blocks[] = 'my-awesome/groupblock'; return $allowed_blocks; } }}} or even by using a custom excerpt function for dynamic blocks by using {{{ add_filter('excerpt_allowed_group_blocks','add_my_awesome_group_block_to_excerpt'); function add_my_awesome_group_block_to_excerpt($allowed_blocks=array()){ $allowed_blocks['my-awesome/groupblock'] = 'my_awesome_group_block_custom_excerpt'; return $allowed_blocks; } }}} (I hope i did this right as this is my first ticket)" kuchenundkakao Future Releases 27494 Posts page appears into search results Posts, Post Types 3.8.1 normal normal Future Release defect (bug) new close 2014-03-23T14:27:23Z 2020-03-03T22:50:07Z "Hi, if you set a static home page, so then a page for posts, this page is just a virtual page, because it doesn't have any content, just the title. But, if you search on the site for this title, the virtual page will be shown as search result. In my opinion this should be hidden." SGr33n Future Releases 49969 "Previewing the page designated as ""latest posts"" shows the frontpage" Posts, Post Types normal normal Future Release defect (bug) new 2020-04-21T11:32:13Z 2024-02-21T18:00:31Z "This continues the discussion from https://github.com/WordPress/gutenberg/issues/2409 **The issue** * Create two pages (let's call them ""My home"" and ""My posts"") * Go to customizer and set Homepage to be ""My home"" and Posts page to ""My posts"" * Edit ""My posts"" in editor mode * Press preview * Confirm you got ""My home"" instead of ""My posts"" **The root cause** When you click ""Open preview in new tab"" while editing ""My posts"", Gutenberg redirects to a preview URL like this one: https://mywpsite.com/?page_id=5&preview_id=5&preview_nonce=12bd60d6f4&preview=true When you visit that URL, WordPress will load the front page instead of the posts page. This is because class-wp-query.php assumes that posts page is also the front page: https://github.com/WordPress/WordPress/blob/b4373fafe9b87f75bf9d65e808be8049510dff8b/wp-includes/class-wp-query.php#L1032 Then, when rendering a preview, it substitutes the page_id that was requested with the value of get_option( 'page_on_front' ): https://github.com/WordPress/WordPress/blob/b4373fafe9b87f75bf9d65e808be8049510dff8b/wp-includes/class-wp-query.php#L1904 If I remove the preview parameters and leave only ?page_id=5, it displays the correct page." zieladam Future Releases 48622 `editable_slug` filter does not pass the correct value Posts, Post Types 5.3 normal normal Future Release defect (bug) new 2019-11-14T05:23:52Z 2019-11-14T15:36:42Z "''Originally reported in https://github.com/WordPress/gutenberg/issues/15802.'' **Describe the bug** When using the block editor, the 1st param $post_name passed to the editable_slug filter hook is not the same as the classic editor, which is the expected one. **To reproduce** 1. Install Classic Editor to switch from block to classic 2. Create a draft post with title ""the post title"" and slug ""this-is-the-slug"" 3. Create a muplugin with: add_filter( 'editable_slug', function( $post_name ) { wp_die( $post_name ); } ); 4. Refresh your edit page **Expected behavior** With the classic editor you should have ""this-is-the-slug"" but when using block editor you have ""the-post-title"", sounds like the post_title sanitize with sanitize_title, it should be the real post_,name like classic is doing." noisysocks Future Releases 37671 Emptying Bin with large amount of posts results in whitescreen Posts, Post Types normal normal Future Release enhancement new needs-unit-tests 2016-08-15T16:01:56Z 2017-08-06T00:31:10Z "When the Bin has a large amount of posts, e.g over 1,500, clicking Empty takes a long time to load, several minutes. After it finishes, it loads a blank white page and has only deleted about 75% of the posts. There's ~500 remaining." atomicjack Future Releases 38715 Facilitate posts storing raw JSON in post_content by short-circuiting KSES and other filters Posts, Post Types normal normal Future Release enhancement new dev-feedback 2016-11-08T21:55:55Z 2019-03-26T07:59:01Z "When attempting to store arbitrary JSON in WordPress, the `post_content` field is the logical choice. Using `post_content` to store arbitrary JSON instead of postmeta is more performant and it also means that the JSON content will automatically get support for revisions. Storing JSON is done in core now for `customize_changeset` posts and it is done in the `widget_instance` post type in the Customize Widgets Plus plugin. In both cases, however, there are challenges when storing the JSON due to filters that may apply on `content_save_pre`. In particular, the KSES filters will apply on the `post_content` and strip out markup that is intended to be contained within JSON strings. The solution taken by changesets is to wrap the updates to the `customize_changeset` post type by the `\WP_Customize_Manager::save_changeset_post()` method. Before this method calls `wp_update_post()`/`wp_insert_post()` it suspends the KSES filters temporarily: {{{#!php Array ( [0] => category [1] => post_tag ) [label] => Book [rewrite_slug] => [query_var] => [public] => [show_ui] => 1 [show_in_nav_menus] => 1 [publicly_queryable] => [exclude_from_search] => 1 ) }}} Even if the post-type is NOT public or NOT publicly_queriable (see above), the counts of the posts in each category still shows, totally ignoring the settings of the post-type. == Expected Output == I would expect the count to be related to the results displayed. If there are no visible results for that category (i.e. the user can't see them due to public settings), I would expect the count to go to zero. == Actual Output == The count of posts in the given category seems to have nothing to do with the visible results. This is related to this bug: #18950" fireproofsocks Future Releases 25798 Certain single CPT items result in 404 since 3.7 Posts, Post Types 3.7 normal normal defect (bug) new needs-unit-tests 2013-11-01T14:58:10Z 2019-06-04T20:45:08Z "Related: #25749 The changes in [25182] to the query_var mapping of hierarchical post types have broken single permalinks in some cases, when Permalink setting is set to ""Post name"". To reproduce: 1. Register a post type as follows: {{{ register_post_type( 'bbg_test', array( // ... 'hierarchical' => true, 'public' => true, 'rewrite' => true, // any value other than false 'query_var' => false, // ... ) ); }}} 2. Set permalink settings to ""Post name"" (and flush) 3. Create a new post of the type above, and attempt to visit at the url `http://example.com/bbg_test/foo` (or whatever). Result: 404. 4. Change to any other permalink setting. Result: page loads as expected. Cause: When the CPT is registered with `'rewrite'` other than `false`, it passes the test at http://core.trac.wordpress.org/browser/tags/3.7/src/wp-includes/post.php#L1275. When it's hierarchical, it passes the test at line 1293. When, because `'query_var'` is set to `false`, the rewrite tag set on line 1294 is of the form 'post_type=bbg_test&pagename=foo' (instead of 'bbg_test=foo'). Then, when an item is loaded, during `WP::parse_request()`, it passes the `preg_match()` test here http://core.trac.wordpress.org/browser/tags/3.7/src/wp-includes/class-wp.php#L198, but a page (ie, an item with `post_type` 'page') is not found by `get_page_by_path()`, and as a result the correct rewrite rule is not matched. As noted, this is a regression in 3.7 [25182], before which `preg_match( '/pagename=\$matches...` wouldn't have matched. Obviously it's an edge case that (a) a post type is hierarchical AND has query_var set to false, and also (b) permalinks are set to ""Post name"", but it is a change in behavior that broke one of my plugins, and has been a bit of a bear to track down :) I'm going to set `query_var` to true for my purposes (no harm done on my end) but that may not be possible for others." boonebgorges Future Releases 21234 Recursive directory creation & get_calendar() for custom post types Posts, Post Types 3.4.1 normal normal defect (bug) new 2012-07-12T12:31:28Z 2019-06-04T20:43:17Z "Hello! I made two patches, and sent the pull request on githab. https://github.com/WordPress/WordPress/pull/12 https://github.com/WordPress/WordPress/pull/14 And I want to join to contributers team. How can I do it? Irc chanel is Terminated :(" avaddon Future Releases 22003 Saving custom fields goes to post-new.php rather than post.php Posts, Post Types 2.5 normal normal defect (bug) reopened 2012-09-26T15:57:01Z 2019-08-09T00:46:50Z "Create a new post or page. Add a title and message. Add a custom field (click ""Add Custom Field"") The post is saved, but as you are taken to post-new.php rather than post.php, it looks as if your post has disappeared! All is well - it is actually saved - but it's confusing. Tested on 3.5-alpha-21989" curiousdannii Future Releases 24415 The 'show_in_admin_all_list' argument for the 'register_post_status' function is ignored when the argument 'public' is set to 'false' Posts, Post Types 3.5.1 normal normal defect (bug) new dev-feedback 2013-05-25T00:06:51Z 2023-05-24T16:08:16Z "Hello, I stumbled upon a bug in the admin section of WordPress. I'm currently running the latest release (3.5.1) without any third-party plugins. After creating some custom post statuses via the 'register_post_status' function, I noticed that posts with them do not appear in the default (all) post listing in the admin section, despite me setting the 'show_in_admin_all_list' argument to 'true'. I narrowed this problem down only to the 'public' argument of the same ('register_post_status') function: if the 'public' argument of custom post status is set to 'true', then everything works as expected and the posts with a custom post status appear in the default (all) post listing in the admin section — but this also makes posts with that custom post status appear to the regular users, making them public, hence the name of the argument. It's worth noting that the 'public' argument has no such buggy effect on the 'show_in_admin_status_list' argument of the same ('register_post_status') function: it doesn't matter to what the 'public' argument is set — the links to the appropriate post statuses are showed at the top of the post listing only based on the 'show_in_admin_status_list' argument, just like it should." XyntaMan Future Releases 25113 non-latin CPT rewrite slugs fail `wp_safe_redirect` Posts, Post Types 3.6 normal normal defect (bug) new 2013-08-21T20:37:36Z 2019-06-04T20:44:40Z "If you localize your custom post type rewrite slugs in non-latin language and pass it to `wp_safe_redirect` it will strip all non-latin characters and attempt to redirect to stripped location. This can be easely reproduced if your custom post type supports comments and you submit a comment from post type single page as `wp_safe_redirect` is called after comment submission." entr Future Releases 36314 If orderby undefined, alter get_posts to defer to WP_Query's default Posts, Post Types normal normal enhancement new needs-unit-tests 2016-03-23T22:22:46Z 2019-06-04T20:56:15Z "If the argument is undefined, defer `get_posts` orderby & order to that of WP_Query's. For search strings, this will order posts by relevance. In other cases it will have no effect." peterwilsoncc Future Releases 20748 Include CPT Posts in Author Count & Archive Page Posts, Post Types normal normal enhancement new 2012-05-25T17:59:48Z 2019-06-04T20:43:09Z "For whatever reason, the default behavior is to only count the number of 'post' that an author has published. With the advent of custom post types, they should be included as well if the CPT has the 'author' capability. Currently, the author archive can include CPTs if you manually alter the query - this should be enabled by default if authorship is allowed." iridox Future Releases 23168 Introduce remove_post_status Posts, Post Types normal normal enhancement new 2013-01-10T08:32:49Z 2019-06-04T20:43:39Z Plugins and themes should be able to remove the default post statuses defined by core. kovshenin Future Releases 22845 On 32-bit systems, with post IDs higher than PHP_INT_MAX (2147483647) wordpress does not run fine Posts, Post Types 3.4.2 normal normal enhancement assigned 2012-12-10T09:13:01Z 2019-06-04T20:43:30Z "Logging all the MySQL queries I discovered that the queries that should pick my posts were all doing something like this: SELECT post_id, meta_key, meta_value FROM wp_postmeta WHERE post_id IN (2147483647,2147483647,2147483647,2147483647,2147483647,2147483647,2147483647,2147483647,2147483647,2147483647) This 2147483647 number clearly has something in it: it's the PHP_INT_MAX value on 32-bit operating systems, while on 64-bit machines it's 9223372036854775807 http://php.net/manual/en/language.types.integer.php So, the problem is divided in 2 parts: I run on a 32 bit system, and I have my IDs a bit too high. I know that 2147483647 is a bit high for a post ID, but I discovered this the hard way. Now, I would have preferred an error message in the administrator interface. Do you think it's a good idea?" copesc Untriaged tickets (that need a patch) 50847 update_post_thumbnail_cache returns notice when get_the_post_thumbnail used with ID after setup_postdata() Post Thumbnails 5.4.2 normal normal Awaiting Review defect (bug) new 2020-08-04T17:23:43Z 2020-08-21T10:55:00Z "**Situation:** - Inside main loop - foreach over array of (related) post_id's, - use ''setup_postdata($post)'' for each item - Items call get_template_part(something) - Template parts uses ''get_the_post_thumbnail'' which allow a post_ID - ''get_the_post_thumbnail'' calls ''update_post_thumbnail_cache'' (because in_the_loop) - ''update_post_thumbnail_cache'' gives **notice on line 101: Trying to get property 'ID' of non-object** - Restore main loop with wp_reset_postdata() **Possible fix:** Change this {{{#!php posts as $post ) { $id = get_post_thumbnail_id( $post->ID ); if ( $id ) { $thumb_ids[] = $id; } } }}} To this {{{#!php posts as $post ) { if (is_object($post)) { $post = $post->ID; } $id = get_post_thumbnail_id( $post ); if ( $id ) { $thumb_ids[] = $id; } } }}} in /wp-includes/post-thumbnail-template.php line 101 " tomcent Untriaged tickets (that need a patch) 56056 Specify a Custom Array of $sizes for `wp_get_attachment_image` to Reduce HTML Bloat Post Thumbnails normal normal Awaiting Review enhancement new 2022-06-23T15:44:50Z 2022-10-12T18:04:54Z "Plugins and the theme can specify multiple thumbnail sizes. Using `wp_get_attachment_image` provides a modern solution to responsive image sizes, however, it does not currently account for reducing the bloat to all the registered thumbnail sizes that are added by plugins / theme. Therefore a proposal is to allow a custom list of thumbnails to use, this can, for example, be specified as: {{{#!php }}} This should either embed the video or at the least display a link to the video. Here's an example plugin for reference: https://wordpress.org/plugins/simple-icons/" thememason Untriaged tickets (that need a patch) 48656 Views details blocked by SAMEORIGIN Plugins 5.3 normal major Awaiting Review defect (bug) new 2019-11-15T19:43:41Z 2019-11-17T17:19:12Z "Hello, On multisite, the ""view detail"" link on this page /wp-admin/plugins.php (in each plugin) is bloked by an error {{{ Chargement refusé par X-Frame-Options : « SAMEORIGIN » à l’adresse « https://example.com/wp-admin/network/plugin-install.php?tab=plugin-information&plugin=loco-translate& », le site ne permet pas l’utilisation de cadres multiorigines depuis « https://example.com/wp-admin/plugins.php ». }}} " sebastienserre Untriaged tickets (that need a patch) 53255 WordPress multisite allows you to delete plugins which are active on some subdomains Plugins 4.6 normal critical Awaiting Review defect (bug) reopened 2021-05-21T22:40:52Z 2021-05-22T14:56:21Z "Hello, I remember in the past, WordPress was not allowing you to delete a plugin that is active at least on one website. " denisflorin197 Untriaged tickets (that need a patch) 49599 Wrong PHPDoc wp_get_active_and_valid_plugins Plugins 5.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2020-03-08T14:08:07Z 2022-02-13T17:22:28Z "I found a misleading error in the documentation of wp_get_active_and_valid_plugins (in wp-includes/load.php): {{{#!php hooks(); } static public function uninstall() { error_log('uninstall method was called on ' . date('Y-m-d H:i:s')); } } $ATest = new \ATest(); $ATest->run(); }}} When I click on delete plugin (the plugin is already deactivated), the `pre_set_site_transient_update_plugins` hook was called. To reproduce. 1. Copy and paste the sample code above to new plugin file. For example test.php 2. Go to your WordPress > admin > plugins. 3. Activate this plugin. 4. Go to your DB, delete `_site_transient_update_plugins` option name in `options` table to make sure that this hook will be call next time. 5. Reload admin plugins page. This hook will be called as normal process because plugin is activated. The error log will be write to **wp-contents/debug.log** file. 6. Deactive this plugin. 7. Maybe try to reload plugins admin page again. The hook will not called from this plugin, no error log were write. This is correct. 8. Click on delete this plugin. 9. The error log were write because this hook is called while it is on uninstall process. This is incorrect!! It should not be called. WordPress 6.0-alpha-52682" okvee Untriaged tickets (that need a patch) 51731 Add the reason for deactivation to the 'deactivate_plugin' hook. Plugins normal normal Awaiting Review feature request new 2020-11-09T14:28:12Z 2020-11-09T14:38:20Z To be able to check if a plugins was disabled by a user action or because of the 'validate_active_plugins' check that is done on when visiting the plugins.php page would be great from a management perspective. Many WordPress installations have some required plugins which are not necessary for the site to work but do need to be active for one reason or another. This enables the option to notify the admin when a plugin gets disabled by accident because of a failed updated or any other reason. merlijnvanlent Future Releases 47160 Backport blocking of plugin updates if required PHP version is not supported Plugins 5.2 normal normal Future Release defect (bug) new dev-feedback 2019-05-06T21:46:08Z 2019-10-07T23:38:51Z "Follow-up from #43987 and #44350. Description from https://core.trac.wordpress.org/ticket/43987?cnum_edit=46#comment:41 With WordPress 5.2 requiring at least PHP 5.6, many plugin authors will start updating their plugins to also require PHP 5.6. This is fine for users running WordPress 5.2, but for users on older versions of WordPress they'll start receiving update notifications for plugins that they may no longer be able to run if they're using a version of PHP older than 5.6. If the user updates such a the plugin then they'll likely start seeing fatal errors. Backporting the changes that prevent updates from being served to sites that don't meet the plugin's minimum PHP version will help avoid users on older branches finding themselves updating a plugin to a version that no longer works. " azaozz Future Releases 30963 Wrong error message when uploading non-zip files on the plugin upload page Plugins normal normal Future Release defect (bug) new 2015-01-09T09:54:54Z 2020-07-02T18:23:00Z "If you go to plugins -> upload plugin and you try to insall a .php file instead of a zip file you get this error message: Abort class-pclzip.php : Missing zlib extensions. This error message is bad, zlib extensions are not missing, the file type is wrong. Also this message is missing translation support (I might be wrong on this)." jnhghy Future Releases 60783 plugins_api() and parameters audrasjb* Plugins normal normal 6.6 defect (bug) accepted 2024-03-15T13:57:13Z 2024-03-18T04:04:23Z "Hello there, (running WP6.5+, might be useless to say) By reading the doc for `plugins_api()` you can read that some fields are included or not in the response, the doc says ''""$fields: Array of fields which should or should not be returned.""'' and then you have a list of fields, some true some false by default. Let's try it, this is my simple request on my plugin on repo: {{{#!php 'secupress', 'fields' => [] ) ); }}} Since the doc says ''""@type bool $contributors Whether to return the list of contributors. **Default false**.""'' I should not receive this field. Let see the response: {{{#!php string(37) ""SecuPress Free — WordPress Security"" [""slug""]=> string(9) ""secupress"" [""version""]=> string(7) ""2.2.5.1"" [""author""]=> string(44) ""SecuPress"" [""author_profile""]=> string(41) ""https://profiles.wordpress.org/secupress/"" [""contributors""]=> array(4) { ... }}} There is. Same for those params that are ""false"" by default but still included: ""sections"", ""versions"", ""reviews"", ""banners"", ""active_installs"" (I don't know for ""group"", can't get the thing). Also there is one param that is not affected by the arguments passed and always returned: ""num_ratings"". Finally there is some fields that are always returned where the doc can't help, I tried to use they array keys to cancel them, no chance, this is : ""author', ""author_profile"" (those 2 may be forced, that's ok), ""support_threads"", ""support_threads_resolved"", ""upgrade_notice"", and ""requires_plugin"" (I know it's new, but don't forget it) The patch may have to be done on w.org since this is the site that add too much data and to not respect the passed parameters. Thanks for your time" juliobox Future Releases 38183 Add hooks to be run before and after each callback Plugins normal normal Future Release enhancement new needs-unit-tests 2016-09-28T23:41:23Z 2017-08-25T21:15:07Z "Since before the dawn of time, debugging tools have relied on the `all` hook to collect information about how long hooks take to run, and which callbacks are registered to that hook. This has a few drawbacks. Primarily, it's not possible to collect timing information about individual callbacks, and it's quite difficult to manage recursive hook behaviour. With that in mind, hooks that run before and after each callback would be quite valuable, but they do need to be considered carefully. * What kind of performance impact would they have? If there are no callbacks registered to these hooks, there should ideally be no performance impact. * Should they be `WP_DEBUG` only? This would discourage plugins from abusing them on production systems - they would only be used if the site admin explicitly sets the site to debugging mode. * Dealing with recursion is fun, should they provide any helpers for indicating recursion level, or is it up to the code hooking into them to handle that?" pento Future Releases 60495 "Following ""plugins_list"": Add a filter in get_views() in class-wp-plugins-list-table" Plugins 6.3 normal normal 6.6 enhancement new 2024-02-11T23:21:34Z 2024-02-13T12:55:21Z "Since WP 6.3 there is a new filter named ""**plugins_list**"" added in #57278 Using this filter, we can now add a new array key like ""''my_plugins''"" and set some plugins in here. ""''my_plugins''"" is now considered as a ""''status''"" by the WP behavior, like ""''all''"", ""''recently_activated''"", etc, the whole list is here : https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-plugins-list-table.php#L49 We can also delete (unset()) one of them if we want too, (like hide the must-use plugins or the ""''upgraded''"" tab) So now WordPress will go through each iteration of the array keys (aka statuses) and create a tab link to get a new view, here : https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-plugins-list-table.php#L495 **What's the issue here.** WP will try to display a ""text"" for each iteration, if there is no case in the switch, it will still display the $text var, and indeed the last used value, aka incorrect value. But remember line 49, WP sets a list of allowed statuses, this shouldn't be there anymore since the new filter '''plugins_list''' allow us to add ANY status using an array key. We have to remove line 49 and modify line 52 to remove the in_array() stuff. Still need a check to keep the same behavior when a wrong status is loaded? it's already done line 315: https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-plugins-list-table.php#L315 Now to get the correct translated label in get_views() we need a hook line 586 like: {{{#!php (%s)'; break; } }}} Now please test in WP 6.3.x, using this: {{{#!php video, 1=>audio) server environment: PHP 5.5.3-1ubuntu2.1 Apache 2.4.6 running WP 3.8.1, no multisite " tamas_dxw Future Releases 37754 Support Receiving Pings for Non Post-Type Permalinks Pings/Trackbacks 1.0 normal normal enhancement new 2016-08-20T23:57:21Z 2019-06-04T21:03:23Z "Related: #2700 Ten years ago, it was proposed that the ability to ping the homepage(often linked in the author_url of a comment). After a year, the issue was closed and turned over as a plugin issue. While the idea of pinging comments is certainly one that can be added as a plugin, the infrastructure to support receipt on arbitrary pages is not. This enhancement is specifically about making it possible for Core or a plugin to receive and direct these pingbacks, separate from the issue of what to do with them once received. After the changes are made, that could be explored as plugin territory. However, the only way to do this now is to completely replace the pingback handler with a custom one. Probably the easiest way to do this is to expand url_to_postid to allow it to return an arbitrary post_ID(using a filter) if it detects that the URL in question is a valid URL on the site, but does not refer to a post_type. " dshanske Untriaged tickets (that need a patch) 45331 'rest_url_prefix' filter fails to impact flush_rewrite_rules() on plugin activation Permalinks 4.9.8 normal major Awaiting Review defect (bug) new reporter-feedback 2018-11-12T14:39:16Z 2020-10-25T04:25:29Z "'rest_url_prefix' filter fails to impact flush_rewrite_rules() on plugin activation ========================================================================= So here is the bug - 'flush_rewrite_rules' is called on plugin activation after 'rest_url_prefix' filter added with new API ENDPOINT, but if I go to '//' it gives me 404 error. And if I access '/wp-json/' on Firefox Developer Edition in 'Header' section I see:\\ `Link //>; rel=""https://api.w.org/""`\\ So the header is correct here. And it will fix the issue if I go to WP Settings -> Permalinks -> Save.\\ But that is a bug. As you won't have to instruct that to your plugin user, after his activation he will see that API is not working.\\ \\ Install Controller class - 'flush_rewrite_rules' is called on plugin activation after 'rest_url_prefix' filter added with new API ENDPOINT: {{{#!php public function setCustomWP_RestAPI_Prefix() { // NOTE: Do not forget to do the same on install with flush_rewrite_rules(); after it. add_filter('rest_url_prefix', function() { return ConfigurationInterface::WP_REST_API_PREFIX; }, 10, 1); // NOTE: As there is no custom post types or custom taxonomies registration later, we perform rewrite rules flush right now flush_rewrite_rules(); } <...> } }}} \\ Main Controller class: {{{#!php final class MainController { <...> public function __construct(ConfigurationInterface $paramConfWithoutRouting) { <...> if(!is_null($this->confWithoutRouting)) { register_activation_hook($this->confWithoutRouting->getPluginPathWithFilename(), array(&$this, 'networkOrSingleActivate')); register_deactivation_hook($this->confWithoutRouting->getPluginPathWithFilename(), array(&$this, 'networkDeactivate')); <...> } } /** * Activate (enable+install or enable only) plugin for across the whole network * @note - 'get_sites' function requires WordPress 4.6 or newer! */ public function networkOrSingleActivate() { if(is_multisite()) { // A workaround until WP will get fixed // SHOULD be 'networkActivate' but WordPress does not yet support that feature, // so this means as long as the 'MULTISITE' constant is defined in wp-config, we use that method $this->multisiteActivate(); } else { // A workaround until WP will get fixed $this->activate(); } } public function activate() { try { <...> // Install plugin for single site $objInstaller = new \GreatestEverManager\Controllers\Admin\InstallController($conf, $lang, $conf->getBlogId()); // Install <...> $objInstaller->setCustomWP_RestAPI_Prefix(); <...> } catch (\Exception $e) { if(StaticValidator::inWPDebug()) { // In WP activation we can kill the install only via 'trigger_error' with 'E_USER_ERROR' param $error = sprintf(static::LANG_ERROR_IN_METHOD_TEXT, __FUNCTION__, $e->getMessage()); trigger_error($error, E_USER_ERROR); } } } public function run() { if($this->canProcess) { <...> add_filter('rest_url_prefix', function() { return ConfigurationInterface::WP_REST_API_PREFIX; }, 10, 1); add_action('rest_api_init', array(&$this, 'frontEndAPI_Callback'), 0); <...> } } <...> } }}} \\ Plugin main file (wp-content/plugins/GreatestEverManager/GreatestEverManager.php): {{{#!php */ namespace GreatestEverManager; require_once 'Models/Configuration/ConfigurationInterface.php'; require_once 'Models/Configuration/Configuration.php'; require_once 'Controllers/MainController.php'; <...> use GreatestEverManager\Models\Configuration\Configuration; use GreatestEverManager\Controllers\MainController; if(!class_exists('GreatestEverManager\GreatestEverManager')) { final class GreatestEverManager { // Configuration const REQUIRED_PHP_VERSION = '5.4.0'; const REQUIRED_WP_VERSION = 4.6; const OLDEST_COMPATIBLE_PLUGIN_VERSION = 6.0; const PLUGIN_VERSION = 6.0; // Settings private static $params = array( 'plugin_id' => 0, 'plugin_prefix' => 'greatest_ever_manager_', 'plugin_api_namespace' => 'gem/v1', 'plugin_handle_prefix' => 'greatest-ever-manager-', <...> ); private static $objConfiguration = NULL; private static $objMainController = NULL; <...> /** * @return Configuration */ public static function getConfiguration() { if(is_null(static::$objConfiguration) || !(static::$objConfiguration instanceof Configuration)) { // Create an instance of plugin configuration model static::$objConfiguration = new Configuration( $GLOBALS['wpdb'], get_current_blog_id(), static::REQUIRED_PHP_VERSION, phpversion(), static::REQUIRED_WP_VERSION, $GLOBALS['wp_version'], static::OLDEST_COMPATIBLE_PLUGIN_VERSION, static::PLUGIN_VERSION, __FILE__, static::$params ); } return static::$objConfiguration; } /** * Creates new or returns existing instance of plugin main controller * @return MainController */ public static function getMainController() { if(is_null(static::$objMainController) || !(static::$objMainController instanceof MainController)) { // NOTE: This is not passing by reference! static::$objMainController = new MainController(static::getConfiguration()); } return static::$objMainController; } <...> } <...> // Run the plugin GreatestEverManager::getMainController()->run(); } }}} \\ The coding pattern is S.O.L.I.D. MVC, Version 6, based on PSR-4 Autoloaders and PSR-2 Coding Standards. To deeply inspect load process (without the REST_API part), you can inspect 'Expadandable FAQ' - SolidMVC boiler-plate plugin: [https://wordpress.org/plugins/expandable-faq/]" KestutisIT Untriaged tickets (that need a patch) 48365 No 301 redirection for Numeric style permalink structure Permalinks normal normal Awaiting Review defect (bug) new 2019-10-18T02:43:11Z 2019-11-11T22:34:52Z " Hi :) If permalink structure is **Post name** style and I changed it to **Numeric**. the post get a 301 redirect from http://newwp.local/hello-world/ to http://newwp.local/archives/1 but not so happen with permalink structure **Numeric**. when the current permalink structure is **Numeric** and I changed it to **Post name** or anything else. ideally, the post should get 301 redirection from http://newwp.local/archives/1 to http://newwp.local/hello-world/ but this is not happening. post giving 404 error instead of 301 redirecting to the correct URL format. when I try to access the post with http://newwp.local/archives/1 Thanks Naveen Giri " 1naveengiri Untriaged tickets (that need a patch) 50439 Post name permalinks htaccess directives do not consider subdirectory installation Permalinks 5.4.2 normal normal Awaiting Review defect (bug) assigned 2020-06-20T12:40:36Z 2020-06-20T12:40:36Z "Having wordpress installed in /wordpress/ subdirectory, and site address as root (following [https://wordpress.org/support/article/giving-wordpress-its-own-directory/#method-i-without-url-change method I in guide]), enabling post name permalinks gives 500 error on any page other than homepage or admin panel pages. This seems to be due to wordpress adding rewrite driectives to root .htaccess file, that seem to override the rewrite rules from method I. Changing permalinks to plain, making root .htaccess read-only (with no wp directives), or disabling them by putting an ifmodule with false condition around them fixes this. I think that wordpress should consider subdirectory installation when writing htaccess directives." filatovdanyl Untriaged tickets (that need a patch) 44847 Redirect old date-based permalinks on structure changes Permalinks normal normal Awaiting Review defect (bug) new needs-unit-tests 2018-08-27T13:43:48Z 2019-01-08T07:14:12Z "If someone switches from `/%year%/%monthnum%/%day%/%postname%/` to `/%postname%/`: * `/%year%/%postname%/` redirects to the correct URL. * `/%year%/%monthnum%/%postname%/` shows a 404 error. * `/%year%/%monthnum%/%day%/%postname%/` shows a 404 error. All of these URLs should redirect to the correct one." SergeyBiryukov Untriaged tickets (that need a patch) 55401 Subpages of a web page can be called twice Permalinks 5.9.3 normal major Awaiting Review defect (bug) new dev-feedback 2022-03-16T15:48:12Z 2023-07-20T18:41:13Z "Subpages of any website created with WordPress can be accessed twice. If you add a /0/ to the end of the regular URL, the same page can be called again. This page with /0/ at the end of the URL will also be indexed in Google. Example: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/ https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/0/" manuel10503 Untriaged tickets (that need a patch) 55597 WordPress 6.0-beta2-53224 not creating .htaccess Permalinks 6.0 normal critical Awaiting Review defect (bug) assigned 2022-04-21T10:58:53Z 2022-05-24T18:46:49Z "on my development site (Plesk Obsidian, Centos 7.9) a fresh installed latest WP 6.0 beta2 does not create an .htaccess file at all. Steps: - wordpress-6.0-beta2.zip does not contain .htaccess - unzipped and uploaded to site - domain opened in browser - run set up process until login - no .htaccess created - table wp_options 'permalink_structure' contains ""/index.php/%year%/%monthnum%/%day%/%postname%/"" - login as admin - selecting a permalink structure and saving on /wp-admin/options-permalink.php - table wp_options 'permalink_structure' contains ""/%postname%/"" as expected - no .htaccess created - repeated saving of permalink structure does not help to create .htaccess - no entry in debug.log - as to be expected: permalinks not working in front end - only solution: create a basic .htaccess manually To me this seems a severe bug. Found this while testing one of my plugins on WP 6.0 before updating it to plugin repository Chris PS: no answer required " campation Untriaged tickets (that need a patch) 42148 url_to_postid plain permalinks for CPTs Permalinks 1.0 normal normal Awaiting Review enhancement new needs-unit-tests 2017-10-08T11:42:20Z 2017-10-08T11:46:15Z "Would be nice to have {{{url_to_postid}}} working with plain permalinks for custom post types. There's are currently some issues in {{{url_to_postid}}} where the wrong ID is returned for custom post type plain permalinks (query-based). {{{ true ) ); /** Create a post */ $post_id = wp_insert_post( array( 'post_type' => 'findme', 'post_status' => 'publish' ) ); $findme = get_permalink( $post_id ); $found = url_to_postid( $findme ); /** Guess it */ printf( ""%s (%s) == %s (%s)"", $post_id, $findme, $found, get_permalink( $found ) ); exit; } ); }}} {{{30 (http://localhost:8080/?findme=30) == 0 ()}}} and {{{30 (http://localhost:8080/?findme=30) == 2 (http://localhost:8080/)}}} if the frontpage is setup to point ot a post. Why is it not working? Why is the frontpage post being returned? Let's see how the {{url_to_postid}} function works: {{{ // First, check to see if there is a 'p=N' or 'page_id=N' to match against if ( preg_match('#[?&](p|page_id|attachment_id)=(\d+)#', $url, $values) ) { $id = absint($values[2]); if ( $id ) return $id; } }}} Then? {{{ if ( trim( $url, '/' ) === home_url() && 'page' == get_option( 'show_on_front' ) ) { $page_on_front = get_option( 'page_on_front' ); if ( $page_on_front && get_post( $page_on_front ) instanceof WP_Post ) { return (int) $page_on_front; } } }}} Uh, wait what... already? So a short-circuit without checking the custom post types. And that's understandable, since there is inherently no support for custom post type ID mappings as pointed out by: {{{ // Check to see if we are using rewrite rules $rewrite = $wp_rewrite->wp_rewrite_rules(); // Not using rewrite rules, and 'p=N' and 'page_id=N' methods failed, so we're out of options if ( empty($rewrite) ) return 0; }}} What stands in our way to find the URL earlier? 1. The query var is not one of p, page_id, attachment_id 2. The query var value for CPTs is not necessarily, and most often not numeric (the post_title) A proposed solution would be to look at the query parameters much higher, maybe by injecting the custom ones, ones that support slugs as well, since WordPress sets the {{{page_title}}} for a CPT itself, so that {{{\d+}}} check would fail. Use case? Well, this was encountered when trying to paste plain oEmbed URLs for a custom post type (https://github.com/gravityview/GravityView/issues/927)." soulseekah Future Releases 37812 404 when using a numeric slug and /%category%/ base Permalinks normal normal Future Release defect (bug) new needs-unit-tests 2016-08-24T15:29:53Z 2023-03-11T11:36:36Z "To reproduce: 1. Create a top and sublevel category. Lets say Parent > Child 2. In permalink settings, set custom permalink structure /%category%/%postname%/ 3. Create a post with slug 12345 and assign to category ""child"" 4. View post. There is a 404. Tested in 4.6 only. No other plugins active." mikejolley Future Releases 8905 Category pagination broken with certain permalink structures Permalinks 2.7 normal normal Future Release defect (bug) assigned 2009-01-21T07:26:31Z 2021-01-27T10:17:49Z "If one uses a permalink structure with %category% followed by %postname%, accessing pagination can cause a 404, as WordPress attempts to look for a post called ""page"". As per http://barefootdevelopment.blogspot.com/2007/11/fix-for-wordpress-paging-problem.html Presumably can occur with other permalink structures too." rmccue Future Releases 34972 Permalink for unattached media same as a post Permalinks 4.4 normal normal Future Release defect (bug) new needs-unit-tests 2015-12-10T11:53:16Z 2018-12-17T21:55:36Z "First step - upload media ""tralala.jpg"" I got pretty link example.com/tralala/ Second step - create a post with Title ""Tralala"" it creates post with slug example.com/tralala/ this works. So post with the same title as unattached media filename creates the same permalink - slug as already exists for unattached media. In this case, unattached media is unreachable as permalink point to new post with the same slug." petercralen Future Releases 30784 Subsites won't show 404 with default permalink structure Permalinks normal normal Future Release defect (bug) new 2014-12-19T17:10:49Z 2020-07-02T14:20:26Z "On my Multisite (subfolder) installation, I have every site set to use the default (ugly) permalinks. If I go to a subsite and add extra invalid characters after the site name, it displays the site, not a 404 error page. Example: If I type in domain.tld/sitename/EXTRACHARS it displays the content from domain.tld/sitename, yet keeps the /EXTRACHARS in all the links. I spoke with Andrea Rennick and she said that this happens because WordPress ignores anything after the sitename because pretty permalinks are not enabled. This all came up because our Google appliances were crawling millions of invalid URLs because .tld/sitename/EXTRACHARS returns a 200, instead of a 404. Would it be possible to make it so that an invalid URL would return a 404 instead of ignoring characters beyond the sitename when permalinks are set to default?" danhgilmore Future Releases 18672 "Implement rel=""prev"" and rel=""next"" for archives" joostdevalk Permalinks 3.3 normal normal Future Release enhancement new 2011-09-15T12:37:23Z 2020-02-29T17:21:40Z "As can be seen here: http://googlewebmastercentral.blogspot.com/2011/09/pagination-with-relnext-and-relprev.html Google now uses rel=""prev"" and rel=""next"" to navigate paginated archives. As we already do a lot of these types of links (rel=""index"", rel=""start"" etc.) I think we should add these. I'll come up with a first version of a patch." joostdevalk Future Releases 34542 Permalink settings page should offer a filesystem API based way to save .htaccess Permalinks normal normal Future Release enhancement new 2015-11-01T10:06:30Z 2020-07-02T17:50:02Z Right now if .htaccess is not writable from PHP, the user is presented with the rules he should manually copy&paste into the file. There is no real reason to sent the user at that point to launch his FTP software to do something that in most cases can be done via the filesystem API. The filesystem API is both faster and most likely less prone to user mistakes. mark-k Future Releases 29669 Static base in permalink_structure unexpectedly sets $wp_rewrite->front value Permalinks normal normal Future Release enhancement new 2014-09-14T17:44:11Z 2020-07-02T17:46:14Z "When I use a permalink structure like `/story/%post_id%/%postname%/`, the author and date URLs inherit the same `/story/` base (e.g. `/story/author/danielbachhuber/`). I'd expect my author and date URLs to remain unchanged, unless I explicitly specify a base. There appears to be some crude `%post_id%` conflict resolution for date which forces this. It's not clear why the `front` value is applied to `author_structure`. This code is 9 years young (#2433), so probably too late to make a breaking change. It would be nice to have a filter around `$wp_rewrite->front` in `$wp_rewrite->init()` so I don't have filter both rewrite rules and links." danielbachhuber Future Releases 28156 In date-containing permalink structures, /dddd/dd/comment-page-d/ urls don't work Permalinks 3.9 normal normal defect (bug) new needs-unit-tests 2014-05-06T22:42:17Z 2019-06-04T20:46:56Z "I was in the process of writing a plugin to allow people to test their rewrite rules as they develop a site, and when I setup examples of core rewrite rules, one of them was failing. If you set your permalink structure to one containing dates, e.g. ""Day and Name"", one of the generated rewrite rules for posts is: {{{ '([0-9]{4})/([0-9]{1,2})/([0-9]{1,2})/([^/]+)(/[0-9]+)?/?$' => 'index.php?year=$matches[1]&monthnum=$matches[2]&day=$matches[3]&name=$matches[4]&page=$matches[5]' }}} And later on, another rule is: {{{ '([0-9]{4})/([0-9]{1,2})/([0-9]{1,2})/comment-page-([0-9]{1,})/?$' => 'index.php?year=$matches[1]&monthnum=$matches[2]&day=$matches[3]&cpage=$matches[4]' }}} The URI /2014/5/6/comment-page-2/ would end up matching the earlier rule, looking for a post named ""comment-page-2"" published on 2014-05-06, instead of looking for comment page 2 in the... I actually don't even know what the comment-page URLs do. For me, the ones that work just redirect to the date archive. I'm happy to patch this, but would like to hear from someone else on what exactly should be done done. Do the comment-page-n rules do anything? Can they just be removed?" mboynes Future Releases 16126 Multisite name conflict check doesn't check for pages. Permalinks 3.0 normal normal defect (bug) new 2011-01-06T19:11:19Z 2019-06-04T20:41:45Z "Running WP 3.1-RC2 I made a page off my main site called foobar. Then I went in and made a sub-site (using SubFOLDERS) called foobar. The subsite took precedence and there was NO check or warning. I was able to reproduce this on 3.0.4 Then I went the otherway. I have a subsite called camels (don't ask). I went to make a PAGE called camels and it also let me. No conflict check. Basically you have to add the main blog page names into the banned names list manually, which strikes me as a bit odd. I can see why checking that would be onerous if someone had 600 million pages (and we all know they do) but forcing people to do it manually seems like a gap. Need love! :D This is minor, since not a lot of people have bitched, so clearly we're not running into it YET." Ipstenu Future Releases 27019 Redirect by page slug does not work in permalink structure /%category%/%postname%/ Permalinks 3.8.1 normal normal defect (bug) new 2014-02-05T08:44:36Z 2019-06-04T20:45:36Z "Wordpress has a feature to redirect by page slug. For ex. site with two pages: {{{ yoursite.com/pageone/pagetwo }}} With default permalink settings redirect works like this: {{{ yoursite.com/pagetwo -> yoursite.com/pageone/pagetwo yoursite.com/randomtext/pagetwo -> yoursite.com/pageone/pagetwo }}} With permalink structure '''/%category%/%postname%/''' redirection from root stops working: {{{ yoursite.com/pagetwo - 404 error }}} , but from non root ok: {{{ yoursite.com/randomtext/pagetwo -> yoursite.com/pageone/pagetwo }}} How to reproduce. Clean wordpress install. Create pages: ""pageone"", ""pagetwo"" with parent page ""pageone"". Try to open url: {{{ yoursite.com/pagetwo - 301 moved }}} Set custom permalink structure to '''/%category%/%postname%/'''. Try to open url: {{{ yoursite.com/pagetwo - 404 error, but 301 expected }}} I think, permalink structure is for post, not for pages. Am I right? After investigations I found, ""pagetwo"" in url ""yoursite.com/pagetwo"" detected as category name in class-wp.php/'''parse_request()'''. And later canonical.php/'''redirect_guess_404_permalink()''' does not try to find page by category name, only by get_query_var('name'), that is blank." dimagsv Future Releases 32705 `includes_url` shouldn't use `site_url()` on the frontend Permalinks normal normal defect (bug) new dev-feedback 2015-06-18T15:18:09Z 2019-06-04T20:50:36Z "Multisite / Domain Mapping 1. `site_url()` is your admin, `home_url()` is your frontend 1. The site url is blocked behind a firewall 1. You call `includes_url()` for a script on the frontend: your script is blocked, because it loads your admin domain on the frontend I noticed this because we are trying to upgrade the NYT to 4.2.* and emoji scripts are showing up everywhere. I can remove the action for now." wonderboymusic Future Releases 23117 permalink failed on IIS7 and Reserved Proxy for wordpress 3.5 Permalinks 3.5 normal normal defect (bug) new 2013-01-04T06:30:33Z 2019-06-04T20:43:38Z "it seems to work fine on local but get into a canonical redirect loop when we deploy to production after we upgrade to wordpress 3.5. We did a little debug and found the issue with permalink in file .\wp-includes\canonical.php at line 42 with new coded ""&& !iis7_supports_permalinks()"" added in 3.5. the issue is iis7 does support permalink and so it go into create and redirect to pretty link which use the website URL in wp-admin settings which is the site URL. when it hits the site URL, our reserved proxy write back to the wordpress site on diff server with port and canonical.php think that's incorrect, so it redirect back to the website URL and the loop go on and on. we found a temp workaround but not desirable, add this ""remove_filter('template_redirect', 'redirect_canonical');"" in the function.php file in the theme folder you are using. or add a wordpress plugin or simply remove the additional codes in canonical.php file that was added in 3.5. but may cause issue in future upgrade." romeoqngo Future Releases 34118 Allow permalinks to spell out when certain symbols are used Permalinks normal normal enhancement new 2015-10-01T16:37:15Z 2019-06-04T20:51:58Z "Someone just pasted this link to me in IRC: http://www.rawstory.com/2015/10/alabama-to-stop-issuing-drivers-licenses-in-counties-with-75-black-registered-voters/ whereas a more accurate URL would be: http://www.rawstory.com/2015/10/alabama-to-stop-issuing-drivers-licenses-in-counties-with-75-percent-black-registered-voters/ Give the propensity of people to skim read things online, this would be very useful." mattlee Future Releases 9825 Enforce permalink history, outright Permalinks 2.8 normal normal enhancement assigned needs-unit-tests 2009-05-15T01:06:37Z 2019-06-04T20:40:43Z "currently, we enforce old slugs and www pref (not even sure that works, since I ended up fixing it in a plugin). canonical doesn't work for pages, or hardly. we should enforce permalink history, outright. store it in a a db field, and query against it to optimize url2post()." Denis-de-Bernardy Future Releases 25006 Display date pages from categories with permalinks Permalinks normal normal feature request new close 2013-08-10T00:46:10Z 2019-06-04T20:44:39Z "When permalinks are not set up we can view posts from a specific category from a specific year (date), but if the permalinks are set up we can view only date pages or category pages. This works: `site.com/?cat=1&m=201307` (works) This does not work: `site.com/category/uncategorized/2013/07` (does not work)" alexvorn2 Untriaged tickets (that need a patch) 49432 Need of maximum character limit for Site Title Options, Meta APIs low minor Awaiting Review defect (bug) new close 2020-02-14T11:03:40Z 2021-12-14T21:49:41Z "1. There should be a maximum limit of characters for setting up the site title in Admin Dashboard -> Settings -> General. The limit should also be there at time of site setup. 2. Currently, the site title has no limit of characters. This may break the site UI on the frontend. 3. Site title allows to add spaces only, but gets saved as empty." sharduld Untriaged tickets (that need a patch) 44977 Transient fill fail delete to itself if it's timeout option is missing Options, Meta APIs normal normal Awaiting Review defect (bug) new 2018-09-21T11:25:44Z 2018-09-23T12:47:02Z "Just faced this issue - for some reason, the transient was not deleting itself. While checking the DB, the option with the transient was there, while the timeout option was missing (probably a glitch while saving to DB). Now, if you check get_transient() in option.php (quick link https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/option.php#L0 ) you can see that these are deleted only if both exist and both pass the test: {{{ [...] if ( false !== $timeout && $timeout < time() ) { DELETING TRANSIENT} [...] }}} Otherwise transient will hang... forever. This should be tuned up so it also checks that these options exist, and delete transient if timeout is absolete." nlozovan Untriaged tickets (that need a patch) 54805 When on the /wp-admin/network/site-settings.php network settings page, calling the update_option() always add the setting Options, Meta APIs 5.8.3 normal minor Awaiting Review defect (bug) new 2022-01-13T00:03:48Z 2022-01-13T00:03:48Z "When on the network settings (/wp-admin/network/site-settings.php), the udpate_option() used to update the changed settings always adds the settings whenever the form is submitted. So instead of firing the ""update_option"" action hook after the settings are updated, it still fires the **add_option** action hook every time! Obviously, this should give an error but because there's a bailer when adding option using **ON DUPLICATE KEY UPDATE**, no error is shown." zenithcity Untriaged tickets (that need a patch) 45505 get_post_custom() doesn't pull values Options, Meta APIs 5.0 normal normal Awaiting Review defect (bug) new 2018-12-06T21:37:29Z 2018-12-06T22:07:14Z "When you are on a post or page and change the content and reload, so that the autosave post pops up at the top, the get_post_custom() values in custom metaboxes aren't being pulled in. get_post_meta() values however still works in that scenario." dryane Untriaged tickets (that need a patch) 48478 Allow omitting meta keys from the REST API response if they do not exist Options, Meta APIs 4.7 normal normal Awaiting Review enhancement new 2019-10-31T22:54:18Z 2019-10-31T22:54:18Z "Currently, the REST API will include all `show_in_rest` registered meta keys in a response, even if that meta key has no value. When the meta key has no value, either the empty value or a custom default in `show_in_rest.schema.default` is used. If an API client PUTs back this response, the meta key will be created with this default value. This may be undesirable if a user hasn't actually interacted with that meta key. This could be addressed by allowing the user to specify that the meta key should not be included in the REST API if it does not exist. For instance, `show_in_rest.omit_if_not_exists`. Related Gutenberg ticket: https://github.com/WordPress/gutenberg/issues/17864" TimothyBlynJacobs Untriaged tickets (that need a patch) 56548 Introduce `get_option` action Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2022-09-11T19:00:11Z 2022-09-11T20:14:00Z "There has been the `option_{$option}` filter for a long time, and it makes sense that this filter should be used to tweak options when reading them. However, there is sometimes a need for running certain logic for when an option is being read. For example, the WordPress performance team is currently working on a feature to optimize the autoloaded options list. For such purposes, we would like to add a new `get_option` action: * The reasoning for making it an action is to not falsely encourage developers to think they could use this to filter an option value (which would be excessive since it would be running for every option read). * The action would get parameters for the option name, the value, and whether the value is based on the default (rather than being looked up from the database). * The action name would be aligned with the existing actions `add_option`, `update_option`, and `delete_option`. * It would be documented so that it should only be used for special cases (similar to e.g. the `all` filter)." flixos90 Untriaged tickets (that need a patch) 38690 Introduce classes for settings Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2016-11-07T08:53:14Z 2019-03-26T13:14:34Z "Let's add classes surrounding settings to provide a better structure for dealing with them. It will also allow us to get rid of some globals if we are in a position to remove them (in terms of BC). Here is what I have in mind: * A `WP_Settings` class should be introduced that contains `get()`, `update()`, `add()` and `delete()` methods. This will mostly be copy-paste from the related functions. The functions themselves will become wrappers. * A `WP_Settings_Registry` will be introduced. It should contain all methods that handle registered settings (mostly introduced in 4.7). Again, the functions would become wrappers. We could get rid of the `$wp_registered_settings` global here and store these in a class property instead. * The `WP_Settings_Registry` instance will be contained by the `WP_Settings` instance as a public property. * A function `wp_settings()` will be introduced to access the `WP_Settings` instance or generate it if it does not exist yet. I'm not sure yet how to store the instance: The easy way is a global, but I was wondering where we're at with plans like a `WP::get( 'settings' )` so that we could do it differently. Anyway, let's assume a global first. I think it would be a good pattern to build the class in a flexible way, so that the registry instance and database instance are passed to the class constructor. The following is how I would envision the `wp_settings()` function: {{{ function wp_settings() { global $wp_settings; if ( ! isset( $wp_settings ) ) { $wp_settings = new WP_Settings( new WP_Settings_Registry(), $GLOBALS['wpdb'] ); } return $wp_settings; } }}} I think once we agree on an approach, we should do something similar for metadata. But let's have the discussion in here first and open the other ticket afterwards." flixos90 Untriaged tickets (that need a patch) 43818 Invalidate query caches less aggressively by using a `last_changed` key specific to metadata Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2018-04-20T08:13:55Z 2018-04-20T08:13:55Z "Currently, the meta implementations for posts, terms, comments and sites (in multisite) invalidate all respective query caches when any value is changed (via setting the `last_changed` key). This is a really aggressive method of cache invalidation and causes in query caches being too frequently invalidated, resulting in lots of unnecessary cache misses. Most queries (or at least many queries) do not make use of meta queries, and those should stay unaffected by when a meta value changes. Therefore I suggest introducing a specific `meta_last_changed` cache key, and have the meta functions set that one instead of the generic `last_changed`. In the query classes, we can then check if a meta query is present, and only then make use of the `meta_last_changed` key - otherwise we can ignore it and use the regular `last_changed` key. Regarding the initial implementation, we should think about whether we would wanna roll this out to all the above object types immediately, or whether we should rather start with an object type less popular for metadata (i.e. ''not'' posts). Related to this is #43813." flixos90 Untriaged tickets (that need a patch) 43209 REST API should take settings errors into account Options, Meta APIs normal normal Awaiting Review enhancement new dev-feedback 2018-02-01T23:59:10Z 2018-02-01T23:59:10Z "The `WP_REST_Settings_Controller` should notify the client when updating a setting fails due to an invalid value provided per the setting's `sanitize_callback` (should actually be validation, see related #43208). Currently this goes completely unnoticed. While `update_option()` doesn't return any information like that, it may be possible to use the information passed to `add_settings_error()` in case of a validity issue, and forward that to the client by returning a `WP_Error` with the message." flixos90 Untriaged tickets (that need a patch) 55969 The function set_transient should have the autoload argument Options, Meta APIs 6.0 normal normal Awaiting Review enhancement new 2022-06-12T14:28:53Z 2023-11-26T23:10:03Z "The function set_transient should have an argument to decide if a specific transient should be autoloaded or not so. At the moment every transient that is set with the function set_transient is autoloaded. Not all the transients have the need to be autoloaded. For example, many times transients that are used only in the backend don't need the autoload, but they slow down the frontend in some cases." giuse Untriaged tickets (that need a patch) 56821 meta_query late row lookup for performance improvement Options, Meta APIs normal normal Awaiting Review enhancement new 2022-10-13T20:46:34Z 2022-10-14T11:59:24Z "Is it possible to do a late row lookup for meta_query to make large postmeta sets run much faster? In some benchmarking I've done with load testing, queries that would take 8s to load with the current meta_query ended up loading in 500ms after implementing late row lookup. My suggestion would be to modify the get_posts function in the WP_Query class to have a flag pass through to use late lookup, like passing through `""meta_late_lookup""=>true`: {{{#!php meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this ); if(isset($q['meta_query_late_lookup']) && $q['meta_query_late_lookup']){ // perform a late lookup instead of a join $clauses['where'] = ' AND ID in (SELECT post_id FROM '.$wpdb->postmeta.' WHERE 1=1 '.$clauses['where'].')'; } else { $join .= $clauses['join']; } $where .= $clauses['where']; } }}} At the moment, this can be accomplished with a filter like so: {{{#!php ' AND ID in (SELECT post_id FROM '.$meta_table.' WHERE 1=1 '.$sql['where'].')'); return $sql; } }}} " brmoore252 Future Releases 59871 Prime further options in `wp_load_core_site_options()` Options, Meta APIs normal normal Future Release defect (bug) new 2023-11-10T02:00:57Z 2024-01-11T17:43:33Z "In Multisite, individual database queries are made to query a number of commonly used options. On each request: * WPLANG * nonce_key * nonce_salt On each authenticated request: * auth_key * auth_salt The *_(salt|key) requests are only made if the constant is not defined or uses the default phrase `put your unique phrase here`. Follow up to #56913." peterwilsoncc Future Releases 59361 update_post_meta() strict checks can cause false negatives Options, Meta APIs normal normal Future Release defect (bug) new needs-unit-tests 2023-09-15T07:47:12Z 2023-09-15T07:47:12Z "Follow up: #22192 {{{ add_post_meta( $post_id, 'key', 1 ); update_post_meta( $post_id, 'key', 1 ); }}} The update should not work, because they are the same. However, the meta meta cache will have ""1"" as a string, and then it will strict compare it to 1 as an integer. Thus, an unnecessary update will run. It is quite common to use integers and booleans directly into these functions. They should be smart enough to recognize that ""1"" == 1 == true and ""0"" == 0 == false, and that any numeric string is also equal to a properly cast integer. The new changes need unit tests. Ticket from which this was spun: #22189, saving navigation menus is slow. cc. @flixos90 @spacedmonkey @joemcgill" mukesh27 Future Releases 37702 Accept array of IDs in `delete_metadata_by_mid` Options, Meta APIs normal normal Future Release enhancement new needs-unit-tests 2016-08-18T01:23:21Z 2019-12-13T19:00:51Z "When deleting meta data in bulk (for example when an object is deleted), improve performance of meta deletion by accepting an array for `delete_metadata_by_mid` and related functions. Related #37671." peterwilsoncc Future Releases 48393 Fix from #38903 prevents options autoload parameter update SergeyBiryukov* Options, Meta APIs normal major Future Release enhancement accepted dev-feedback 2019-10-22T07:46:00Z 2023-08-28T21:00:43Z "This is a follow-up to #38903. 3 years ago fix for not * If the new and old values are the same, no need to update. * But this condition does not check if method call intention was to update autoload field of the option. Currently the issue can be resolved by force update options when update_option method is called with autoload != null and check * If the new and old values are the same, no need to update. * should be skipped." anonymized_16833402 Future Releases 28454 Inconsistent front page option behavior Options, Meta APIs 3.4 normal normal defect (bug) new 2014-06-04T16:44:57Z 2019-06-04T20:47:09Z "'''Correct/expected behaviour:''' If you change your settings in ''Settings'' > ''Reading'' > ''Front page displays'' as follows: ''From:'' A static page (select below) -- Front page: home -- Posts page: blog ''To:'' Your latest posts then the `Show_on_front` setting is correctly changed to `posts` and the `Page_on_front` setting correctly gets reset to `0`. '''Incorrect behaviour:''' If instead you change the same settings from ''Appearance'' > ''Customize'', the `Show_on_front` setting is correctly changed to `posts`, but the `Page_on_front` setting is not reset and remains set to the previous setting's page ID. '''Testing done:''' I replicated this behaviour with several themes, including twenty fourteen, with all plugins deactivated. '''Why this is a problem:''' This is inconsistent and may cause errors--e.g. if a theme or plugin author checks the `Page_on_front` setting without also checking the `Show_on_front` setting. This is how I encountered it, in Polylang; plugin author had to work around it; details here: http://wordpress.org/support/topic/wrong-front-page-showing-in-appearance-customize-with-polylang-loaded). '''Solution (indicative; I'm not an expert):''' Re-use the ""Settings > Reading > Front page displays"" code in the ""Appearance > Customize"" functions. " ElectricFeet Future Releases 36760 Intermittent empty returns from get_post_meta function after 4.5 upgrade Options, Meta APIs 4.5 normal normal defect (bug) new 2016-05-05T02:45:08Z 2019-06-04T20:58:39Z "I've seen this reported several times, but the reporters failed to properly explain the issue and the tickets were closed. Since the 4.5 upgrade I am seeing intermittent issues in my custom plugin (which has worked for years and hasn't changed) where the get_post_meta function is used if the request is made via ajax or by calling a custom endpoint. Rolling back the 4.5 upgrade has resolved these issues. The same function called with exactly the same arguments will return the meta data value one minute and return an empty string the next (with single on). The data in the database is unchanged. Logging shows the post id and meta key are the same, only the return value is different. It always seems to work as part of a regular page request (not ajax, not custom endpoint). Sometimes the function works correctly for 24 hours, then fails several times. I can't identify any pattern but suspect the meta cache / session. I tried doing a meta cache update for the object before calling get_post_meta, but the problem still occurred. In Googling I've found several people reporting issues related to get_post_meta after the 4.5 update. Please take a look!" amberau Future Releases 36655 Enhancement: Add datetime column to options table. Options, Meta APIs normal normal enhancement new needs-unit-tests 2016-04-24T15:04:51Z 2019-06-04T20:57:35Z "== Proposal == The options table in WordPress is a great key/value storage option for a wide variety of different data used by core and plugins. One improvement that would increase its utility for faster time based queries on data stored there is to add a DATETIME column. == Some examples where this benefit could be realized: == === Example 1: Transient storage. === Currently, when there is no object-cache in use, transients are stored to the wp_options table. However, for each transient there are two records. One for the actual key/value pair and then one for any timestamp set as the transient expiry. Having a datetime column would allow the transient to always only consist of one record and thus make any queries interacting with transients much simpler. === Example 2: Arbitrary plugin data using the options table for its own scheduled tasks. === A lot of plugins are using the transient system wrong because it's not intended for indicating minimum age. Having a datetime column would provide the database schema in WordPress core that allows for plugins to implement their own ""minimum/maximum age"" apis. === Example 3: Tracking creation/modification times. === Having a datetime column would allow for indicating when a key/value pair was created and/or modified which could be useful for plugins that have need to do so. === Example 4: Scheduled settings/options. === Having a datetime column could allow for scheduled changes with a sites configuration and thus more advanced previews/site preparation, (think adding scheduled changes to site title, or site description via the customizer). Having a datetime column makes such schedules simpler to implement. == Implementation == === Schema === {{{ option_date datetime NOT NULL default '0000-00-00 00:00:00' }}} === Iterations: === 1. Add the column and modify options api to expose the new column to queries (get_option, update_option, site option functions etc). 2. Convert transient API to implement new option_date column for setting expiries when object-cache is not in use. == Who and When == I'd be willing to spearhead putting some patches together and getting the initial code going but before I invest some time in this I'm just testing the waters to see if this is even something that would be considered/welcomed for core. I'm not aware of any potential conflicts this may pose with the purpose for the option table but if there are any I'm sure I'll find out! I definitely don't see this as going in 4.6 but it might have potential for 4.7 if work begins fairly soon. " nerrad Future Releases 33884 Move meta functions to their own files Options, Meta APIs 4.4 normal normal enhancement new 2015-09-15T17:51:10Z 2019-06-04T20:51:37Z "All the meta functions should be in their own file. Like this. post-meta.php comment-meta.php user-meta.php Related tickets: #10142 #28290" spacedmonkey Future Releases 30995 Pass meta_id when retrieving multiple metas Options, Meta APIs 2.9 normal normal enhancement new needs-unit-tests 2015-01-12T20:18:50Z 2019-06-04T20:48:39Z "Hello. In some (edge?) cases we would need a unique identifier when we retrieve metas. For example, `get_post_custom_values( '_yolo', $post->ID )` will return: {{{ Array ( [0] => foo [1] => bar ) }}} while the following, with the `meta_id` as array key, would be helpful imho: {{{ Array ( [1022] => foo [1029] => bar ) }}} The modification is trivial in `update_meta_cache()`, and some other functions would only need something like `metas[0]` => `reset( metas )`." GregLone Future Releases 29786 read_post_meta should be a meta capability Options, Meta APIs normal normal enhancement new 2014-09-29T11:19:31Z 2019-06-04T20:47:44Z "Right now, we have `edit_post_meta`, `delete_post_meta`, and `add_post_meta`. In order to be able to expose metadata publicly, we need to be able to check if we can access individual keys. `is_protected_meta` only controls whether it's prefixed and should default to being protected (by default, prefixed with `_`). This isn't adequate to check for read permission on a key, because it's not filterable." rmccue Future Releases 23616 General Handler for Whitelisted Options' Submissions Options, Meta APIs normal normal feature request new 2013-02-26T03:06:55Z 2019-06-04T20:43:51Z As stated over on #18285 WordPress should move away from posting to options.php. In order to do that, the Settings API needs a general purpose function that can be safely called on all Settings Pages that can handle posts to itself (generally referred to as 'take_action' in various places) and can handle what options.php currently does. WraithKenny Untriaged tickets (that need a patch) 27832 All sites automatically marked as archived after upgrade Networks and Sites 3.7 normal normal Awaiting Review defect (bug) new 2014-04-16T10:47:37Z 2018-12-08T15:08:06Z "Strange thing, all sites were automatically marked as archived after automatic upgrade to 3.8.3. Maybe it is not related, but it was the last thing which is time-related to this problem. I checked database tables and all sites had archived = 1 in wp_blogs, but last_update column was not changed. So, it suggests, that it was not done by administrator. Administrator can archive primary site? Then it is not possible to access administration... I repaired it by setting 0 for all sites, but I am not sure, how could it happen? Do you have any ideas? There are no plugins which could cause it. I searched code and did not find any clue. Also hosting company is used for many other Multisite installations without problems. There are also some posts from different forums (usually somehow related to WordPress upgrade), but they are only talking about fixing problem and not about finding why... http://wordpress.org/support/topic/site-automagically-archived-or-suspended-on-multisite http://wordpress.org/support/topic/after-install-site-has-been-suspended-or-archived http://wpgarage.com/tips/unarchive-archived-suspended-site-wordpress-multisite/ Not sure, if it is some kind of bug, incompatibility or security hole..." pavelevap Untriaged tickets (that need a patch) 54086 bloginfo language issue Networks and Sites 3.0 normal normal Awaiting Review defect (bug) new reporter-feedback 2021-09-08T16:50:55Z 2021-09-23T22:06:39Z "hi, the code snippet below only returns the name of the blog well, not the language, it is always the same. even though the language is changed in the site admin settings. {{{#!php blog_id ); echo get_bloginfo( 'name' ); echo get_bloginfo( 'language' ); restore_current_blog(); } }}} " kukac7 Untriaged tickets (that need a patch) 45761 consistency between $wpdb->blogid and get_current_blog_id() Networks and Sites 3.0 normal normal Awaiting Review defect (bug) new dev-feedback 2018-12-24T20:52:41Z 2019-03-15T13:31:35Z "On a single install (not multisite), you have $wpdb->blogid => 0 get_current_blog_id() => 1 Must be a very old one !!!" arena Untriaged tickets (that need a patch) 43251 editable_roles filter doesn't exclude role on multisite Networks and Sites 4.9.4 normal normal Awaiting Review defect (bug) new 2018-02-07T19:15:54Z 2019-12-06T16:48:21Z "On a multisite installation I am trying to exclude a role using editable_roles filter. The role is removed from the dropdown but if I change the role value in the DOM using the inspector I can successfully add the excluded role. This happens only on multisite installations. On single installations if I try to add an excluded role I get the message “Sorry, you are not allowed to give users that role.” '''How to reproduce the issue:''' 1. Unset a role using editable_roles filter. 2. Login with any role that has the capability create_user. 3. Add a new user changing any role value with the excluded role (using inspector)." eArtboard Untriaged tickets (that need a patch) 40682 get_current_blog_id() and get_current_network_id() are loaded before absint() Networks and Sites 3.5 normal normal Awaiting Review defect (bug) new 2017-05-06T06:41:04Z 2019-02-23T15:35:39Z In r21484, these functions were moved to `wp-includes/load.php`. Regardless of when they are *supposed* to be called, they are available to be called by cache plugins before `absint()` exists in the ether. If caching plugins are indeed accessing `global $blog_id` this early, seems like a race condition somewhere. wonderboymusic Untriaged tickets (that need a patch) 56909 pre_recurse_dirsize filter cannot be used to fill up dirsize_cache and thus breaks performance Networks and Sites 5.6 normal normal Awaiting Review defect (bug) new dev-feedback 2022-10-26T06:09:29Z 2022-10-26T06:09:29Z "In 5.6.0 a new filter was introduced to the dirsize calculation `pre_recurse_dirsize`. After that filter was introduced the dirsize cache was modified to store each folders size separately for a massive performance increase ( part of https://core.trac.wordpress.org/ticket/19879 ). https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/functions.php#L8287 This second change lead to a state where the `pre_recurse_dirsize` filter is kind of useless. One cannot access or modify the dirsize cache within the filter as the `$dirsize_cache` variable is passed by reference to the recursive calls of `recurse_dirsize()`. https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/functions.php#L8300 Thus using the `pre_recurse_dirsize` filter renders it impossible to use the new, much more efficient dirsize cache based on single folders. I can only fill up the total for the top level folder. If `pre_recurse_dirsize` is used the code would skip these recursive calls to `recurse_dirsize()`. And thus the reference passing of the `$dirsize_cache` and filling it with the subfolder sizes. One would consider that the filter code could set the `$dirsize_cache` or the transient value on its own. This doesn't work as well, as the original code works on an in memory version of the `$dirsize_cache` and will overwrite any changes done within the filter at the end of its code. https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/functions.php#L8323-L8328 This state leads to the bad situation that using the `pre_recurse_dirsize` filter will always lead to worse performance. Although the idea behind introducing it was to open up for performance improvements. I am currently unsure how to fix this in a smart way and am open for any thoughts and suggestions. (Maybe bad) Ideas I had: - Pass the `$dirsize_cache` by the reference to the filter (technically impossible as far as I know) - Add another filter to disable the dirsize cache saving in `recurse_dirsize` to handle everything on our own (would allow full backward compat) - Move the `pre_recurse_dirsize` to another position (don't really know where...) - Make `recurse_dirsize` a pluggable function to replace it completely Thanks a lot! " janthiel Untriaged tickets (that need a patch) 55488 Add a filter to array of allow ported number in multisite. Networks and Sites normal normal Awaiting Review enhancement new 2022-03-30T13:39:42Z 2022-03-30T13:39:42Z "The allowed port numbers to setup a multisite are fixed. See this line. {{{#!php if ( ( false !== $has_ports && ! in_array( $has_ports, array( ':80', ':443' ), true ) ) ) { }}} However, a site maintainer may want to change these values to help enable serving their multisite from a custom port. This ticket is a breakout from #21077" spacedmonkey Untriaged tickets (that need a patch) 41771 Global configuration table Networks and Sites 4.9 normal normal Awaiting Review enhancement new needs-unit-tests 2017-08-31T22:19:51Z 2017-09-19T16:37:54Z "In multisite, there is no way to have settings or configuration what goes applies to all networks. There are network level settings (Network options) and site levels settings (Options) but nothing global. In #37923 the need for global configuration arose, as storing data the network level ends up with the same data in every network. Also having a global config table, would help rid ourselves of our dependence on PHP defines for configuration. If this config table was installed on single site as well, the following defines, could be moved the config table. - MULTISITE - SUBDOMAIN_INSTALL - WP_CACHE - FORCE_SSL_ADMIN - WP_DEFAULT_THEME This could make the process of installing multisite, much easier. A number of feature flag that are currently store in options / network options could be moved to the global store. Features such as. - link_manager - enabled / disabled - global_terms - enabled / disabled - use blog_versions - enabled / disabled - site meta - enabled / disabled - ms_files_rewriting - enabled / disabled This global table could also store multi network wide settings such as - Global super admin - Global user roles - Global plugins (Not mu plugins) - Global database version - Default Language " spacedmonkey Untriaged tickets (that need a patch) 38171 A site within a network has no more users when those users are deleted from the network Networks and Sites 3.0 normal normal Awaiting Review feature request new dev-feedback 2016-09-27T14:08:40Z 2020-01-06T17:33:20Z "In a multisite installation, if a site has only one user and you delete this user, the site has no more users. That seams logical, but this is not what super admin expects when he deletes a user from the network. When deleting a user, the following question appears : What should be done with content owned by XXX ? But even if he chooses ""Attribute all content to:"" option, the site in question is left without any user. I don't think this is impacting the site functions, but perhaps we should add a note ? We have several options : * if a user is selected to attribute the content to, it should also be added as a site user * OR, display a warning somewhere that a site will be left without any user before deleting the user * OR, do nothing and be responsible of some heart attacks when a super admin discovers that a site has no more active user. " Fab1en Untriaged tickets (that need a patch) 54080 Dashboard > My Sites could use a list table for displaying the list of sites Networks and Sites 3.0 normal normal Awaiting Review feature request new dev-feedback 2021-09-07T07:59:55Z 2021-09-08T09:13:36Z "Dashboard > My Sites uses an unfamiliar display when listing a user's sites if compared with the rest of the pages in the administration area such as Posts > All Posts. For consistency, could My Sites make use of a [https://developer.wordpress.org/reference/classes/wp_list_table/ list table]?" henry.wright Future Releases 39158 Unify site deactivation process Networks and Sites normal normal Future Release defect (bug) new dev-feedback 2016-12-07T19:20:38Z 2017-08-14T17:16:24Z "Currently there are three cases of ""deleting"" a site on a multisite setup: * deleting a site entirely (for example via Sites list table's ""Delete"" link) * deactivating a site from the network admin (for example via Sites list table's ""Deactivate"" link) * deactivating a site from the site admin (admin can click ""Delete Site"" in Tools menu) Note that deactivating a site does not wipe out the site, but rather sets the ""Deleted"" flag for that site (strange legacy naming, can be ignored here). What this ticket should solve is that the latter two processes work differently although they should be doing the same thing: While deactivating a site from the network admin simply sets the site to ""Deleted"", deactivating the current site from the site admin also removes all users from the site (via `wpmu_delete_blog()`). That means if an admin deactivates their site and later asks support (i.e. the network administrator) to restore it, all users will be gone. I'm not sure why this happens, but I certainly don't think the two actions should have a different behavior. My proposal is to move the part of that function where users are removed into the `if ( $drop )` clause to make sure users are only removed when the site is actually being deleted." flixos90 Future Releases 36940 Break `manage_sites` capability up into more targeted caps johnjamesjacoby Networks and Sites 3.0 normal normal Future Release enhancement assigned 2016-05-25T12:56:16Z 2017-07-17T20:36:26Z "The `manage_sites` capability is currently used as a blanket, to cover all needs when it comes to editing a site in a multisite installation. Started in #15800 (and having chatted with @jeremyfelt at length) we'd like to break `manage_sites` up into new capabilities that more acutely convey what part of a site someone is allowed to edit. The goal is to allow users with `/network` admin access to have more fine-grained control over what parts of a site they can edit. For example: `manage_site_settings = false` so a user can modify site themes & users, but not have access to the raw option data. We are imagining they would look something like: * `manage_site_info` (`site-info.php`) * `manage_site_settings` (`site-settings.php`) * `manage_site_themes` (`site-themes.php`) * `manage_site_users` (`site-users.php`) In addition: * We would pass the site ID through `current_user_can()` to provide additional context * Switch to using `create_sites` in `site-new.php` (vs. `manage_sites` which was likely a copy-paste assumption that the capabilities across these similar files should match) ---- More paraphrasing of our past 4 months of chat in #core-multisite: * Because only WordPress Super Admins can access any of these by default, renaming these capabilities should be considered a backwards compatible change * We /could/ go as far as mapping all of these new caps to `manage_sites` to maintain compatibility, but for plugin authors wishing to take advantage of this, it would require an additional `map_meta_cap` override that we would like to try and avoid * This should not result in much code churn, and will only change multisite files, and a handful of functions that special-case multisite using the `manage_sites` capability check * We would still keep `manage_sites` in a few higher-level places (as a site equivalent to `edit_posts`) to ensure that a user has access to certain UI elements that allow them entry to more detailed site editing" johnjamesjacoby Future Releases 27287 siteurl is missing WordPress path when creating a new site Networks and Sites normal normal defect (bug) new needs-unit-tests 2014-03-06T00:03:35Z 2019-06-04T20:06:59Z "Our setup is a single subdomain network. WordPress is installed to `/wp`, and we don't have rewrites configured to mask the subdirectory. On the initial install, `wp_install()` sets the value of `siteurl`based on `wp_guess_url()`. The main site ends up with these expected values: * `siteurl`: domain.com/wp * `home`: domain.com On subsequent creation of a new site, `install_blog()` incorrectly sets the option values for the new site to: * `siteurl`: domain.com * `home`: domain.com This means the admin loads, but CSS and resources are broken, until I update the `siteurl` option value to be ""domain.com/wp"". I'd expect `install_blog()` to follow the same behavior as `wp_install_blog()`. #23221 is related, although this suggested fix doesn't also fix that." danielbachhuber Future Releases 14172 Implement $scheme in site info in ms-sites edit site Networks and Sites 3.0 normal normal enhancement assigned dev-feedback 2010-07-01T22:45:33Z 2021-01-05T16:40:51Z "In WordPress 3.0 with Network enabled, if you were to click: Super Admin -> Sites -> Edit (next to any site) and then change any of the Site Options i.e. wp_2_options the changes don't save. We're running a secure environment and need Siteurl to be HTTPS instead of HTTP. Changing all the parameters to https and clicking Update doesn't save the changes." firmdot Untriaged tickets (that need a patch) 58044 Issue with wp_setup_nav_menu_item Menus 6.2 normal normal Awaiting Review defect (bug) new 2023-04-01T16:20:53Z 2023-04-08T14:55:59Z "`/wp-includes/nav-menu.php` has an issue handling bad `$menu_item`. The problem is with trying to call `get_post_status()`. If a post with type `nav_menu_item` has a problem (I think not having a correct parent or something), the call to `get_post($menu_item->object_id)` returns NULL which then causes an error message from `get_post_states()`. I had to search the site database to find the offending menu item on my theme development site and deleted the bad menu. I think I likely deleted a page or post that had been include in a menu definition, or perhaps it was because I typically use the Parent Page to define the default menu, which is still supported but seldom used. This error only seems to appear when using the Customizer, I'm guessing while it is generating the ''Menus'' option. Didn't get error from Dashboard Menu, nor have I tried this on a block theme. The problem is found around line 833 in `nav-menu.php`. Here's a possible fix which worked with my bad menu definition, but the problem might be deeper. {{{#!php type_label = $object->labels->singular_name; // Denote post states for special pages (only in the admin). if ( function_exists( 'get_post_states' ) ) { $menu_post = get_post( $menu_item->object_id ); /* * Suggested fix for bad nav_menu_item post - likely caused by now missing parent * which can result in $menu_post being NULL at this point * */ if ($menu_post != NULL) { //*** add a NULL check $post_states = get_post_states($menu_post); if ($post_states) { $menu_item->type_label = wp_strip_all_tags(implode(', ', $post_states)); } } // end of added NULL check } } else { $menu_item->type_label = $menu_item->object; $menu_item->_invalid = true; } }}} " wpweaver Untriaged tickets (that need a patch) 37920 `the_title` filter called in 2 places inconsistently Menus normal normal Awaiting Review defect (bug) new dev-feedback 2016-09-02T14:20:21Z 2019-04-19T13:22:41Z "This is a follow-up to #35317. When calling `wp_nav_menu()` to build a frontend nav menu, the filter `the_title` ends up being called 2 times on page links, due to the above ticket. It is called here https://github.com/WordPress/WordPress/blob/master/wp-includes/nav-menu.php#L754 and then here https://github.com/WordPress/WordPress/blob/master/wp-includes/class-walker-nav-menu.php#L169. So it is called once when getting the post object title and then again when actually outputting the nav menu. I think this is negative for 2 reasons: 1) Anyone who wants to filter `the_title` for nav menu items will end up having it called 2 different times, which is odd and can provide inconsistency 2) In both cases, an object ID is included, but the first call the object ID is the Post that the menu item links to (where the title comes from) and the second call the object ID is the nav menu item ID. This means, if a developer anticipates the 2 calls, they cannot check against the supplied object ID to confirm operations only happen once." joelworsham Untriaged tickets (that need a patch) 18842 wp_nav_menu confuses new developers when it falls through to page listing Menus 3.2 normal normal Awaiting Review defect (bug) reopened 2011-10-02T10:54:12Z 2017-09-20T19:42:00Z "It appears that when wp_nav_menu() falls through to a page listing, many menu-specific args are not passed to the page listing, which ultimately confuses new developers. I seem to answer this at least weekly in #wordpress One example is the 'container_class' arg, if it falls through to the fallback_cb, the container_class is not applied. Ideally, template-related arguements should be passed to the fallback (And with pages as the default callback, it should handle these) or wp_nav_menu() should output any extra wrapping divs if appropriate." dd32 Untriaged tickets (that need a patch) 43176 Nav Menu Search - add filters for query args Menus normal normal Awaiting Review enhancement new 2018-01-29T16:01:00Z 2019-01-16T06:50:09Z "On sites that have lots of content with similar names, it can be almost impossible to find the correct page using the search tab. One way to fix this is described in #38224 (changing the number of posts returned, or providing a filter so developers can change it). Another option would be to check if the search query is_numeric(), and if so, search for a page with that ID. This could either be implemented in core directly, or appropriate filters could be provided so a plugin could implement this functionality." billerickson Untriaged tickets (that need a patch) 44803 Add a page to a menu by its ID or slug Menus 4.9.8 normal normal Awaiting Review feature request new 2018-08-15T15:07:48Z 2019-01-30T05:38:39Z "I'm ""porting"" a college's website from Joomla to WordPress. Said website has +2000 pages, which span from ~2013 onwards. It's the biggest mess you can imagine. There are many repeated pages, repeated categories, empty categories and so on. Building the main menu for this website has been a pain in the ass, too, because the ""adding pages to a menu"" in WordPress is meant for small websites: For example, I was trying to add a page named ""Evaluación docente"". There are several pages called exactly the same, but typing ""Evaluación docente"", or ""Evaluacion docente"" (without accents), ""evaluacion docente"" or even """"Evaluación docente"""" (with the quotes, hoping them would help to do a exact match search) returned other pages that weren't the one I was looking for - nor even the other ""Evaluación docente"" pages! Seems like a very fuzzy search. Sometimes you're lucky and you get the page you're looking for, but sometimes you don't. So I think it would be wonderful if there were some sort of way to add a page to a menu by typing its id or its slug." milerm Future Releases 43494 Can't change/delete menu items in Customizer on mobile audrasjb* Menus normal normal Future Release defect (bug) accepted 2018-03-07T23:30:18Z 2023-01-06T12:25:28Z "On mobile/tablet browser (only Android, Chrome browser tested), menu items can be added and reorganized, but the drop-down toggle for further options doesn't work. As a result menu items cannot be removed. To reproduce: 1. Log in to admin in mobile / tablet browser 2. Go to Customizer -> Menus 3. Add menu item to a menu 4. Attempt to edit / delete menu item Originally reported by community user Sue Jenkins on Twitter: https://twitter.com/LuckychairNews/status/969682449176211456" mor10 Future Releases 38801 Terms with the same name indistinguishable in Menu section Menus normal normal Future Release defect (bug) new 2016-11-15T19:10:08Z 2017-08-18T12:52:07Z "== Problem == Let's say we have a WooCommerce site (although likely all taxonomies/terms are liable to this problem) with the following categories: Men, Women. Each of the categories has a subcategory called Shoes. When in Appearance -> Menu and trying to add a link to Shoes (whichever), there's no way to distinguish the 2 Shoes categories, as the parents are not displayed and no indenting is applied. No matter if we use the Latest, All or Search filter. == Solution == Keep in mind that ""All"" uses pagination, so indenting might not be the best solution. An idea is a hover with the parents listed, but this would be tricky on mobile. Maybe just make a ""Show parents"" switch above the field (or in the Screen Options) and if it's checked, show the parents after the taxonomy/term's name? Like: Shoes (Women -> Shoes). Just getting rid of pagination in the ""All"" view could cause problems with a lot of values and would not help the Search function within the menu creator." eclare Future Releases 44329 current-menu-item class not applied to home link with starter content audrasjb Menus low normal Future Release defect (bug) reviewing 2018-06-08T03:12:20Z 2019-07-09T05:43:31Z "When viewing starter content in the customizer the home link does not get the current-menu-item class applied when you view the home page. The menu-item-object-{$type} class is also missing $type, so it just has the class menu-item-object- applied. When viewing a customizer changeset of the starter content before actually publishing - the home link is not given the current-menu-item class as well. The menu-item-object-{$type} class is still missing $type in this class too. After publishing the starter content the front end appears to have .current-menu-item correctly applied to the menu when navigating. However, when viewing the site in the customizer - the home link now always has the current-menu-item class applied regardless of which page you visit. This results in two links having current-menu-item applied ( the home link and the currently viewed link ). At this point the menu-item-object-{$type} class now has $type === 'custom', so the class menu-item-object-custom is properly applied. Additional notes: - I was only testing with fresh wp installs. - I was using default permalink structure. - I noticed this issue with other themes that provide starter content, but it also happens with twentyseventeen - #43401 does not seem to fix the issues outlined in the steps below. Expected results: I expected for menu items to have the current-menu-item classes properly applied when viewing changesets, the customizer preview would accurately reflect the frontend display, and that current-menu-item would not be applied to two different links when previewing pages in the customizer. Steps to replicate: 1. Use latest trunk (this does also occur on 4.9.6). 2. Have fresh_site option set to 1 to get starter_content. 3. Activate twentyseventeen theme. 4. Go to customizer. 5. Starter content should be populated - inspect the ""Home"" link which doesn't appear to have current-menu-item added, and has the incomplete class menu-item-object- as well. 6. Click on one of the other pages - the link properly reflects the current-menu-item class. 7. Save draft and open the changeset url provided. 8. Click on one of the other pages other than home, and the same issue occurs. 9. Go back into customizer, publish the changeset, and view the site now on the frontend. The home page link is now properly given current-menu-item, and menu-item-object-custom is correct. 10. Click on one of the other links, and the home link no longer has current-menu-item applied, and is applied correctly to the new page you're on. 11. Click on customize - once the customizer loads, the home link AND the link your were looking at both have current-menu-item applied, only the previewed page should have this class." timph Future Releases 46208 Improve Menu experience by making it easier to delete multiple menus at once audrasjb Menus 5.0.3 normal normal Future Release enhancement reviewing 2019-02-07T21:35:19Z 2019-05-03T22:03:30Z "If possible, please make it easier to delete multiple menus with a one click button (same as the plugin interface). For example add an extra tab next to ""Manage Locations"". - Right now, we've to select a menu (to edit) then remove it. If you have like 10 menus... then this task simply takes too much time. The menus are saved all over different tables wp_terms, wp_posts, etc. inside the database. Wouldn't it be better to simple create a seperate db table for menus instead and have all data placed in there (with object cache)? Mireille" mireillesan Future Releases 60673 Indicate submenu item level in admin nav menu editor and customizer nav menu editor rcreators Menus normal normal 6.6 enhancement assigned 2024-03-02T03:31:57Z 2024-03-05T15:23:23Z "Follow up to #32728 Following the closure of #32728, both navigation menu interfaces indicate whether an item is in a submenu. It would improve the experience for screen reader users to indicate what level an item is at." joedolson Future Releases 14331 Tweaks to menu setup page Menus 3.0 normal normal Future Release enhancement new 2010-07-16T21:30:45Z 2020-05-29T19:39:57Z "It would be great if you could select a parent Page and ""Automatically add children"" to the menu. In a similar fashion, it would be great if the Menu could then automatically add any new children Pages created under that Parent." mrmist Future Releases 51964 Add bulk moving to items in the menu screen azhiyadev Menus normal normal Future Release feature request assigned 2020-12-08T07:02:07Z 2021-01-24T09:43:14Z "Hello I am blind and I use WordPress with screen reader software (JAWS and NVDA). Using WordPress menu editor is too tedious and time-consuming for a blind user, although other features are quite accessible. When I go to Appearance > Menus and I add many items to the menu, I cannot rearrange the menu items by drag&drop. I can use Move up / Move down / Move under options for moving the menu items, but this is too time-consuming. I need to press Move Up button 20 times if I want to move an item up to 20 steps higher. If I want to move 5 items up by 20 steps, I need to press ""Move up"" 100 times, over and over. If I want to create a hierarchical menu with an average of 30 menu items, I need to take about 3 hours on rearranging the items. Bulk Action Feature Request: I want to have checkboxes beside menu items, so I can select several menu items simultaneously and apply a bulk move / reposition action on all of them simultaneously. For example, I select 6 menu items at a time and I have two comboboxes: parent item, position. I select ""About Us"" as the parent item, and ""3"" as their position. This way, all 6 items go to position 3 under ""About Us"". This is much faster than pressing ""Move Up"" 120 times for reordering those 6 items. Bulk actions are available in all WordPress taxonomies (Pages, posts, plugins, themes, etc.). I wonder why bulk actions are not available for menu items. Thank you " javad2000 Future Releases 21669 "Make ""Home"" option persistent in Pages box on Menus screen" Menus 3.4 normal normal defect (bug) new 2012-08-23T16:57:08Z 2019-06-04T20:03:36Z "If you have some pages, or even a page, then on nav-menus.php in the Pages box, View All, it will display Home as an option. However, if you do not have any pages at all (mostly Blog on front page scenarios), then it just says ""No items."" in the Pages box. It should always be populated with at least the Home option. Oversight on our part that we didn't uncover this behavior before. " jane Future Releases 20325 Menu item parent classes for page_for_posts (home.php) not properly set on single.php Menus normal normal defect (bug) new 2012-03-29T12:50:06Z 2019-06-04T20:03:21Z If one has set page_for_posts (Settings => Read), on single.php wp_nav_menu() will set current_page_parent for the accordant menu item, but it will not set any parent or ancestor classes for its parent menu items as expected. [tested with 3.3.1] ptietz Future Releases 35640 No API to set a nav menu location Menus normal normal defect (bug) new 2016-01-28T05:21:19Z 2019-06-04T20:21:30Z "We've got an API to retrieve the nav menu locations - `get_nav_menu_locations()` however, there's nothing (as far as I can tell) to set a theme location, either singularly or for all menu's. We should probably have a method that can be used to set a single theme locations menu, and one to bulk-set. For reference, the admin pages currently all call `set_theme_mod( 'nav_menu_locations', $locations );` directly." dd32 Future Releases 23023 Touch UI Menu Code doesn't address flyout menus two-levels deep. Menus 3.5 normal normal defect (bug) new 2012-12-20T15:21:17Z 2019-06-04T20:04:37Z "The code we did in #20614 only addressed the single dropdowns you normally see in a single site install. A multisite install will have flyouts coming out of the dropdowns that we need to account for as well. Related: http://wordpress.org/support/topic/wp-admin-bar-doesnt-play-well-with-touch-device-in-wp-35" georgestephanis Future Releases 18816 Add 'offset' parameter and 'ancestral' boolean to wp_nav_menu Menus normal normal enhancement new dev-feedback 2011-09-29T16:13:42Z 2019-06-04T20:02:57Z Since we can now call wp_nav_menu multiple times and there is the very useful 'depth' parameter, I believe adding an 'offset' parameter would be very beneficial in many situations. This would allow you to start at the children of the main pages for example and combined with depth it becomes very powerful. An 'ancestral' => 'true' option could output only menu items that the current page is a descendant of. Currently if you want to display a main menu in the header and then a submenu on page.php you either need a tricky custom walker or terrible CSS 'visibility:hidden' or 'display:none' situations. signyourbikeout Future Releases 26935 Add empty submenu page to hide menu page title in list Menus 3.8 normal normal enhancement new 2014-01-25T07:46:30Z 2019-06-04T20:06:31Z "My question has to do with `add_menu_page()` and `add_submenu_page()`. If we add a menu page, and one sub_menu page.. we end up with the main menu page being duplicated in the sub pages list. If we have ""Main"" as our main page, and ""Sub"" as our sub page... {{{ add_menu_page('Main', 'Main', 'manage_options', 'main_options', array($this, 'main_do_page')); add_submenu_page('main_options', 'Sub', 'Sub', 'manage_options', 'sub_options', null); }}} This will create a menu structure such as: * Main * Main * Sub The ""Main"" page is duplicated in the sub list. Now, we can hide that duplication with a slight adjustment to the code: {{{ add_menu_page('Main', 'Main', 'manage_options', 'main_options', array($this, 'main_do_page')); add_submenu_page('main_options', 'Sub', 'Sub', 'manage_options', 'main_options', null); }}} By changing the fifth argument to match the ""Main"" page slug.. it will successfully hide the submenu; resulting in: * Main * Sub However... the issue with this... is a menu item still gets created in the generated html. The inner html is blank.. so no title is actually displayed.. but the outer html is still there. It appears in the submenu html output as such (with the second snippet above): {{{
  • Options
  • }}} See how the top item has the html for a list item.. but has no inner html? This creates a space, about 4 or 5 pixels.. in between the main item and the sub menu items. Now, I know this is trivial when there is only one menu item. But, now that I know it exists.. it is driving me nuts. 1. It results in unnecessary html output. 2. It results in a space in the menu item list.. which is faint, but unattractive... and hinders the visual appeal of the new admin panel. Could we perhaps first check if the `add_submenu_page()` fifth argument ($menu_slug) matches the `add_menu_page()` first argument ($page_title)... then the outer html wrapper doesn't get rendered? With space example(http://joshlobe.com/testsite/images/trac1) Without space example(http://joshlobe.com/testsite/images/trac2) Thank you for reading." josh401 Future Releases 12934 Allow a menu to be added as a menuitem to be a submenu. Menus 3.0 normal normal enhancement assigned 2010-04-08T21:55:32Z 2019-06-04T20:02:03Z "Add capability to add a menu as a menuitem to be a submenu thus allowing multiple menu items to share the same submenus. See reference in April 8 devchat: https://irclogs.wordpress.org/chanlog.php?channel=wordpress-dev&day=2010-04-08&sort=asc#m106225" mikeschinkel Future Releases 35132 UX improvements when creating/editing menus Menus 4.4 normal normal enhancement new 2015-12-17T10:32:28Z 2019-06-04T20:20:10Z "Using the menus component (accessible via Appearance -> Menus) is currently a bit of a pain! A few improvements would go a long way to making this feature more pleasant to use: 1. When editing a menu, the '''Pages/Posts/Custom Links/Categories''' panel on the left hand side does not show which pages have already been added to the menu; all items are unchecked, even if they've already been added to the menu. This makes it very hard to discover any new pages which need adding and also makes it easy to accidentally add duplicate pages. 2. There is currently no means to bulk edit existing menu items - two functions which would be very useful here are the deletion of all existing items and the alphabetical sorting of all existing items. 3. It should be possible to select all children of an existing parent page. For example, if creating a sub menu that lists 20 children of a parent page, we have to click on each child separately. If a new page is added a week later, then items 1 and 2 above become problematic - we need to either carefully check for the new page in the list on the left, cross referencing that list with the existing pages, or we have to delete everything in the menu and add each individual item again from scratch, which despite being quite lengthy is actually the quickest, least error-prone option here. Hope this helps!" chris_dac Future Releases 34235 Multi selection in menu Menus 4.3.1 normal normal feature request new 2015-10-09T18:39:44Z 2019-06-04T20:16:58Z Can we have multiple selection of pages/posts/categories/ which are added in menu? So that if we have more number of things are there we can change order easily instead of selecting one by one. vir2714 Future Releases 14969 "menu element ""all (direct) child pages""" Menus 3.0.1 normal normal feature request new dev-feedback 2010-09-26T20:16:39Z 2019-06-04T20:02:19Z One of the things I am missing in the current menu-system is the ability to assign parts of the page tree to, say, a sub-menu, so, say, all child pages of a parent will be listed instead of having to add them manually to the submenu once the menu has been created. youngmicroserf Untriaged tickets (that need a patch) 60082 """Copied"" tooltip should be hidden when another attachment URL is copied (in list mode)" Media 6.0 normal normal Awaiting Review defect (bug) new 2023-12-15T13:05:00Z 2024-03-12T15:39:27Z "In the media list view, clicking the ""Copy URL"" action link displays previously clicked ""Copy URL"". The previously clicked row showing ""Copied!"" when hover the media again. === Environment - WordPress: 6.4.2 - PHP: 8.2.0 - Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2u PHP/8.2.0 mod_wsgi/3.5 Python/2.7.18 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.39 / Client: 8.2.0) - Browser: Firefox 119.0 (macOS) - Theme: Twenty Twenty-Four 1.0 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.5 === Steps to Reproduce 1. Go to media library 2. Click ""Copy URL"" of one of the media. 3. Click ""Copy URL"" of another media. 4. The previously clicked row showing ""Copied!"" when hover the media again. === Expected Results 1. The previously ""Copied!"" tooltip should be close after clicking the next one. === Actual Results 1. The previously clicked row showing ""Copied!"" when hover the media again." jayadevankbh Untriaged tickets (that need a patch) 35887 Adding multiple media to post - selecting image size Media 4.4.2 normal normal Awaiting Review defect (bug) new 2016-02-20T12:03:10Z 2023-10-25T04:35:24Z "When clicking ""Add Media"" to add images to a post, you can select multiple images. With all images selected, logic follows that if you change the ""ATTACHMENT DISPLAY SETTINGS"" size from default ""Medium"" to ""Full Size"", that all selected images would have the same setting changed, but when you add them, only the one image that was highlighted is actually ""Full Size"" and the rest which were selected, but not highlighted, are still ""Medium"". I think when adding multiple media, all should be changed to size that is selected in ""ATTACHMENT DISPLAY SETTINGS""." myburgh.bernard@… Untriaged tickets (that need a patch) 52509 Error generating Thumbnails of PDF-Files Media 5.6.1 normal normal Awaiting Review defect (bug) new 2021-02-12T12:46:26Z 2023-07-02T13:37:05Z "This is a follow-up to #48853. This issue seems to be still present in Version 5.6.1 Some PDF-Files cause an internal server error, some do not. (The server's error log tells something about missing headers) Here's what i did to isolate the error: - I examined the PDF-Files. The affected files had a PDF-Version 1.7 an were created with non-Adobe-Tools (e.g. Office365). PDFs with Version 1.4 and 1.5 (created with Acrobat) worked well. - tried it with a local copy of the site on XAMPP: No Problems - used a little code-snippet to prevent thumbnail-generation in general: Upload works This is the snippet: {{{#!php 'ids' ) ); foreach ( $posts as $post_id ) : $thumb = get_the_post_thumbnail( $post_id ); endforeach; }}} The **update_post_thumbnail_cache()** used in **get_the_post_thumbnail()** assumes **$wp_query->posts** always contains an array of **$posts objects**, while it can be an array of $posts IDs. To prevent the warning it would be appropriate to check that $post is actually a post object. The patched code: {{{#!php posts as $post ) { $post = get_post( $post ); // Add this or check if is_integer( $post ) $id = get_post_thumbnail_id( $post->ID ); }}} Thanks Kind Regards" Xendo Untriaged tickets (that need a patch) 23436 Media Gallery - Cropping Image and then Cropping a thumbnail from that crop doesn't work. joedolson* Media 3.5 normal normal Awaiting Review defect (bug) accepted close 2013-02-10T17:20:00Z 2022-12-07T16:05:48Z "'''A recipe for repeating the bug behavior:''' Navigate to Library in the admin sidebar. Click ""Add new"". Drag the 800x480 copy of this or any image to the drag and drop area: http://en.wikipedia.org/wiki/File:Cheese_platter.jpg (I suggest this image for ease of recipe duplication and best explanation.) After the blue status bar has completed, ""Edit"" to bring the media edit window up in a new tab. Click ""Edit Image"" below the actual image. Drag anywhere inside the image to create a cropping box. In the ""Image crop"" pane, set the crop area to 500px width, 100px height. Drag the cropping box so that the fancy toothpick is as far left as possible along the horizontal axis of the cropping box, but centered vertically. Click the ""Crop"" icon. Click ""Save"". Click ""Update"". Click ""Edit Image"" once again. Drag inside the newly-cropped image again to create a new cropping box. In the ""Image Crop"" pane, change the cropping dimensions to 150 x 100. Drag the box so the fancy toothpick is somewhere in the left third within the crop boundary. '''Important:''' In the thumbnail settings pane, set ""Apply Settings to:"" '''Thumbnail'''. Click the ""Crop"" icon. Click ""Save"". Click ""Update"". Click ""Library"" in the admin sidebar. The newly preferred thumbnail for our previously-cropped image does not save. Thumbnail remains default, based on center of previously-cropped image. Instead, you will see a small wheel of cheese sliced into six wedges with garnishes for the thumbnail, even though we chose the part with the fancy toothpick." gr33nman Untriaged tickets (that need a patch) 40129 Media deleting selected on mobile does not work Media normal normal Awaiting Review defect (bug) new 2017-03-12T12:47:13Z 2017-03-16T19:42:35Z "Steps to reproduce: - Select a month in bulk select. - Click image. - Click delete selected. - It doesn't delete. [[Image(https://cldup.com/IHq3IPurbV.PNG, 50%)]] Discovered on iPhone 7 Plus." karmatosed Untriaged tickets (that need a patch) 37311 Site icon thumbnails are lost if wp_generate_attachment_metadata called again later Media 4.5 normal normal Awaiting Review defect (bug) reopened 2016-07-07T22:36:48Z 2021-04-14T16:36:05Z "If image sizes are regenerated with the Regenerate Thumbnails plugin, the custom Site Icon sizes (and possibly other images in the customiser?) are lost. The question is whether this is something that needs changing in the plugin, or whether the logic for how these sizes work should change in core. (Virtually all core documentation tells people to use this plugin when changing image sizes, so it should be fixed in one of the other). I'm of the opinion it should be changed in core, where custom sizes like the ones created by Site Icons should be somehow marked as special sizes, with wp_generate_attachment_metadata checking for any existing custom sizes and including them in the output." smerriman Untriaged tickets (that need a patch) 58740 Slow load in media page of WordPress admin when having huge posts table Media 6.2.2 normal minor Awaiting Review defect (bug) new 2023-07-06T15:53:15Z 2023-07-06T15:53:15Z "Slow load can be traced to this function. {{{ // get_available_post_mime_types // wp-includes/post.php }}} From what I understand, this function tries to get all of the available mime type of attachment post type. When posts are over a hundred thousand, this is causing media page in admin to load in about half a minute (hosting performance relative). I'd like to suggest a transient in this function. Will open a PR if this bug is approved. " Twellve_Million Untriaged tickets (that need a patch) 58733 The load more button appears even when there is only one image in the feature image selection window. joedolson* Media 6.3 normal normal Awaiting Review defect (bug) accepted 2023-07-06T13:22:35Z 2023-07-21T15:20:00Z "Load more button appears in the popup window for replacing the feature image, even when there is only one image available. Steps to reproduce the issue: 1. Go to the post editor in WordPress. 2. Locate the section where you can edit the feature image for the post. 3. Click on the ""Replace"" button to select a new image. 4. The popup window will open, showing the available images. Despite there being only one image in the selection, the ""Load More"" button is present in the popup window. Video Link: https://www.loom.com/share/c0e9faa4cc86455eb30bdaf2149b5a60 === Environment - WordPress: 6.3-beta3-56143 - PHP: 7.4.21 - Server: Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.21 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.34 / Client: mysqlnd 7.4.21) - Browser: Chrome 114.0.0.0 (macOS) - Theme: Twenty Twenty-Three 1.1 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.0" aparnajl Untriaged tickets (that need a patch) 58944 Upload to Media Library not replicating to all pod's 6.2.2 Media 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-07-31T10:18:52Z 2023-10-04T15:34:54Z "Hello, after updating from WP 6.1.1 to 6.2.2 the new uploaded images start to apear ""broken"" on Media Library. If we refresh the page several time's we will see the image ok, but if we refresh it again it will be broken. We are running the WP in kubernetes, so we have several pod's. This behaviour means the uploaded image is no longer been replicated to all pod's. So it only exist's in one pod. After reverting to 6.1.1 all is ok." vitorgandra Untriaged tickets (that need a patch) 30402 WordPress does not respect the bit-depth of the original image when resizing Media 3.9.2 normal normal Awaiting Review defect (bug) new 2014-11-19T08:15:02Z 2021-03-04T15:09:12Z "i have uploaded 8 bit depth indexed color png, near 1400x1800 size image in wordpress and inserted it into post , and original image was near 500 kB and the smaller width-height version made by wp is near 1400 kB, because it is 24 or 32 bits per pixel png. (this is useless. i have edited html code to use full version because it is smaller by weight and it is scaled by size so it is ok)." qdinar Untriaged tickets (that need a patch) 53200 image quality reduction in smaller images Media 5.7.2 normal normal Awaiting Review defect (bug) new 2021-05-13T13:01:43Z 2021-05-13T13:01:43Z "So what happens is you upload a full size image to wordpress in my case project53.co.uk and I am using a goodlayers theme but I have repeated the same process on a stoc install on a different site and have the same issue. On this site for example the easiest one to see it on is the woman and look at the cheeks as full size looks ok and has colour and smaller images looks toned down and grey and it is wordpress changing the image quality with the smaller images. this is the details send from our dev guy For now - I have removed the thumbnails that the site was trying to use (I had set it to 'full', which should have been used, but the theme didn't want to co-operate) and then regenerated the thumbnails - pretty much forcing the site to use the full-size image. It may occur elsewhere in the site - hard to say until I've seen every possible variation of an image on the theme - but as long as we repeat the same steps to remove the thumbnail size and regenerate, it will be fine. You could just remove all regenerated sizes and ensure that sizes are set by the container the image is in; that would definitely stop it. So if you see another image (or multiple images) having the same problem: Inspect that image and see what thumbnail size it is using. (You can generally tell by the suffix on the end of the image name, e.g. blahblah-800x600.jpg) Go into Goodlayers Options > Miscellaneous > Thumbnail sizing Remove the thumbnail size that it's using Go into Tools > Regenerate Thumbnails Ensure that the thumbnail size that you remove is not there Click Advanced Options, and check the box which says ""Delete unselected thumbnails"" - this will remove that size from the server and tell WordPress it doesn't exist If it was me - I'd unregister all of the thumbnails and just limit the size of images which are being uploaded - and use that size globally throughout the theme (if the size doesn't exist it should fallback to the full size image as default). That doesn't necessarily have to be the case - but you just don't want 5MB images on a page - because then you'll have all the page speed problems to deal with! " digitalmountain Untriaged tickets (that need a patch) 46390 image_default_link_type is not seen by Gutenberg Media 5.1.1 normal normal Awaiting Review defect (bug) reopened 2019-03-01T12:34:42Z 2022-04-05T02:26:53Z "I have in option.php the image_default_link_type set to file so that by default the ""link to "" for all media files is by default set to media. Since upgrading to Gutenberg 5.1, this feature appears to be deactive." brianjcameron Untriaged tickets (that need a patch) 54205 jqxhr is undefined inside of deferred.done() when using wp.media to add a custom image upload Media 5.8.1 normal major Awaiting Review defect (bug) new 2021-09-30T20:55:42Z 2022-05-31T14:33:33Z "I have done all the usual trouble shooting and found this is being cause by a new block of code added to wp-util.js in 5.8.1. Specifically lines 121-134. The jqXHR property does not exist inside of the done() object and therefor always errors out. This is removing a key functionality of a clients admin that makes it where no new products can be added without a horrible workaround." metawebdevelopment Untriaged tickets (that need a patch) 43070 srcset attribute can be overridden but not prevented Media 4.4 normal normal Awaiting Review defect (bug) new 2018-01-11T19:07:48Z 2019-04-11T13:48:00Z In `wp_get_attachment_image()`, a `srcset` attribute can be passed to the fourth parameter to override the attribute's contents. There is no way to prevent this attribute from showing, though. An empty `srcset` attribute throws a validation error. desrosj Untriaged tickets (that need a patch) 36273 update_attached_file() on Windows will result in invalid image path when using native Windows directory separators Media 4.4.2 normal normal Awaiting Review defect (bug) new needs-unit-tests 2016-03-18T10:48:16Z 2018-04-30T23:34:09Z "Calling ''update_attached_file( $image->ID, $file );'' on platforms like Windows can be really bad if ''$file'' was normalized/validated using PHP's ''realpath()'' function: {{{#!php ID ); // Well, in real world you could have created the path manually... // The only important thing to know is, that we call ""realpath()"" which will // convert any directory separator into the native directory separator: // Linux will end with /dir/subdir/basename.jpg // Windows will end with C:\Dir\Subdir\basename.jpg $file = realpath( $file ); // Again, this is just a demo, for real world cases see plugins like ""Force Regenerate Thumbnails"" // But this is a valid API call: update_attached_file( $image->ID, $file ); // On Windows this will result in an update statement like // UPDATE `postmeta` SET `meta_value` = 'C:WWWSitesdemohtdocswordpresswp-contentuploads201603example.jpg' WHERE `post_id` = 123 AND `meta_key` = '_wp_attached_file' // when $file was set to ""C:\WWW\Sites\demo\htdocs\wordpress\wp-content\uploads\2016\03\example.jpg"" // Now imagine a plugin which is re-generating thumbnails :] // The problem is // $meta_value = wp_unslash($meta_value); // in wp-includes/meta.php update_metadata(). }}} When using ''update_attached_file()'' we should make sure that ''update_metadata()'' don't update the path value to an invalid value... PS: After you updated all image paths to an invalid value, the media library won't work anymore: {{{ [18-Mar-2016 07:31:10 UTC] PHP Warning: file_exists() expects parameter 1 to be a valid path, string given in C:\WWW\Sites\demo\htdocs\wordpress\wp-includes\media.php on line 3063 }}} " Whissi Untriaged tickets (that need a patch) 53187 wp_filter_content_tags added too early Media 5.5 normal normal Awaiting Review defect (bug) new 2021-05-11T19:15:40Z 2021-07-26T16:31:46Z "Currently wp_filter_content_tags filter is added to the_content filters with default priority, this means that if the iframe is outputted by shortcode it will not get the lazy loading attribute. I think that it should be added after do_shortcode has run with priority of 12." maciejmackowiak Untriaged tickets (that need a patch) 32117 wp_get_attachment_metadata sizes array file misses path if using year/month organizing Media 4.2 normal normal Awaiting Review defect (bug) new 2015-04-24T15:58:51Z 2017-08-14T13:15:29Z "wp_get_attachment_metadata returns array like this: {{{ [""metadata""]=> array(5) { [""width""]=> int(3072) [""height""]=> int(2304) [""file""]=> string(25) ""2015/03/GC702D01_high.jpg"" [""sizes""]=> array(4) { [""thumbnail""]=> array(4) { [""file""]=> string(25) ""GC702D01_high-200x150.jpg"" [""width""]=> int(200) [""height""]=> int(150) [""mime-type""]=> string(10) ""image/jpeg"" } }}} as you can see, ""file"" in the first level of the array contains year and month (as i do have turned on organizing in year/month structure for uploads), but ""file"" in the second level for (e.g. in this case) the thumbnail size is only the file name, without the path. This is at least confusing, make it difficult to get the URL of the file - each size need to be then requested separately by wp_get_attachment_image_src function. IMO optimal solution would be to use full path in both `$metadata['file']` and `$metadata['sizes'][$size]['file']` so the same name would have the same structure. But i do not know if it wouldn't have some compatibility issues. Less optimal imo would be to add there also the path - it can be there only once in the top level, as all sizes are currently always in the same folder, but i think this could lock us from possible changes / plugin modifications etc. E.g. I think that it would be great, if it would be possible (and even default) to have size name, as a folder, so that we would have thumbnails in uploads/thumbnail, medium size in uploads/medium ... - this would highly reduce the number of images in one folder in default settings and would reduce the problems with displaying them on most systems. And also if we would want to delete some defined size, we could simply delete one folder and save space. So the second optimal would be to show the path in `sizes[$size]` subarray, e.g. {{{ [""metadata""]=> array(5) { [""sizes""]=> array(4) { [""thumbnail""]=> array(4) { [""file""]=> string(25) ""GC702D01_high-200x150.jpg"" [""path""]=> string(25) ""2015/03/"" } }}}" thomask Untriaged tickets (that need a patch) 51421 wp_get_missing_image_subsizes returns thumbnail sizes for animated GIFs Media 5.5.1 normal normal Awaiting Review defect (bug) new 2020-09-30T14:27:32Z 2020-10-01T14:36:20Z "While thumbnails are not created for animated GIFs to avoid the problem of users picking a thumbnail size to insert into their content and unexpectedly getting a static image instead of an animated GIF, they are generated for static GIFs. The `wp_get_missing_image_subsizes` function however recognizes animated GIFs as an image format that can have subsizes generated, and so returns a list of missing thumbnail sizes that will never be created. This causes problems for various plugins when checking whether all required thumbnails exist before commencing processing the GIF etc." ianmjones Untriaged tickets (that need a patch) 60178 wp_video_shortcode() outputs invalid HTML Media normal normal Awaiting Review defect (bug) new 2024-01-02T22:09:17Z 2024-02-15T07:25:42Z "Did an audit of a website and found several invalid HTML for video tags that were output with `wp_video_shortcode()`. The errors: * Bad value `1` for attribute `loop` on element `video` * Bad value `1` for attribute `autoplay` on element `video` * Bad value `1` for attribute `muted` on element `video` Based on documentation from Mozilla, all 3 are boolean attributes. Here is an example of function usage that produced the HTML validation errors: {{{#!php wp_get_attachment_url(9999), 'class' => 'my-custom-video', 'poster' => '', 'loop' => 'true', 'autoplay' => 'true', 'muted' => 'true', 'height' => 1080, 'width' => 1920 ] ); }}} This part in `wp_video_shortcode()` is the culprit: {{{#!php $v ) { $attr_strings[] = $k . '=""' . esc_attr( $v ) . '""'; } }}} Currently, we are using the filter to clean up these attributes like this: {{{#!php ' . /* translators: %s: Asterisk symbol (*). */ sprintf( __( 'Required fields are marked %s' ), '*' ) . '

    ' . '' . $item . '
    '; } }}} The foreach loop that goes through all fields could easily check if any field has the ""required"" attribute and rather use that as a condition to show the message instead of `$item`." webzunft Untriaged tickets (that need a patch) 36270 Allow filtering of the final HTML output of media related shortcodes Media 4.7.2 normal normal Awaiting Review enhancement new 2016-03-18T02:33:02Z 2020-04-09T09:00:28Z "Sometimes it is required to further process the final HTML output of the media related shortcodes, eg {{{caption}}} or {{{gallery}}}, so as to add extra HTML code such as enclosing div or span elements or just modify the existing HTML code during run time. For instance the final output of {{{img_caption_shortcode}}} could be filtered: https://core.trac.wordpress.org/browser/tags/4.4.2/src/wp-includes/media.php#L1537 Passing all relevant image attachment data, like ID and size, would also be very useful. I hope that I am not missing anything but right now the only way to insert code inside the {{{
    }}} or {{{
    }}} block seems to be the complete override of the {{{img_caption_shortcode}}} function. " gnotaras Untriaged tickets (that need a patch) 33054 Better featured image/attachment sanity checks Media 4.2.2 normal normal Awaiting Review enhancement new 2015-07-20T22:19:09Z 2017-06-27T16:16:22Z "Use case: Add a post: If a user uploads a featured image and the file fails to write to disk, the post record contains the url to the image but of course the image is broken. The end state is one where the featured image is simply broken, but the post record references the image. Possible solutions: 1. Do an extra sanity check after write to disk that the image was actually created. If there was a failure alert the user. This is probably the easiest. 2. Or reverse the order of operations, making it transactional in nature. That is, create the image(s) first, check if successful, and then update the post record. If there is a failure show an alert to the page, and don't write the image path to the post record as the file doesn't exist. It is alot cleaner to not have an image than having a broken one. It is also better if the image was successfully written to disk but the post url failed to update for some reason; we can always re choose from the media library. a. Going above and beyond, the sanity check would keep track of thumbnail sizes to be created and make sure they all were successful. If not, don't update the post record and remove the thumbnail sizes that did write to disk. Once again treat as a transaction; all or nothing. Extended impact: Many folks use image compression plugins or tools that compress the images before writing to disk. Currently if those items fail usually by timeout you are left with a broken image and the url is in the meta. I propose that there be a pre-check as to the thumbnails to be created before the image write even occurs (add a new action hook that keeps track of the thumbnails we expect from add_image_size) and then check on the backside to make sure we have the image(s) we expect. After that all sanity check rules proposed above would apply." ShawnLunny Untriaged tickets (that need a patch) 53645 Convert heic to a web safe image format. Media normal normal Awaiting Review enhancement new 2021-07-12T17:07:39Z 2024-02-08T08:58:08Z "[https://support.apple.com/en-gb/HT207022 As of ios 11], Apple start using the HEIF format to save images. Sadly HEIF files can not be viewed in web browsers. For those taking images on their iPhone, this would mean to embed a raw iPhone photo, would require them to use a third party tool to convert that image into a web safe format like jpeg. WordPress core should convert this image to a web safe format while keeping the original for reference. " spacedmonkey Untriaged tickets (that need a patch) 42829 Debugging image uploads with wp_generate_attachment_metadata Media normal normal Awaiting Review enhancement new 2017-12-07T14:24:22Z 2019-02-14T21:28:56Z "Because of the if statement declared in image.php on line 181 ([https://core.trac.wordpress.org/browser/tags/4.9/src/wp-admin/includes/image.php#L181]) it seems impossible to retrieve the error message, what is supplied by the wp_upload_bits() function. Please return this message or implement a new function what verifies what the error messages are trying to inform the user about." Fleuv Untriaged tickets (that need a patch) 40120 Media on mobile action links missable Media normal normal Awaiting Review enhancement new 2017-03-12T12:19:47Z 2017-03-16T19:45:14Z "The following is how on an iPhone 7 Plus the media interaction links look: [[Image(https://cldup.com/TLmN2U_8fW.PNG, 50%)]] They are smaller than the body text and also very missable at the bottom. Can we at least increase their size and see about moving to top?" karmatosed Untriaged tickets (that need a patch) 22966 Show admin-cropped thumbnails instead of WordPress-cropped thumbnails Media normal normal Awaiting Review enhancement new 2012-12-16T22:22:59Z 2023-08-29T15:35:39Z "Used to be able to see which images have been cropped (and which ones haven't) in image search results. Now have to click 'edit image' and check the image individually. It's valuable for the publisher to see what his/her readers will see on the front end of the site when the 'thumbnail' function is called (either publisher's hard-cropped image or full un-cropped image). Useful especially for publishers that are pulling images from a time before 'thumbnails' existed in WP. Main reason this is an issue is that when an un-cropped thumbnail is selected as the featured image, it will be stretched/distorted to dimensions of thumbnail settings in function.php." beerpulse Untriaged tickets (that need a patch) 59421 "loading=""lazy"" attribute is not applied at all" Media 6.3.1 normal minor Awaiting Review enhancement new 2023-09-21T06:54:52Z 2023-09-27T13:46:58Z "Steps to reproduce: Start new WordPress 6.3.1 instance. Use default twenty-twenty-three theme. Create new post. Insert some images. None of the images (including below the fold ones) get loading attribute. It is expected that below the fold images get loading=""lazy"" attribute." lovor Untriaged tickets (that need a patch) 37801 Media Functions Media normal normal Awaiting Review feature request new dev-feedback 2016-08-23T21:40:41Z 2019-04-19T20:04:28Z "I think now WordPress should include all media functions, like getMedaTitle($attID) getMedaCaption($attID) getMedaAlt($attID) getMedaUrl($attID) getMedaUrl($attID) I will be really happy to work on it and include them in 4.7 " daniyalahmedk Future Releases 18275 Can't get perfect thumbnail sizes with image editor Media 3.2.1 normal normal Future Release defect (bug) new 2011-07-28T02:37:16Z 2017-06-27T16:14:27Z "In the media settings, I have the thumbnail set to a fixed size (218x145), and set to crop to these exact dimensions. Sometimes the automatic thumbnail crops off people's heads, etc, so I use the Image Editor to manually adjust the thumbnail. I select a rectangle, set the aspect ratio to 218x145, click crop, apply to thumbnail only, and save. However, sometimes that results in an image slightly off in dimensions - for example, 215x145. I expect this is a rounding error. However, it happens even if I select an area much bigger than this when cropping in the Image Editor - eg 300x200. After I click crop and see the 300x200 image, I would expect the thumbnail to be automatically be created at 218x145 like it does normally based on this adjusted image - however, it appears the checkbox for using exact dimensions doesn't apply here. (In fact, if I select, say 300x300, it will make my thumbnail 145x145). This feels like a bug to me, and makes it very hard to generate thumbnails at the size I want." smerriman Future Releases 43816 Editing Image Can Lead to Mixed Metadata Media 4.9.5 normal normal Future Release defect (bug) new 2018-04-20T00:04:30Z 2022-11-23T16:09:37Z "== Summary If an image is uploaded at a size allowing the creation of a defined image size (ie, ""large"", ""twentyseventeen-featured-image"", etc.) and the image is then edited to a size which doesn't allow that defined size to be created, the non-supported size can still be placed and will display the original image. == Steps to Reproduce 1. Upload an image which is slightly larger than a defined image size in a particular theme (for example, if using the WordPress default definition for ""large"" images, 1,024 pixels, upload an image 1,100 pixels wide) 1. Edit the image, and scale or crop it to be 1,000 pixels wide 1. Save edit 1. Within the post editor, ""add media"", select the ""large"" image size, and place within body of post === Expected Behavior * //Developer//: The ""large"" image should not be able to be selected within the ""Place Media"" dialog * //Regular user//: The ""large"" image placed should reflect the image edit === Result The ""large"" size is selectable and the **original** image is placed within the page. === Other Effects In this particular example, if the Media Library is in ""grid"" view, and our edited image is selected, the dialog which opens will display the incorrect original image, as the dialog preferentially uses the ""large"" image size. == Source of Behavior I believe the problem stems from line 880 of https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-admin/includes/image-edit.php : {{{ $meta['sizes'] = array_merge( $meta['sizes'], $img->multi_resize( $_sizes ) ); }}} * `$meta['sizes']` contains all of the sizes which were able to be created when the image was uploaded * The return from `$img->multi_resize()` only has keys set for those sizes that can be created from the edited image * Using `array_merge` keeps the original values not returned by `$img->multi_resize()`, despite the fact they are no longer valid for this edit == Fix I believe the fix may be as simple as simply returning the result of `$img->multi_resize()` without merging it into the existing `$meta['sizes']`, which are mainly used in this context to create the `_wp_attachment_backup_sizes` array. {{{ $meta['sizes'] = $img->multi_resize( $_sizes ); }}}" rogerlos Future Releases 52777 Editing an empty gallery results in a javascript error Media normal normal Future Release defect (bug) new reporter-feedback 2021-03-11T13:22:38Z 2023-01-31T13:07:44Z "How to reproduce? 1. In the **classic** editor, create a post with a gallery with one image and save the post. 2. Go to the media library and delete permanently this image. 3. Go back editing the previous post. The gallery displays ""No items found"". 4. Attempt to edit the gallery and check the browser console. Here is the error displayed: {{{ Uncaught TypeError: Cannot read property 'args' of undefined at n. (media-views.min.js?ver=5.8-alpha-50521:2) at f (underscore.min.js?ver=1.8.3:2) }}} and the trace: {{{ (anonymous) @ media-views.min.js?ver=5.8-alpha-50521:2 f @ underscore.min.js?ver=1.8.3:2 setTimeout (async) (anonymous) @ underscore.min.js?ver=1.8.3:2 p @ backbone.min.js?ver=1.4.0:2 f @ backbone.min.js?ver=1.4.0:2 c @ backbone.min.js?ver=1.4.0:2 n.trigger @ backbone.min.js?ver=1.4.0:2 (anonymous) @ media-models.min.js?…r=5.8-alpha-50521:2 c @ load-scripts.php?c=0…r=5.8-alpha-50521:2 fireWith @ load-scripts.php?c=0…r=5.8-alpha-50521:2 (anonymous) @ wp-util.min.js?ver=5.8-alpha-50521:2 c @ load-scripts.php?c=0…r=5.8-alpha-50521:2 fireWith @ load-scripts.php?c=0…r=5.8-alpha-50521:2 l @ load-scripts.php?c=0…r=5.8-alpha-50521:2 (anonymous) @ load-scripts.php?c=0…r=5.8-alpha-50521:2 load (async) send @ load-scripts.php?c=0…r=5.8-alpha-50521:2 ajax @ load-scripts.php?c=0…r=5.8-alpha-50521:2 s.ajax.s.ajax @ load-scripts.php?c=0…r=5.8-alpha-50521:5 (anonymous) @ wp-util.min.js?ver=5.8-alpha-50521:2 s.Deferred.s.Deferred @ load-scripts.php?c=0…r=5.8-alpha-50521:5 send @ wp-util.min.js?ver=5.8-alpha-50521:2 sync @ media-models.min.js?…r=5.8-alpha-50521:2 fetch @ backbone.min.js?ver=1.4.0:2 more @ media-models.min.js?…r=5.8-alpha-50521:2 more @ media-models.min.js?…r=5.8-alpha-50521:2 edit @ media-editor.min.js?…r=5.8-alpha-50521:2 edit @ mce-view.min.js?ver=5.8-alpha-50521:2 edit @ mce-view.min.js?ver=5.8-alpha-50521:2 onclick @ plugin.min.js?wp-mce-49110-20201110:1 c.fire @ tinymce.min.js?ver=49110-20201110:2 fire @ theme.min.js?wp-mce-49110-20201110:1 o @ theme.min.js?wp-mce-49110-20201110:1 C @ tinymce.min.js?ver=49110-20201110:2 d @ tinymce.min.js?ver=49110-20201110:2 }}} " Chouby Future Releases 44754 Error saving data from 'custom fields' of type select / checkbox (multiple) in Attachment Modal Media normal major Future Release defect (bug) new 2018-08-08T12:41:01Z 2019-04-15T21:43:45Z "It's my first ticket, and I have little idea of English, I apologize if I did wrong. The method used to save the custom fields in the Attache modal, I think, is poorly implemented. The problem comes when you have a field of multiple type (select or checkbox). At the time of parsing the form, the jQuery serializeArray function is used. This returns an array of key / value objects with all the items in the form. The moment you have a field of multiple type whose name value has '[]', if there are multiple values selected, they are overwritten with the selected item from the list of elements. Error is located in the _.each of line 72 of the file: https://core.trac.wordpress.org/browser/trunk/src/js/media/views/attachment-compat.js {{{ 65 save: function( event ) { 66 var data = {}; 67 68 if ( event ) { 69 event.preventDefault(); 70 } 71 72 _.each( **this.$el.serializeArray()**, function( pair ) { 73 data[ pair.name ] = pair.value; 74 }); 75 76 this.controller.trigger( 'attachment:compat:waiting', ['waiting'] ); 77 this.model.saveCompat( data ).always( _.bind( this.postSave, this ) ); 78 }, }}} The result of serializeArray () is [[Image(https://actycrea.com/img/wordpress/before.png)]] And the result after the _.each is: [[Image(https://actycrea.com/img/wordpress/after.png)]] As you can see, it deletes all the elements previous to the last one of the same key. I think the best way to fix it is this: {{{ 65 save: function( event ) { 66 var data = {}; 67 68 if ( event ) { 69 event.preventDefault(); 70 } 71 72 _.each( this.$el.serializeArray(), function( pair ) { 73 if ( $.trim( pair.name ).length ) { 74 if ( typeof( data[ pair.name ] ) == 'object' ) { 75 data[ pair.name ].push( pair.value ); 76 } else if ( pair.name.indexOf( '[]' ) > -1 ) { 77 data[ pair.name ] = new Array( pair.value ); 78 } else { 79 data[ pair.name ] = pair.value; 80 } 81 } 82 }); 83 84 this.controller.trigger( 'attachment:compat:waiting', ['waiting'] ); 85 this.model.saveCompat( data ).always( _.bind( this.postSave, this ) ); 86 }, }}} By doing this, it would return the following data object: [[Image(https://actycrea.com/img/wordpress/finally.png)]] I explained? I'm very sorry for my English ... Fernando. " fobiaxx Future Releases 59577 Images in block templates or patterns do not have loading optimization attributes flixos90 Media normal normal 6.6 defect (bug) assigned 2023-10-09T19:12:23Z 2024-03-13T15:41:15Z "This ticket is created as a break out from #59464: While that ticket was also initially pointing out the lack of loading optimization attributes in TT4, it has been primarily focused on the lack of the dimension attributes `width` and `height` from images that are hard-coded in the theme (e.g. in a `core/image` block within the theme's block templates, template parts, or patterns). As noted in https://core.trac.wordpress.org/ticket/59464#comment:16 however, there is another arguably more severe problem: Even if that bug was fixed for TT4, most of those images ''still'' wouldn't receive the loading optimization attributes. That is because TT4 includes most of its images directly in block templates, or in patterns, outside of template parts, post content, or widget content. Currently, any images that aren't covered by more specific contexts than `template` (which is for the overall block template) are not handled at all by `wp_filter_content_tags()`, impacting TT4 and likely several other block themes. This ticket is focused on that problem, trying to identify a solution to also consider images in the overall block template, while avoiding duplicate processing of images that were already processed with a more specific context." flixos90 Future Releases 47456 Improve the user interface to ensure correct usage of the image alt text joedolson* Media high normal Future Release defect (bug) accepted 2019-06-01T11:15:23Z 2024-03-12T11:15:33Z "Splitting this out from the [https://github.com/WordPress/gutenberg/issues/created_by/karlgroves WPCampus accessibility report issues on the Gutenberg GitHub], see https://github.com/WordPress/gutenberg/issues/15309 as part of the reported issue applies to the Media Views in core. Related: #41467 == Problem A common misconception is that the image alt text should always be a ""description of the image"". In most of the cases, this is misleading. Actually, the image alt text needs to describe the purpose of the image in its specific context. For more details, see the W3C Alt Text Decision Tree tutorial (https://www.w3.org/WAI/tutorials/images/decision-tree/). WordPress stores a ""default"" alt text in the media object. While storing a default value may help users when they build their content, it also promotes a misunderstanding of the purpose of the alt text. In the accessibility team, we think this is more an user interface problem rather than a data model problem. The user interface should ensure users clearly understand that alt attributes are context sensitive and that the ""default"" alt value needs to be changed (or even removed) based on the specific usage. == Data model problem: The alt text is not constant: it needs to describe the image purpose on a case by case basis. == User interface problem: The alt text from the media library is automatically assigned as the alt text within the post: this is not always correct. Actually, in most of the cases it produces wrong alt text. == Improvements to evaluate Credits: Some of the following points come from @carlseibert and @joedolson comments on #41467, and from the Gutenberg GitHub issue. 1. allow saving multiple alt attributes for a given media object: a default attribute and a set of alternates users can select from 2. have something in the editor UI that would let users know whether the alt text was filled, and what it says 3. modifications on the Media views side to differentiate between the alt text describing the image and the alt text for a specific usage, which might override the normal alt text without changing it 4. all linked images must have alternative text if the image is the sole content of the link, and the action should be blocked if this is not true 5. any guidance given should inform users that the text provided needs to inform the user of the link action 6. include a warning about linking directly to the image file: linking directly to images is inadvisable, because the resulting image view in the browser does not include alternate text 7. when the image is linked to the image file itself, the alt text can remain the normal alternative text for that image, with an appended indicator that the link is to view the image 8. worth considering plugins that add ""lightbox"" modals, sliders and the like often use the alt text value to add contextual text within their UI 9. images used to link to other resources should offer a field to add dedicated link text separate from the image's own description; in this case the alt text should be empty. Example markup (simplified):" afercia Future Releases 36285 Inconsistency between the filters that can be used to override the default shortcode output for images/videos/audio Media normal normal Future Release defect (bug) new 2016-03-21T18:15:59Z 2017-07-27T16:13:03Z "Currently, in order to override the default output of the {{{caption}}}, {{{video}}} and {{{audio}}} shortcodes, you have to use the following respectively: {{{ apply_filters( 'img_caption_shortcode', '', $attr, $content ); apply_filters( 'wp_audio_shortcode_override', '', $attr, $content, $instance ); apply_filters( 'wp_video_shortcode_override', '', $attr, $content, $instance ); }}} Imho, there should be some consistency between these regarding the following: * hook name. * arguments passed to the filtering function. Also, it would be very useful if the attachment ID was also passed to the filtering function. Right now, the attachment ID of images can be obtained from {{{$attr['id']}}}, which gives {{{attachment_IDNUMBER}}}, while the ID of video and audio attachments can only be obtained by using the media file URL found in the {{{$attr}}} array and directly querying the database in order to get the post ID based on the {{{guid}}} field. " gnotaras Future Releases 39358 Media search speed has been dramatically reduced joemcgill Media 4.7 normal normal Future Release defect (bug) reopened 2016-12-21T08:07:18Z 2023-10-18T16:48:40Z "In the ajax-actions.php file there is function called wp_ajax_query_attachments. This function is responsible for searching images in the media library. We see that in Wordpress 4.7, someone added a new filter to this function: {{{ // Filter query clauses to include filenames. if ( isset( $query['s'] ) ) { add_filter( 'posts_clauses', '_filter_query_attachment_filenames' ); } }}} This filter is a performance killer and takes forever to output a result in large databases. We have tested this with db that has over 500000 posts." merts Future Releases 53663 Media: fix and improve WebP features detection Media normal normal Future Release defect (bug) new 2021-07-14T23:17:35Z 2022-12-01T00:25:44Z "Follow up from #53653. Looking at https://developers.google.com/speed/webp/docs/riff_container, the ""extended"" WebP file format `VP8X` may include a lossy or lossless ""bitstream"" chunk (`VP8 ` or `VP8L`) and few optional chunks: `ALPH`, `EXIF`, `ICCP`, `ANIM`, etc. Ideally the `wp_get_webp_info()` function should be extended to detect these features. " azaozz Future Releases 17255 More statuses (like draft and/or private) for media files Media 3.1 normal normal Future Release defect (bug) new 2011-04-27T11:48:11Z 2023-10-25T15:39:32Z "It's weird that media files don't carry any concept of pub status. If someone wants to upload files (either attached to a post or directly into the library), they should be able to keep them hidden via 'draft' status just like any other content. The fact that people can link to things that haven't been explicitly published is bizarre. Media files should have a pub status. If uploaded as post attachment, should inherit publish on post publish. Would then need a workflow for if a post becomes unpublished containing media, as it then lives in library for use by other content, so would need to ask if user wants to unpub media files as well. This would be a big shift, so would make most sense as part of a media redux with a long notice period for plugin and theme authors. " jane Future Releases 38479 Need to check utf8_encode() is available before use. Media 4.4 normal normal Future Release defect (bug) new 2016-10-25T04:38:14Z 2017-08-10T18:05:17Z "The DOM/XML extension isn't necessarily installed on some distros so use of `utf8_encode()` should be checked for availability first. It's not checked in `wp_read_image_metadata()` in ""wp-admin/includes/image.php"" (where I encountered its lack on a Ubuntu 16.04 PHP 7 server), introduced in [36429] and [36430], nor in `wxr_cdata()` in ""wp-admin/includes/export.php"", introduced in the distant past. (Also it does ISO-8859-1 not Windows-1252 so more than likely not that good in the image situation anyway.)" gitlost Future Releases 40127 On mobile media deleting message formatting issues Media normal normal Future Release defect (bug) new 2017-03-12T12:42:20Z 2023-09-05T15:21:34Z "Formatting leads to widow in delete media image on mobile. Seen tested on iPhone 7 plus. [[Image(https://cldup.com/91KH54-k3y.PNG, 50%)]]" karmatosed Future Releases 48710 PDF uploads are treated like images: empty alt attribute and PHP notices joedolson* Media normal normal 6.6 defect (bug) accepted dev-feedback 2019-11-18T20:42:21Z 2024-02-25T20:11:41Z "uploading a .pdf image in posts reads the following; ""this image has an empty alt attribute: its file name is.... .pdf"" I am a regular user since 1.5 versions of WP and this is my first bug, or error report. I tried downgrading, but it kept coming back error." worddean Future Releases 40299 Removing width attribute on an image with a caption removes entire caption Media 4.7.3 normal normal Future Release defect (bug) new 2017-03-29T13:59:21Z 2018-12-27T21:56:20Z "If you insert an image with a caption into the visual editor, it will create code like: {{{ [caption id=""attachment_12345"" align=""alignnone"" width=""150""] My caption[/caption] }}} If you switch from the visual editor to the text editor and remove the `width` attribute '''of the image''' to get: {{{ [caption id=""attachment_12345"" align=""alignnone"" width=""150""] My caption[/caption] }}} And then either update the post, or switch back to the visual editor, the caption is stripped and only the image remains: {{{ }}} Removing the `height` attribute doesn't appear to cause the same behavior. I don't believe that removing the width attribute on the image should result in both the caption being stripped and the `[caption]` shortcode being removed. I'm not sure but this might be related to [27426] and #23103." catchmyfame Future Releases 53669 Respect the quality settings in `wp_editor_set_quality` for lossless WebP adamsilverstein Media 5.8 normal normal Future Release defect (bug) assigned 2021-07-15T14:56:26Z 2022-12-01T00:23:58Z "In Imagick, WordPress now supports saving lossless WebP images when the source is a lossless WebP image. 🎉 This happens [https://github.com/WordPress/wordpress-develop/blob/f17f4f5f7e474e2c0bb77ace02aaf44fccd8362c/src/wp-includes/class-wp-image-editor-imagick.php#L208 inside the Imagick editor in `set_quality`]. The filter, `wp_editor_set_quality`, applies before this is run, in [https://github.com/WordPress/wordpress-develop/blob/f17f4f5f7e474e2c0bb77ace02aaf44fccd8362c/src/wp-includes/class-wp-image-editor.php#L241 the parent class]. This means that if a WebP is detected as Lossless, it isn't possible to override lossless thumbnailing with `wp_editor_set_quality`. WordPress should respect the `wp_editor_set_quality` filter's override, [https://developer.wordpress.org/reference/hooks/wp_editor_set_quality/ unless `set_quality()` is run manually]." kirasong Future Releases 25103 Submit buttons on form fields in the Add Media panel joedolson* Media 3.5 normal normal Future Release defect (bug) accepted 2013-08-20T21:23:11Z 2021-05-21T15:57:23Z "Splitting this out from #23561 There is no Go or Search button available to trigger the action for the search and filter input fields in the Add Media screen - both of which change the content of the panel below. For accessibility reasons the user should be in control of triggering the filtering." johnbillion Future Releases 47144 Text inadvertently rendered by assistive technologies joedolson* Media normal normal Future Release defect (bug) accepted 2019-05-06T14:58:01Z 2022-10-28T15:49:23Z "Moved from the WPCampus accessibility report issues on GitHub, see https://github.com/WordPress/gutenberg/issues/15296 * **Severity**: * Medium * **Affected Populations**: * Blind * Low-Vision * Cognitively Impaired * **Platform(s):** * Windows - Screen Reader * Mac - VoiceOver * Android - TalkBack * iOS - VoiceOver * **Components affected**: * Block Panel * Document Panel * Media Dialog **Issue description** Users of assistive technologies such as screen readers who navigate to the bottom of the Settings panels will find a button which they cannot activate (nor see if sighted) called ""Select files"". Additionally, if users change the color modes in the popup custom color picker, the current mode is announced in a live region. However, long after users are done with choosing a color, even after choosing to edit another block on the page, when they reach the bottom of the Block panel they'll still hear ""hex color mode active"". At this point, users may not remember what this was for and have no idea what this is referencing, as it no longer has any context. **Issue Code** {{{
    Hex color mode active
    }}} **Remediation Guidance** When users have performed an action, such as clicking another block (or whatever action causes ""No block selected"" to appear in the Block panel), clear the live region so that users who encounter it while manually reading do not hear it. Refill the live region when users change color modes. The hidden file selection button should be hidden from all users with display: none whenever it is not visible nor meant to be used. **Recommended Code** {{{
    }}} **Note**: This issue may be a duplicate with other existing accessibility-related bugs in this project. This issue comes from the Gutenberg accessibility audit, performed by Tenon and funded by WP Campus. This issue is GUT-41 in Tenon's report ''**Note**: The a11y-speak live regions are used in core as well. In several places. Thus, clearing the live regions shouldn't depend on a specific user action or scenario. It would require a more generic solution, preferably avoiding setTimeout() which seems to me a very fragile solution by its own nature.''" anevins Future Releases 53941 When converting images after uploading the original image may not be converted Media 5.8 normal normal Future Release defect (bug) new 2021-08-17T03:12:58Z 2021-11-16T18:57:42Z "This is less noticeable when the original image is larger than the ""big image threshold"" (and not a PNG) as the scaled image is converted. To reproduce: - Set image conversion, for example GIF to JPEG. - Upload image.gif that is smaller than 2560x2560px. - Note that image.gif is listed in the Gallery and present in the uploads directory but it's sub-sizes have been converted to JPEGs like image-150x150.jpg, etc. Expected behavior: the original image should be converted." azaozz Future Releases 59641 manually setting fetchpriority on image should prevent core from adding fetchpriority attribute Media 6.3 normal normal 6.6 defect (bug) new 2023-10-16T20:44:56Z 2024-02-17T13:44:33Z "When working on testing the automated fetchpriorty attribute core now adds for images, I discovered this bug: If users manually set fetchpriority=""high"" on an image either programmatically or using a plugin, core will not change that setting, however it unexpectedly sets fetchpriority=""high"" on another image. === Steps to reproduce 1. install this plugin to add a manual fetchpriority dropdown: https://github.com/adamsilverstein/wp-fetchpriority-control 2. create a post with several large images 3. select the first image and apply fetchpriority=""high"" (under advanced) 3. publish the post and view its source **Expected results:** Only the first image should have the `fetchpriority=""high""` attribute, setting high fetchpriority on more than one image reduces the effect of adding the attribute. **Actual result:** Core applies `fetchpriority=""high""` to the second image so the first two images contain the attribute. " adamsilverstein Future Releases 46209 mediaelement CSS loading at bottom of body Media 4.9 normal normal Future Release defect (bug) new 2019-02-07T21:55:20Z 2023-01-31T13:55:35Z "The question was asked in #42751 why we are loading mediaelement css in the body. It was agreed in the recent Media meeting that this is better fit for it's own ticket for discussion. ---- Mentioned by @themezly : While we are at it, why are we loading mediaelement CSS files at the bottom of body http://prntscr.com/hh0808 ? CSS files should always be in head. " antpb Future Releases 58611 wp_get_missing_image_subsizes can return incorrect subsizes for a rotated image antpb Media 6.2.2 normal normal Future Release defect (bug) assigned 2023-06-23T12:33:44Z 2024-02-05T20:27:49Z "During the upload of a rotated image to the Media Library, the `wp_get_missing_image_subsizes()` function often returns missing subsizes for the non-rotated original image that will never be generated for the rotated image. This means for example, if a plugin is filtering `wp_update_attachment_metadata` and waiting for all thumbnails to have been generated before performing some action, it may be told that there are missing thumbnails for a rotated image, that will not be generated. Therefore it will not be able to perform that action as not all the thumbnails are deemed to be available." ianmjones Future Releases 43413 wp_prepare_attachment_for_js missing image size medium_large Media 4.9.4 normal normal Future Release defect (bug) new 2018-02-25T18:54:29Z 2019-04-15T18:12:50Z "I have a function that creates a media size in case the size is called but is missing in meta. https://gist.github.com/danyj/2edb3d83bae4c363bf839f0dd5f1343f usage {{{ thz_create_missing_attachment_size(13031,'medium_large'); }}} every missing file size is recreated and exists in by wp_prepare_attachment_for_js size key except the media_large because it is missing here. https://github.com/WordPress/WordPress/blob/dfa68397063daf90a8758896693f137f9b981856/wp-includes/media.php#L3297-L3304 Basically if meta has been updated the wp_prepare_attachment_for_js is not checking for sizes but manually goes by that array . Not sure if the missing size key is left out on purpose but when you compare the wp_prepare_attachment_for_js to wp_get_attachment_metadata the data is not same " Themezly Future Releases 58240 wp_read_image_metadata() doesn't handle Exif array values joedolson* Media normal normal Future Release defect (bug) accepted 2023-05-03T06:02:01Z 2024-02-05T20:25:50Z "Some images appear to have multiple values for some headers, which causes `wp_read_image_metadata()` to return `'Array'` for some fields. A real-life example are these images: - https://wordpress.org/photos/photo/3056444e62/ - https://wordpress.org/photos/photo/7716444e53/ - https://wordpress.org/photos/photo/5376444e57/ Looking at the return value from `exif_read_data()` for one of these, you'll see arrays below. However `wp_read_image_metadata()` includes lines like `(string) $exif['FocalLength'];`. It looks like `iPhone 13 mini` might be common between the above examples {{{ [...] 'SectionsFound' => string(19) ""ANY_TAG, IFD0, EXIF"" 'COMPUTED' => array(6) { [...] 'ApertureFNumber' => string(5) ""f/1.6"" } [...] 'Make' => string(5) ""Apple"" 'Model' => string(48) ""iPhone 13 mini back dual wide camera 5.1mm f/1.6"" 'Exif_IFD_Pointer' => int(106) 'ApertureValue' => array(2) { [0] => string(9) ""1356/1000"" [1] => string(9) ""8803/1000"" } [...] 'FocalLength' => array(2) { [0] => string(9) ""5100/1000"" [1] => string(10) ""10884/1000"" } 'ShutterSpeedValue' => array(2) { [0] => string(10) ""10884/1000"" [1] => string(19) ""1124129791/84149760"" } }}} As a result on the above Photo pages you'll see something like this: {{{ Focal Length: Arraymm Shutter Speed: 1/0 }}} This could be related to the image processing application being used, or the sections found in the image. I'd be tempted to just select the first array key in those cases." dd32 Future Releases 42487 Avoid redundant crops for all Customizer media controls. Media normal normal Future Release enhancement new needs-unit-tests 2017-11-09T17:09:17Z 2019-02-07T21:45:56Z "In WordPress 4.9, we made use of context metadata to keep from producing redundant crops in the media library for custom headers (see #21819). We should extend this behavior to all other media controls in the Customizer (e.g., custom logos, site icon, etc.). There are a few parts to the implementation to keep in mind: 1. We should only create one cropped attachment per context for a given site/theme option. So for instance, if a custom logo has already been cropped from an attachment for the theme being customized, we should replace that attachment instead of creating a new one. However, we ''should'' create a new attachment if the crop was created for a different theme (this may not apply to site-level settings). 2. The context of an attachment should be included in the JSON model returned by `wp_prepare_attachment_for_js()` and used to filter contextual crops out of the main media attachment library. However, it would be great if those were ''not'' filtered when you've opened the media library from the context which those attachments are created/selected." joemcgill Future Releases 57003 Compress original image upload to avoid uncompressed images Media normal normal Future Release enhancement new needs-unit-tests 2022-11-04T20:01:53Z 2023-03-15T15:12:46Z "When an image is uploaded to WordPress today, WordPress will generate the sub-sized versions using compression with the default quality (e.g. 82 for JPEG). The point of this is to offer smaller versions to achieve better performance with different viewport sizes. The compression here is a significant part of it, as we would not want those smaller sized images to be badly compressed and thus overly large in file size. A problem (and I would argue oversight) in that approach is that the originally uploaded image is still used as is in many cases, even in the frontend. #47873 introduced the feature to compress ""big"" images in a smaller version, which makes sense, however that is only part of the potential problem here: It can also happen that the original image upload is simply an overly large file, even if the dimensions of the image are smaller than what makes it qualify for a ""big"" image. This ticket proposes the following: * Always generate a new image from the originally uploaded image, even when it is not a ""big"" image (potential exception could be PNGs as currently the case, see #48736). * Once the image has been generated, compare the file size of the new image with the original image: * If the new image is smaller, use that one going forward, backing up the original image in the same way it already happens as part of the ""big"" image feature. * If the new image is larger (i.e. the original was already well compressed), delete the new image again and simply keep the original as is. Given that we already generate an additional image file for ""big"" image uploads, this enhancement would not introduce any concerning overhead. It also does not make any assumptions on the original image quality, it simply compares the results to make a decision which image to keep. In any case, the original image will be kept so it would not be a destructive action either." flixos90 Future Releases 48485 Custom image size not generated if identical to original size joedolson* Media 5.2.4 normal minor Future Release enhancement accepted 2019-11-03T09:31:22Z 2024-01-29T20:19:18Z "When defining a custom image size using `add_image_size` and uploading an image that has exactly the same dimensions of that image size, the new image size is not added. This also means that -- when adding the newly defined image size -- to the Insert Media screen using the `image_size_names_choose`-filter, the custom image size does not appear in the dropdown menu. Even though I can understand why this happens from a server load / storage point of view, I feel the unexpected behaviour (to end users) is a bigger problem. An even prettier fix would be to detect the custom image size is identical to the original size and map the custom image size URL to the original file URL (e.g. through a symbolic link). {{{#!php __( 'Project-foto' ), ) ); } add_filter( 'image_size_names_choose', 'custom_media_sizes' ); }}} " brampeerlings Future Releases 43227 Media uploaded to post should remove underscores and hyphens from text inserted into title attribute Media normal normal Future Release enhancement new 2018-02-05T11:04:43Z 2023-02-02T16:29:19Z "When adding a new image into a post my file name will typically be called something like: descriptive-name-of-image.jpg Once this image is uploaded wp will automatically set the title and will default to the name of the image ""descriptive-name-of-image"" if no title meta data is available in the image. I think a better default action would be to replace the hyphens/underscores with spaces and possibly capitalising the first letter making the title ""Descriptive name of image""." mrmadhat Future Releases 30876 Paste an image into the Media Library Media normal normal Future Release enhancement new 2015-01-01T00:12:16Z 2018-03-30T22:44:19Z Github has some nice UX where you can paste an image into a comment. It would be nice if the Media Library supported something similar. danielbachhuber Future Releases 49490 Proposal: New wrapper function and hook for creating attachments Media normal normal Future Release enhancement new dev-feedback 2020-02-21T22:44:38Z 2020-10-07T05:28:16Z "Everywhere you look for the code related to inserting a new attachment you find 3 steps are needed: 1. wp_insert_attachment 2. wp_generate_attachment_metadata 3. wp_update_attachment_metadata I see no reason not to have a wrapper function instead of having these 3 functions being repeated all over core files + 3rd party themes and plugins. Plus, as people commit changes in core mistakes are occurring [ticket:49449]. The most important reason to create this new wrapper function is to improve interoperability by adding a real hook to know when an attachment has been totally processed by core. This is needed by many plugins that work with images or caching. Right now the hook most used to know of a new attachment is `add_attachment` found in `wp_insert_post()`, but this is run before step 2 and 3, therefore attachment metadata has not been created yet. Developers are having to create a custom wrapper function to add this hook (my company included) in their projects and that means attachments inserted via WP Dashboard wont be taken into action. `media_handle_upload()` is a good example of the wrapper function I am talking about, but sadly it goes out of scope by assuming the file will be located in `$_FILES` variable instead of receiving the file by a parameter, therefore is not friendly or future proof. When that function was created I guess it wasn't taken into consideration that files can be uploaded to the server in many ways. Plus is lacking the appropriate hooks too. Even the `WP_REST_Attachments_Controller` had to create custom methods to fulfill a scenario where attachment data is being sent in the body of the request. A fast search in core for `wp_insert_attachment` will illustrate how this function is followed by `wp_generate_attachment_metadata()` and `wp_update_attachment_metadata()` in most cases: * `media_handle_sideload()` * `media_handle_upload()` * `wp_ajax_crop_image()` * `Custom_Background::handle_upload()` * `WP_Site_Icon::insert_attachment()` * `wp_xmlrpc_server::mw_newMediaObject()` * `WP_REST_Attachments_Controller` I wont even mention third party implementations I’ve found. A quick boilerplate... {{{#!php Media -OR- in the customizer for site-specific control without coding. See also: #40415" galbaras Future Releases 49830 Store rotation data for uploaded videos Media normal normal Future Release enhancement new 2020-04-06T17:44:17Z 2022-03-10T15:57:25Z If the video format supports and the data is found in the exif data, store the rotation angle in video metadata. spacedmonkey Future Releases 46554 Uploaded images goes to wrong folder/date structure antpb Media 5.1 normal normal 6.6 enhancement assigned 2019-03-18T11:24:37Z 2024-02-12T09:21:41Z "Hello Team All test are from fresh install, default theme, no settings change, no plugin… ""Organize my uploads into month- and year-based folders” option checked. Images upload date: 17/03/2019 Single “Test Page” published date: 27/11/2018 In WordPress 4.7 – 4.7.13 – 4.8 – 4.8.9: images uploaded from Media Library goes to …/2019/03 folder… RIGHT images uploaded from single “Test Page” goes to …/2018/11 folder… RIGHT In WordPress 4.9 – 4.9.10 – 5.0.4 – 5.1.1: images uploaded from Media Library goes to …/2019/03 folder… RIGHT images uploaded from single “Test Page” goes to …/2019/03 folder… WRONG!!! From 4.9 version has anything changed in the way WordPress handles image uploads? If YES, how to go back to the old way (thus images uploaded from single “Test Page” goes to “published date” folder… and not to “upload date” folder)? Thanks!" kartiks16 Future Releases 38560 Add support for uploading arrayed $_FILES Media normal normal Future Release feature request new needs-unit-tests 2016-10-29T13:11:24Z 2017-08-10T17:33:05Z "When you have form code that references [several file uploads](http://php.net/manual/en/features.file-upload.multiple.php) as array, the media_handle_upload() function fails to handle this. For example this: {{{ }}} Will result in a $_FILES array that's creates subarrays shaped like so: {{{ $_FILES['userfile']['name'][0] $_FILES['userfile']['name'][1] $_FILES['userfile']['tmp_name'][0] $_FILES['userfile']['tmp_name'][1] $_FILES['userfile']['size'][0] $_FILES['userfile']['size'][1] $_FILES['userfile']['type'][0] $_FILES['userfile']['type'][1] }}} This will fail when passed to media_handle_upload, since [https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-admin/includes/media.php#L281 the implementation does not handle this array structure] nor is this documented." kontur Future Releases 48488 Easier disabling of PDF thumbnail creation Media 4.7 normal normal Future Release feature request new dev-feedback 2019-11-03T20:14:48Z 2019-12-03T16:49:09Z "Since #31050 wordpress automatically creates thumbnails for uploaded PDF Files by creating a second attachment post object with the extracted image. While this may be useful for many use cases, in some like ours it is not. Furthermore, it is possible to turn of thumbnail creation for audio and video by using the following simple code ( {{{#!php archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1' ) { status_header( 404 ); die( '404 — File not found.' ); } }}} You see that ms-files.php checks, if the blog is archived (or spam or deleted) and than throws out a 404. Shouldn't this include a check for network admin users to see the files? Or, if that's not desirable, couldn't we make this check accessible for filters? Thanks for the good work! Christian " antwortzeit Future Releases 30687 Ajax media attachment save has no error handling Media 4.0.1 normal normal enhancement new 2014-12-12T10:23:24Z 2019-06-04T20:10:06Z "When using the ajax media system on adding media in posts. It is not possible to show errors to the users. In the file ajax-actions.php (located wp-admin/includes/) in the function wp_ajax_save_attachment_compat() the feedback of errors is trown away. If this code is further developed with visual feedback, the user understand why data is not saved or imported. Code: (wp 4.0.1 line 2294) {{{ if ( isset( $post['errors'] ) ) { $errors = $post['errors']; // @todo return me and display me! unset( $post['errors'] ); } }}} " Krielkip Future Releases 32849 Allow option of Grid AND List View of the gallery when inserting media into post Media normal normal enhancement new 2015-07-01T00:24:57Z 2023-10-18T16:27:12Z "I’ve looked around quite extensively for this, but can it appears this feature simply doesn't exist in WP currently. Basically, when you’re on a post and want to either “insert media” or select “featured image”, you cannot view the gallery list on a post using the “list view”. Rather the only option appears to be the default “grid view”. The ""list view"" interface is already available in Gallery, is there any reason why this isn't available in the post editor as well? I've seen a number of requests for this online, especially when there are installations that have a large number of images that are similar (and thus you need to easily see the meta information to differentiate)." ashkas Future Releases 21714 Enable Intermediate choice in UI if Full Size Image is exact match to Intermediate Image Media 3.4.1 normal normal enhancement new 2012-08-28T15:56:09Z 2020-01-15T01:49:54Z " This is simply a minor usability enhancement for Media Gallery. If an image is uploaded that is exactly the same size as an intermediate image (300x300 = Medium for example) it is not a choice when inserting that image into a post. It would be nice if it was a choice pointing to the full/original image since full is the same size as the intermediate. It seems to be caused in the image_downsize function in /wp-includes/media.php because image_get_intermediate_size returns false. I believe image_downsize can be updated as such to provide this enhancement: Line 162 (if statement) Currently: {{{ if ( !$width && !$height && isset($meta['width'], $meta['height']) ) { // any other type: use the real image $width = $meta['width']; $height = $meta['height']; } }}} could be updated to read the intermediate width and height and set intermediate to true if it is an exact match to the original image: {{{ if ( !$width && !$height && isset($meta['width'], $meta['height']) ) { // any other type: use the real image $width = $meta['width']; $height = $meta['height']; // add check for real image being exact match to intermediate image to enable intermediate choice in UI if (isset($_wp_additional_image_sizes[$size])) { $goal_width = intval($_wp_additional_image_sizes[$size]['width']); $goal_height = intval($_wp_additional_image_sizes[$size]['height']); } else { $goal_width = get_option($size.'_size_w'); $goal_height = get_option($size.'_size_h'); } if ($width == $goal_width && $height == $goal_height) $is_intermediate = true; } }}} Thanks for considering, and hope I put this in the right place, Andrew " andrewteg Future Releases 21810 Improve intermediate image size handling Media 3.5 normal normal enhancement new 2012-09-05T20:28:14Z 2019-06-04T20:03:44Z "When discussing the new media workflows on #21390, the need to improve our image size API became apparent. A quick overview of the improvements that should be made: * All image attachments have an original, or ""golden master"", which is never altered. * An image size creates a new image and stores all transformations applied to the image as metadata. Transformations are described relative to the golden master. An image size has a unique slug (which means a set of dimensions does *not* have to be unique). * Image attachments have a ""master"" image size, which is used to create any automatically generated image sizes. * Automatically generated image sizes can be overridden with manual transformations. Would love for someone to step up on this ticket, as the media modal editing UI will benefit greatly from these improvements." koopersmith Future Releases 22894 Need WordPress Media Uploader Stop or Cancel Button in WP Version 3.5 Media 3.5 normal normal enhancement reopened 2012-12-12T17:34:01Z 2023-10-18T16:05:38Z "Today I was testing the new media uploader of WP 3.5 from post editor by clicking 'Add Media'. I clicked 'upload files' and I choose a big file from my computer by a mistake. But I did not want to upload that file. Then I wanted to cancel the uploading, but there is no stop or cancel button . Then I close the popup window and open again by clicking 'Add Media' button. I see the previous file is being uploaded yet. I choose another small file and both files upload are running. [[Image(http://onetarek.com/wp-content/uploads/2012/12/stop-media-uploader.jpg)]]" onetarek Future Releases 11877 Resized Images lose their EXIF data Media 3.0 normal normal enhancement reopened 2010-01-12T10:47:55Z 2019-06-04T20:01:51Z The thumbnail, and medium re-sized images do not keep EXIF data of the original image. thee17 Future Releases 31283 Setting poster image for videos inside a video playlist is not very intuitive Media 4.2 normal normal enhancement new 2015-02-10T15:43:13Z 2019-06-04T20:11:16Z "This is somehow a follow-up to #27891. When you create a video playlist, it's very hard to understand how to change the poster images of the videos. Here is the workflow : 1. Upload some videos 1. Create a new article and insert one single video 1. Edit the inserted video to open the media modal again, and select a poster image for your video 1. Nice ! 1. Create another article and insert a video playlist 1. When you choose video, the one that was inserted in the previous article is shown with the poster image instead of the default video icon : very nice ! 1. For other videos, there is no way to select a poster image, neither during initial playlist creation, nor after having inserted the playlist :-( 1. To select a poster image, you have to go back to the main Media menu, find the right video and edit its details, and then set the featured image (that you guessed it was the same as the poster image) I see at least three ways to improve that workflow. 1. In the ""Edit video playlist"" modal, add a ""Select poster image"" menu, similar to the one that exists in the ""Video details"" modal for the video shortcode. 1. When browsing videos in the media modal, add a link to set the poster image, in the same manner that the ""Edit image"" link works for images 1. When browsing videos in the main Medias menu, add a link to set the poster image, in the same manner that the ""Edit image"" link works for images 1. Bonus : change ""Featured Image"" title to ""Poster image"" in the video attachment post edition page 1. Big Bonus : when browsing videos in the main Medias menu, add a button ""take a screenshot and set as poster"" when a video is shown. This will load the video into a canvas, generate an image from this canvas, send the image to the server and set it as poster ! " Fab1en Future Releases 31419 Vimeo and YouTube video cannot be inserted into a playlist Media normal normal enhancement new dev-feedback 2015-02-23T09:22:58Z 2019-06-04T20:11:41Z "Now that the video playlist feature is working well in core, it could be great to think about supporting Vimeo and YouTube videos inside playlist. For the record, YouTube videos can be played with the MediaElementJS player with this shortcode : {{{ [video src=""http://youtu.be/_YbVJoMYwJ0""] }}} I would like to introduce the possibility to play this video inside a playlist: {{{ [playlist type=""video"" srcs=""http://youtu.be/_YbVJoMYwJ0,http://youtu.be/Fn1iMmSvvhQ""] }}} Now, there are some challenges : 1. Playlist are managed by selecting attachment form the Media library, along with their meta data (title, poster, ...). How to provide meta data for external videos ? 2. MediaElementJS does not build the player in the same way when a YouTube video is embeded, so switching between videos does not rely on the same API, and switching between YouTube and mp4 videos is not possible The first concern could be addressed by registering an attachment post in the database that links to a YouTube URL instead of a video located in the uploads folder." Fab1en Future Releases 23424 WP_Image class for handling images from the media library Media 3.5 normal normal enhancement new dev-feedback 2013-02-08T15:41:24Z 2019-06-04T20:04:57Z "Since 3.5 we have the class WP_Image_Editor. This needs a file path to be able to manipulate an image. Currently you would have to use something like wp_get_image_editor( _load_image_to_edit_path( $post_id ) ). What is wrong since you are using a ""private"" function. Currently I'm working on this idea and you can find the code here https://github.com/markoheijnen/WP_Image/blob/master/wp-image.php. What it does now is getting the filepath, be able to get the image editor, add an image size on the fly and getting/updating the metadata. We really miss something like a WP_Image class in WordPress. However I'm not sure what kind of functionality is needed for it. I like the current class mainly because it gives you the power to create an image size for a specific media image and stores it in the sizes array. When a user removes the media image then also the custom sizes will be removed." markoheijnen Future Releases 10390 attachments should store the WP uploads path that was configured when they were uploaded Media 2.8.1 normal normal enhancement reopened dev-feedback 2009-07-12T10:34:51Z 2019-06-04T20:01:48Z "When you upload an image, currently, the uploads path (defaults to wp-content/uploads) is not stored. If you change this later on to something else, previously inserted galleries no longer work, among multitudes of other problems." Denis-de-Bernardy Future Releases 22937 Bulk Actions > Edit could allow batch-assignment of taxonomies to Media following the WP 3.5 media changes Media normal normal feature request new 2012-12-14T13:59:37Z 2023-10-18T15:53:15Z "[First and foremost the media improvements in WP 3.5 are wonderful, thanks to all involved.] Now that you can assign taxonomies to media easily, it would be extremely useful if you could also use Bulk Actions > Edit (as you can with posts / pages / custom post) to assign them to multiple images more quickly. Real world case: we added a taxonomy to media yesterday for a client, so they could categorise their ~500 images into sitewide categories, and they immediately replied to ask if there was a way of doing it in batches..." yeswework Future Releases 29368 Pasted media do not appear in the library Media 3.9.2 normal normal feature request new 2014-08-25T17:49:15Z 2019-06-04T20:08:45Z "So I don't know if this is a bug or a feature request, but when I paste an image into a post, i would assume that it goes into the media library (where else would it live?). But when I go to then chose that image as my featured image, surprise, surprise - it's not in the library. " Matt McLaughlin Future Releases 32658 Post media attachments should show assigned media by default Media 4.3 normal normal feature request new 2015-06-16T08:56:15Z 2019-06-04T20:14:23Z "When adding the attachments to post, the popup always starts with All media files as default, so that if i want to see attached media, i need to click the select, click the Assigned to post option and wait few secs. I really hate this behaviour, i would like to see assigned media first (if there are some allready asigned). The problem is, that it is not easy to change it, without hacking the core code - the only way is to add some javascript, that changes the value after page load, but theese solutions are not trivial and buggy (http://wordpress.stackexchange.com/questions/76125/change-the-default-view-of-media-library-in-3-5) Maybe other people want different default option (i have seen a post of someone, who wanted ""unassigned""), so I think the best would be, if the script would remember the last selected value, or if there would be some option, which to select by default or (and) if at least there would be some easy filter, which we could use to change the default " thomask Untriaged tickets (that need a patch) 22837 "WP Needs to Set ""Sender"" and ""Reply-To"" or DKIM/DMARC will not work using wp-mail (via PHPMailer)" Mail 3.4.2 high major Awaiting Review defect (bug) new close 2012-12-09T17:23:48Z 2023-11-28T19:33:30Z "I notice that for DKIM to function (while using DMARC) correctly for outgoing mail the PHPMailer object needs to make sure the Sender and Reply-To fields match the ""From"" field otherwise the ""Return-Path"" header uses the server it is sending from causing a mismatch. When this happens DKIM fails authentication on the receiver side because it is not added to outgoing mail. I tried adding the reply-to and sender header manually to wp_mail() but it did not work. One had to do the following: Right now i have to manually modify the /wp-includes/pluggable.php file in the wp_mail() function to include: {{{ if (strlen($phpmailer->Sender)==0) { $phpmailer->Sender = $phpmailer->From; $phpmailer->AddReplyTo($phpmailer->From); } }}} This resolves the problem and DKIM works again. " kellogg9 Untriaged tickets (that need a patch) 46333 wp_mail successfully working but not sending mails - WordPress 5.1 Mail 5.1 normal major Awaiting Review defect (bug) new needs-unit-tests 2019-02-23T19:00:10Z 2020-06-04T17:53:02Z The function wp_mail is used by many plugins and always giving a success message but never really sending mails out. JulesPryla Future Releases 53393 Latest version of PHPMailer no longer attaches files to emails Mail 5.7.2 normal normal Future Release defect (bug) new 2021-06-14T01:18:07Z 2021-11-01T17:35:53Z "I've been trying to track down why my s3 bucket files are no longer being attached to automated emails being sent out by WordPress (using the Gravity Forms Entry Automation plugin). I've been able to identify the latest version of PHPMailer being the reason why the attachments no longer get added. From the author: ---- ''This is due to a bug fix that also closed a major security hole. PHPMailer deliberately avoids being a client for HTTP or other protocols for file attachments because it is far too risky. The solution is to take on responsibility for fetching remote files yourself. Instead of :'' {{{ $mail->addAttachment('s3://file.txt', 'file.txt'); }}} ''Do this:'' {{{ $mail->addStringAttachment(file_get_contents('s3://file.txt'), 'file.txt'); }}} https://github.com/PHPMailer/PHPMailer/issues/2355#issuecomment-858373284 ---- I reached out to the Gravity Forms authors as well as the Entry Automation authors and they both have said their plugins just generate raw notification objects and then use wp_mail() to pass the generated mail object off to the rest of my server to actually handle the sending. Is there a way to get this working again without having to roll my WP version back? Or do y'all know how others are handling this issue? " threeatetwo Future Releases 23243 "wp_mail() not working with ""Name "" format in buggy PHP versions on Windows" Mail 3.5 normal minor defect (bug) new 2013-01-20T15:59:30Z 2019-06-04T20:04:42Z "As a result of ticket #17305, wp_mail() accepts the $to parameter in the format ""Name "". There exists a PHP bug in versions below 5.2.11 and in 5.3, on Windows. This bug occurs when addresses are passed to the PHP mail() function in the ""Name "" format and prevents e-mails from being sent. I believe this bug in fixed in 5.3.1 and above. (see https://bugs.php.net/bug.php?id=28038) I don't believe this affects any core functionality, but may affect some plugins which pass $to in the above format. I tested in PHP 5.2.4 on Windows with the following code: {{{ wp_mail(""email@ext.com"", ""Test"", ""Test""); wp_mail(""Name "", ""Test 2"", ""Test 2""); }}} The first email is received; the second isn't. When removing error suppression from the mail() calls in class-phpmailer.php, the following warning is outputted: Warning: mail() [function.mail]: SMTP server response: 501 >: ""@"" or ""."" expected after ""Name"" in C:\xampplite\htdocs\wp-includes\class-phpmailer.php on line 771" bbosh Untriaged tickets (that need a patch) 44333 Password hint label needs to be re-worded and needs to have a minimum password length check Login and Registration normal major Awaiting Review defect (bug) new dev-feedback 2018-06-08T14:39:10Z 2018-06-08T21:28:06Z "When resetting password, the help text under password box says: {{{ Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! "" ? $ % ^ & ). }}} Although it says **should be at least twelve characters long**, I am able to use only one character! 1. The above help text needs to be re-worded with some like: {{{ Hint: The recommended length of the password should be at least twelve characters and must have at least X characters. To make it stronger, use upper and lower case letters, numbers, and symbols like ! "" ? $ % ^ & ). }}} `X` can be a number say 6, 8 etc. 2. I believe there needs to be a minimum length check." subrataemfluence Untriaged tickets (that need a patch) 60737 invalid_email or user_email ? Login and Registration trunk normal minor Awaiting Review enhancement new dev-feedback 2024-03-10T21:40:10Z 2024-03-10T21:40:10Z "Hey there, I'm talking about login error keys. Here are the 3 things we can find in the WP Core: {{{#!php add( 'invalid_email', __( 'Error: There is no account with that username or email address.' ) ); $errors->add( 'invalid_email', __( 'Error: The email address is not correct.' ) ); $errors->add( 'user_email', __( 'Error: The email address is not correct.' ), array('form-field' => 'email', ) ); }}} The 1st is an error message when you try to login using an email address that is not used as a user in this site, the key is ""invalid_email"" The 2nd is an error message when you try to register a new user with an email address that is not correctly formatted, the key is ""invalid_email"" The 3rd is an error message when you try to update your personal profile with an email address that is not correctly formatted, the key is ""user_email"" So we have 2 keys and 2 messages (like ""A1 A2 B2"", should be ""A1 B2 B2"") but the message 2 is sharing both, we should clearly decide is ""invalid_email"" is when the email does not exists in our site OR when the email is not correctly formatted. I suggest that the 2nd message should share the ""user_email"" and let the ""invalid_*"" for the login stuff, like we already have ""invalidcombo"" or ""invalid_username"" that shares the same kind of issue. thanks for your reading time" juliobox Untriaged tickets (that need a patch) 38750 Split wp_signups into wp_user_signups and wp_blog_signups Login and Registration 3.0 normal normal Awaiting Review feature request new needs-unit-tests 2016-11-10T19:07:00Z 2019-05-26T19:10:11Z "Right now, `wp_signups` (and the entire related API) does double-duty. It's 1 database table that's used for both users & blogs, but there are a few issues with this approach: * Open sign-ups may or may not include ability to create sites * There is no UI for managing sign-ups in WordPress core * Sign-ups are different between singlesite & multi-site * Plugins like BuddyPress do their best to include and/or work-around WordPress's core functionality, but end up writing a ton of additional code to manage this * Other membership plugins are forced to roll their own approach every single time * It's possible for multisite sign-up race conditions to exist, with users & sites created or activated from underneath each other (documented in `wpmu_activate_signup()`) I'm adding the multisite focus to this issue, because all of the current code is only relevant to multisite, but I'd like to see single-site inherit whatever future approach we can come up with. The core sign-ups code, stinks. Yet open registration is part of what makes WordPress & community/membership sites great. I think it would be great to take what we've learned from BuddyPress, WordPress.org, WordPress.com, and the bevy of Membership plugins, and make a great sign-up component/API for WordPress core." johnjamesjacoby Future Releases 60062 Add required attribute to username and password field in wp_login_form function. rcreators Login and Registration 3.0 normal normal 6.6 defect (bug) assigned 2023-12-13T16:56:11Z 2024-03-12T15:39:03Z "Add required attribute to username and password field in wp_login_form function. " alesflex Future Releases 31830 Hard coded wp-login.php url in string Login and Registration 3.0 normal normal Future Release defect (bug) reopened 2015-04-01T06:53:58Z 2023-09-18T20:38:16Z "Hi. I noticed that in [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/ms-functions.php?rev=32064#L1446 wp-includes/ms-functions.php] (`wpmu_welcome_notification`) the login url is hardcoded (wp-login.php) into the string. This will create a problem if a multisite developer has chosen to change the login page url (for security reasons). Thanks in advance Lena" lenasterg Future Releases 52721 No way to filter value of $credentials['remember'] in wp_signon Login and Registration 1.5.1 normal normal Future Release defect (bug) new 2021-03-05T11:44:54Z 2021-06-02T04:45:02Z "There are famous plugins out there using wp_signon and providing $credentials, so essentially $_POST values are completely ignored. Meanwhile, $credentials lacks of 'remember' value in these plugins, so for the wp_signon function means 'remember = false'. If you want to force that remember = 1, there's only the wp_authenticate filter available which: 1. is maybe deprecated? 2. does not pass the remember value So, basically, there is no way to filter the remember value, when the wp_signon function is not properly called by someone." mirkolofio Future Releases 55343 "Add Tooltip to ""Remember Me"" (WP Login Form)" rajinsharwar Login and Registration normal normal 6.6 enhancement assigned dev-feedback 2022-03-08T16:33:44Z 2024-02-12T14:59:54Z "Currently, WordPress' login form has a checkbox labeled ""Remember Me."" Over the years, there's been some debate over the verbiage used for ""Remember Me"" (say, versus ""Stay Logged In"" or ""Keep Me Logged In"") and what it really means. To eliminate any confusion, this is to request the [https://ibb.co/fkqN7Vz /addition of a tooltip] next to ""Remember Me"" in the form of a question (?) mark. Further, the tooltip can offer a security warning to all users. The content (text) for the tooltip could be: ""**Selecting Remember Me reduces the number of times you’ll be asked to log in using this device. To keep your account secure, use this option only on your personal devices.**"" Also, in anticipation that this enhancement request will be approved, I would like to recommend updating the [https://developer.wordpress.org/reference/functions/wp_login_form /affected codex page] for the login form to add a code snippet that will allow developers to change the content (text) of the tooltip to suit their needs. The above would be a nice addition or update to WordPress' login form. Thank you." generosus Future Releases 56224 Hardcoded wp-login.php vs login_url filter? Login and Registration normal normal Future Release enhancement new 2022-07-15T08:42:35Z 2023-09-18T20:51:29Z "The login_url filter allows changing allows changing the login URL. However there are a few places, where wp-login.php is hardcoded. Is the filter safe to use to modify the login url? Should (can?) those hardcoded wp-login.php in core be changed?" malthert Future Releases 25192 Leverage signup_id when working with $wpdb->signups Login and Registration normal normal enhancement new 2013-08-30T14:32:59Z 2019-06-04T20:06:00Z Followup to #15004 — we should leverage the new primary key where possible, when working with $wpdb->signups. nacin Untriaged tickets (that need a patch) 44863 Modify the WordPress importer to handle .zip as well as .xml files Import normal normal Awaiting Review feature request new 2018-08-29T15:15:16Z 2018-08-29T15:34:49Z "Wordpress.com exports sites in two ways, as a .zip file (full of XML files) or as a single XML file, depending on whether the export is done from Calypso or wp-admin. The importer is expecting a single XML file, and fails if the user tries to import the zip file. Suggestion: Modify the importer to accept the .zip file, unzip it into tmp, and then import each of the included XML files." sterndata Future Releases 56856 Blogger Importer: File class-feed.php is deprecated Import 4.7 normal normal WordPress.org defect (bug) new 2022-10-19T19:41:56Z 2023-11-28T22:56:10Z "The Blogger Importer plugin (tested v0.9) causes the following deprecation notice: PHP Deprecated: File class-feed.php is deprecated since version 4.7.0! Use fetch_feed() instead. in ../wp-includes/functions.php on line 5577 `class-feed.php` was deprecated in [39449]. " ironprogrammer Future Releases 56857 Blogger Importer: File class-wp-feed-cache.php is deprecated Import 5.6 normal normal WordPress.org defect (bug) new 2022-10-19T20:58:34Z 2022-10-19T20:58:34Z "The Blogger Importer plugin (tested v0.9) causes the following deprecation notice: PHP Deprecated: File class-wp-feed-cache.php is deprecated since version 5.6.0 with no alternative available. This file is only loaded for backward compatibility with SimplePie 1.2.x. Please consider switching to a recent SimplePie version. in ../wp-includes/functions.php on line 5587 `class-wp-feed-cache.php` was deprecated in [49565]. " ironprogrammer Future Releases 56858 Blogger Importer: Undefined (dynamic) properties Import normal normal WordPress.org defect (bug) new 2022-10-19T21:24:34Z 2022-10-21T01:29:57Z "Under PHP 7.4, the Blogger Importer plugin causes notices like the following: ''If new posts are imported:'' Undefined property: Blogger_Importer::$posts_done in ../blogger-importer/blogger-importer.php on line 408 == Background [https://github.com/WordPress/blogger-importer/commit/f1c9d6a7fe42fe4b88b475c9a92a96bd7cee8dba f1c9d6a7] introduced several dynamic properties to the `Blogger_Importer` class, such as counters for skipped and imported posts. In PHP 8.0 dynamic properties log as warnings, [https://php.watch/versions/8.2/dynamic-properties-deprecated in 8.2 as deprecations], and in 9.0 result in fatal errors. " ironprogrammer Future Releases 8578 Blogger import incorrectly reports saved user information Import normal normal WordPress.org defect (bug) new 2008-12-11T16:53:52Z 2019-03-15T00:30:30Z "I installed a fresh copy of WordPress 2.7 and was importing content from a Blogger site. Before beginning to import, the page claimed that Blogger account information was saved in the database and that I could restart the process. Even after pressing the ""Clear account information"" button, the message still appeared." covert215 Future Releases 16445 Fix incompatibilities with IDs greater than 2^31 Import 3.1 normal normal defect (bug) new 2011-02-03T01:03:24Z 2019-06-04T20:02:33Z "For various reasons, things go bad when you get a post ID greater than 2^31^. When we're importing content and there's an existing ID, I suggest we ignore it if possible if it's too big. Tumblr2WordPress for example maintains the Tumblr IDs and causes problems in WordPress." Viper007Bond Future Releases 21859 Import blog and media library is not working Import 3.4 normal normal defect (bug) new 2012-09-10T08:02:25Z 2019-06-04T20:03:47Z "Hi, I have problems (due to hosting php timeout) to import all my blog at once. I tried doing it by months, but it's also not working. Blog posts are imported, but nothing of the media library is imported. I can describe too what happens when trying to import everything at once. I've just 200 photos and every 90 secs the connection is reseted trying to import them. If you try to retry using browser, photos begin to duplicate, or triplicate, or more... After all this, then you finish, there is no attachments related to their post. I've tried importing by months, which would not spend more than 60 secs importing photos, but then the photos are not imported. Please, fix the import/export by months or by splitting files every 10 post (or configurable). I would suggest too to allow any mechanism to import photos first, doing it in groups of 20 (or by configuration) and later, after that, importing post and attaching files to each post. I set it as critical as moving a blog it's impossible without a huge amount of work. I could try to help debugging if needed. Version 3.4.1 is also affected. Thanks and regards" don_ousian Future Releases 19764 Invalid JSON in custom fields meta value after export Import 3.3 normal normal defect (bug) new 2012-01-06T17:13:07Z 2019-06-04T20:03:07Z "Hey there, I exported a working copy of my online WordPress site to a local copy and noticed that the code gets changed; The backslash is removed which causes the json format to be invalide. Original code in the custom fields meta {{{ {""videos"":{""0"":""""}} }}} Becomes in the local site after import {{{ {""videos"":{""0"":""""}} }}} " abdessamad idrissi Future Releases 18602 Media Library imported, but all items Unattached Import 3.2 normal normal defect (bug) new reporter-feedback 2011-09-06T10:10:18Z 2019-06-04T20:02:51Z "Export XML file from one site, import into another site. By checking ""Download and import file attachments"", files from wp-content/uploads are downloaded correctly to the new site, and added to Media Library. However all items in the Media Library are now ""Unattached"", and for example posts using [gallery] are broken on the new site. " awallin Future Releases 12286 bug and fix when importing from Movable Type Import normal normal defect (bug) new 2010-02-19T13:26:59Z 2019-06-04T20:01:57Z "I'm running WP Mu 2.9.1.1 and had a problem importing a Movable Type blog to WP and found a fix (sort of). Symptom: When importing a blog from Movable Type to a blog in WP, you are asked to assign (or map) WP authors to MT authors. But, it turns out that the first author on the list is assigned to all posts. The other authors selected are neglected. Therefore, all of the posts end up belonging to one author. Fix: I found the problem in wp-admin/import/mt.php. Specifically, ""$mtnames"" is not properly populated with authors from MT. So, I changed the code in function get_authors_from_post() as follows: function get_authors_from_post() { $formnames = array (); $selectnames = array (); $this->mtnames = $this->get_mt_authors(); I just added the last line shown above and then finally the import properly assings authors as intended. (There might be a better place to put the last line, however.) " leyburn888 Future Releases 22041 Importer dies silently when multisite upload limit is reached Import normal normal enhancement reopened 2012-09-28T17:58:57Z 2019-06-04T20:03:50Z "The scenario: You're importing a WXR file into a site on a multisite network and the WXR includes a number of large attachments. For whatever reason, the upload capacity for each site is set at 100MB. If the upload capacity is reached during the import process, the import will look like it's hanging forever. Instead, it would be nice to show an alert that the upload capacity was reached or similar." danielbachhuber Future Releases 22976 Remove reference to category to tag converter from the tools page Import normal normal enhancement new 2012-12-17T16:02:00Z 2019-06-04T20:04:32Z It has been such a long time since version 2.3, does anybody really need a reminder for the existence of this tool on that relatively high profile page? mark-k Future Releases 23464 WXR importer: Poor UX when creating new user to import to Import normal normal enhancement new 2013-02-13T07:05:33Z 2019-06-04T20:04:59Z "When importing WXR you are prompted to assign a user to which of the existing users the imported content will be assigned, but it is also possible to provide a name of a new user which will be created and the content then will be associated with it. The new user functionality sucks 1. No email or password is required therefor the user for a while is missing data which is assumed to always exist for a user. In the end of the import there is a small notice about updating the user data, but it gets lost in all the output being generated during import 2. Processing does not stop if user creation had failed (I used hebrew characters for user name) and the imported content is assigned to the current user. WTF? " mark-k Future Releases 24791 Map audio/video shortcode IDs on import Import normal normal task (blessed) new 2013-07-17T21:39:47Z 2019-06-04T20:05:43Z See #24458. nacin Untriaged tickets (that need a patch) 11740 Sorting tags and towns does not work well for utf-8 nbachiyski I18N 2.9 normal normal Awaiting Review defect (bug) new dev-feedback 2010-01-06T12:42:24Z 2024-02-28T16:41:53Z "There are problems with sorting special Czech characters: 1) Options - General - Timezone selection. Evropa (Europe) First item should be Amsterdam, but instead of it there is ""Řím"" (Rome in Czech). And this is not right, character Ř should be between R and S. 2) Editing posts - Select from most used tags. You can create tags ""Rome"", ""Amsterdam"" and ""Řím"". Tags are also sorted in a bad way, first is ""Řím"". It is very problematic for Czech users when there are many tags, because it does not help them..." pavelevap Untriaged tickets (that need a patch) 47547 switch_to_locale( 'en_US' ) is unreliable johnbillion* I18N normal normal Awaiting Review defect (bug) accepted close 2019-06-15T18:10:36Z 2024-02-29T11:09:48Z "Given a site that uses `en_US` as its language, a user with their user language set to something else, and that user logged into the admin dashboard, calling `switch_to_locale( 'en_US' )` appears to be unreliable. 1. ❌The return value of `determine_locale()` is the user's language, not `en_US`. 2. ✅Localised text without a textdomain (ie. text from core) is correctly displayed in `en_US`. 3. ❌Localised text with a textdomain (ie. text from plugins or themes) is incorrectly displayed in the user's language. This may be related to #39210. Given a site that itself uses a language other than `en_US`, calling `switch_to_locale( 'en_US' )` does appear to work although I haven't tested it extensively." johnbillion Future Releases 52438 Theme translations in WP_LANG_DIR are loaded twice, no (logical) way to override from a (child) theme. I18N 5.6 normal minor Future Release defect (bug) new 2021-02-03T19:21:45Z 2021-07-22T12:19:57Z "I was trying to override some translation strings from within a child theme for a (parent) theme that has online translations (from translate.wordpress.org) that WordPress downloaded into WP_LANG_DIR/themes/domain-locale.mo. There are a couple of problems getting this to work, at least one of which (2)) I believe is a bug. 1) Both `load_theme_textdomain()` and consequently `load_child_theme_textdomain()` will give priority to .mo files found in WP_LANG_DIR and will completely ignore theme based .mo files when the former exist. I tried to circumvent this with `load_textdomain()` directly, see [https://wordpress.stackexchange.com/a/249127 here] and made it load before the parent theme's call to `load_theme_textdomain()` in order to make my translations [https://core.trac.wordpress.org/browser/tags/5.6/src/wp-includes/l10n.php#L684 take precedence in the merge]. I did like proposed in the docs, i.e. in the child theme's functions file (that loads before the parent's) via the `after_setup_theme` hook. The question here is should there be a better (more intuitive) way? Maybe calling `load_theme_textdomain()` with the parent's text domain again (and make it work, of course)? 2) It did not seem to work, so I tried to log which .mo files WordPress tries loading with [https://developer.wordpress.org/reference/hooks/load_textdomain/#comment-4497 this code]. This showed that the downloaded translation in WP_LANG_DIR gets called twice. The 2nd call is from the parent theme's `load_theme_textdomain()` and my effort from 1) successfully put my translaions before that 2nd call. But the 1st .mo file loading... I traced this down to [https://core.trac.wordpress.org/browser/tags/5.6/src/wp-includes/l10n.php#L1307 this code] within `l10n.php`: the check with `_load_textdomain_just_in_time()` actually loads the .mo file via `load_textdomain()` and way to early. And anyway, does this check make any sense: {{{ if ( isset( $l10n[ $domain ] ) || ( _load_textdomain_just_in_time( $domain ) && isset( $l10n[ $domain ] ) ) ) }}} If `isset( $l10n[ $domain ] )` is `false`, how could the condition after `||` ever be `true`? Removing the OR condition with the call to `_load_textdomain_just_in_time()` also removes the 1st logged .mo file. Then, my translations from the child theme were the first to load and worked like intended, i.e. merge with the parent's translations that come afterwards. It also works when calling `load_textdomain()` in the (child) themes functions file directly (not bound to a hook), but that's not how I understand that this should be done?! I reproduced the double loading .mo files with a fresh WordPress 5.6 install and the default Twenty Twenty-One theme in formal German language. I hope, I did not miss anything crucial and this report is of any help. " captain.crash Future Releases 52696 Add a way to determine whether a translation exists I18N normal minor Future Release enhancement new 2021-03-02T20:34:53Z 2024-03-13T20:09:06Z "Currently `__()` wraps `pomo/translations.php::translate_entry()̀` in such a way: {{{#!php $singular, 'context' => $context, ) ); $translated = $this->translate_entry( $entry ); return ( $translated && ! empty( $translated->translations ) ) ? $translated->translations[0] : $singular; } }}} If no translation exist, the original is returned which is the more frequently desirable behavior. But in some cases, the user may want to know whether the string obtained from `__()` is actually the translation or the original. **Use-case**: I'm inserting programmatically taxonomy terms translated using a 3rd-party service. I'm iterating over `[__(""t1""), __(""t2""), ...]` and I would like to only insert those actually translated, ignoring the others. Currently, I've no way to discriminate between the original and the translation (which may or may not be identical btw). I'd like a function providing me this ability like. One such example `__i18n_exists($term, $context = null);`" drzraf Future Releases 47511 "Add specific ""default settings"" for different locales" I18N normal normal Future Release enhancement new 2019-06-08T23:49:56Z 2022-09-30T13:33:48Z "In the UI there are several settings that are locale-specific, like ""Date Format"", ""Time Format"", ""Week Starts On"", etc. Also some locale specific differences in displaying information, like user's name on the Profile screen. In East Asia and some parts of Europe (and others) it is not accepted to have ""John Doe"", it is ""Doe, John"" (with or without the comma). For these locales the order of the form fields for First Name and Last Name should be swapped. This is handled well in MacOS and Windows. Not sure if we need all the options they offer, but a default per-locale settings would be great to have. Then they can include word-count methods (""words"" vs. characters), default lengths for strings/excerpts, (perhaps) some encoding changes for emails, decimal separator (`3,14` vs. `3.14`), grouping separator (`1 000 000` vs. `1,000,000`), and anything else that is locale-specific." azaozz Future Releases 20739 Improve Excerpt generation for non-english locales I18N 3.4 normal normal Future Release enhancement new 2012-05-23T21:09:45Z 2024-02-28T16:40:01Z "This is a follow on from #16079 to further improve the code. While we improved it in 3.4 we can do a better job to more fully support the customisation for all different locales. For known issues see the comments on the previous ticket." westi Future Releases 37491 Improve Iranian functionality in WordPress johnbillion I18N normal normal Future Release feature request assigned 2016-07-27T18:33:49Z 2020-01-07T20:22:06Z "I'm currently one of [https://wordpress.org/plugins/wp-parsidate/ Parsi Date] core developers. Parsi Date, enables Shamsi calendar, aka Iranian calendar, for WordPress. WordPress is really popular in Iran, many people use it as an accelerator in their own business, so I thought that enabling Iranian calendar, might be a good idea to step the progress of internationalizing WordPress. Can it be enabled in WordPress? Where to start?" iEhsan.ir Future Releases 12477 Search with special characters and similar terms nbachiyski I18N normal normal feature request new dev-feedback 2010-03-02T17:42:46Z 2019-06-04T20:01:58Z "I did:Tried searching for terms Metis and Métis I saw:Those two searches turned up different sets of results. I expected:The same set of search results, or at least everything when I searched for Metis. Can search be smarter when special characters are involved?" mrroundhill Untriaged tickets (that need a patch) 51767 Broken logic for `https_local_ssl_verify` filter due to missing `local` argument HTTP API 4.6 normal normal Awaiting Review defect (bug) new 2020-11-13T09:29:11Z 2020-11-13T09:29:11Z "When the Requests library was merged in WP 4.6, the `local` element in the `$args` array of an HTTP API request was removed. The logic for the `https_local_ssl_verify` filter relies on this argument being present and therefore doesn't behave properly. To reproduce, perform an HTTP API request to `home_url()` and verify that the `https_local_ssl_verify` filter does not get triggered. Introduced in [37428]." johnbillion Untriaged tickets (that need a patch) 49203 Requests::request_multiple() does not honor $auth option HTTP API 5.4 normal normal Awaiting Review defect (bug) new 2020-01-15T13:40:53Z 2020-02-05T06:52:49Z "If individual requests have an option for `$auth`, the authentication `CURLOPT`s don't get set as `curl.before_send` is never dispatched. Manually setting an 'Authorization' header overcomes this limitation. I suspect this is not intended behaviour however, cf. documentation in #48349." alpipego Untriaged tickets (that need a patch) 49385 wp_remote_get() cannot retrieve webcal URIs HTTP API normal normal Awaiting Review defect (bug) new needs-unit-tests 2020-02-07T18:33:22Z 2020-02-07T19:11:06Z "In #31666, `webcal` was added to the list of allowed protocols. Unfortunately this does not bubble up into the HTTP API for remote requests, and `wp_remote_get()` on a `webcal://` URI will fail with: {{{ object(WP_Error)[532] public 'errors' => array (size=1) 'http_request_failed' => array (size=1) 0 => string 'A valid URL was not provided.' (length=29) public 'error_data' => array (size=0) empty }}} Here is my proof-of-concept to show off the failure: {{{ add_action( 'plugins_loaded', function() { // Public iCloud calendar I created $uri = 'webcal://p41-caldav.icloud.com/published/2/AAAAAAAAAAAAAAAAAAAAAF-eqSypTVlehAPwNTiPeHHBkTEvCi1qK6G4LDcU1Fr6AKLM-yaJrbRrhSSGMrjSbAxJZJ6TibzOCKLh0xBSpKI'; // Regular remote get call $get = wp_remote_get( $uri ); // Dump results var_dump( $get ); die; } ); }}}" johnjamesjacoby Untriaged tickets (that need a patch) 53938 replace core uses of wp_parse_url() with PHP's native parse_url() HTTP API normal normal Awaiting Review enhancement new close 2021-08-16T20:58:40Z 2021-08-17T16:38:31Z "[https://developer.wordpress.org/reference/functions/wp_parse_url/ wp_parse_url()] was introduced in #34408 to get around URL parsing failures of PHP's [https://www.php.net/manual/en/function.parse-url parse_url()] in PHP < 5.4.7. With the minimum supported PHP for core now 5.6.20, `wp_parse_url()` no longer seems necessary and `parse_url()` can be used directly. For background on this ticket, see the [https://wordpress.slack.com/archives/C02RQBWTW/p1629146151384100 slack thread]. " pbiron Future Releases 29619 Make WP_HTTP_BLOCK_EXTERNAL more easy to use HTTP API 2.8 normal normal enhancement new dev-feedback 2014-09-10T17:46:54Z 2019-06-04T19:46:22Z "Currently when defining WP_HTTP_BLOCK_EXTERNAL it blocks all requests which would mean that WordPress itself becomes unusable because it then will also blocks it own requests to WordPress.org. Also oEmbeds stop working because they can't get their data. My idea is to make an if statement like the localhost check to allow those requests. I do get that this constant is mainly for local development but would be great to have a easy way to have a semi locked down installation. So I'm curious what you guys think about this." markoheijnen Untriaged tickets (that need a patch) 58595 Add a new admin page with support information and resources Help/About 3.1 normal normal Awaiting Review enhancement new 2023-06-22T01:08:57Z 2023-06-22T01:08:57Z "The links under the 'W' menu are little used links in a high-traffic context. They are also external links in a menu that otherwise only accesses information within WordPress. Following up from discussions on #55960, I'm proposing that we remove the dropdown of links currently attached to the 'W' menu and replace it with a single link for support and resource information. This would allow us to create a page that offers much more significant user and developer assistance by directing users to a wide variety of resources on WordPress.org. " joedolson Future Releases 60466 Introduce a contextual help tab for plugin dependencies costdev Help/About normal normal 6.6 defect (bug) assigned 2024-02-07T17:11:26Z 2024-03-05T14:27:10Z "Follow up to #22316/[57545]. On the plugins screen, there should be a help tab added about plugin dependencies. This potentially could be linked to in admin notices and other scenarios where users are notified that something is not right with their current set of installed plugins." desrosj Untriaged tickets (that need a patch) 59436 """The response is not a valid JSON response""" General 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-24T16:50:18Z 2023-09-24T16:50:18Z "After update to WordPress 6.3.1 I am not able to edit posts. I needed to install plug in which make on my page only classic editor. After trying to post/edit something without it, I get info: ""“Updating failed. The response is not a valid JSON response”. I checked WordPress forum, and I am not the only one with the issue after 6.3.1 installation. I also perform troubleshooting describes in many articles like: tirn off all plug-ins or edit .htaccess file. " egzaltowana Untriaged tickets (that need a patch) 59052 Deprecated: html_entity_decode(): Passing null to parameter #1 ($string) of type string is deprecated in wp-includes/widgets.php on line 1626 General 6.3 normal normal Awaiting Review defect (bug) new 2023-08-10T15:55:11Z 2023-10-06T09:25:03Z "Since the change to PHP 8.1 (from 8, WP 6.3 is now running, I get once a day, only while opening the dashboard this Warnings (repeating twice): {{{ ""PHP Deprecated: html_entity_decode(): Passing null to parameter #1 ($string) of type string is deprecated in /homepages/xxx/wp-includes/widgets.php on line 1626"" }}} Only once day I'm logged in. After reloading or new login on the same day, the Warning doesn't show up. This happens on three different Installations. On one Installation I deactivated all Plugins and changed the theme to fresh Twenty Twenty Two. But still once a day the warning just after first login. The Cron-Jobs running, are only from WP, see below. Searched Google about this warning, I got no result about this warning in releation with ""html_entity_decode()"" & ""wp-includes/widgets.php on line 1626"" So, I'm not sure this is a known bug in WP Core onto PHP 8.1 Any suggestion would be welcome. the Cron-Jobs running ""wp_privacy_delete_old_export_files,wp_privacy_delete_old_export_files(),""""once every hour"""" ""recovery_mode_clean_expired_keys,WP_Recovery_Mode->clean_expired_keys(),""""once a day"""" ""wp_https_detection,wp_update_https_detection_errors(),""""twice a day"""" ""wp_version_check,wp_version_check(),""""twice a day"""" ""wp_update_plugins,wp_update_plugins(),""""twice a day"""" ""wp_update_themes,wp_update_themes(),""""twice a day"""" ""wp_scheduled_delete,wp_scheduled_delete(),""""once a day"""" ""delete_expired_transients,delete_expired_transients(),""""once a day"""" ""wp_scheduled_auto_draft_delete,wp_delete_auto_drafts(),""""once a day"""" ""wp_update_user_counts,wp_schedule_update_user_counts(),""""twice a day"""" ""wp_site_health_scheduled_check,WP_Site_Health->wp_cron_scheduled_check(),""""once weekly"""" ""wp_delete_temp_updater_backups,2023-08-16 16:33:02 6 Tage, wp_delete_all_temp_backups(),""""once weekly"""" publish_future_post,[7],2040-09-03 03:02:56 17 Jahre, check_and_publish_future_post(),one-shot,0" treibstoff Untriaged tickets (that need a patch) 53743 Double Tag with SEO Plugins in WordPress 5.8 General normal major Awaiting Review defect (bug) new reporter-feedback 2021-07-22T15:28:08Z 2021-07-22T17:08:18Z "Hello, I updated to WordPress 5.8 and am using RankMath. However I noticed there are two viewport tags as well two <title> tags. I guess the code in `wp-includes/block-template.php:86-88` has something to do with it. I would very like to get rid of the second <title> tag not belonging to the seo plugin. I am also using the Oxygen Builder (3.8.1) if that helps. " katsar0v Untriaged tickets (that need a patch) 46058 Extra database calls when use get_the_excerpt() and posts have images General 5.0.3 normal major Awaiting Review defect (bug) new 2019-01-21T23:49:51Z 2020-06-25T22:26:56Z "**To reproduce this issue:** 1. Install clear wordpress (5.0.3) 2. Create post with image in post content. Assign it to one category (e.g. ""uncategorized""). 3. Open this category page and check database calls in it (with get_num_queries()). 4. Add one more post with image in it - and database calls will increase with every additional post (+2 queries for 1 additional post). **Info:** 1. This issue dissapear when you delete get_the_excerpt() from the category template. 2. This issue does not exist when posts have no image in it. **The reason of this issue is in function get_the_excerpt():** 1. function get_the_excerpt() applies filter 'get_the_excerpt' in wp-includes/post-template.php:397 {{{#!php <?php return apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ); }}} 2. we have 'wp_trim_excerpt' by default for 'get_the_excerpt' in ""wp-includes/default-filters.php:172"": {{{#!php <?php add_filter( 'get_the_excerpt', 'wp_trim_excerpt' ); }}} 3. function wp_trim_excerpt() applies filter 'the_content' in wp-includes/formatting.php:3314 {{{#!php <?php $text = apply_filters( 'the_content', $text ); }}} 4. we have 'wp_make_content_images_responsive' by default for 'the_content' in ""wp-includes/default-filters.php:165"": {{{#!php <?php add_filter( 'the_content', 'wp_make_content_images_responsive' ); }}} 5. and lastly function wp_make_content_images_responsive() produce 2 extra database calls on every post in category-page (guess with wp_get_attachment_metadata) in wp-includes/media.php:1344 {{{#!php <?php foreach ( $selected_images as $image => $attachment_id ) { $image_meta = wp_get_attachment_metadata( $attachment_id ); $content = str_replace( $image, wp_image_add_srcset_and_sizes( $image, $image_meta, $attachment_id ), $content ); } }}} " kg69design Untriaged tickets (that need a patch) 41388 Insert Media window does not remember state for custom tabs, iframe bug General 4.8 normal critical Awaiting Review defect (bug) new 2017-07-20T16:13:27Z 2018-08-14T12:33:54Z "Hi! I use Edd plugin (easy digital downloads) and Amazon S3 plugin (https://easydigitaldownloads.com/downloads/amazon-s3/). After WordPress update to 4.8, I have encounted problem with filling my downloadable files. I upload them via cyberduck and then create 5 instances of “add new price” – push “upload to file”, then – “Amazon S3 Library”. Before update I had to do so for first price – but next 4 prices pulled the path from the previous price – that was much easier and time-saving. Now – I need to enter whole path each time for each price. When I rollback to wordpress 4.7.5 – problem gone. Here is video that will describe my problem more clear – https://www.youtube.com/watch?v=GeaJrLYtMZI&authuser=0 I asked for help EDD team, but they say “'''''Unfortunately that issue is caused by a change in WordPress itself so is not something we can affect, sorry. It’s possible it was an accidental change with WordPress that will be resolved in a new update by the core WordPress team'''''.”" angel8888 Untriaged tickets (that need a patch) 56178 Links got invisible in responsive devices. General normal normal Awaiting Review defect (bug) new 2022-07-08T10:44:48Z 2022-07-15T05:08:25Z "In WordPress 6.0 in the FSE while checking the menu on the smaller devices it appears that the color of the links is the same as that of the background so due to that they appear to be invisible. Here is the short video of the issue: https://www.loom.com/share/a2a4f0ea61314b1397b3ca206e3f67b6" hilayt24 Untriaged tickets (that need a patch) 58859 On pattern edit page not able to open settings panel after close it General normal normal Awaiting Review defect (bug) new 2023-07-20T07:22:57Z 2023-07-20T07:22:57Z "I am trying to edit the pattern and found an issue with the setting panel. Once I closed the settings panel not able to open it by clicking on the setting icon at the top right corner Here I am adding a video https://www.awesomescreenshot.com/video/19274744?key=3fab6b5bb4b249bf197c388f6b47d24e" mikinc860 Untriaged tickets (that need a patch) 38596 Preview Change button does not reflect Custom Page Template General 4.6.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-10-31T20:08:55Z 2017-09-08T14:17:51Z "When creating 2 or more custom page templates, the Preview Change button is failing to show the correct template after making a switch. Here are steps below. - Create 2 custom page templates in code. - Go to wp-admin and go to Pages - Either use the Sample that ships with WordPress or create a new page - Within page edit mode, under Page Attributes, select a different page template. - Click Preview Change. - You will notice that the preview does not reflect the correct template. You have to push Update in order to see it. " blackawxs Untriaged tickets (that need a patch) 56446 Query loop next page button not working as expected. General normal normal Awaiting Review defect (bug) assigned 2022-08-26T18:16:58Z 2022-08-27T08:04:01Z "Recently I ran into an issue using the query loop block halfway down on the front page of a website I was working on. Whenever I clicked on the ‘next page’ button to show more blogposts results, the click would cause the page to jump to to top and I would have to scroll down to go back to the blog overview window. I expected the click to show me more more results yet stay in the same place on the page. Is this a wrong assumption or is this an actual bug? If it's not a bug then maybe an enhancement issue? " vncntdvrs Untriaged tickets (that need a patch) 55265 Setting colour in 5.9.1 General 5.9.1 normal major Awaiting Review defect (bug) new 2022-02-26T17:40:30Z 2022-04-27T07:59:39Z "Hi! I have been used to changing the colour of text, headings and buttons by simply typing in the colour code; 043D06. This works on some things (advanced lists) but not on others (buttons, plain text, headings). I assume this is a glitch? The option to change colour is there, so is the colour wheel and what seems to be a typing box but there is no way of typing in the required code. The only way to change colour is to hover over the colour wheel - it is impossible to pick the precise colour needed in this way. " hicklingadmin Untriaged tickets (that need a patch) 57825 Something's wrong with the way the 'admin_init' hook and/or the wp_update_post function works General 6.1.1 normal normal Awaiting Review defect (bug) new dev-feedback 2023-02-28T19:54:51Z 2023-02-28T19:54:51Z "Hi, (I'm not sure what's happening here, so I left the Component dropdown with its default value.) The issue in a nutshell: when hooked to `admin_init`, the below function's wp_update_post() call is executed even when the wrapper if-else statement evaluates to false, and it updates all `mac-submenus` post type entries' status to 'draft' regardless of the fact that the `$post_id` variable doesn't even have a value in this case. I don't know how is this even possible, but it's happening - and if another admin hook is used ( for instance `in_admin_header` ), the function works perfectly, just as expected. {{{#!php <?php function cpt_mac_submenus_create_delete_check_menu_items() { // Get all submenu posts $spq_Arr = array( 'posts_per_page' => -1, 'post_type' => 'mac-submenus', // We only check published submenu posts 'post_status' => array('publish'), 'fields' => 'ids', ); $submenu_post_ids_Arr = get_posts( $spq_Arr ); // Get the custom item array of the menu associated with the 'primary_menu' location global $new_menu_Arr; // Get all menu items that are top-level and parent $parent_menu_items_Arr = mac_helper_search( $new_menu_Arr, 'has_children', true ); $top_level_menu_items_Arr = mac_helper_search( $new_menu_Arr, 'is_top_level', true ); $tlp_items_Arr = array_uintersect( $parent_menu_items_Arr, $top_level_menu_items_Arr, function( $val1, $val2 ) { return strcmp($val1['has_children'], $val2['has_children']); } ); // Check if all 'mac-submenus' entries have their respective top-level & parent menu // item in the menu associated with the 'primary_menu' location. // // If a submenu entry DOESN'T have such corresponding menu item: // - check if it has a top-level BUT NOT PARENT corresponding menu item // - if it has, change the submenu post status to 'draft' // -------------------------------------------------------------------------------------------- // 1. Get submenu posts having a corresponding top-level parent menu item. $posts_with_tlp_Arr = array(); foreach ( $submenu_post_ids_Arr as $post_id ) : $post_has_tlp = false; foreach ( $tlp_items_Arr as $menu_item ) : $mi_title = html_entity_decode( $menu_item['title'] ); $p_title = html_entity_decode( get_the_title( $post_id ) ); if ( $mi_title == $p_title ) : $post_has_tlp = true; break; endif; endforeach; if ( $post_has_tlp ) $posts_with_tlp_Arr[] = $post_id; endforeach; // 2. Get posts that don't have a corresponding top-level parent menu item, and // change their status to 'draft'; $posts_with_no_tlp_Arr = array_diff( $submenu_post_ids_Arr, $posts_with_tlp_Arr ); if ( !empty($posts_with_no_tlp_Arr) ) : foreach( $posts_with_no_tlp_Arr as $post_id ) : $update_args_Arr = array( 'ID' => $post_id, 'post_type' => 'mac-submenus', 'post_status' => 'draft', ); wp_update_post( $update_args_Arr ); endforeach; endif; } add_action( 'admin_init', 'cpt_mac_submenus_create_delete_check_menu_items' ); }}} I spent an hour with testing code variations, but couldn't find a problem with the above code or a fix of the issue." lunule Untriaged tickets (that need a patch) 56172 Strict comparisons not used. General normal normal Awaiting Review defect (bug) new dev-feedback 2022-07-08T05:04:18Z 2023-10-26T00:02:19Z "On going through the core files, I observed that in many places strict comparison is not used. After that, I ran the code through the WPCS and also got the warnings for the same. Though it does not affect the flow of the site, it should be used. Few exampals are: 1 options-general.php {{{ 215 | WARNING | Found: ==. Use strict comparisons (=== or !==). 393 | WARNING | Found: ==. Use strict comparisons (=== or !==). }}} 2 sites.php {{{ 105 | WARNING | Found: ==. Use strict comparisons (=== or !==). 145 | WARNING | Found: !=. Use strict comparisons (=== or !==). 145 | WARNING | Found: !=. Use strict comparisons (=== or !==). 157 | WARNING | Found: ==. Use strict comparisons (=== or !==). 185 | WARNING | Found: !=. Use strict comparisons (=== or !==). 185 | WARNING | Found: !=. Use strict comparisons (=== or !==). }}} " hilayt24 Untriaged tickets (that need a patch) 58505 Using WORDPRESS_DB_HOST variable Cannot connect to the database, must be configu General 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-10T07:07:08Z 2023-11-18T13:21:13Z "I use kubernetes to run wordpress, and configure the WORDPRESS_DB_HOST variable, but it can not connect to the database, manually configure the database IP can be, mast have i to manually configure? I also tried using docker and 'WORDPRESS_DB_HOST' didn't work either. The image I used is wordpress:php8.2" chentc Untriaged tickets (that need a patch) 50279 add_query_arg() removes equal sign from assigned value General 5.4.1 normal normal Awaiting Review defect (bug) new 2020-05-29T16:29:09Z 2020-10-22T00:20:43Z "If you add a query array like this: {{{#!php <?php $data =[ 'api_id' => 'xxxxx==', 'to' => 123456, 'text' => ""Prueba"", ]; $url = add_query_arg( $data , 'https://xxx.com' ); }}} The $url you get is this: https://xxx.com?api_id=xxxxx=&to=123456&text=Prueba The line 1142: {{{#!php <?php $ret = preg_replace( '#=(&|$)#', '$1', $ret ); }}} Gets ""xxxxx=="" and return ""xxxxx="". Please fix it. Kind regards. " artprojectgroup Untriaged tickets (that need a patch) 59916 API Docs: update comment endpoint does't have example request gavande1 General normal minor Awaiting Review enhancement assigned 2023-11-16T11:02:29Z 2023-11-27T18:39:26Z "**Details** I noticed that the comment update API endpoint doesn't have an example request, even though the API document has a title for it. **Link to doc** https://developer.wordpress.org/rest-api/reference/comments/#example-request-2" gavande1 Untriaged tickets (that need a patch) 31387 New core API for adding Meta tags to the header General normal normal Awaiting Review enhancement assigned dev-feedback 2015-02-19T19:08:23Z 2021-08-11T15:56:09Z "There is often a conflict between one or more plugins about registering meta tags in the header. Meta tags that shouldn't be duplicated, it's difficult to know which one should 'win'. A lightweight framework in core that multiple plugins could use to register meta tags seems like it would be useful. It would need to handle several different attributes for all use cases -- `name` `property` `http-equiv` `charset` -- possibly generic `data-*` attributes? Uncertain. Twitter discussion: https://twitter.com/nacin/status/562109983069061120 (up and down the thread) My first swing at it: https://gist.github.com/georgestephanis/0f0cca2c5f1a6cd4aab2" georgestephanis Untriaged tickets (that need a patch) 59561 Short Description is missing in code comment General 6.3.2 normal normal Awaiting Review enhancement new 2023-10-07T09:00:18Z 2023-10-25T21:44:20Z "Short Description helps to understand variable behavior and it seems missing at the following locations. https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/edit-form-advanced.php#L19 https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/edit-form-blocks.php#L23 https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/edit.php#L35 https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/post-new.php#L17 https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/post.php#L35 " 1naveengiri Untriaged tickets (that need a patch) 57398 "User roles are reset to ""All"" tabs when performing bulk actions on certain user roles." General normal normal Awaiting Review enhancement new dev-feedback 2022-12-29T14:11:19Z 2023-02-17T08:41:22Z "Whenever bulk actions are performed on certain roles and applied, the page reloads back to the ""All"" roles. This makes performing Bulk Actions on certain roles tedious if we have to do it multiple times as we need to switch to the role again. Issue Video Link => [https://share.cleanshot.com/wSHt0nxqtGWkFlPgsq8h] " aezazshekh Untriaged tickets (that need a patch) 54861 cache_javascript_headers() is not call by core General 5.9 normal normal Awaiting Review enhancement new dev-feedback 2022-01-20T00:48:20Z 2022-01-20T01:14:08Z I can't where this function is used in core should we move it to depicted if its not being used? pbearne Future Releases 60352 Fix the architectural design of `/wp-includes/blocks/index.php` General 5.5 normal normal 6.6 defect (bug) new early 2024-01-26T00:15:33Z 2024-02-17T13:45:35Z "Follow-up to #55067. Generally the `*.php` files in all ""include"" directories are meant to be ""included"" in other files as the name suggests, not loaded directly. This is true for `/wp-includes` too. In addition these include-only files should not contain any ""loose"" PHP code that runs in the global scope, only functions and classes. These are pretty simple and easy to follow architectural PHP rules that ensure all code works well and avoid some exploit vectors. However `/wp-includes/blocks/index.php` doesn't seem to be following them, similarly to many of the other files in the `blocks` directory. As far as I see this should be considered as a PHP code architecture bug and should be fixed. The changes should ensure that there is no output or errors when that file is loaded directly." azaozz Future Releases 13779 Preview doesn’t work - WP installed in its own directory SergeyBiryukov General 2.9.2 normal normal Future Release defect (bug) reviewing dev-feedback 2010-06-08T01:32:04Z 2022-07-13T17:21:56Z "1. Wordpress is installed on /wp/ subdirectory. 2. Then it was set up to be visible from the site root according to http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory 3. Site works fine 4. [BUG] Preview for posts & pages isn’t working. When I press preview it goes to url like: http://example.com/?preview=true&preview_id=235&preview_nonce=aa28f04 and says ""You do not have permission to preview drafts."". 5. If I type subdirectory name “/wp/” in that url by hands, it shows correct preview: http://example.com/wp/?preview=true&preview_id=235&preview_nonce=aa28f04 6. The situation is getting worse if i'm using permalinks. In that case - there is nothing i can do to see preview. ps: I’ve tested that on clean install. " antares19 Future Releases 41873 Code Editor: Add PHP linter General normal normal Future Release enhancement new 2017-09-13T18:15:18Z 2017-10-03T20:31:50Z "There is no PHP linter yet when editing PHP in the code editor (powered by CodeMirror, from [41376] for #12423). This would be a good enhancement, PHP syntax errors are the most critical thing to catch prior to saving in order to prevent whitescreening a site. Currently there are linters only for HTML, JS, CSS, and JSON. See https://github.com/WordPress/better-code-editing/issues/48#issuecomment-327963921: > Props to @rheinardkorf for finding http://glayzzle.com/php-parser/#demo !! > > On GitHub: https://github.com/glayzzle/php-parser > > I had previously stumbled across the https://github.com/glayzzle/php-linter project but it is empty. I didn't see the other project. > > This holds great promise. The only icing on the cake here would be if the parser could be told which PHP version to use, but we could get a list of language features that are added after PHP 5.2 and mark them as errors when the version of PHP on the server is not new enough. Amazing. See more background on the original GitHub issue: https://github.com/WordPress/better-code-editing/issues/48" westonruter Future Releases 41874 Code Editor: Extend CSS linter to check for safecss-forbidden properties General normal normal Future Release enhancement new 2017-09-13T18:18:06Z 2017-09-29T16:16:52Z "While there is a custom HTMLHint rule which checks for Kses violations, this does not extend to CSSLint and `safecss_filter_attr()`. It would be a nice enhancement to get illegal style properties flagged as lint errors as well. Originally https://github.com/WordPress/better-code-editing/issues/60: > The `safecss_filter_attr()` function is used by KSES to filter HTML `style` attributes, removing any properties that are illegal. This should be applied to CSS and `style` attributes in HTML, so that any illegal properties are flagged as such. > > It seems that HTMLHint is not currently applying CSSLint to `style` attributes, but if it did, then a `kses` rule added to CSSLint could then apply to both HTML and CSS. This is for the code editor introduced in [41376] for #12423." westonruter Future Releases 31603 Don't change $_SERVER['REQUEST_URI'] just to filter the current URL query string General normal normal Future Release enhancement new 2015-03-11T22:06:12Z 2021-07-17T14:25:44Z "While working on #23367, I found 14 places in core that overwrite `$_SERVER['REQUEST_URI']`, which causes problems when trying to use it elsewhere and I don't know which version is going to make an appearance. I propose either switching from overwriting `$_SERVER['REQUEST_URI']` to using a local var when we need to, or creating a filter that's accessible everywhere if we need the modified value to use elsewhere." morganestes Future Releases 32979 Password UI: Regenerate PW after clearing field General 4.3 normal normal Future Release enhancement new 2015-07-13T17:49:23Z 2017-12-11T13:25:02Z "Based on https://core.trac.wordpress.org/ticket/32589#comment:20. I think this needs some discussion and focus in it's own ticket. In the new UI a PW gets generated for you. You have to take an action ""Show password"" or ""Generate new password"" to make the field show. Then you can edit that if you would like. At that point you decide you would rather generate one again. There is no clear way to do so. A few things worth noting On user profile you can click ""Generate new password"" again and it will. On new user you can click ""Show password"" and it will regenerate a pw again. (This is not great and where the change needs to happen) Perhaps the easy solution is to change the wording on the button when the field is shown to ""Generate new password"". A small issue that can be taken care of at the same time is the ""Show password"" button shows above the PW field while the ""Generate new password"" button shows below. The button below looks better. " MikeHansenMe Future Releases 56362 Remove Link/Bookmark API form Core: Phase 2 desrosj General 2.1 normal normal Future Release enhancement assigned dev-feedback 2022-08-10T19:15:19Z 2023-04-27T15:51:25Z "In WordPress 3.5, the Link Manager was disabled in Core by default in new installs, and hidden entirely when no links were present on a site updating (see #21307). The intention was to return to this later and remove the Bookmark/Links API from Core entirely. However, no one returned to that second phase. This ticket is to explore removing this long hidden API from Core." desrosj Future Releases 40566 add_query_arg() returns only URL fragments in certain circumstances General normal normal Future Release enhancement new 2017-04-25T22:01:33Z 2020-07-28T05:35:11Z "The documentation for add_query_arg() - https://developer.wordpress.org/reference/functions/add_query_arg/ - and its docblock, both claim that it returns a URL. And this appears to be how it is commonly used. (I started looking into this because of it being used in WooCommerce in this way, a wrong assumption which ulimately causes a reproducible-every-time 404 on my webserver on password reset requests via WooCommerce). e.g. in the documentation: ""Retrieves a modified URL query string."" ""You can rebuild the URL and append query variables to the URL query by using this function"". It is also recommended to use esc_url() on what is returned - a function that states that it acts upon URLs, implying that what is returned is indeed a URL. The docblock says ""Retrieves a modified URL query string"" - which isn't a very clear statement (does it return a query string? Or a URL *with* modified query string?). It continues later with ""Omitting the URL from either use results in the current URL being used (the value of {{{$_SERVER['REQUEST_URI']}}})"". The last clause is where the problem comes in. {{{$_SERVER['REQUEST_URI']}}}, actually stores a path that is relative to the current host, only (i.e. not ""U""niversal). Another beautiful bit of PHP mis-design: http://php.net/manual/en/reserved.variables.server.php - ""The URI which was given in order to access this page; for instance, '/index.html'."" As a result, despite the documentation and expectation, add_query_arg() returns relative fragments. And when these are passed to wp_redirect(), as WooCommerce does, the result can be, as in my case, that the webserver gives a 404. (This appears to be related to changes to relative path handling in CGI output in recent versions of lighttpd. The problem is CGI-specific I think - it relates to how a webserver handles the output of a CGI script when that output has a Location: header without a full URL in it). It appears to me that in the default case of no URL being specified, add_query_arg() should return an actual URL, instead of a relative path. Perhaps related: #14062" DavidAnderson Future Releases 36995 Support for Service Workers westonruter* General 5.1 normal normal Future Release feature request accepted 2016-06-02T00:18:09Z 2022-05-03T22:21:12Z "It might make sense into looking to offer a basic service worker for WordPress. It can start with something simple like caching files for `wp-admin`. Beyond that there are many ways it could be expanded: * Cache all scripts and styles for themes/plugins, possibly offering offline mode for sites * Possibly Notifications * etc Useful links: * https://developers.google.com/web/fundamentals/getting-started/push-notifications/step-03?hl=en * https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API/Using_Service_Workers * https://justmarkup.com/log/2016/01/add-service-worker-for-wordpress/" bhubbard Future Releases 45832 php-pm support General normal normal Future Release feature request new 2019-01-04T14:03:25Z 2019-01-14T21:52:28Z "Hi, this is more of a question/discussion starter about [[https://github.com/php-pm/php-pm|php-pm]] support. On php-pm github page it's stated that: > For all WordPress lovers out there: PPM is not going to work with WordPress due to the lack of request-response abstraction. We highly doubt that WordPress is ever going to be compatible because its architecture is written in a way that makes it currently impossible to serve multiple requests in one application process. Are there any plans to support it? Has anyone thought about adding support for request-response abstraction?" calin Future Releases 33344 Do not force draggable elements on touch devices, stop using touch-punch.js General normal normal defect (bug) new 2015-08-11T22:07:01Z 2019-06-04T19:50:32Z "Having draggable elements on touch screen devices doesn't work well in most cases. It interferes with the standard scrolling, dragging an element off the page doesn't scroll it either. Examples: Menus, Widgets, Dashboard (rearranging the layout), Customizer => Menus and Widgets, etc. This is especially bad on Android as drag/drop is disabled for iOS in several places. " azaozz Future Releases 31778 Opening the collapsed admin menu doesn't close toolbar submenus General normal normal defect (bug) new 2015-03-26T20:31:38Z 2019-06-04T19:48:36Z On a narrow touch device, toolbar dropdowns only open one at a time, but opening the admin menu does not close any dropdowns and is shown behind any open dropdowns, making it impossible to get to any of the higher items. This is particularly bad because you can't always close the submenu (see #29906). Opening the admin menu should close any other toolbar dropdowns - it's fine to continue to have toolbar dropdowns open over the admin menu if it's already open. helen Future Releases 36946 Provide `id` properties on core objects General normal normal defect (bug) new 2016-05-26T00:22:39Z 2019-06-04T19:58:44Z "In #36717, `WP_Site` and `WP_Network` will get magic getters/setters so that `id` and other more properly named properties can be used. We should standardize on `id` rather than `ID` for core objects where it makes sense. Current primary IDs for objects are: * `WP_Comment` -> `comment_ID` * `WP_Post` -> `ID` * `WP_Term` -> `term_id` * `WP_User` -> `ID` * `WP_Widget` -> `id` * `WP_Screen` -> `id` `WP_User` is somewhat unique because the property was `id` and then deprecated in [18504] in favor of `ID`. We should be able to un-deprecate this." jeremyfelt Future Releases 31200 wp_redirect Missing Body - Causes Performance Issues General 4.1 normal normal defect (bug) new 2015-02-01T18:56:15Z 2019-06-04T19:47:42Z "When I changed my site over to a new setup using nginx and Varnish, I noticed some performance issues when doing things like submitting a comment, activating plugins, etc. I narrowed it down to a problem with wp_redirect not providing a body, and thus nginx does not provide a content length. This causes Varnish to hang, waiting for a body, until it hits a time out (which by default is 5 seconds). This makes any action that involves a redirect take a minimum of 5 seconds (or whatever the time out is set to). Adding some output to wp_redirect immediately solved the problem for me. Even though this may relate to a specific nginx/Varnish setup, the HTTP standards also say you should always include some kind of output in the body. Nginx + php-fpm does not do this by default, and given that this is an increasingly common stack it would be useful if it conformed to standards. The issue can also be sidestepped by adding: {{{ header( ""Content-Length: 0"" ); }}} However, this does not conform to RFC specs. See: http://www.ietf.org/rfc/rfc2616.txt under 10.3.2 and 10.3.3 HTTP 301: The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). HTTP 302: The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s)." tripsis Future Releases 46241 Bug Report: Creating Multiple Gallerys with Gutenberg and Latest WordPress antpb* Gallery 5.0.3 normal major Future Release defect (bug) accepted 2019-02-12T17:55:22Z 2020-02-21T01:23:38Z "Problem: All images in media library are added to Gallery after creating a new Gallery on the same page and choosing to edit it. Exact Steps to Reproduce: 1) Create a new gallery block using Gutenberg editor. Choose Upload and upload 3 images to the gallery. 2) Add a heading block to the page 3) Add another gallery block below that using the Gutenberg editor. Upload 3 new images to this gallery. 4) Once this is done, click the pencil icon to edit this gallery block What happens: You will see all the images in the entire media library are added and selected, and you have to manually deselect them. If you don't and hit Update Gallery it will add all of the images in the library to the gallery. " starcrescendo Future Releases 34390 Gallery - images order Gallery 4.3.1 normal normal defect (bug) new 2015-10-21T16:55:11Z 2019-06-04T19:52:47Z "I already asked here, but nobody answered: https://wordpress.org/support/topic/media-manager-shuffle-images-all-the-time?replies=10 Seems as it is a bug, or oversight because you maybe dont test this real life scenario case. I know now what triggers this problem, did not know when asked in this topic. Some short info: - Have this problem in 1-2 years. - Installed new and clean Wordpress (to exclude my code lines or plugins) - Default theme, no plugins, no custom code in functions.php, no custom code in wp-config.php, .htaccess. How to trigger problem: - Add new post. - Open media manager and insert many images (In my case was it 280 images uploaded at once. I make multiple galleries on separate subpages to reduce page load). But for your test you can have maybe 100 images uploaded in this post, not so important. - When uploading finished you will see that all images are sorted in perfect order. - Just for clean test close modal box and open it again Add Media and chose Create Gallery. - Images are still sorted in perfect order. - Go to the first image media manager uploded in this batch. In my case as it was clean installation it was image first at the bottom (but you get it). - Now comes part how you trigger glitch/bug. - If you mark first uploaded image and hold Shift arrow on keyboard, and if you CLICK ONLY ONCE at last image you want in your gallery, sorting in gallery (backend and frontend) is still perfect and OK. - But, if you hold Shift key and keep clicking on row after row (to be able to see number of images in gallery at the bottom bar ""#No selected""), then problems comes and seems as JS code is confused and shuffle many images. - Problem will be visible in next modal window where you chose gallery settings, in post self and on the front. Shift and click on last image wished in gallery = perfect order. Shift and click several time around before you decide what to mark = shuffled images. [[Image(http://s7.postimg.org/4o50g6cpn/2015_10_21_184256.jpg)]] [[Image(http://s17.postimg.org/t0c4blrin/2015_10_21_184859.jpg)]] [[Image(http://s9.postimg.org/4msb88s9r/2015_10_21_185039.jpg)]]" Stagger Lee Future Releases 29023 Galleries: add pagination option Gallery 3.9.1 normal normal enhancement new 2014-07-25T08:28:03Z 2019-06-04T19:46:13Z "Galleries are great, but if you add a lot of images to a single gallery the page will take a while to load. I think it would be nice to add a new option, maybe just a new gallery shortcode parameter at first, that would allow post authors to define a number of images per page, thus breaking galleries into different pages, much like we do with [https://codex.wordpress.org/Function_Reference/wp_link_pages single post pagination] today. " jeherve Untriaged tickets (that need a patch) 59158 Altering Details block styles doubling .wp-block-details class in the output Formatting 6.3 normal normal Awaiting Review defect (bug) new 2023-08-21T12:32:34Z 2023-08-21T13:47:23Z "By defaut Details block styles outputs styles for inner paragraph like: {{{ .wp-block-details>:not(summary) { margin-block-end: 0; margin-block-start: var(--wp--style--block-gap); }}} ---- If I want to change margin-block-start on the block level styles I use: {{{ .wp-block-details>:not(summary) { margin-block-start: 0;} }}} BUT it outputs: {{{ .wp-block-details.wp-block-details>:not(summary) { margin-block-start: 0;} }}} ---- HOWEVER, If I use the same in the Additional CSS section of Styles Editor it produce expected: {{{ .wp-block-details>:not(summary) { margin-block-start: 0;} }}} " randewoo Untriaged tickets (that need a patch) 43810 Apostrophe issue Formatting 4.9.5 normal normal Awaiting Review defect (bug) new 2018-04-19T13:31:05Z 2022-02-18T21:17:15Z "Take a look. Instead of to have normal apostrophe, we have open and close if is between tags [[Image(https://i.imgur.com/c6QDmR5.png)]] [[Image(https://i.imgur.com/1F1zfWj.png)]]" colomet Untriaged tickets (that need a patch) 39153 Bug in wp_html_split with unclosed PHP tag (or HTML tag <) Formatting 4.6.1 normal normal Awaiting Review defect (bug) new needs-unit-tests 2016-12-07T17:48:32Z 2018-03-02T08:27:32Z "The problem is in the ''shortcodes.php'' file, but exact problem is function ''wp_html_spli''t in ''formatting.php'' This bug is completely described in this question forum thread. https://wordpress.org/support/topic/bug-in-wp_html_split-with-unclosed-php-tag/ Consider following post code. {{{ Some amount of useless text <!--more--> [code-highlight line-numbers=""table"" linenostart=""53"" highlight-lines=""1,3,8"" style=""native"" lang=""html+php"" pyg-id=""1"" ] <?php //This callback registers our plug-in function wpse72394_register_tinymce_plugin($plugin_array) { $plugin_array['wpse72394_button'] = 'path/to/shortcode.js'; return $plugin_array; } //This callback adds our button to the toolbar function wpse72394_add_tinymce_button($buttons) { //Add the button ID to the $button array $buttons[] = ""wpse72394_button""; return $buttons; } ? [/code-highlight] Some amount of useless text <strong>checkstyle</strong> [code-highlight style=""native"" lang=""perl"" pyg-id=""2"" ] (?:s+)(?:(/*([^*]|[rn]|(*+([^*/]|[rn])))**+/)|(//(?!.*(CHECKSTYLE)).*)) [/code-highlight] }}} Here dump after this line {{{ $textarr = wp_html_split( $content ); var_dump($textarr); exit; }}} {{{ array(25) { [0]=> string(0) """" [1]=> string(3) ""<p>"" [2]=> string(28) ""Some amount of useless text "" [3]=> string(11) ""<!--more-->"" [4]=> string(0) """" [5]=> string(4) ""</p>"" [6]=> string(1) "" "" [7]=> string(3) ""<p>"" [8]=> string(121) ""[code-highlight line-numbers=""table"" linenostart=""53"" highlight-lines=""1,3,8"" style=""native"" lang=""html+php"" pyg-id=""1"" ]"" [9]=> string(6) ""<br />"" [10]=> string(1) "" "" [11]=> string(464) ""<?php //This callback registers our plug-in function wpse72394_register_tinymce_plugin($plugin_array) { $plugin_array['wpse72394_button'] = 'path/to/shortcode.js'; return $plugin_array; } //This callback adds our button to the toolbar function wpse72394_add_tinymce_button($buttons) { //Add the button ID to the $button array $buttons[] = ""wpse72394_button""; return $buttons; } ? [/code-highlight] Some amount of useless text <strong>"" [12]=> string(10) ""checkstyle"" [13]=> string(9) ""</strong>"" [14]=> string(0) """" [15]=> string(4) ""</p>"" [16]=> string(56) "" [code-highlight style=""native"" lang=""perl"" pyg-id=""2"" ]"" [17]=> string(6) ""<br />"" [18]=> string(72) "" (?:s+)(?:(/*([^*]|[rn]|(*+([^*/]|[rn])))**+/)|(//(?!.*(CHECKSTYLE)).*))"" [19]=> string(6) ""<br />"" [20]=> string(19) "" [/code-highlight] "" [21]=> string(3) ""<p>"" [22]=> string(15) ""Some Text Again"" [23]=> string(4) ""</p>"" [24]=> string(1) "" "" } }}} As you can see one shortcode was not splitted, and here the problem. If php closing tag is present (?>) than everything works fine. Problematic regex provider {{{#!php <?php function get_html_split_regex() { static $regex; if ( ! isset( $regex ) ) { $comments = '!' // Start of comment, after the <. . '(?:' // Unroll the loop: Consume everything until --> is found. . '-(?!->)' // Dash not followed by end of comment. . '[^\-]*+' // Consume non-dashes. . ')*+' // Loop possessively. . '(?:-->)?'; // End of comment. If not found, match all input. $cdata = '!\[CDATA\[' // Start of comment, after the <. . '[^\]]*+' // Consume non-]. . '(?:' // Unroll the loop: Consume everything until ]]> is found. . '](?!]>)' // One ] not followed by end of comment. . '[^\]]*+' // Consume non-]. . ')*+' // Loop possessively. . '(?:]]>)?'; // End of comment. If not found, match all input. $escaped = '(?=' // Is the element escaped? . '!--' . '|' . '!\[CDATA\[' . ')' . '(?(?=!-)' // If yes, which type? . $comments . '|' . $cdata . ')'; $regex = '/(' // Capture the entire match. . '<' // Find start of element. . '(?' // Conditional expression follows. . $escaped // Find end of escaped element. . '|' // ... else ... . '[^>]*>?' // Find end of normal element. . ')' . ')/'; } return $regex; } }}} Without any doubts this case should be included in regex. " crosp Untriaged tickets (that need a patch) 40552 Calling wp_parse_args() early, with $args as empty string, may cause fatal error Formatting normal normal Awaiting Review defect (bug) new dev-feedback 2017-04-24T15:41:28Z 2021-06-19T23:00:51Z "When running the unit test suite while working on #31245, I ran into an edge-case fatal error: {{{ Fatal error: Uncaught Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487 Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487 }}} Anytime between `functions.php` being loaded and `formatting.php` being loaded, calling `wp_parse_args()` with an empty string as the first parameter will trigger it, and I was doing this in the `wp_load_alloptions()` stack with my test code. It happens because `wp_parse_args()` calls `wp_parse_str()` when `$args` is an empty string, and because `formatting.php` is loaded well after `functions.php`, the above fatal happens. ---- It's not a bug in core today, but it could be a problem later. In my research, one place of relatively high risk is `register_setting()`. You'd need to pass an empty string as the third parameter, and it would need to be early in the stack, but it calls `wp_parse_args()` and is in `functions.php`. ---- One potential solution is to move `wp_parse_str()` out of `formatting.php` and into `functions.php`, alongside it's other `wp_parse_` siblings. Another would be to load `formatting.php` sooner." johnjamesjacoby Untriaged tickets (that need a patch) 50863 [playlist] + text = </p> error Formatting 5.4.2 normal normal Awaiting Review defect (bug) new needs-unit-tests 2020-08-06T02:49:55Z 2020-08-06T13:41:14Z "There is a bug that is very simple to reproduce - if you create a [playlist] and then add some text, such as [playlist ids=""1,2,3""] Hey everyone, check out my new songs! it will produce an html parsing error where </p> element is closed, but never opened. Thank you" hvar Untriaged tickets (that need a patch) 46966 urlencode query string parameters Formatting normal major Awaiting Review defect (bug) new 2019-04-17T22:09:07Z 2019-08-20T23:16:53Z "When adding query string arguments to a URL through add_query_arg() the arguments are not being URL encoded. An example of this {{{#!php add_query_arg( 'autofocus[panel]', 'themes', admin_url( 'customize.php' ) ) }}} The [ ] characters should URL encoded Output: /wp-admin/customize.php?autofocus[panel]=themes Expected: /wp-admin/customize.php?autofocus%5Bpanel%5D=themes " developernichemarketing Untriaged tickets (that need a patch) 60544 Allow individual blocks to be excluded from `excerpt_remove_blocks()` Formatting trunk normal normal Awaiting Review enhancement new 2024-02-14T23:16:54Z 2024-02-14T23:16:54Z "In `excerpt_remove_blocks()`, it is possible to to filter the list of block names that should be included when generating excerpt text. It should also be possible to selectively exclude (or include) individual blocks based on their individual attributes. For this to work, a new filter would need to be inserted in `excerpt_remove_blocks()` and `_excerpt_render_inner_blocks()`. I think it would then be enough to check with the existing logic as: {{{ if ( in_array( $block['blockName'], $allowed_blocks, true ) && apply_filters( 'excerpt_allowed_block', true, $block ) ) }}} Then, if I added a custom attribute to a core (e.g. paragraph) block, I could add a filter to return `false` when that attribute was detected. The current alternative for this is unhooking `wp_trim_excerpt()` from `get_the_excerpt()` entirely and then reusing it as forked code with an alternate version of `excerpt_remove_blocks()`." jeremyfelt Untriaged tickets (that need a patch) 47557 Sanitize Email Suggestion Formatting 5.2.1 normal minor Awaiting Review enhancement new needs-unit-tests 2019-06-18T15:19:58Z 2023-03-23T16:11:52Z "I am using WooCommerce and I've noticed several customer emails come through like... {{{ example@example.com1234 example@example.com1234567812345678 }}} It's mostly due to the email input being the last one before the credit card step, but these emails are passing the validation and sanitization that exists: is_email and sanitize_email. I am doing something like the following to fix... {{{#!php <?php public function clean_billing_email_address( $value ) { return trim( preg_replace( '/\d*$/', '', $value ) ); } add_filter( 'woocommerce_process_checkout_field_billing_email', 'clean_billing_email_address' ); }}} You may consider adding something like this to the sanitize_email function since no TLD ends with numbers anyways, at least at this point in time." dandersoncm Untriaged tickets (that need a patch) 46188 esc_html does not have support for multiline output. esc_br_html or line-breaking parameter for esc_html is missing Formatting 5.0.3 normal normal Awaiting Review enhancement new 2019-02-05T12:40:02Z 2019-03-02T12:24:33Z "Let's say that we want to save not a title, but a block of text in the database. So we have to support multiline escaping. Now I have to do this: {{{#!php <?php $escapedMultilineItemDescriptionArray = array_map('esc_html', explode(""\n"", $data['item_description'])); $printItemDescription = implode(""\n"", $escapedMultilineItemDescriptionArray ); $objView = new View(); $objView->itemDescription = $printItemDescription; }}} But then the reviewers at Envato and other coding standards fans are not happy that at the template file I use: {{{ <div class=""item-description""><?=nl2br($itemDescription);?></div> }}} While following the concept of of 'escaping at the template' would could be instead 'esc_br_html': {{{ <div class=""item-description""><?=esc_br_html($itemDescription);?></div> }}} or with `fuction esc_html($text, $escapeLineBreaks = FALSE) {...}` {{{ <div class=""item-description""><?=nl2br(esc_html($itemDescription, TRUE));?></div> }}} I just see a lot of confusion and misinterpreation of escaping of text that has multiple lines, and there is NO function. And we should not do explode, implode, array_map things inside the template code, as the template is for designers, and ever CSS developer has to be able easily understand the template, so there so be no explodings, implodings. " KestutisIT Future Releases 38044 Make seems_utf8() RFC 3629 compliant. Formatting 1.2.1 normal normal Future Release defect (bug) new 2016-09-13T21:07:56Z 2019-04-09T21:41:24Z `seems_utf8()` should be made [https://www.ietf.org/rfc/rfc3629.txt RFC 3629] compliant. Currently it accepts overlong sequences and surrogates, which will cause PHP functions expecting valid UTF-8 strings to fail. gitlost Future Releases 55452 `safecss_filter_attr` removes background-images with URL parameters Formatting normal normal Future Release defect (bug) new 2022-03-23T21:41:18Z 2022-04-20T20:22:16Z "If you try to add a background-image using an inline style, and the URL has query parameters (specifically, an `&`), the background-image will be stripped from the content. What seems to be happening: the `&` is encoded, and becomes `&`, and when `safecss_filter_attr` splits the `$css` into separate declarations, it does so just by [https://github.com/WordPress/wordpress-develop/blob/ee96cedcb891c6a6e5b7b30a6f1c247345161b88/src/wp-includes/kses.php#L2242 breaking on a semicolon], which breaks the URL value. For example, `background-image:url(https://fake.test/image.png?a=1&b=2);` becomes `background-image:url(https://fake.test/image.png?a=1&` and `b=2)`, and neither are valid CSS. **To reproduce:** Try adding this Media & Text block, which uses this image: [https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a005-scottw-465.jpg?w=1200&h=1200&fit=clip&crop=default&dpr=1&q=75&vib=3&con=3&usm=15&cs=srgb&bg=F4F4F3&ixlib=js-2.2.1&s=06d4e5a9962096a6010029591ae36198 https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a005-scottw-465.jpg?w=1200&h=1200…] {{{ <!-- wp:media-text {""mediaId"":null,""mediaType"":""image"",""imageFill"":true,""focalPoint"":{""x"":""0.75"",""y"":""0.72""}} --> <div class=""wp-block-media-text alignwide is-stacked-on-mobile is-image-fill""><figure class=""wp-block-media-text__media"" style=""background-image:url(https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a005-scottw-465.jpg?w=1200&h=1200&fit=clip&crop=default&dpr=1&q=75&vib=3&con=3&usm=15&cs=srgb&bg=F4F4F3&ixlib=js-2.2.1&s=06d4e5a9962096a6010029591ae36198);background-position:75% 72%""><img src=""https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a005-scottw-465.jpg?w=1200&h=1200&fit=clip&crop=default&dpr=1&q=75&vib=3&con=3&usm=15&cs=srgb&bg=F4F4F3&ixlib=js-2.2.1&s=06d4e5a9962096a6010029591ae36198"" alt="""" /></figure><div class=""wp-block-media-text__content""><!-- wp:paragraph {""placeholder"":""Content…"",""fontSize"":""medium""} --> <p class=""has-medium-font-size"">""<a rel=""noreferrer noopener"" href=""https://www.rawpixel.com/image/430579/free-photo-image-palm-tree-palm-africa"" target=""_blank"">Palm trees at Cape Town, South Africa</a>"" by Scott Webb is marked with <a rel=""noreferrer noopener"" href=""https://creativecommons.org/publicdomain/zero/1.0/?ref=openverse"" target=""_blank"">CC0 1.0</a>.</p> <!-- /wp:paragraph --></div></div> <!-- /wp:media-text --> }}} When you save and view the post, the background-image is gone." ryelle Future Releases 45702 make_clickable() doesn't handle linked text being a URL with spaces within it Formatting low trivial Future Release defect (bug) new needs-unit-tests 2018-12-19T07:22:42Z 2019-04-03T16:39:31Z "As reported in https://meta.trac.wordpress.org/ticket/3998 > {{{ > <a href=""https://codex.wordpress.org/Roles and Capabilities"">https://codex.wordpress.org/Roles and Capabilities</a> > }}} > turns into: > {{{ > <a href=""https://codex.wordpress.org/Roles and Capabilities"" rel=""nofollow""></a><a href=""https://codex.wordpress.org/Roles"" rel=""nofollow"">https://codex.wordpress.org/Roles</a> and Capabilities > }}} > Looks like either `make_clickable()` or `bbp_make_clickable()` is trying to make the URL clickable without taking the existing `<a>` tag into account. As I've commented on the ticket: ---- This is a problem in `bbp_make_clickable()`, but is also present in `make_clickable()`. Given the input string of `<a href=""https://codex.wordpress.org/Roles and Capabilities"">https://codex.wordpress.org/Roles and Capabilities</a>` both will return the invalid output. Both contain the following to correct it: {{{ return preg_replace( '#(<a([ \r\n\t]+[^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i', ""$1$3</a>"", $r ); }}} But as the resulting HTML is the following it's not matched (due to the `</a></a>` - which assumes that neither the linked text never has spaces or isn't a URL) {{{ <a href=""https://codex.wordpress.org/Roles and Capabilities""><a href=""https://codex.wordpress.org/Roles"" rel=""nofollow"">https://codex.wordpress.org/Roles</a> and Capabilities</a> }}} Adjusting the regular expression to the following does work however for this specific case: {{{ return preg_replace( '#(<a([ \r\n\t]+[^>]+?>|>))<a [^>]+?>([^>]+?)</a>([^<]*)</a>#i', ""$1$3$4</a>"", $r ); }}} As a work around, you can remove the spaces from the linked text, which avoids it: `<a href=""https://codex.wordpress.org/Roles and Capabilities"">https://codex.wordpress.org/Roles and Capabilities</a>`. ---- Also created https://bbpress.trac.wordpress.org/ticket/3237" dd32 Future Releases 40202 wpautop bad code Formatting 4.7.3 normal normal Future Release defect (bug) new 2017-03-19T09:02:06Z 2020-05-21T05:41:09Z "post content {{{ <a href=""document.htm""><div>Text</div></a> }}} generated markup - note wrong HTML {{{ <p><a href=""document.htm""></p> <div>Text</div> <p></a></p> }}} related: #40135 " jim5471 Future Releases 5250 wpautop() issue with lists Formatting 2.3 normal normal Future Release defect (bug) reopened needs-unit-tests 2007-10-24T00:32:38Z 2023-02-02T13:34:08Z "First of all, my sincere apologies if this is a duplicate. The problem, in short: WordPress inserted a number of unclosed `<p>` tags into my post. It should either insert correctly closed tags, or none at all. I honestly would prefer the former. In detail: I had HTML code very similar to this: {{{ <ul> <li>text<ul> <li>subtext</li> </ul>more text</li> </ul> }}} This was automatically converted to: {{{ <ul> <li>text<ul> <li>subtext</li> </ul><p>more text</li> </ul> }}} Note the extra `<p>` tag in the above, which is unclosed (making the W3C validator choke on my website). Also note, I was not using the WYSIWYG editor (turning it off was the first thing I did), so it's unlikely to be due to that. As a workaround, manually inserting properly closed `<p>` tags works just fine: {{{ <ul> <li>text<ul> <li>subtext</li> </ul><p>more text</p></li> </ul> }}} Since this workaround exists, the bug is not very prioritary, but it should also (hopefully) be easy to fix." Narc0tiq Future Releases 29956 Paragraphs within list items disappear in the editor when switching from text to visual and back Formatting 4.0 normal normal defect (bug) new needs-unit-tests 2014-10-14T16:42:07Z 2019-06-04T19:46:37Z "On a fresh wordpress 4.0 in the editor when I enter <ol> <li>a<p>b</p> </ol> or <ol> <li>a b </ol> and switch from text to visual and back, I get <ol> <li>ab</li> </ol> " brunni Future Releases 15918 wpautop() breaks inline tags on the same line as block tags dunno Formatting 3.0.3 normal normal defect (bug) new 2010-12-20T16:01:31Z 2019-06-04T19:43:17Z "Hi guys! I've got latest WP installation (3.0.3) and found strange bug in posts parser. Create article with following HTML: {{{ <div class=""wassup""><a href=""#"">WP IZ ASSUM</a></div> }}} Browser will get: {{{ <div class=""wassup""><a href=""#"">WP IZ ASSUM</a></div> }}} All seems to be fine! Now get rid of unnecessary div. Create article with following HTML: {{{ <a href=""#"">WP IZ ASSUM</a> }}} Browser will get: {{{ <p><a href=""#"">WP IZ ASSUM</a></p> }}} Dunno why there is extra <p> but who cares. All seems to be OK. Create article with following HTML: {{{ <figure><a href=""#"">WP IZ ASSUM</a> </figure> }}} Browser will get: {{{ <figure><a href=""#"">WP IZ ASSUM</a><br /> </figure> }}} Now isn't that cool? But check what is even cooler! Create article with following HTML: {{{ <figure><a href=""#"">WP IZ ASSUM</a> <figcaption>NO IT'S BUGGY AS HELL</figcaption> </figure> }}} Browser will get: {{{ <figure><a href=""#"">WP IZ ASSUM</a></p> <figcaption>NO IT’S BUGGY AS HELL</figcaption> </figure> }}} Wow! Say hello to invalid markup and rendering problems! Auto-closing of tags turned off. No matter of the settings I still get this nice messed up html. WYSIWYG turned off also." retrib Future Releases 29913 wptexturize should handle broken HTML consistently Formatting 1.5 normal minor defect (bug) new needs-unit-tests 2014-10-10T00:38:40Z 2019-06-04T19:46:35Z "Spunoff from ticket:29557#comment:93 because it's not that important. When encountering broken HTML, `wptexturize()` should match web browser behavior, without getting too complicated. This bug is for: 1. unclosed comments: `<!-- foo ... texturize those dots?` 2. unclosed tags: `<a ... texturize those dots?` 3. valid terrible HTML that WP probably does not need to support: `<div data-cycle-slides=""> .slides"">`. It's encouraged by the popular jQuery Cycle2 plugin, and its examples. Currently: 1. unclosed comments are handled like a browser: WP thinks it is a comment, so does not texturize the dots (turn them into `…`). 2. unclosed tags are not considered a tag, so the dots are texturized. A browser treats it as a tag, by contrast, and we don't normally texturize inside tags. The browser also hides it since it's a tag, so whatever we do is hidden. It's not that important, though it could have side effects on other parsing, plugins, etc. 3. valid terrible HTML is not parsed as a tag by WP. Fully parsing valid HTML would slow down WP. Some of this is already covered by unit tests or may be soon. Fixing (2) to be consistent with (1) would be easy." kitchin Future Releases 26759 New Generic Sanitize Functions for Core Formatting 3.8 normal normal enhancement new dev-feedback 2014-01-02T17:54:48Z 2019-06-04T19:45:16Z "Core currently supplies a number of sanitize functions: {{{ sanitize_email() sanitize_file_name() sanitize_html_class() sanitize_key() sanitize_meta() sanitize_mime_type() sanitize_option() sanitize_sql_orderby() sanitize_post_field() sanitize_text_field() sanitize_title() sanitize_title_for_query() sanitize_title_with_dashes() sanitize_user() }}} They all sanitize by usage, not by data type. As such, I (and I suspect others) wind up using these to escape things they weren't initially meant for -- for the sake of brevity, and it's just quicker and leads to tidier code. I believe it could result in better and simpler sanitizing if we were to include sanitize-by-format functions in core. For example, {{{ wp_sanitize_numeric( $raw ); // [\d] wp_sanitize_numeric_float( $raw ); // [\d\.,] allowing both commas and periods as decimal indicator and thousands seperator wp_sanitize_hex( $raw ); // [\da-f] case-insensitive wp_sanitize_alphanumeric( $raw ); // [\da-z] case-insensitive wp_sanitize_letters( $raw ); // [a-z] case-insensitive wp_sanitize( $raw, $regex ); // uses passed in regex to determine what to strip. }}} The specific functions to use are up for discussion. I'm just hoping to make it simpler for users to sanitize data by expected type. As a side note, this will let folks use `wp_sanitize_numeric()` to sanitize integers larger than `PHP_INT_MAX` -- which tumblr and twitter IDs often happen to be for imports and feeds and the like (as casting to `(int)` isn't a good idea)." georgestephanis Future Releases 22402 Stripping non-alphanumeric multi-byte characters from slugs Formatting normal normal enhancement new dev-feedback 2012-11-10T05:07:10Z 2019-06-04T19:44:12Z "`sanitize_title_with_dashes()` strips non-alphanumeric characters from a title to create a slug. Unfortunately it only strips ASCII non-alphanumeric characters. Apart from a few exceptions, all multi-byte characters are preserved. This means all non-Western (and plenty of Western) non-alphanumeric characters end up in the slug as they're treated just like any other multi-byte character. As an example, here are some common non-alphanumeric Chinese characters which would ideally be stripped from slugs, but are not: * 。 (U+3002, Ideographic Full Stop, %E3%80%82) * , (U+FF0C, Fullwidth Comma, %EF%BC%8C) * ! (U+FF01, Fullwidth Exclamation Mark, %EF%BC%81) * : (U+FF1A, Fullwidth Colon, %EF%BC%9A) * 《 (U+300A, Left Double Angle Bracket, %E3%80%8A) * 》 (U+300B, Right Double Angle Bracket, %E3%80%8B) Obviously it would be impractical to make a list of ''all'' the non-ASCII characters we want to strip from slugs. The list would be gigantic. So the question is, would it be possible to use Unicode ranges to blacklist (or whitelist) whole ranges of characters to be stripped from (or preserved in) slugs? Is this practical or even desirable? Or would it make more sense to continue using a list of just the most common multi-byte characters to be stripped? The latter makes a whole lot more sense, but the former is a more complete solution. Thoughts?" johnbillion Untriaged tickets (that need a patch) 24925 Improve no disk space error handling when updating plugins Filesystem API normal minor Awaiting Review enhancement new dev-feedback 2013-08-02T11:25:24Z 2021-07-20T23:02:17Z "I received the following uninformative error message when trying to update a plugin (roughly translated from Finnish): {{{ Error on updating BulletProof Security. Cannot create folder. /[WPDIR]/wp-content/upgrade/bulletproof-security.tmp. }}} The error was caused by not having enough disk space. The plugin update should check if that's the reason for the error and then display a more informative error message." Daedalon Untriaged tickets (that need a patch) 46561 Make wp_normalize_path() on Windows resolve drive letter for drive–relative paths Filesystem API 3.9 normal minor Awaiting Review enhancement new dev-feedback 2019-03-19T09:18:48Z 2023-03-12T08:45:38Z "Though rarely used, Windows allows to omit drive letter in file path to treat is as drive–relative. This causes inconsistency where paths pointing to the same dir are not normalized to the same representation by `wp_normalize_path()`: {{{#!php <?php var_dump( wp_normalize_path( 'C:\server\www\dev' ) ); // ""C:/server/www/dev var_dump( wp_normalize_path( '\server\www\dev' ) ); // /server/www/dev << same path, but mismatch after normalize var_dump( wp_normalize_path( realpath( '\server\www\dev' ) ) ); // C:/server/www/dev << resolved drive letter before normalize }}} I think drive letter should be explicitly resolved as part of normalization for this case." Rarst Future Releases 59917 "On windows host using ftp, Undefined array key ""islink""" Filesystem API normal normal 6.6 defect (bug) new 2023-11-16T18:02:27Z 2024-02-17T13:48:42Z "Fresh install of wordpress 6.4.1 On windows host using ftp steps to recreate: 1. Going to ""sitehealth"" page gives critical warning ftp credentials are missing for updates. 2. Google search suggested adding the following to the user added section of `wp-config.php` {{{ define('FTP_USER', 'USERNAME'); define('FTP_PASS', 'PASSWORD'); define('FTP_HOST', 'FTP.EXAMPLE.COM'); }}} 3. After this, go back to site health page. It is giving the following warnings repeatedly: {{{ Warning: Undefined array key 3 in C:\...\wp-admin\includes\class-ftp.php on line 457 Warning: Undefined array key ""islink"" in C:\...\wp-admin\includes\class-wp-filesystem-ftpsockets.php on line 695 Warning: Undefined array key ""perms"" in C:\...\wp-admin\includes\class-wp-filesystem-ftpsockets.php on line 700 Warning: Undefined array key ""islink"" in C:\...\wp-admin\includes\class-wp-filesystem-ftpsockets.php on line 695 }}}" antonmo Future Releases 24780 Use error handlers rather than the error suppression operator Filesystem API normal normal Future Release defect (bug) new 2013-07-17T01:14:56Z 2023-09-07T09:39:17Z "In various places in core (and included libraries, such as pclzip, FTP and phpass), the error suppression operator is used to suppress warnings and notices. However, this also suppresses fatal errors, which makes it a huge pain for debugging. The big one here is `fopen`, where it is used to suppress warnings when opening a handle fails. For normal files, this is fine since the only errors generated are warnings. When using streams and custom stream handlers, these can generate errors which are really hard to find with this. (I ran into this with the App Engine plugin, where the SDK method generates a fatal error if the mode is `a`, which is used with error suppression in `win_is_writable()`.)" rmccue Untriaged tickets (that need a patch) 44283 Enclosure can't deal with CDN media files - WPCore redirects the URL Feeds 4.9.6 normal normal Awaiting Review defect (bug) new dev-feedback 2018-05-31T15:36:55Z 2021-06-07T09:58:21Z "When using WP as audio collection, RSS2 is needed to get podcasts spread around f.i. to iTunes ect.\\ \\ To validate the feed right from WP 4.9.6 at http://www.feedvalidator.org from source https://ferrie.audio/cat/podcasts/feed/ we recieve several errors where the most important one is the **redirection** of CDN URL's to WP URL\\ \\ **example:** **cdn.**ferrie.audio/blablabla/Can-You-hear-Me.m4a - the CDN.(= AWS3) location of the file\\ **becomes:** ferrie.audio/blablabla/Can-You-hear-Me.m4a\\ \\ **without** the CDN. urlprefix there is no audio stream - all streams are at CDN.\\ adding the CDN. urlprefix enclosure by hand and then save the blogpost results is 2 enclosures - 1 with CDN. - 1 without\\ adding the enclosure but NOT save the blogpost shows the correct enclosure - but - the RSS output shows the URL **without** the CDN. urlprefix\\ \\ have been looking into the /wp-includes/feed.php - but there is for me no place to find where this redirection takes place - an feed expert might be able to correct this problem - sorry that i can't - i'm no coder i make music." researcher Untriaged tickets (that need a patch) 37763 Target server overload due to invalid RSS feed URL in RSS widget stevenkword Feeds 4.6 normal normal Awaiting Review defect (bug) assigned 2016-08-22T11:09:00Z 2017-10-26T18:31:00Z "Was roped into helping a friend figure out why a Wordpress site he managed was constantly registering 100% CPU usage. Turns out that they used the RSS widget and had it pointed to an RSS feed for their site. At some point the RSS feed had been deactivated and began generating a 404, and the server began getting four or five calls ''per second'' to the feed URL, effectively DoSing their own server. Although the widget was displayed on every page, they only average a few hundred unique visitors a day, so the number of requests from the widget far exceeded the number of page views. I took some time trying to figure out why it might be doing this, but decided to stop looking through the trash WordPress code when I got to the fetch_feed() function. I just don't care enough. But I do care if there is a bug that causes that many requests when the feed URL returns a 404. I don't know how often feed names are changed or removed, but this could cause a huge number of unwanted requests. My initial guess is that the SimplePie class is like ""oh hey a 404 how about I try again. oh hey a 404 how about I try again. oh hey a 404 how about I try again. oh hey a 404 how about I try again."" until it tires itself out. But like I said, too much trash code to care since I'm not getting paid to fix it. Summary: 1. RSS Widget on page. 2. Invalid RSS feed URL, pointed to same server as page, returned a 404. 3. Generated a number of requests for the RSS feed that was substantially higher than the number of page views. 4. Caused 100% CPU usage on server." bstovall Untriaged tickets (that need a patch) 49171 Trying to get property 'post_type' of non-object in wp-includes/link-template.php on line 682 Feeds normal normal Awaiting Review defect (bug) new 2020-01-11T17:19:45Z 2020-06-04T17:34:55Z "Hi there, I believe this maybe a bug or at least an unchecked condition (post/page does not exist) throwing the above error. I have legit crawlers visiting that cause these errors. Running 5.3.2. All plugins disabled (except for Health Check & Troubleshooting). Theme: Twenty. How to re-produce : https://your.site.com/news2020/feed/atom/ It is key that the slug for the post/page does NOT (NO longer) exists. Stack trace: 1. {main}() /Users/me/root/index.php:0 2. require() /Users/me/root/index.php:17 3. require_once() /Users/me/root/wp-blog-header.php:19 4. do_action() /Users/me/root/wp-includes/template-loader.php:13 5. WP_Hook->do_action() /Users/me/root/wp-includes/plugin.php:478 6. WP_Hook->apply_filters() /Users/me/root/wp-includes/class-wp-hook.php:312 7. redirect_canonical() /Users/me/root/wp-includes/class-wp-hook.php:288 8. is_front_page() /Users/me/root/wp-includes/canonical.php:498 9. WP_Query->is_front_page() /Users/me/root/wp-includes/query.php:456 10. WP_Query->is_page() /Users/me/root/wp-includes/class-wp-query.php:3879 PHP Notice: Trying to get property 'post_type' of non-object in /Users/me/root/wp-includes/link-template.php on line 682 A variant (same sort of problem) throws an error in class-wp-query.php with the following: https://your.site.com/news2020/feed/ " ronald2020 Untriaged tickets (that need a patch) 47470 XML parsing error: undefined entity (revisited) Feeds 5.2.1 normal normal Awaiting Review defect (bug) new 2019-06-03T18:55:49Z 2019-06-03T23:45:13Z "After 10 years, bug #8464 seems to be back in 5.2.1 On a completely fresh install (no plugins, default theme) I added a tag with a ' (single quote) in the title. This converts to ’ in the feed title. This in turn, generates {{{ This feed does not validate. line 11, column 9: XML parsing error: <unknown>:11:9: undefined entity }}} for the tag's feed on https://validator.w3.org/feed/ See https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2F2607.fr%2Ftag%2Flapostrophe%2Ffeed%2F for example" RavanH Future Releases 59945 About the feed name specified in the add_feed() Feeds 1.5 normal normal 6.6 defect (bug) new 2023-11-22T02:51:18Z 2024-02-17T13:49:13Z "There is no restriction on the first parameter of the add_feed function, but if it starts with ""_"" it will not function properly. {{{ function feed2_callback( $is_comment_feed, $feed ) { header( 'Content-Type: application/xml; charset=UTF-8', true ); echo '<?xml version=""1.0"" encoding=""UTF-8"" ?>'; ?> <rss version=""2.0"" xmlns:content=""http://purl.org/rss/1.0/modules/content/"" xmlns:dc=""http://purl.org/dc/elements/1.1/"" xmlns:atom=""http://www.w3.org/2005/Atom"" > <title>Test wp_die <![CDATA[WordPress &rsaquo; Error]]> 404 }}} This is not a problem with the code I tried, but because the ""_"" at the beginning of the feed name is removed in the do_feed function. {{{ function do_feed() { global $wp_query; $feed = get_query_var( 'feed' ); // Remove the pad, if present. $feed = preg_replace( '/^_+/', '', $feed ); }}} This process results in an action name of 'do_feed_' . **'feed2'** when $feed is '_feed2'. Since this is not done in the add_feed function and the action name specified in the add_action function is 'do_feed_' . **'_feed2'**, it appears that the two action names do not match, resulting in the error indicated in the response. Should I remove the leading '_' in the feed name in the add_feed function or not remove the '_' in the do_feed function? In any case, I would like to see consistency in the handling of feed names. " tmatsuur Future Releases 34128 Tests_Feed_RSS2::test_channel fails when WP_TESTS_TITLE contains an apostrophe Feeds normal normal defect (bug) new needs-unit-tests 2015-10-02T14:12:16Z 2019-06-04T19:52:26Z "If the site configuration contains an apostrophe in the site title, the test_channel unit fails. {{{ 1) Tests_Feed_RSS2::test_channel Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Rob's Test Blog' +'Rob's Test Blog' }}} The happens with either of the following configurations: {{{ define( 'WP_TESTS_TITLE', 'Rob\'s Test Blog' ); }}} and {{{ define( 'WP_TESTS_TITLE', 'Rob's Test Blog' ); }}}" miqrogroove Untriaged tickets (that need a patch) 51990 Codemirror does not support JSX by default as mentioned External Libraries 5.5.3 normal major Awaiting Review defect (bug) new reporter-feedback 2020-12-09T13:57:14Z 2022-08-24T19:04:52Z "Hi, I found an issue with the core code. It is mentioned on this link that the CodeMirror lib will support JSX by default in the editor. https://make.wordpress.org/core/2017/10/22/code-editing-improvements-in-wordpress-4-9 But when I use JSX mode, I do see an invalid System error in the editor. Please see this image: https://user-images.githubusercontent.com/1482075/100721177-eab92a00-33b6-11eb-84c8-a15da679d79d.png {{{ { indentUnit: 2, tabSize: 2, mode: 'jsx' } }}}" webbdeveloper Untriaged tickets (that need a patch) 54739 Upgrade PHPMailer to 5.2.27 for WordPress < 5.3 (and to 6.5.3 for above 5.4) External Libraries normal normal Awaiting Review defect (bug) new dev-feedback 2022-01-04T16:59:56Z 2022-01-19T13:18:43Z "In WordPress 5.3 the PHP Mailer library was updated to the latest version from the 5.2-branch. See #40472 In WordPress 5.5 the PHP Mailer library was updated to the new version 6. See #41750 As background updates are available from 3.7 on we could update the PHP mailer library down to version 3.7 to protect those installations from being abused for spamming. I checked https://wordpress.org/about/stats/ and WordPress installations with version smaller than 5.3. These sum up to 24.15 %. We only can background update from 3.7, so we need to look at WordPress 3.7 to 5.2 which shows us 18,52 % of all installation which are unprotected. This would at least close two from those three known security problems with this version: https://www.cybersecurity-help.cz/vdb/phpmailer_sourceforge_net/phpmailer/5.2.22/ Quoted from https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27: > Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. The same goes for WP 5.5 to 5.8 -> WordPress 5.5 (PHP Mailer 6.1.6) -> WordPress 5.6 (PHP Mailer 6.2) -> WordPress 5.7 (PHP Mailer 6.3) -> WordPress 5.7.2 (PHP Mailer 6.4) -> WordPress 5.7.3 (PHP Mailer 6.5.0) WordPress 5.9 will contain PHP Mailer 6.5.3 as the latest version. As version 6.4.1 and 6.5 are security releases this could be relevant too: https://github.com/PHPMailer/PHPMailer/releases?q=security&expanded=true Although this is related to security it seems that the other tickets about updating this library are handled in public so I created this one here too." zodiac1978 Untriaged tickets (that need a patch) 52926 mobile compatibility library sortable list input field ignores touch event External Libraries 5.7 normal normal Awaiting Review defect (bug) new 2021-03-27T03:54:44Z 2021-05-26T02:22:35Z "The ability to edit a WP backend menu item custom url input field has not worked on my iPad iOS 14.4.1 using Safari and Chrome. Any text input field simply doesn't respond. Select choice list controls recognize touch. I am using Admin Menu Editor Version 1.9.9 plugin. On Mar 26, 2021, at 08:56, Janis Elsts wrote: Unfortunately, it looks like it's currently not feasible to fix this issue. It appears that problem is in one of the JS libraries that is part of WordPress itself. It's a mobile compatibility library that's supposed to translate touch events into simulated mouse events. It doesn't seem to work correctly when you tap an input field that's inside a sortable list, like the menu item list in Admin Menu Editor. I don't have enough mobile development experience to replace the existing JS library with something better, so this bug may remain unfixed until/unless WordPress core developers fix the underlying issue." edtorrey Untriaged tickets (that need a patch) 43733 Replace Underscores.js with Lodash.js adamsilverstein External Libraries normal normal Awaiting Review task (blessed) assigned dev-feedback 2018-04-10T14:30:08Z 2023-07-17T23:20:28Z "Should we replace Underscores.js with Lodash.js? [https://wordpress.slack.com/archives/C5UNMSU4R/p1523367735000195 Discussed in Slack today (April 10th, 2018)]. It was suggested for converting WP Core to lodash, [https://github.com/facebook/jscodeshift jscodeshift] could be leveraged. Here is a list of [https://github.com/lodash/lodash/wiki/Migrating API pairings between lodash and underscores]. Concerns: Lodash 5.0 is set to have some [https://github.com/lodash/lodash/wiki/Roadmap backwards incompatible changes] that could make the migration awkward. General backwards compatibility concerns as well. How do we want to handle Backwards Compat? Most likely only core will be changed, and a migration path/tool will be offered out to theme/plugin authors." ChopinBach Future Releases 59991 Included imagesLoaded libary broken External Libraries 6.4 normal normal 6.6 defect (bug) new dev-feedback 2023-11-30T10:48:57Z 2024-02-17T14:24:15Z On the current WordPress release version, the included imagesLoaded javascript file is broken. The minified file appears to include two minified versions of the actual script and breaks functionality. To reproduce, see wp-includes/js/imagesloaded.min.js. physalis Future Releases 42780 Code Editor: Linter (HTMLHint) should show error if checkbox doesn't have associated