__group__ ticket summary owner component _version priority severity milestone type _status workflow _created modified _description _reporter Needs Patch 60803 Include fonts directory in `get_space_used()` calculation Editor normal normal Awaiting Review defect (bug) new 2024-03-19T02:46:16Z 2024-03-19T02:46:16Z "As font files can be uploaded by users other than the network administrators on multisite installs, the `get_space_used()` function may need to be modified to include the new folder. This will ensure that all files are considered when calculating the amount of upload space available for individual sites on a multi-site install. This isn't super urgent in the early days of the font library so can wait until a 6.5 point release." peterwilsoncc Needs Patch 60802 Enable debug mode / debug options in site health Site Health normal minor Awaiting Review feature request new close 2024-03-18T19:34:03Z 2024-03-18T21:31:48Z "Debugging is a necessity for any developer and for WordPress users in general. As it stands now debug mode and the related debug options can only be enabled through manually editing the wp-config file to add or adjust wp-config constants. This makes debugging harder to access for everyone, and even more difficult to access for users that are either not familiar with ftp/ssh or who only have wp-admin access and not access to the filesystem. Adding toggle options for debugging mode in the Site Health tools wp-admin page would make troubleshooting errors and issues easier and more accessible for all users with administrator access. As a bonus, this would also decrease the demand on web host technical support because users would be more equipt to identify plugin conflicts, php errors and other issues independently. Proposed Site Health Options: - 'Enable debugging on/off' -- WP_DEBUG true/false with false as default and subtext about only setting to true/on for troubleshooting bc of adverse performance effects. - 'Enable debug log on/off' -- WP_DEBUG_LOG true/false - set to true/on as default and - Site Health could and should have a tab to view contents of debug logs within wp-admin (maybe -tail 30 or the last 30-50 results, potentially could improve on this to hide duplicate entries, to hide warnings and notices and to grep/search for keywords) - 'Show errors on front end on/off' - WP_DEBUG_DISPLAY true/false with a default to false so as not to expose debugging to end users and this could also have a toggle option to display errors only in wp-admin pages and not on the front end - Debugging should be set to never display on the front end in the first place as a default (ever), that could probably be it's own ticket - This could be expanded on to include toggle settings for SCRIPT_DEBUG and SAVEQUERIES constants " amykamala Needs Patch 60801 New sessions are created when user authenticates but there already are active sessions Login and Registration 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-18T18:28:41Z 2024-03-18T21:07:37Z "**The problem:** When a user logs in to WordPress a new session is created. If the user opens a new browser tab and navigates to website/wp-admin, the user does not need to authenticate because of the session cookies are saved in the browser, which is the expected behaviour. The same happens even when the user closes the browser completely and reopens it within the duration of that session. However, if the user navigates to the URL *website/wp-login.php* on the website they are already logged in, the user is presented with a login page, and upon authenticating WordPress creates a new session and new cookies etc, instead of ""retrieving"" the existing logged-in session. **How to reproduce:** 1. Log in to a WordPress website 2. Open a new browser tab on the same browser (you can close the previous one) 3. Navigate to the login page of the same website you are already logged in to: *website/wp-login.php* 4. Log in At this point there are two different sessions for the same user in the database and in the browser the user has multiple sets of cookies for the different sessions. **The issues this causes:** 1. Excessive amount of unnecessary session data in the database. We've seen some large websites with tens of thousands of session entries in the database. 2. Site admins who try to control / limit / manage the number of simultaneous user sessions with third party plugins end up having a lot of problems, such as locking out legit users etc **Possible solution?:** There are a few possible solutions, however, the easiest one we can think of is to check for session cookies in the users' browsers whenever they access the *wp-login.php*, and if there are, retrieve that session." robert681 Needs Patch 60800 Twenty Twenty-One: prevent PHP 8 fatal error from non-string in $tags_list Bundled Theme normal normal 6.6 defect (bug) new 2024-03-18T16:07:35Z 2024-03-18T18:05:23Z "In `/inc/template-tags.php` there is a call to `get_the_tag_list()` - https://themes.trac.wordpress.org/browser/twentytwentyone/2.1/inc/template-tags.php#L154 The only check on the return value is an `if` condition. The problem is that a few lines down ( 159 ) it is required to be a string. But the `get_the_tag_list()` function is documented as being able to return `string|false|WP_Error` - https://developer.wordpress.org/reference/functions/get_the_tag_list/ When a `WP_Error` object is returned and used in the string context of the `printf()` a fatal error happens in PHP 8.1: {{{ PHP Fatal error: Uncaught Error: Object of class WP_Error could not be converted to string in twentytwentyone/inc/template-tags.php:159 }}} The `if` condition should be updated to ensure that the `printf()` only gets called if the return value of `get_the_tag_list()` is indeed a string. Something like: {{{ if ( is_string( $tags_list ) ) { }}}" josephscott Needs Patch 60799 Change the Header Tag in Link Modal from

to

for Better Accessibility TinyMCE 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-18T15:38:57Z 2024-03-18T15:38:57Z "=== Problem: Currently, the WordPress link insertion modal in the text editor uses an

tag for its title (""Insert/edit link""). This can create accessibility issues, as multiple

tags on a single page can confuse screen readers and undermine the semantic structure of the content, potentially leading to a poor user experience for people with disabilities. === Proposed Solution: I suggest changing the

tag in the link insertion modal to a

tag, or alternatively to a tag if the heading level is not appropriate in the context of the modal's use. This change would improve the semantic HTML structure and enhance accessibility by maintaining a proper heading hierarchy. === Justification: According to the HTML5 specification and accessibility guidelines, a page should have a clear and logical heading hierarchy. The main content should start with an

tag, followed by

,

, and so on. The current use of an

tag in the link modal disrupts this hierarchy, especially since this modal can appear on any page regardless of the existing heading structure. Implementing this change will make WordPress more accessible and compliant with WCAG (Web Content Accessibility Guidelines) standards, which is crucial for users relying on screen readers and for SEO best practices. === Steps to Reproduce: 1. Go to the WordPress text editor. 2. Click on the 'Add link' button to open the link insertion modal. 3. Inspect the modal's title element, which is currently marked up as an

. === Possible Implementation: The change can be implemented by modifying the HTML structure in the core WordPress files where the link modal is defined. Additionally, testing should be conducted to ensure that this change does not affect the modal's functionality and that it enhances the accessibility as intended. I am looking forward to the community's input on this proposal and am happy to contribute to the implementation and testing phases. " lyonmuller Needs Dev / Bug Wrangler Feedback 60798 Investigate potentially failing Imagick PDF alpha channel test Media normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-18T11:30:17Z 2024-03-18T11:31:33Z "The test `\Tests_Image_Editor_Imagick::test_remove_pdf_alpha_channel_should_remove_the_alpha_channel_in_preview()` was introduced in #39216 / [56271]. On some hosting providers, this test appears to be failing with errors such as this: {{{ Tests_Image_Editor_Imagick::test_remove_pdf_alpha_channel_should_remove_the_alpha_channel_in_preview The intermediate size could not be retrieved. Failed asserting that false is of type ""array"". /tmp/wp-test-runner/tests/phpunit/tests/image/editorImagick.php:680 }}} Examples: https://make.wordpress.org/hosting/test-results/r57849/wpsabot-r57849/ https://make.wordpress.org/hosting/test-results/r57848/wetopibot-r57848/ We should investigate this failure to see whether it's an issue in core or with the hosting provider. The test mentions ""Ghostscript version >= 9.14"", so maybe it's just a matter of skipping the test if the installed Ghostscript version (`gs --version` I think) is older than that." swissspidy Needs Patch 60796 An error for page and post without revisions support Posts, Post Types 6.4 normal normal Awaiting Review defect (bug) new 2024-03-18T10:03:04Z 2024-03-18T10:03:04Z "Since **6.4.0** the `$revisions_enabled` argument was added to the arguments array of `register_meta()` function (https://developer.wordpress.org/reference/functions/register_meta/#changelog). For post and page with disabled revisions support there is an error: Error: Function register_meta was called incorrectly. Meta keys cannot enable revisions support unless the object subtype supports revisions. Please see Debugging in WordPress for more information. (This message was added in version 6.4.0.). In register_block_core_footnotes() function `revisions_enabled` argument is permanently set to true and it's makes this error." danielpietrasik Needs Patch 60794 Central Payment Gateway API for WordPress and All Plugins Plugins normal major Awaiting Review enhancement new 2024-03-18T03:02:49Z 2024-03-18T18:13:30Z "I think it's time to add a built-in payment gateway API to WordPress. Each plugin develops its own API and we develop custom plugins for each plugin. This is ridiculous. Imagine if there was a centralized API and PayPal, Stripe or any payment gateway was integrated for that API. All other plugins will use that API." beycanpress Has Patch / Needs Testing 60793 wp_trigger error has a wrong wp_kses $allowed_html arguement. Formatting 6.4 normal normal Awaiting Review defect (bug) new has-patch 2024-03-18T02:04:16Z 2024-03-18T02:15:45Z "Elements and attributes need to be array keys, not values. Came with: https://core.trac.wordpress.org/changeset/56707 Fix: https://github.com/WordPress/wordpress-develop/pull/6285" nico23 Has Patch / Needs Testing 60791 Pre-populate slug using URL parameters on new post edit screen. Posts, Post Types normal normal Awaiting Review enhancement new has-patch 2024-03-17T06:29:23Z 2024-03-17T15:28:10Z "get_default_post_to_edit() allows to pre-populate `post_title`, `content`, and `excerpt` from `$_REQUEST`. This URL will pre-populate the title and the content: /wp-admin/post-new.php?post_type=post&post_title=My+Title&content=aaaa I have an use case where I need to do the same for the `post_name`: https://wordpress.org/support/topic/set-title-and-slug-of-new-post-using-url-parameters/ I have a shortcode that allows me to load content from a custom post type, and it searches by slug (it needs to be this way for UX reasons). If the post with the provided slug doesn't exist, I register an admin notice alerting that the shortcode is trying to load an unexisting post, and offer a link to create the missing post with the specified slug. I need the slug to be pre-populated with the URL parameter, just as it is possible to do for title, content, and excerpt." gerardreches Needs Patch 60790 Editor has encountered an unexpected error Editor trunk normal normal Awaiting Review defect (bug) new 2024-03-16T10:02:59Z 2024-03-16T10:02:59Z "During the customization of the Blog template, an unexpected error was encountered by the editor when changing the line height after uploading a custom font. " shilpamanoj Needs Dev / Bug Wrangler Feedback 60789 Administration Email Address: Allow method to deactivate Administration normal normal Awaiting Review feature request new close 2024-03-16T01:23:43Z 2024-03-18T21:12:43Z "As a manager of many client sites, my email address is used on a lot of sites in the ""Administration Email Address"" in Settings > General. Over time, clients move to other vendors, and sometimes this happens without the opportunity to change the Administration Email Address before it is moved. In many cases, this email address remains unchanged for years, and I continue to receive software update, user account, and other emails for accounts I have no contact with, and no way to access to change the setting. This has been mentioned by other WordPress developers as well, and I believe it is a widespread problem, although one easy to dismiss on a day-to-day basis. I did a search through Trac tickets and didn't see anything like it, so I am posting this ticket in hopes that a solution can be reached. Ideally, I'd like to see a solution that includes a time-sensitive link (similar to new account registrations) that would allow the owner of the admin to click through to the link, and agree to have the email address removed as the ""Administration Email Address""." andrewhoyer Needs Patch 60788 Content-Disposition support in download_url() seems broken HTTP API 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-16T01:12:30Z 2024-03-16T01:12:30Z " In https://core.trac.wordpress.org/changeset/51939 a change was made to resolve ticket https://core.trac.wordpress.org/ticket/38231 to make `download_url()` use the `Content-Disposition` header to specify the name of the downloaded file. I realize I'm a bit late to the party here since the ticket was opened more than 7 years ago and the change was made more than 2 years ago, but I think that this change was flawed and needs to be reconsidered (and possibly reverted entirely). The way it was implemented seems fundamentally broken and has the effect of making `download_url()` basically impossible to use reliably. Consider the following simple PHP script named `echo.php`: {{{#!php 'secupress', 'fields' => [] ) ); }}} Since the doc says ''""@type bool $contributors Whether to return the list of contributors. **Default false**.""'' I should not receive this field. Let see the response: {{{#!php string(37) ""SecuPress Free — WordPress Security"" [""slug""]=> string(9) ""secupress"" [""version""]=> string(7) ""2.2.5.1"" [""author""]=> string(44) ""SecuPress"" [""author_profile""]=> string(41) ""https://profiles.wordpress.org/secupress/"" [""contributors""]=> array(4) { ... }}} There is. Same for those params that are ""false"" by default but still included: ""sections"", ""versions"", ""reviews"", ""banners"", ""active_installs"" (I don't know for ""group"", can't get the thing). Also there is one param that is not affected by the arguments passed and always returned: ""num_ratings"". Finally there is some fields that are always returned where the doc can't help, I tried to use they array keys to cancel them, no chance, this is : ""author', ""author_profile"" (those 2 may be forced, that's ok), ""support_threads"", ""support_threads_resolved"", ""upgrade_notice"", and ""requires_plugin"" (I know it's new, but don't forget it) The patch may have to be done on w.org since this is the site that add too much data and to not respect the passed parameters. Thanks for your time" juliobox Needs Patch 60782 The method parameter is never used. General normal normal Awaiting Review enhancement new 2024-03-15T10:58:56Z 2024-03-15T11:27:28Z The function update_home_siteurl() has two parameters that newer used in the function block. patelmohip Needs Dev / Bug Wrangler Feedback 60781 Expand or modify wp_get_environment_type function to allow more environment types Bootstrap/Load 5.5.1 normal normal Awaiting Review enhancement new dev-feedback 2024-03-15T09:49:27Z 2024-03-15T11:29:04Z "Currently the [https://developer.wordpress.org/reference/functions/wp_get_environment_type/ wp_get_environment_type()] function only allows 4 environment types: {{{#!php $wp_environments = array( 'local', 'development', 'staging', 'production', ); }}} But there are projects that have multiple environment types (CI, CD, pre-production, UAT, etc.). So if you define the `WP_ENVIRONMENT_TYPE` to anything outside of these 4 environments, you'll end up with serving the `production` environment. A trivial example would be where you'd like to change the color of your admin UI based on environments. I mean, sure you can use something like {{{defined('WP_ENVIRONMENT_TYPE') ? WP_ENVIRONMENT_TYPE : 'production'}}}, but what's the point of the `wp_get_environment_type` function then? One alternative is to expand the `$wp_environments` variable with some of the industry most-used terms. Or just remove this check, and just return the value of `defined('WP_ENVIRONMENT_TYPE') ? WP_ENVIRONMENT_TYPE : 'production'` check." dingo_d Changes Requested 60780 Twenty Twenty :- Button block having issue with letter spacing Bundled Theme 6.4.3 normal normal Awaiting Review defect (bug) new changes-requested 2024-03-15T09:34:25Z 2024-03-18T11:13:32Z "Steps to reproduce the issue :- 1. Activate Twenty Twenty theme. 2. Choose Button block. 3. Add text. 4. Now change the letter spacing. You can able to see there is no difference in letter spacing in editor and front side both. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/mpT4l41VskS7J26DB23b" nidhidhandhukiya Needs Dev / Bug Wrangler Feedback 60778 Twenty Twenty-Three Theme: The Quote block style is not working as expected. Bundled Theme normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-15T07:13:01Z 2024-03-15T10:06:33Z "Hello, I have reviewed and found that the ""**Quote**"" block style is not working as expected into the **Twenty Twenty-Three** theme. Here, I have attached video: Issue: [https://share.cleanshot.com/78X9q3xkwy0kkT5HvHFL] Thanks," viralsampat Needs Patch 60777 New terms created when a term with commas is added in post editor Posts, Post Types 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-14T17:35:07Z 2024-03-14T17:35:07Z "When a taxonomy term has commas e.g ""Red, yellow & green"" and you add the term to a post in the post editor, the term gets added but new terms get created for the words before and after each comma. E.g you add the term ""Red, yellow & green"" to your post. That term will get added. However, you will also notice that two new terms have been created called ""Red"" and ""yellow & green"". Not sure if this is the case with both Gutenberg enabled." awesiome Needs Patch 60776 Pullquote block having minor difference in spacing between editor and front side Editor 6.4.3 normal normal Awaiting Review defect (bug) new close 2024-03-14T15:34:47Z 2024-03-19T05:00:13Z "Steps to reproduce the issue :- 1. Activate Twenty Twenty Four theme. 2. Choose Pullquote block. 3. Add text and background to check the proper difference in both side. Now check both the side editor and front. You can able to see spacing difference in editor and frontend. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/D39PTHnJ6TrspTC8XYMw" nidhidhandhukiya Needs Patch 60775 Twenty Twenty Four :- Search block having issue with the width when we add first time. Bundled Theme 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-14T15:21:47Z 2024-03-14T15:21:47Z "Steps to reproduce the issue :- 1. Activate Twenty Twenty theme. 2. Choose Search block. 3. Give Width in px without change it in % or anything apply as defalut. Now check both the side editor and front. You can able to see no difference in width of search block. Now change the width from the given option for example :- 25% You can able to see a difference in editor and front end both. Now change width paramater which is changed in %, Make it px and then change value. You can able to see difference in width of search block in editor and front both the side. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/hVRc9FjRz5PnKPCsVhrs" nidhidhandhukiya Commit Candidates 60774 Make the user_login field readonly instead of disabled on the profile screen audrasjb* Users normal normal 6.6 enhancement accepted commit 2024-03-14T11:34:38Z 2024-03-14T14:18:12Z "This came up in an accessibility audit of one of the sites I work on. On the profile edit screen in wp-admin, the username is displayed using an input field with the `disabled` attribute. This field is skipped by screen readers, which leads to a ""loss of information"" for visually impaired users. It's better to use `readonly` here. This is exactly what the field is used for, and readonly fields are read by screen readers." roytanck Needs Patch 60773 Add a new Post from the editor Editor normal normal Awaiting Review enhancement new 2024-03-14T10:23:55Z 2024-03-14T11:34:51Z " When you are in the editor of an existing Post, there is no way to add a new Post from there. You need to go back to ""View Posts"" -> ""Add New Post"". I would love to have this new usability feature added in the core." klevismiho Has Patch / Needs Testing 60770 TimeZone select box compatibility with RTL directions Administration trunk normal normal Awaiting Review enhancement new has-patch 2024-03-13T15:35:10Z 2024-03-13T16:55:59Z "This patch fixes the time zone select box compatibility with RTL directions It sets auto direction which makes the options value compatible with both RTL and LTR directions " farhad0 Needs Patch 60769 Block Hooks: Consolidate approach to get the list of hooked blocks. General normal normal Awaiting Review enhancement new 2024-03-13T14:28:40Z 2024-03-13T14:28:40Z "Our current approach to getting hooked blocks has two parts to it: 1. We use `get_hooked_blocks()` to get all of the hooked blocks which are hooked from the `block.json` file. 2. In function `insert_hooked_blocks` we apply the filter callbacks (passing a derived value from step 1 as the default value) to get hooked blocks that are applied by the `hooked_block_types` filter. Currently it's a bit confusing and without knowledge you'd assume `get_hooked_blocks()` would retrieve ''all'' of the hooked blocks. Additionally it feels like you have to run a few different pieces of code separately and combine their resulting values to get a complete picture which could result in some bugs or unnecessary complexities. I feel there's room for improvement to provide a better API for getting all of the hooked blocks by consolidating these two approaches into a single function somehow. How this to work we would also need to know the current context so we can pass that data to the filter callbacks." tomjcafferkey Needs Dev / Bug Wrangler Feedback 60766 i have faching this error how can i fix this General 6.4.3 normal major Awaiting Review defect (bug) new close 2024-03-13T07:32:45Z 2024-03-13T16:08:17Z " `Warning: require(C:\xampp\htdocs\Nieuprawny/wp-includes/sodium_compat/autoload.php): Failed to open stream: No such file or directory in C:\xampp\htdocs\Nieuprawny\wp-includes\compat.php on line 338` `Fatal error: Uncaught Error: Failed opening required 'C:\xampp\htdocs\Nieuprawny/wp-includes/sodium_compat/autoload.php' (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\Nieuprawny\wp-includes\compat.php:338 Stack trace: #0 C:\xampp\htdocs\Nieuprawny\wp-settings.php(34): require() #1 C:\xampp\htdocs\Nieuprawny\wp-config.php(96): require_once('C:\\xampp\\htdocs...') #2 C:\xampp\htdocs\Nieuprawny\wp-load.php(50): require_once('C:\\xampp\\htdocs...') #3 C:\xampp\htdocs\Nieuprawny\wp-blog-header.php(13): require_once('C:\\xampp\\htdocs...') #4 C:\xampp\htdocs\Nieuprawny\index.php(17): require('C:\\xampp\\htdocs...') #5 {main} thrown in C:\xampp\htdocs\Nieuprawny\wp-includes\compat.php on line 338`" rajgt1 Has Patch / Needs Testing 60765 Typography Presets Editor trunk normal normal 6.6 defect (bug) new has-patch 2024-03-13T04:54:33Z 2024-03-13T05:36:36Z " We should pass theme.json settings to global preset or style value-generating callbacks. Currently `value_func` callable properties in `PRESETS_METADATA` do not have access to the current theme JSON settings. An example: `wp_get_typography_font_size_value()` needs to know other theme.json settings in order to correctly output values. Styles generated by `WP_Theme_JSON::get_stylesheet` outside a WordPress instance, using custom settings will therefore have no effect. See bug issue for further details: https://github.com/WordPress/gutenberg/issues/58135 This ticket is to sync the following Gutenberg PR: https://github.com/WordPress/gutenberg/pull/58362 " ramonopoly Has Patch / Needs Testing 60763 Allow resizing the indivigual content areas in Appearance / Menus Menus trunk normal normal Awaiting Review enhancement new has-patch 2024-03-12T20:54:27Z 2024-03-12T20:57:22Z "The space to select posts, pages and custom posts for dropping into the menu is restricted to 200px height which makes it really difficult to select posts/pages when creating/editing menus. The user experience will be greatly improved if the section can be resized." namith.jawahar Needs Patch 60759 Block Hooks: Harmonize ignoredHookedBlocks metadata injection logic General normal normal 6.6 enhancement new 2024-03-12T15:15:43Z 2024-03-12T16:59:33Z "As of [57790] and https://github.com/WordPress/gutenberg/pull/59561, both the Templates and the Navigation endpoints use the [https://developer.wordpress.org/reference/hooks/rest_pre_insert_this-post_type/ `rest_pre_insert_*`] filter to inject the `ignoredHookedBlocks` metadata attribute into anchor blocks, prior to persisting a template, template part, or navigation menu to the database. [https://wordpress.slack.com/archives/C02RQBWTW/p1709650462126059?thread_ts=1709649022.232249&cid=C02RQBWTW It has been requested] that these methods be harmonized, i.e. to use the `inject_ignored_hooked_blocks_metadata_attributes` filter for both templates/parts and navigation menus. In particular, this would allow removing some of the filters that are currently present in the Navigation block in favor of more ""generic"" functions. Conceptually, the relevant filters are indeed quite similar; the major difference is that the one for the Navigation block (`block_core_navigation_update_ignore_hooked_blocks_meta`) injects a `_wp_ignored_hooked_blocks` post meta into the `wp_navigation` post object, in order to allow hooked blocks to be inserted as a Navigation block's first or last child (see #59743). To harmonize the filters, we would thus have to add a conditional in `inject_ignored_hooked_blocks_metadata_attributes` to set the post meta if the post type is `wp_navigation`. (Later on, we might consider extending this to include template parts, where it might also be desirable to insert hooked blocks as a Template Part block's first or last child; however, this should be tackled separately, in order not to conflate refactoring and adding new functionality.) ---- Eventually, it might also be possible to harmonize injection of hooked blocks (which happens upon reading from the database, unlike the injection of the `ignoredHookedBlocks` attribute discussed above, which happens upon writing to it.)" Bernhard Reiter Needs Patch 60756 Block Hooks: Toggle (re-)inserts hooked block in wrong position (if added by filter) General normal normal Awaiting Review defect (bug) new 2024-03-12T13:59:51Z 2024-03-12T14:48:27Z "As of [https://github.com/WordPress/gutenberg/pull/59396 this change], Block Hook toggles are displayed for hooked blocks that were added by a filter (rather than during block registration), ''if the containing template or template part has had user modifications''. (Displaying the toggle also for ''un''modified templates/parts is the subject of #59574, see especially https://core.trac.wordpress.org/ticket/59574#comment:13.) There is still one more problem with these toggles: If the user disables the toggle to remove the hooked block, and then re-enables it to re-insert the latter, it's not possible for the client to infer ''where'' to insert it. Instead, it simply defaults to (re-)inserting it ''after'' the anchor block. The reason is that once the hooked block is removed, no information about its position relative to its anchor block is available. The only available information is the `ignoredHookedBlocks` metadata attribute on the anchor block, which is an array of hooked block type names (e.g. `[""core/loginout"",""mycommerce/shopping-cart""]`). They do however not include the relative position of these hooked blocks. (This was considered in the original ticket #59646 for enabling Block Hooks in modified templates/parts, but ultimately dismissed.)" Bernhard Reiter Needs Patch 60753 "Fatal error: Uncaught Error: Class ""wpdb"" not found in load.php" General normal normal Awaiting Review defect (bug) new 2024-03-12T07:29:07Z 2024-03-12T19:47:02Z "Hello, after updated php version in WordPress, i can't show admin login and errors are: Fatal error: Uncaught Error: Class ""wpdb"" not found in /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-includes/load.php:428 Stack trace: #0 /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-settings.php(120): require_wp_db() #1 /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-config.php(98): require_once('...') #2 /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-load.php(37): require_once('...') #3 /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-admin/admin.php(34): require_once('...') #4 /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-admin/index.php(10): require_once('...') #5 {main} thrown in /home/mhd-01/www.xxxxxxxx.it/htdocs/wp-includes/load.php on line 428 Is there any ideas about can i resolve this? Thanks. I would login and not show any errors in my site on WordPress." danlelbachhuber Needs Patch 60752 Fatal error: Uncaught Error: Class 'WpOrg\Requests\Hooks' not found General normal normal Awaiting Review defect (bug) new 2024-03-12T07:15:27Z 2024-03-12T19:36:57Z "I've been getting the same error message the last few days...makes me think it has something to do with the update? I've tried: disabling plugins, and downloading/removing themes and reinstalling twenty twenty-one. I'm new to WordPress, therefore have no backup, and at a complete loss here. Any guidance is much appreciated! Fatal error: Uncaught Error: Class 'WpOrg\Requests\Hooks' not found in /home/sites/17a/3/36b2a5154b/practicalpathways/wp-includes/class-wp-http-requests-hooks.php:18 Stack trace: #0 /home/sites/17a/3/36b2a5154b/practicalpathways/wp-settings.php(249): require() #1 /home/sites/17a/3/36b2a5154b/practicalpathways/wp-config.php(92): require_once('/home/sites/17a...') #2 /home/sites/17a/3/36b2a5154b/practicalpathways/wp-load.php(50): require_once('/home/sites/17a...') #3 /home/sites/17a/3/36b2a5154b/practicalpathways/wp-admin/admin.php(34): require_once('/home/sites/17a...') #4 /home/sites/17a/3/36b2a5154b/practicalpathways/wp-admin/index.php(10): require_once('/home/sites/17a...') #5 {main} thrown in /home/sites/17a/3/36b2a5154b/practicalpathways/wp-includes/class-wp-http-requests-hooks.php on line 18 Notice: Function is_embed was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see Debugging in WordPress for more information. (This message was added in version 3.1.0.) in /home/sites/17a/3/36b2a5154b/practicalpathways/wp-includes/functions.php on line 5865 Notice: Function is_search was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false. Please see Debugging in WordPress for more information. (This message was added in version 3.1.0.) in /home/sites/17a/3/36b2a5154b/practicalpathways/wp-includes/functions.php on line 5865" moustifi Needs Patch 60750 Warning: these pages should not be the same as your Privacy Policy page! General 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-11T20:20:54Z 2024-03-11T20:20:54Z On Settings > Reading this message appears. The Privacy Page is NOT SELECTED. The homepage is another page and that is what is selected. There is nothing else in there. OctoTooT Needs Patch 60748 auth_redirect() login check doesn't exist or doesn't work Login and Registration normal normal Awaiting Review defect (bug) new 2024-03-11T13:11:38Z 2024-03-11T13:33:04Z "The `auth_redirect()` documentation states: ""Checks if a user is logged in, if not it redirects them to the login page."" [https://developer.wordpress.org/reference/functions/auth_redirect/] However, unless a call to `auth_redirect()` is wrapped inside a `is_user_logged_in()` check, then it always sends people to the login page (even if a user is already logged in). I don't know if the documentation is incorrect or if there is a bug in the code. To reproduce, all you need to do is something like this: {{{#!php 'string', 'author__not_in' => 'string', 'category__and' => 'string', 'category__in' => 'string', 'category__not_in' => 'string', 'post__in' => 'string', 'post__not_in' => 'string', 'post_name__in' => 'string', 'post_parent__in' => 'string', 'post_parent__not_in' => 'string', 'tag__and' => 'string', 'tag__in' => 'string', 'tag__not_in' => 'string', 'tag_slug__and' => 'string', 'tag_slug__in' => 'string', }}} Using most of the above query args in a `WP_Query::get_posts()` call result in a PHP fatal. Things that expect scalars: {{{ 'attachment' => array(), 'author_name' => array(), 'feed' => array(), }}} Using any of the above query args result in a PHP fatal on a default WP installation: {{{ alex@wayra core % cat .wp-env.json { ""core"": null } }}} http://localhost:8888/?attachment[]=admin {{{ Fatal error: Uncaught TypeError: urlencode(): Argument #1 ($string) must be of type string, array given in /var/www/html/wp-includes/formatting.php:5683 Stack trace: #0 /var/www/html/wp-includes/formatting.php(5683): urlencode(Array) #1 /var/www/html/wp-includes/class-wp-query.php(2183): wp_basename(Array) #2 /var/www/html/wp-includes/class-wp-query.php(3824): WP_Query->get_posts() #3 /var/www/html/wp-includes/class-wp.php(696): WP_Query->query(Array) #4 /var/www/html/wp-includes/class-wp.php(816): WP->query_posts() #5 /var/www/html/wp-includes/functions.php(1336): WP->main('') #6 /var/www/html/wp-blog-header.php(16): wp() #7 /var/www/html/index.php(17): require('/var/www/html/w...') #8 {main} thrown in /var/www/html/wp-includes/formatting.php on line 5683 }}} http://localhost:8888/?author_name[]=admin {{{ Fatal error: Uncaught TypeError: str_contains(): Argument #1 ($haystack) must be of type string, array given in /var/www/html/wp-includes/class-wp-query.php:2358 Stack trace: #0 /var/www/html/wp-includes/class-wp-query.php(2358): str_contains(Array, '/') #1 /var/www/html/wp-includes/class-wp-query.php(3824): WP_Query->get_posts() #2 /var/www/html/wp-includes/class-wp.php(696): WP_Query->query(Array) #3 /var/www/html/wp-includes/class-wp.php(816): WP->query_posts() #4 /var/www/html/wp-includes/functions.php(1336): WP->main('') #5 /var/www/html/wp-blog-header.php(16): wp() #6 /var/www/html/index.php(17): require('/var/www/html/w...') #7 {main} thrown in /var/www/html/wp-includes/class-wp-query.php on line 2358 }}} http://localhost:8888/?feed[]=admin {{{ Fatal error: Uncaught TypeError: str_contains(): Argument #1 ($haystack) must be of type string, array given in /var/www/html/wp-includes/class-wp-query.php:1018 Stack trace: #0 /var/www/html/wp-includes/class-wp-query.php(1018): str_contains(Array, 'comments-') #1 /var/www/html/wp-includes/class-wp-query.php(1868): WP_Query->parse_query() #2 /var/www/html/wp-includes/class-wp-query.php(3824): WP_Query->get_posts() #3 /var/www/html/wp-includes/class-wp.php(696): WP_Query->query(Array) #4 /var/www/html/wp-includes/class-wp.php(816): WP->query_posts() #5 /var/www/html/wp-includes/functions.php(1336): WP->main('') #6 /var/www/html/wp-blog-header.php(16): wp() #7 /var/www/html/index.php(17): require('/var/www/html/w...') #8 {main} thrown in /var/www/html/wp-includes/class-wp-query.php on line 1018 }}}" xknown Needs Patch 60739 Wrong redirection when installing with URI rewrite Upgrade/Install 3.7 normal normal Future Release defect (bug) new 2024-03-10T22:54:12Z 2024-03-13T21:48:16Z "I have a server where the users can build their own WordPress installations. The URL of such installation is like: https://example.com/u/user/wpfolder/ The folder on disk is like: /srv/http/public_html_user/wpfolder But when the user tries to run the installation setup, an automatic redirection leeds to the following incorrect address: https://example.com/wpfolder/wp-admin/setup-config.php (notice that /u/user/ is missing) So: - REQUEST_URI is '/u/user/wpfolder' - My document root is '/srv/http/public_html_user/' - Therefore the document URI (relative to this document root) is '/wpfolder/index.php' - And the $_SERVER[PHP_SELF] value is '/wpfolder/index.php' I have found that the problem comes from the wp_guess_url function in wp-includes/functions.php file (line 6218): {{{#!php add( 'invalid_email', __( 'Error: There is no account with that username or email address.' ) ); $errors->add( 'invalid_email', __( 'Error: The email address is not correct.' ) ); $errors->add( 'user_email', __( 'Error: The email address is not correct.' ), array('form-field' => 'email', ) ); }}} The 1st is an error message when you try to login using an email address that is not used as a user in this site, the key is ""invalid_email"" The 2nd is an error message when you try to register a new user with an email address that is not correctly formatted, the key is ""invalid_email"" The 3rd is an error message when you try to update your personal profile with an email address that is not correctly formatted, the key is ""user_email"" So we have 2 keys and 2 messages (like ""A1 A2 B2"", should be ""A1 B2 B2"") but the message 2 is sharing both, we should clearly decide is ""invalid_email"" is when the email does not exists in our site OR when the email is not correctly formatted. I suggest that the 2nd message should share the ""user_email"" and let the ""invalid_*"" for the login stuff, like we already have ""invalidcombo"" or ""invalid_username"" that shares the same kind of issue. thanks for your reading time" juliobox Needs Reporter Feedback / Steps To Reproduce 60735 Problem: Updating failed. The response is not a valid JSON response General 6.4.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2024-03-09T02:50:17Z 2024-03-09T12:20:40Z "I encountered an error message when publishing or updating. Due to a mistake in a wrong sentence, the error message appears. You will get the error message ""Updating failed. The response is not a valid JSON response"". Why did it happen? - WordPress 6.4.3 running theme GeneratePress. - .htaccess file according to wp settings - Permalinks postname settings - Already started with HTTPS - REST API no 404 error message" r3ndy Needs Patch 60734 Deregistering Open Sans Script Loader 6.4.3 normal normal Awaiting Review enhancement new 2024-03-09T02:15:43Z 2024-03-09T10:31:21Z "I have wasted an entire day trying to figure out why my Open Sans styles were not applying. This is counterproductive/suboptimal. As it turns out, Open Sans was packed in WP back in 2014, which is fine by me. More info: #28478 However it is **not** immediately **obvious** one needs to `wp_deregister_style('open-sans');` before he can register his own style. Please, consider making an exception and make `wp_register_style()` automatically `wp_deregister_style(X)` if X equals 'open-sans'. Otherwise consider other courses of action that may prevent others from incurring in the same problem I did. Thanks. " ecv80 Needs Patch 60733 GitHub Actions updates and improvements for 6.6 Build/Test Tools normal normal 6.6 task (blessed) new 2024-03-09T01:05:07Z 2024-03-09T01:07:53Z " This ticket is for various updates and improvements for Core's GitHub Actions workflows. Previously: - 6.5 (#59805) - 6.4 (#58867) - 6.3 (#57865) - 6.2 (#57572) " desrosj Commit Candidates 60732 Update old document URLs to new ones audrasjb* General normal minor 6.6 enhancement accepted commit 2024-03-08T15:53:24Z 2024-03-12T06:51:33Z "Some articles that was in https://wordpress.org/documentation/ was moved under https://developer.wordpress.org/advanced-administration/ and the old URLs has a redirect. However URLs in php files still refer to the old ones so I thought the URLs should be updated to avoid unnecessary redirects." mkismy Needs Patch 60729 YouTube embed start= Embeds 6.4.3 normal minor Awaiting Review defect (bug) new 2024-03-08T07:24:54Z 2024-03-08T07:24:54Z "Hi. I am experiencing an issue where I am seeing the video start time being either randomized or shifted for each load. Expected behavior: YouTube video embedded with a timestamp like {youtube_url}start=5064, video starts at 1:24:24 each time video is loaded on a blog post. Issue 1: if ""resize for smaller devices"" is active the start point is randomized before posting. E.g. at 5064 it start approximately 30 seconds before it should (say 5034). I shift the start time to 5094 to try and compensate, resulting in it starting earlier than previously (say 5004). I leave it at 5064 and publish the blog post, with the result of it starting at 0 seconds (incognito mode, fresh browser, logged in). Issue 2: Resize for smaller devices is turned off. Now the first time the video is loaded it starts where it is supposed to start at 5064 seconds (steps: start video -> refresh page -> start video -> refresh -> ...). But, for each time the blog post is loaded and the viewers presses play, the start time shifts back approximately 30 seconds. This does not happen in incognito mode, here it loads at the correct timestamp each time the page is reloaded and video started." chrdre Needs Patch 60728 Install/upgrade latest supported version of plugin, when latest version of plugin is not supported Plugins trunk normal normal Future Release defect (bug) new close 2024-03-07T20:49:11Z 2024-03-14T13:38:00Z "== Expected behaviour == When a user finds a plugin to install and the latest version requires a newer version of WordPress, an older version of that plugin which does support the installed version of WordPress is installed. When a user goes to the plugins page to update their plugins, the user is prompted to install newer versions of a plugin which still support the installed version of WordPress. == Actual behaviour == User is presented with an error telling them that the plugin doesn't support their version of WordPress and can't be installed. User is not shown any updates available for plugins where the latest version doesn't support the installed version, even if dozens of newer versions are available which do support it. == Problem == This becomes a particular problem when using something like the Debian packaged version of WordPress (where the version will only be updated every 2 years) when combined with plugins (e.g. Yoast) that, for some reason, keep increasing the minimum version every few months to the latest release. In the above situation, the user upgrades to a newer version of WordPress, but the plugin has already made a new release that requires an even newer version of WordPress. Thus the user doesn't get any notification or easy way to upgrade a plugin which is now several years old and doesn't work with the installed version of WordPress." Dreamsorcerer Needs Patch 60727 Allow fine-grained control of when to use oEmbed for providers outside the explicit list Embeds normal normal Awaiting Review enhancement new 2024-03-07T18:30:45Z 2024-03-07T18:30:45Z "WordPress maintains a list of appvoed oEmbed providers. Developers are able to add or remove providers from this list. WordPress also attempts to see if URLs, outside the provider list, support oEmbed - and if they do, it uses oEmbed for them. Unfortunately, this is currently an ""all or nothing"" appraoch. You can either agree to use all these random sites oEmbed, or none. I'd love to see a filter added to control whether or not a specific URL, outside the provider list, should use oEmbed. For reference, our specific use case is we want to continue supporting oEmbed for the vast majority of sites that support it - but we've identified some specific domains that do a poor job of oEmbed, and we'd like to only turn it off for those domains." MadtownLems Needs Patch 60726 The WordPress core password reset needs to pre-populate the username to meet WCAG 2.2 joedolson* Login and Registration normal normal 6.6 defect (bug) accepted 2024-03-07T17:09:25Z 2024-03-07T19:33:35Z "According to new WCAG 2.2 success criterion for [https://www.w3.org/TR/WCAG22/#dfn-processes 3.3.7 redundant entry]. The criterion establishes that information previously entered by or provided to the user that is required to be entered again the same process is either: * auto-populated, or * available for the user to select There are 3 exceptions: * re-entering the information is essential, * the information is required to ensure the security of the content, or * previously entered information is no longer valid. Once the user has performed the process of requesting a new password, the redirected form should have the username filled-in to pass. As of now, this is the form that the user is redirected to: " estelaris Has Patch / Needs Testing 60724 TT2: Wrap Navigation block in Row within the header.html template part Bundled Theme trunk normal normal 6.6 defect (bug) new has-patch 2024-03-07T12:20:57Z 2024-03-13T09:31:10Z Now that the Block Hooks API has been released as part of WordPress 6.4 3PDs may want to insert their own blocks into the header of the TT2 theme, specifically after the Navigation block. This currently causes problems because the Navigation block and it's siblings are treated as flex items due to its parent being a Row block. tomjcafferkey Has Patch / Needs Testing 60723 TT3: Wrap Navigation block in Row within the header.html template part tomjcafferkey Bundled Theme trunk normal normal 6.6 enhancement assigned has-patch 2024-03-07T12:11:25Z 2024-03-13T09:31:37Z Now that the Block Hooks API has been released as part of WordPress 6.4 3PDs may want to insert their own blocks into the header of the TT3 theme, specifically after the Navigation block. This currently causes problems because the Navigation block and it's siblings are treated as flex items due to its parent being a Row block. tomjcafferkey Needs Reporter Feedback / Steps To Reproduce 60722 incorrect display of mail due to outdated version of PHP mailer Mail 6.4.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2024-03-07T10:47:34Z 2024-03-18T14:59:57Z "Good morning, I am experiencing problems when displaying order confirmation emails and contact forms from multiple WordPress websites. This code is displayed first in the emails: Content-Type: text/html; charset=UTF-8 I've already been looking into what could be causing it. There it was indicated that it was due to the PHP Mailer version of WordPress. Could it be that the PHP Mailer update is not current with the new version (6.4.3) of WordPress? Yours sincerely, Diana" studiodv Needs Patch 60721 redirect_canonical suddenly causes issues with paramter values and CDN Canonical 6.4.3 normal minor Awaiting Review defect (bug) new 2024-03-07T07:31:07Z 2024-03-07T07:31:07Z "Hi there, I was just wondering if anything has changed regarding https://developer.wordpress.org/reference/functions/redirect_canonical/? `https://some-domain.tld/?my_param=a+a` triggers a 301 redirect to `https://some-domain.tld/?my_param=a a` Now our CDN is set to pass URLs with `my_param` straight on to WordPress. Since that response with a 301, that's what gets cached by the CDN and causes a redirect loop. Is that something new? I hadn't had that issue before, but also not 100% sure if I sent a value like ""a+a"" before. Trying to figure out why this redirect loop happens now after years. I'll leave that ticket to be a bug, but if nothing has changed in redirect_canonical() then I guess it can just be closed. Thanks for your help." retrovertigo Has Patch / Needs Testing 60719 Add fonts upload location to Site Health report Site Health normal normal 6.6 enhancement new has-patch 2024-03-07T06:05:53Z 2024-03-12T16:54:27Z Just like Site Health lists the paths to the plugins/themes/uploads directories, we should list the path to the fonts directory (and its size) there as well. swissspidy Needs Patch 60718 Awareness of permission after updating cores, themes and plugins Upgrade/Install trunk normal normal Awaiting Review enhancement new 2024-03-07T04:41:04Z 2024-03-07T05:46:41Z "This is the major security concern now a day when people install/update plugins or themes on DEV/STAG/PROD after changing respective directory permission from **755** (7=rwx 5=r-x 5=r-x) to **777** (7=rwx 7=rwx 7=rwx) Once installation/updation is complete, people forget to restore directory permission, and due to this, hackers might inject scripts into those directories. To prevent this, we have to check directories and file permissions for it and give the notice on top of the admin section. It will help to reduce security threats. " Girishpanchal Needs Patch 60717 Font Library: Add an ability to replace font General trunk normal normal Awaiting Review enhancement new 2024-03-07T03:31:40Z 2024-03-17T18:54:01Z Instead of the error or notice that the font already exists, the font library should allow replacing the font. Sometimes a font can be corrupted for some reason, and you need to update it. So, the better flow should be to ask the users if they want to replace the font(s). oglekler Needs Patch 60716 "Font Library: Replace error message ""A font face matching those settings already exists"" with notice" General trunk normal normal Awaiting Review defect (bug) new 2024-03-07T03:25:56Z 2024-03-17T18:53:45Z If the font already exists, it is not an error, and should not scare the user. oglekler Has Patch / Needs Testing 60713 remove 'array_merge(...)' is used in a loop and is a resources greedy construction. from generate_rewrite_rules pbearne Rewrite Rules normal normal Awaiting Review defect (bug) assigned has-patch 2024-03-07T00:06:18Z 2024-03-12T18:03:03Z pbearne Needs Patch 60710 save_post_{$post->post_type} hook returns inconsistent $_POST['tax_input'] format Taxonomy 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-06T19:55:52Z 2024-03-06T19:55:52Z "In the save_post_{$post->post_type} hook: **Case 1**: If we do not make any changes to the taxonomy `$_POST['tax_input'][$term]` returns a comma delimited string WITH a space. Output Example: ''Maple, Spring, Summer, Winter'' **Case 2**: If we modify the taxonomy (adding or removing), it eliminates the space: Output Example: ''Spring,Summer,Winter'' Proposed solution, eliminate the space in the first case for consistency. " jenUnderscore_ Needs Patch 60708 REST page 2 item 0 === page 1 item 99 when requesting 100 posts from a post type REST API 6.4.3 normal major Awaiting Review defect (bug) new 2024-03-06T16:39:22Z 2024-03-11T06:51:24Z "in our case of a custom WP post type default REST API call page 2 item 0 === page 1 item 99 when requesting 100 items per page. (as of writing this.) Demo: https://deananddavid.com/wp-json/wp/v2/catering_article?lang=de&orderby=menu_order&order=asc&_fields=acf,catering_category,featured_media,id,title&per_page=100&page=1 https://deananddavid.com/wp-json/wp/v2/catering_article?lang=de&orderby=menu_order&order=asc&_fields=acf,catering_category,featured_media,id,title&per_page=100&page=2 This is no issue when requesting 99 items per page." vialars Has Patch / Needs Testing 60706 Tests: Reduce usage of assertEquals for 6.6 Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2024-03-06T06:55:52Z 2024-03-06T06:56:39Z "Follow-up to: * #59655 (6.5) * #58956 (6.4) * #57855 (6.3) * #56800 (6.2) * #55654 (6.1) * #54726 (6.0) * #53364 (5.9) * #52482 (5.8) * #38266 (5.7) The `assertEquals()` test method does not check that the types of the expected and actual values match. This can hide subtle bugs especially when the values are falsey. Tasks: * Switch to using `assertSame()` when the type of the value in the assertion is important * Replace overall usage of `assertEquals()` with type-strict assertion methods, with the aim of potentially removing its usage altogether To help ease the effort of merging tests, changes should also be made upstream in the Gutenberg repository." SergeyBiryukov Has Patch / Needs Testing 60705 Test tool and unit test improvements for 6.6 Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2024-03-06T06:53:46Z 2024-03-06T06:58:16Z "Previously: * #59647 (6.5) * #58955 (6.4) * #57841 (6.3) * #56793 (6.2) * #55652 (6.1) * #54725 (6.0) * #53363 (5.9) * #52625 (5.8) * #51802 (5.7) * #51344 (5.6) This ticket is for various fixes and improvements in PHPUnit tests that don't have a more specific ticket, as well as general improvements to the GitHub Actions workflows that run automated testing." SergeyBiryukov Needs Patch 60701 Bump default theme versions for WordPress 6.6 Bundled Theme normal normal 6.6 task (blessed) new 2024-03-06T05:03:35Z 2024-03-06T05:03:35Z "All bundled themes from 2010 to 2024 will need a version bump for the 6.6 release. Previously: #59816 - 6.5 #58832 - 6.4 #57857 - 6.3 #57689 - 6.2 #56450 - 6.1 #55754 - 6.0 #54783 - 5.9 #53277 - 5.8 #52704 - 5.7 #51919 - 5.6 #50889 - 5.5 #49743 - 5.4" mukesh27 Has Patch / Needs Testing 60700 Coding Standards fixes for WP 6.6 General normal normal 6.6 task (blessed) new has-patch 2024-03-06T05:03:13Z 2024-03-18T15:44:26Z "Previously: - #59650 (6.5) - #58831 (6.4) - #57839 (6.3) - #56791 (6.2) - #55647 (6.1) - #54728 (6.0) - #53359 (5.9) - #52627 (5.8) - #51799 (5.7) - #50767 (5.6) - #49542 (5.5) - #49222 (5.4) - #47632 (5.3) - #45934 (5.1)" mukesh27 Needs Patch 60699 Docblock improvements for 6.6 General normal normal 6.6 task (blessed) new 2024-03-06T04:57:35Z 2024-03-11T14:06:52Z "Previously: - #59651 (6.5) - #58833 (6.4) - #57840 (6.3) - #56792 (6.2) - #55646 (6.1) - #54729 (6.0) - #53399 (5.9) - #52628 (5.8) - #51800 (5.7) - #50768 (5.6) - #49572 (5.5) - #48303 (5.4) - #47110 (5.3) - #46543 (5.2) - #42505 (5.1) - #41017 (4.9) - #39130 (4.8) - #37770 (4.7) - #32246 (4.6)" SergeyBiryukov Needs Patch 60698 Add optimized set lookup class. General trunk normal normal Awaiting Review feature request new 2024-03-06T01:18:34Z 2024-03-06T01:18:34Z "In the course of exploratory development in the HTML API there have been a few times where I wanted to test if a given string is in a set of statically-known strings, and a few times where I wanted to check if the next span of text represents an item in the set. For the first case, `in_array()` is a suitable method, but isn't always ideal when the test set is large. {{{#!php contains( '¬in' ) ) { … } while ( true ) { $was_at = $at; $at = strpos( $text, '&', $at ); if ( false === $at ) { $output .= substr( $text, $was_at ) break; } $name = $named_character_reference->read_token( $text, $at ); if ( false !== $name ) { $output .= substr( $text, $was_at, $at - $was_at ); $output .= $named_character_replacements[ $name ]; $at += strlen( $name ); continue; } // No named character reference was found, continue searching. ++$at; } }}} ---- Further, because WordPress largely deals with large and relatively static token sets (named character references, allowable URL schemes, file types, loaded templates, etc…), it would be nice to be able to precompute the lookup tables if they are at all costly, as doing so on every PHP load is unnecessarily burdensome. A bonus feature would be a method to add and a method to remove terms. ---- In [https://github.com/WordPress/wordpress-develop/pull/5373 #5373] I have proposed such a `WP_Token_Set` and used it in [https://github.com/WordPress/wordpress-develop/pull/5337 #5337] to create a spec-compliant, low-memory-overhead, and efficient replacement for `esc_attr()`. The replacement `esc_attr()` is able to more reliably parse attribute values than the existing code and it does so more efficiently, avoiding numerous memory allocations and lookups." dmsnell Has Patch / Needs Testing 60696 Block hooks: Allow insertion of a hooked block with attributes Editor normal normal Awaiting Review enhancement new has-patch 2024-03-05T21:07:33Z 2024-03-05T21:16:21Z "Previously, the `hooked_block_types` and `hooked_block_{$hooked_block_type}` filters were introduced to allow templates to be extended with blocks by third parties. While those two filters work well with unique blocks, they prove challenging when working with generic blocks that can be customized via attributes. Attempting to hook a block into an area that has already inserted the same block type, but with different attributes won't work with the existing filters. [This PR](https://github.com/woocommerce/woocommerce/pull/44860) demonstrates how attempting to set attributes via the `hooked_block_{$hooked_block_type}` filter will overwrite all of the same block types that have been hooked in. It may be possible that block hooks aren't the appropriate venue for this API, but a way to insert blocks with attributes into templates is quite useful, even in the context of the core editor. **Requirements: ** * [ ] Allow insertion of blocks with block attributes in a single filter * [ ] Allow checking anchor block properties before inserting hooked blocks * [ ] (optional, but preferred) Allow nesting hooked blocks onto previous hooked blocks" joshuaflow Has Patch / Needs Testing 60695 Links in the admin-menu are generated incorrectly for mu-plugins Administration normal normal Awaiting Review defect (bug) new has-patch 2024-03-05T15:27:57Z 2024-03-05T16:05:37Z "The function _wp_menu_output in wp-admin/menu-header.php checks if a file exists in the WordPress plugin directory. But it never checks if the file exists in the mu-plugins directory. The result of this is that some plugins behave in an unexpected way when moved to mu-plugins. Especially their admin-menus stop working. One example of such a plugin is WPML. E.g. lines 165-175: {{{#!php $arrow""; } else { echo ""\n\t$arrow""; } }}} Better would be: {{{#!php $arrow""; } else { echo ""\n\t$arrow""; } }}} Not how the code in the 5th line only checks for WP_PLUGIN_DIR and not for WPMU_PLUGIN_DIR. This happens a few more times in this function. " partiellkorrekt Needs Dev / Bug Wrangler Feedback 60694 INDEX command denied to user 'wordpress'@'localhost' for table 'wp_trp_dictionary_bg_bg_en_us' Upgrade/Install 6.4.3 normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-05T15:14:32Z 2024-03-05T15:14:32Z "Fresh install of Version 6.4.3. The only active plugin is TranslatePress - Multilingual Version 2.7.2 (Akismet and Hello Dolly are installed but not active). Loggin in as admin, the following error is displayed: INDEX command denied to user 'wordpress'@'localhost' for table 'wp_trp_dictionary_bg_bg_en_us'. phpMyAdmin shows that the wordpress user does not have the 'INDEX' privilege. Is there a reason why the INDEX privilege not be enabled for the wordpress database user?" 4x4ever Needs Dev / Bug Wrangler Feedback 60693 """Previously approved comment"" for logged out users bug" Comments 6.4.3 normal normal Awaiting Review defect (bug) new dev-feedback 2024-03-05T14:30:41Z 2024-03-07T17:00:03Z "When ""Comment author must have a previously approved comment"" is checked in the discussion settings, comments made by registered users who are logged out, go to moderation every time. The check comment function looks for previous comments under their user id but if they have only commented while logged out, no id is recorded. This bug has caused our users and our team major frustration. Can someone please address? Thanks!" jmorti Needs Dev / Bug Wrangler Feedback 60692 Plugin dependencies: Allow a mu-plugin to fulfil a dependency Upgrade/Install trunk normal normal 6.6 enhancement new dev-feedback 2024-03-05T10:59:05Z 2024-03-05T12:00:04Z "See discussion on #60504 for background. An inactive plugin that has a dependency that is fulfilled by a mu-plugin is prevented from being activated as its dependency is considered unfulfilled. It should be possible for a mu-plugin to fulfil a plugin dependency. It may be that a new filter or a default mu-plugin loader needs to be introduced so facilitate this." johnbillion Needs Patch 60690 Consistency in Theme Update Warnings in Menu Menus normal normal Awaiting Review enhancement new 2024-03-05T10:29:33Z 2024-03-05T10:29:33Z "When plugins are plugins pending update, a warning appears under ""Plugins"". However, even if are pending theme updates, the same warning does not appear under ""Appearance"". Considering that the security issues of an outdated theme can be the same as those of an outdated plugin, I think we should display the same warning in both cases. In the following image you can see a site with an outdated theme and plugin. At a glance you can only see a warning about ""Plugins"", but no warning about ""Apparence"", only inside ""Apparence > Themes"". Although ""Apparence"" has no updates, it would be nice to have the same warning as in ""Plugins"". I am attaching pictures to illustrate this." Marc4 Needs Dev / Bug Wrangler Feedback 60689 Concerning use of external libraries External Libraries normal normal Awaiting Review feature request new dev-feedback 2024-03-05T08:20:16Z 2024-03-05T10:17:53Z "As you get more advanced in using wordpress the need arises to use external libraries like bootstrap,font library,icon libraries,tailwind etc,off course this can be added using insert code plugins.the biggest disadvantage of this is that 1.you cannot maintain libraries version 2.You cannot delete the libraries. This problem can be solved through a feature request to create an interface to manage external libraries.In this feature: 1.User adds external libraries through a url 2.user can edit the libraries url 3.user can delete the libraries,libraries ceases to exist in the wordpress environment 4.Ability of the interface to distinguish/or give user opportunity to distinguish between and }}} (again, you see ‘&‘ instead of just ‘&’) You can find these issues on: https://forcesail.ru/" forcesail Needs Dev / Bug Wrangler Feedback 59538 Theme update message showing user wrong theme popup Themes 6.3.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-10-04T11:47:21Z 2023-10-06T11:54:22Z "When you are updating the theme and another theme popup is opened then the theme updated message shows on the opened popup twice message. Video link: https://www.awesomescreenshot.com/video/21305588?key=95614ad9bc790ca5d1a26fa52a2e75e9" praful2111 Needs Reporter Feedback / Steps To Reproduce 59537 Quote toolbar is not shown for mobile view Editor 6.4 normal minor defect (bug) assigned reporter-feedback 2023-10-04T11:42:28Z 2023-12-04T19:39:23Z "1. Create a post 2. Add a quote 3. Check that the capture toolbar in the quote block is shown 4. Change screen size (ex. 768X1024) 5. Quote toolbar is not shown " oksankaa Needs Patch 59535 Page/Post scrolls up while converting quotes to paragraph Editor 6.3.1 normal minor Awaiting Review defect (bug) new 2023-10-04T11:37:35Z 2023-10-05T04:40:02Z "I found this while testing the capture toolbar for the quote block for WordPress 6.4 beta2, but was able to reproduce it in 6.3.1. == Issue In the block editor, Page/Post scrolls up while converting a quote to a paragraph. == Steps to Reproduce 1. Open a post or page. 2. Insert Title and long text so that scroll bar appears. 3. At the end insert quote block 4. Write a quote and citation 5. Click on the block so that quote block toolbar appears 6. Click on quote icon (first icon in the quote toolbar) 7. Click on transform to ""Paragraph"" == Actual Result: Page/Post scrolls up while converting a quote to a paragraph. == Expected Result: Page/Post should not scroll up while converting a quote to a paragraph. " hardikgohil Needs Patch 59529 Twenty Fourteen: Search bar showing on different line on iPadOS 17 Bundled Theme normal major Awaiting Review defect (bug) new 2023-10-04T01:38:45Z 2023-10-18T14:55:52Z "The search toggle element doesn't show on the same level as the menu for iPadOS 17 devices — that is both when checking on Chrome and Safari. 1. Get a device with iPadOS 16 and reproduce it showing as expected: https://wp-themes.com/twentyfourteen/ 2. Update to iPadOS 17 and see the issue with the search on Safari or Chrome PS: I'm considering this major severity as the issue is on an important part of a default theme — even if it's an old theme and we can only reproduce on IOS 17 devices. Originally reported by @fgruen here: https://wordpress.org/support/topic/display-problem-with-search-box-on-apple-ipad/?view=all" foosantos Needs Patch 59525 Add filter for `get_mu_plugins()` Plugins normal normal Awaiting Review enhancement new 2023-10-03T16:33:45Z 2023-10-25T22:35:43Z "In https://core.trac.wordpress.org/ticket/57278, there was a need to be able to filter MU-plugins on the UI. However, for WP-CLI, when we call `wp plugin list` for MU-plugins, it calls `get_mu_plugins()`. It'd be nice if it was filterable to match the changes on the UI end. It does look like WP-CLI does have the filter `all_plugins` for the drop-in plugins at https://github.com/wp-cli/extension-command/blob/17b16548b5775616dcbbd92f7836e67bba02e8ba/src/WP_CLI/Fetchers/Plugin.php#L23 to match Core's at https://github.com/WordPress/WordPress/blob/2a2cbb3b497fa1b95f15b0d11a47a761fa2ccc21/wp-admin/includes/class-wp-plugins-list-table.php#L104, but that appears to only apply for the drop-ins." rebasaurus Has Patch / Needs Testing 59522 Bug handling multisites where main site URL and main blog URL are different Networks and Sites 6.3 normal normal Awaiting Review defect (bug) new has-patch 2023-10-03T10:34:20Z 2024-01-30T17:00:13Z "WordPress 6.3 and up appear to break handling of multisites where the `BLOG_ID_CURRENT_SITE` and the domain and path for the network in the `wp_site` table do not point at the same blog. It treats the the site configured in `wp_site` as if it is also the main blog in the network (over-riding `BLOG_ID_CURRENT_SITE`). This results in image paths being broken on the site set in `wp_site` if it is not in the root directory. How to recreate the bug: 1. In WordPress 6.2 or below, create a directory-based multisite, with 2 sites in the network, site 1 at just `http://localhost` and site 2 at `http://localhost/foo`. In `wp-config.php`, set both `SITE_ID_CURRENT_SITE` and `BLOG_ID_CURRENT_SITE` to `1`. In the `wp_site` table (which should only contain 1 entry, with ID `1`), set the domain to `localhost` and the path to `/foo/`. 2. Upload an image to the media library of `http://localhost/foo`. It should display correctly in the library, and have a URL of `http://localhost/onsblog/wp-content/uploads/sites/foo/[year]/[month]/[your-filename]`. 3. In the network site list, at `http://localhost/foo/network/sites.php`, `localhost` should be marked as the main site, reflecting the `BLOG_ID_CURRENT_SITE` constant. 4. Upgrade to WordPress 6.3 or 6.3.1. 5. In the media library of `http://localhost/foo`, the uploaded image will no longer display. If you view the image properties, it will report an image URL of `http://localhost/onsblog/wp-content/uploads/[year]/[month]/[your-filename]`, i.e. the subsite part of the path is missing. 6. In the network site list, `localhost/foo` is now marked as the main site, which does not reflect the `BLOG_ID_CURRENT_SITE` setting. This bug also results in all images uploaded via the classic editor prior to 6.3 404-ing in the frontend on the affected subsite post-upgrade. This behaviour was introduced in this commit: https://github.com/WordPress/WordPress/commit/05f19b1ed76af6d60855a1d44b8c15a166c5e36f, presumably unintentionally given the commit message. This line specifically is the issue: https://github.com/WordPress/WordPress/commit/05f19b1ed76af6d60855a1d44b8c15a166c5e36f#diff-254cbb80547c44f4b3a7ef37746bb5eb9f42bf29f0de5215034a8d1015928fecR242. When the `WP_Network` object is populated via the `WP_Network::get_instance()` method, the `$id` property is populated via a WPDB query: https://github.com/WordPress/WordPress/blob/master/wp-includes/class-wp-network.php#L106. This returns the `id` from the database as a string (normally `'1'`), which is then passed into `WP_Network::__construct()`, resulting in the `id` property being populated as a string. Therefore this check: {{{#!php ( defined( 'SITE_ID_CURRENT_SITE' ) && (int) SITE_ID_CURRENT_SITE === $this->id ) }}} will always return false, as `$this->id` will be a string. Either `$this->id` should also be cast as an integer, or the `WP_Network::__construct()` method should perform type enforcement, e.g. by calling the same class's `__set()` method to set properties. " robdxw Needs Patch 59521 Issue with update_post_thumbnail_cache if using get_posts Media 6.3.1 normal normal Awaiting Review defect (bug) new 2023-10-03T09:25:40Z 2023-10-03T09:25:40Z "Hello, I got this: ''Warning: Attempt to read property ""ID"" on int in /wp-includes/post-thumbnail-template.php on line 116'' I'm using: {{{#!php 'ids' ) ); foreach ( $posts as $post_id ) : $thumb = get_the_post_thumbnail( $post_id ); endforeach; }}} The **update_post_thumbnail_cache()** used in **get_the_post_thumbnail()** assumes **$wp_query->posts** always contains an array of **$posts objects**, while it can be an array of $posts IDs. To prevent the warning it would be appropriate to check that $post is actually a post object. The patched code: {{{#!php posts as $post ) { $post = get_post( $post ); // Add this or check if is_integer( $post ) $id = get_post_thumbnail_id( $post->ID ); }}} Thanks Kind Regards" Xendo Needs Patch 59519 Reconsider including Google branding and product in WordPress core (Google Fonts) General 6.4 normal normal Awaiting Review feature request new 2023-10-02T18:49:44Z 2023-10-05T16:09:55Z "In this [https://github.com/WordPress/gutenberg/issues/53307 Gutenberg Github issue], a Google Fonts integration is being added directly to WordPress core. I know the great work being done is with the best of intentions: to help streamline things for users. However, despite copying the font from Google Fonts, including this Google integration in WordPress core has a few problems. - It is a ""vote of confidence"" in Google by the WordPress project - It's free advertising for a brand in WordPress core - It opens up future political problems for WordPress leadership to deal with Are we willing to say that the WordPress project is giving a ""vote of confidence"" for Google, the brand? Are we willing to provide free marketing for Google in this way? Furthermore, any other brands we might add to WordPress core in the future would also be getting that same ""vote of confidence"" from the WordPress project. Are we also willing to do it for them? If so, how are we deciding who gets these ""votes of confidence""? Is there a process a brand should go through to earn this vote of confidence? What steps should they take? When do we/they know it's enough? If we add this Google integration by default in WordPress core, it opens up a bunch of problems we can avoid. WordPress has a plugin interface for this exact type of thing. Why not use it? This could surely be made into a plugin, right? So my request here is to reconsider adding a Google Fonts integration to WordPress core itself, and allowing it to be a plugin instead. While I believe that manually uploading fonts is good enough, if a core integration with an outside font API is required, I would propose that it should use Openverse. This has already been done with the Media Library. Additionally, (and this is somewhat beside the main point) but Google, specifically, doesn't have a great track record for keeping its products alive. The number of products killed by Google is astounding: https://killedbygoogle.com/ They also **just** sold their domains service to Squarespace, a direct competitor to the WordPress project. In my opinion, these are reasons enough to be wary of adding Google products and branding directly to WordPress core. " johnstonphilip Needs Patch 59518 I getting ::marker and unable to remove bacause html not support Widgets 6.3.1 normal normal Awaiting Review defect (bug) new 2023-10-02T18:01:49Z 2023-10-02T18:01:49Z "we know
  • should be inside
      or
        but here is without
          or
            that's why a default ::maker showing each widget: screenshot: (https://prnt.sc/zRxK-EEXoGej) screenshot 2: (https://prnt.sc/cPCKcLZ3YEfq)" bmyadav91 Has Patch / Needs Testing 59516 Improve cache key generation in query classes thekt12 Query normal normal Future Release defect (bug) assigned has-patch 2023-10-02T13:35:14Z 2023-10-24T14:24:29Z "In query classes such as WP_Query, parameters like post_type enable the passing of an array of values. For instance, you can use post_type like this: ['post', 'page']. However, if a subsequent request is made with the array elements in a different order, like so: ['page', 'post'], it would lead to the generation of a different cache key, potentially causing the existing cache to be missed. Even though the cached results may be the same, this could result in a cache collision. It is advisable to reuse caches whenever possible to optimize performance. This would effect the following cache keys. - WP_Query - WP_Term_Query - WP_Network_Query - WP_Site_Query - WP_Comment_Query Some sort of array sorting of the key values would mean that caches could be reused. " spacedmonkey Needs Patch 59515 Multiple color palettes and font pairs Themes 6.3.2 normal normal Awaiting Review feature request new 2023-10-02T13:14:07Z 2023-10-02T19:23:41Z "I have some suggestions for block themes. We can create a single color palette for a theme. When you want to change the color palette, a custom palette can be created. So why don't themes have multiple predefined color palettes? Maybe you could say that style variations support this feature. Yes, partially. But style variations have many theme features; colors, fonts, spacing, etc. Users may only want to change the color palette. The theme's colors change with a single click. Users can add custom colors if they wish. Themes can also have predefined font pairs. (Combination of two fonts) Theme developers need to define keywords for color palettes and font pair to achieve both of these options. For example, the keywords ""primary"", ""secondary"", ""tertiary"", ""foreground"", ""background"" are reserved for color palettes. Or for font pairs ""primary font"", ""secondary font""... This way users replace colors or font pairs with predefined ones." arkenon Has Patch / Needs Testing 59514 Add more context to split_the_query filter Query 3.4 normal normal 6.6 enhancement new has-patch 2023-10-02T11:41:06Z 2024-03-13T15:45:24Z "Current the split_the_query filter has the current WP_Query instance as context. However to calculate the value you need the value variables. - $old_request - $limits - $fields - $q ( query arguments ). It is worth noting that `$this->request` can be received by `WP_Query` instance and `$wpdb->posts` can be received from global $wpdb. With this extra context, will be make the filter much more useful. " spacedmonkey Needs Patch 59511 Navigation Block issue Editor 6.3.1 normal normal Awaiting Review defect (bug) new 2023-10-01T16:20:25Z 2023-10-28T05:02:20Z While trying to add and edit description or any metadata on nav items. As soon as I press any key, it gets refresh. amitpomu Has Patch / Needs Testing 59510 Add filter for the block-template viewport meta tag General 6.4 normal normal Awaiting Review enhancement new has-patch 2023-09-30T20:43:31Z 2023-09-30T21:04:09Z "The base block-template.php used for full site editing does not provide a hook for modifying the viewport meta tag. Despite being inserted into wp_head by the `_block_template_viewport_meta_tag` action hook, the actual tag is basically hard coded and untouchable: https://github.com/WordPress/wordpress-develop/blob/00ed25e2c9b20607418cbe8a6103c336d1bf92bd/src/wp-includes/block-template.php#L273-L275. This ticket introduces a new filter which allows for customization of this meta tag. " joemaller Needs Docs or Unit Tests 59509 Shortcode attributes named 0 are ignored Shortcodes 6.3.1 normal normal Awaiting Review defect (bug) new needs-unit-tests 2023-09-30T12:14:06Z 2023-10-04T10:02:59Z "Shortcode attributes in the form `0=...` are not picked up during parsing. This is because the parser checks for an empty name with `empty(..)`, which also returns true for the string `'0'`." ourous Needs Docs or Unit Tests 59507 global-styles-and-settings.php in wp_theme_has_theme_json Themes 6.3.1 normal normal Awaiting Review defect (bug) new needs-unit-tests 2023-09-29T18:45:19Z 2023-10-02T17:29:27Z "Wordpress 6.3.1 , php 8.1.23 {{{#!php Taxonomy normal normal Awaiting Review enhancement assigned has-patch 2023-09-29T14:49:59Z 2023-09-29T15:01:44Z "Currently, there is no option to get child terms of multiple parent terms. There is a '**parent**' parameter that returns child terms of only one parent term. There is a '**post parent in**' parameter for '**WP_Query**' and '**get_posts()**' to get child posts of multiple parent posts, but there is no similar parameter for '**WP_Term_Query**', and '**get_terms()**'. So, I suggest a new parameter '**parents in**' to get child terms from multiple parent terms IDs. The parameter on get_terms() will be like below: {{{#!php 'category', 'parents__in' => array( 2, 3, 4 ) ) ); }}} " plugindevs Needs Patch 59498 I18N issue in site editor Editor 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-29T10:02:37Z 2023-09-29T10:32:31Z "Hi, In the site editor, when a template or a template part, or even a style...is modified, the following message is displayed: ""Last modified a few seconds ago"". This string corresponds to: [https://translate.wordpress.org/projects/wp/dev/fr/default/?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=135&filters%5Btranslation_id%5D=131480] and as it's a variable we can't translate it. In french, for example, the message is ""Dernière modification il y a a few seconds"". In spanish, the message is ""Última modificación hace a few seconds"" We have a break in I18N here, due to this variable. Thanks for the modification. " jdy68 Needs Reporter Feedback / Steps To Reproduce 59497 There are pages or posts are not working update General 6.4 normal normal Future Release defect (bug) new close 2023-09-29T09:20:22Z 2023-12-14T20:16:31Z "I recently performed a fresh installation of WordPress 6.4. However, I have encountered an issue where I am unable to update posts or pages. I have attached a video URL to illustrate the problem. Please review the video, and if you have any questions or can identify the issue, kindly let me know. Video URL : https://www.awesomescreenshot.com/video/21181741?key=0bcb4cbfebeac453b9dcd5d8c428290a ### Environment WordPress: 6.4-beta1 PHP: 8.0.28 Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1t PHP/8.0.28 mod_perl/2.0.12 Perl/v5.34.1 Database: mysqli (Server: 10.4.28-MariaDB / Client: 8.0.28) Browser: Chrome 117.0.0.0 (macOS) Theme: Twenty Twenty-Four 1.0 MU-Plugins: None activated Plugins: WordPress Beta Tester 3.5.4" utsav72640 Has Patch / Needs Testing 59494 Passing orderby as array in URL results in Notice Administration 4.0 normal normal Awaiting Review defect (bug) new has-patch 2023-09-29T04:26:14Z 2023-10-04T12:32:15Z "Visiting `/wp-admin/edit.php?post_type=page&orderby[menu_order]=ASC&orderby[title]=ASC` or `/wp-admin/edit.php?post_type=page&orderby%5Bmenu_order%5D=ASC&orderby%5Btitle%5D=ASC` (URL encoded version) throws the following notice: {{{ Notice: Array to string conversion in /Users/siddharth/Sites/osp/app/public/wp-includes/formatting.php on line 1104 }}} Since multiple values can be passed to `orderby` in `get_posts()` or `WP_Query()`, this behaviour should also be consistent via URL. There error occurs at this line: https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-list-table.php#L391 because `esc_attr()` expects a string but `$_REQUEST['orderby']` is an array." NomNom99 Has Patch / Needs Testing 59493 Blank CSS line removed from code Bundled Theme normal minor Future Release defect (bug) reopened has-patch 2023-09-29T00:05:51Z 2024-02-14T18:27:37Z Removed a blank CSS which is not needed in the code. ravipatel Needs Patch 59491 Create more flexible structure for handling of feeds in admin news widgets Administration normal normal Awaiting Review enhancement new 2023-09-28T20:03:36Z 2023-09-28T20:03:36Z "Currently (in WordPress 6.3), the Admin widget ""WordPress events and News"" uses two feeds for presentation of WordPress news: - https://wordpress.org/news/feed/ - https://planet.wordpress.org/feed/ (currently, the widget shows the headlines for the two latest posts in the ""news"" feed and the headlines for the three latest posts in the ""Tavern"" feed. But this configuration has changed at various points: some posts have been listed with excerpts, the number of posts has changed, etc.) Both these URL's can be ""translated"", so that localized versions may, for instance, divert this to the corresponding newsfeed in their own language. Several language teams use this opportunity. I'd like to propose a more flexible structure for these posts, where a locale team would be able to configure posts to be included from 1, 2 or 3 feeds, and how many posts to pull from each of these feeds. It would probably be good to visualize to the user what feeds are used, along with their names. If we lift this out of the localization structure to some Meta-structure, then we might even allow users to select a different locale's feed configuration (or even configure their own." tobifjellner Needs Patch 59488 Add index to comment_type and comment_approved fields in comment table Comments 3.0 normal normal Awaiting Review enhancement new 2023-09-28T12:43:53Z 2023-09-28T12:43:53Z "Follow on from #58368 It is common to query comments by `comment_type` or `comment_approved`. There are several query done in the admin to get counts for different screens. But for sites with many comments, this results in slow returning queries. Add database indexes to these two fields to improve database performance. " spacedmonkey Needs Patch 59486 Make test suite compatible with PHPUnit 10 / 11 Build/Test Tools 6.4 normal normal Future Release enhancement new 2023-09-28T08:58:42Z 2024-03-07T09:58:11Z "PHPUnit 10 was released back in February of 2023, and included [https://github.com/sebastianbergmann/phpunit/blob/10.0.0/ChangeLog-10.0.md#1000---2023-02-03 many breaking changes] - they completely rewrote the internal functionality of PHPUnit (mainly the event system for extending the test runner). Besides that, they upped the minimum PHP version to >=8.1, so for WordPress, it could only be used on PHP versions of >=8.1. While this is not a huge and critical update, since the tests are running fine on PHP versions all the way up to version 8.3, it would be a good idea to start preparing for PHPUnit 10 compatibility. Besides being up to date, it will allow external testing library maintainers (such as [https://github.com/lucatume/wp-browser wp-browser] or [https://github.com/dingo-d/wp-pest wp-pest]), to use the latest versions of both PHPUnit, or dependencies that are using PHPUnit 10 (such as PestPHP v2 which depends on PHPUnit 10). I understand that this is a huge undertaking, but it's okay to have a ticket open for this (I didn't find one opened while searching, could be wrong tho), so that we can keep track of changes, and maybe create a roadmap or a to-do list of what needs to be fixed in order to make WordPress test suite compatible with PHPUnit 10. " dingo_d Has Patch / Needs Testing 59485 Invalid username Users 6.3.1 normal normal Awaiting Review defect (bug) new has-patch 2023-09-28T07:08:08Z 2023-09-29T13:37:09Z "Steps to reproduce this issue in the latest WordPress. =>Go to WordPress admin =>Register new user with username dot ""."" =>It will create a user with username dot and blank user_nicename I have provide solution here. Thanks!!" rinkalpagdar Has Patch / Needs Testing 59482 Tests: Introduce Reflection API helper methods. costdev Build/Test Tools normal normal 6.6 task (blessed) assigned has-patch 2023-09-28T02:39:22Z 2024-02-26T11:05:32Z "In unit tests, the Reflection API is often used to get or set a `private` or `protected` property's value, or to invoke a `private` or `protected` method. To do so, the `Reflection::setAccessible()` method must be called with `true` before use, then should be called again with `false` afterwards. There are quite a lot of instances in the test suite where the Reflection API is used, and for a decent number of these, accessibility is not reset. For brevity, much like `assertSameSets()`, and to ensure that accessibility is always reset, this ticket aims to introduce new methods to the `WP_UnitTestCase_Base` class: `::reflect_and_invoke( object $obj, string $method, mixed ...$args ) : mixed` - Reflects a `private` or `protected` method and invokes it. - Returns the method's return value. `::reflect_and_get_value( object $obj, string $property ) : mixed` - Reflects a `private` or `protected` property and gets its value. - Returns the property's value. `::reflect_and_set_value() : mixed` - Reflects a `private` or `protected` property and sets its value. - Returns the previous value for convenient resetting. While this means the creation of new `Reflection` objects and two calls to `::setAccessible()` for each, I think that this is worthwhile as it helps us have a more robust test suite, with less code to write in test methods. Plus, we could also explore possible caching in future." costdev Has Patch / Needs Testing 59481 dbDelta do useless request when type case is not the same between query and describe result Database 6.3 normal normal Awaiting Review defect (bug) new has-patch 2023-09-27T22:17:19Z 2023-10-17T22:40:55Z "While debugging why a call to `dbDelta` was not working, I discovered in the function output (an array of performed changes) that it was doing some useless changes: ""Changed type of wp_table.field from varchar(255) to VARCHAR(255)"". Indeed, on my MySQL 8.0.31 Windows x64 version (installed by Wampserver), if I do ""DESCRIBE wp_table"", the ""Type"" column of the result is always lowercase. If somehow, you wrote your ""CREATE TABLE"" statements with a different case for varchar columns, dbDelta will detect a change. It does it only for varchar. If I change my varchar to be lowercase in the SQL I use for dbDelta, it doesn't try to change the type. {{{#!php prefix.'table` ( `object_id` INT(10) NOT NULL, `group_term_slug` VARCHAR(255) NOT NULL ) '.$wpdb->get_charset_collate().';'; $result = dbDelta($sql); // Will contain both ""Created table wp_table"" and ""Changed type of wp_table.field from varchar(255) to VARCHAR(255)"" $sql = 'CREATE TABLE `'.$wpdb->prefix.'table` ( `object_id` INT(10) NOT NULL, `group_term_slug` varchar(255) NOT NULL ) '.$wpdb->get_charset_collate().';'; $result = dbDelta($sql); // Will NOT contain ""Changed type of wp_table.field from varchar(255) to VARCHAR(255)"", only ""Created table wp_table"" }}} " tristanleboss Needs Patch 59479 'Erase Personal Data' simply doesn't work Privacy 6.3.1 normal critical Awaiting Review defect (bug) new 2023-09-27T20:42:01Z 2023-09-27T20:42:01Z "Here's the steps: 1. Set up a fresh WordPress install on my local machine 2. Add a new subscriber user to that WordPress install 3. Go to 'Export Personal Data' 4. Put in an export request without requiring email confirmation 5. Click on 'download personal data' on the new request entry 6. Open the downloaded content and confirm that there are fields that need to be deleted listed in 'export.json'. There are. These fields include: 'User Nice Name', 'User Email', 'User Display Name' 7. Go to 'Erase Personal Data' 8. Add a new erasure request without requiring confirmation 9. Click 'erase personal data' on the new erasure item 10. Get the message 'No personal data was found for this user' Looking at the user's profile does show that nothing was erased or anonymized. Per https://wordpress.org/documentation/article/tools-erase-personal-data-screen/: 'To confirm what data will be erased by this tool, Go to Tools > Export Personal Data from Administration Screens, and export Personal data.' None of the items that were in the export were erased. The line in that doc doesn't make sense, as the export includes the user's username, which will definitely not be erased. I have replicated this behavior on other hosted sites. There's something wrong with either the tool, the docs, or the feedback from WordPress. Please let me know where I'm going wrong, or if this is actually something that needs fixing." kingfisherwebdev Needs Patch 59478 term_exists() to return false if no terms exist Taxonomy normal normal Awaiting Review enhancement new 2023-09-27T11:38:10Z 2023-09-27T13:51:31Z "When using the function `term_exists()` in `wp-includes/taxonomy.php`, it returns `null` if no terms exist. This behaviour seems incorrect and is inconsistent with other similar functions in the same file (`taxonomy_exists()` is one example). It would make more sense to return `false`." rossb2 Needs Patch 59464 Images hard-coded in block theme templates lack `width` and `height` attributes Themes 6.4 normal normal 6.6 defect (bug) new 2023-09-26T17:10:25Z 2024-03-13T15:33:21Z "All images hard coded into block templates and patterns should have height and width attributes (applies e.g. to the TT4 theme). It also prevents loading optimization attributes from being added to these images, so effectively this harms both load time performance and leads to layout shifts." spacedmonkey Needs Patch 59462 Blocks: Introduce a way to enqueue view scripts only when needed for interactivity Editor 6.4 normal normal 6.6 enhancement assigned 2023-09-26T16:47:58Z 2024-02-12T20:55:48Z "It's based on the discussion started by @felixarntz in https://github.com/WordPress/wordpress-develop/pull/5262#discussion_r1336258326 when reviewing the current handling for interactive blocks back ported from the Gutenberg plugin for WordPress 6.4 Beta 1. As of today, the view scripts get enqueued during block rendering in `WP_Block::render`: https://github.com/WordPress/wordpress-develop/blob/6a61084beca680a78ed581d035d76d592d4ef117/src/wp-includes/class-wp-block.php#L271-L274 The custom code used with all core blocks applies the optimization by ensuring that these view scripts are only listed for enqueuing when the block instance of a given type is going to need them. For example, in the Image block, the view script is only useful when the Lightbox feature is activated for the block. There can be multiple block instances of the same type, so the view script gets removed from the list when the functionality isn't used. However, as soon as any block instance needs it, it must be added and never removed. The reason why we didn't go with `wp_enqueue_script()` and `wp_dequeue_script()` is that the script handle would still need to get removed from `view_script_handles` for the block type as it gets automatically registered through `block.json` and later enqueued in the code path shared in the snippet above. It would still have to be manually enqueued when it is needed. In the long run, I hope we can develop some sort of automatic detection based on Interactivity API directives that would inform whether a view script is necessary for the block. It could even allow us to introduce new strategies that allow loading scripts based on some triggers like: when a user hovers over a UI element or when the UI element is visible on the screen." gziolo Needs Patch 59461 Gutenberg tools bar not appearing on top of the page (MacOS 13.5.2 and Safari 16.6) Editor 6.3.1 normal major Awaiting Review defect (bug) new 2023-09-26T16:27:47Z 2023-09-27T13:57:50Z "If I select ""toolbar over the blocks"" it works, but if I choose to have it fixed on top of the page it simply disappears. On Chrome it perfectly works, so I think it's something related to Safari." locksoft Needs Patch 59458 Duplicate PHP version in PHPUnit job names on GitHub Actions Build/Test Tools low trivial Future Release defect (bug) new 2023-09-26T14:00:05Z 2023-10-16T09:20:06Z "1. Go to [https://github.com/WordPress/wordpress-develop/commits/trunk Commits] page. 2. Click on any of the GitHub Actions result icons (a green check mark or a red cross mark). 3. Note the duplicate PHP version in the job names, e.g.: {{{ PHPUnit Tests / PHP 7.0 / PHP 7.0 / MariaDB 10.11 PHPUnit Tests / PHP 7.0 / PHP 7.0 / MariaDB 10.11 multisite PHPUnit Tests / PHP 7.0 / PHP 7.0 / MariaDB 10.4 PHPUnit Tests / PHP 7.0 / PHP 7.0 / MariaDB 10.4 multisite PHPUnit Tests / PHP 7.0 / PHP 7.0 / MariaDB 10.6 PHPUnit Tests / PHP 7.0 / PHP 7.0 / MariaDB 10.6 multisite ... }}} The same is displayed in GitHub Actions checks on individual PRs. Appears to be related to [56439]." SergeyBiryukov Needs Patch 59457 Twenty Nineteen - Calendar block having issue with text color editor side. Bundled Theme normal normal Awaiting Review defect (bug) new 2023-09-26T13:16:19Z 2023-09-26T13:16:19Z "Steps to reproduce the issue :- 1. Activate Twenty Nineteen theme. 2. Choose Calendar block. 3. Apply text color from inspector. You can able to see the choosen font color front side but in editor side it may not change as per the selected color. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/DlNN9jMJzk7KJcYP4L44" nidhidhandhukiya Needs Patch 59451 Saving draft and previewing page sometimes causes whole site to hang Autosave 6.3.1 normal major Awaiting Review defect (bug) new 2023-09-26T12:11:09Z 2023-09-26T12:11:09Z "Hello, I've been running into an issue while editing pages, where I'll save a draft of a page and preview it, and occasionally the preview will start to load and never finish. At the same time, if I open any other page of the site in a new tab, it will also get stuck loading. The problem only resolves when I close all tabs viewing the site, meaning changes are lost. This bug occurs on multiple WordPress sites, across different hosts, devices, locations and users. The only common factors I can see are Windows (10 & 11) Google Chrome (latest) and WordPress itself (latest, 6.3.1). Many thanks, Tristan" tristanmsg Needs Patch 59446 Use script helper functions in admin to enable Content-Security-Policy opt-in Administration 5.7 normal normal Future Release defect (bug) new 2023-09-25T23:39:22Z 2023-11-03T17:27:17Z "In #58664 the script helper functions—`wp_get_script_tag()`, `wp_print_inline_script_tag()`, `wp_get_inline_script_tag()`—were leveraged to eliminate manual construction of script tags on the frontend and the login screen. These were introduced in #39941. This made it possible to opt-in (see [https://gist.github.com/westonruter/c8b49406391a8d86a5864fb41a523ae9 example plugin]) to a Strict Content-Security-Policy ([https://csp.withgoogle.com/docs/strict-csp.html Strict CSP]) to guard against any possible XSS exploits. The scope in #58664 was limited to the frontend and the login screen because of the sheer number of inline scripts printed on the wp-admin. Additionally, the site editor and block editors make use of dynamically-constructed script tags in the editor iframe which is a Strict CSP violation. Much of the work to rework inline scripts to use `wp_print_inline_script()` in the admin can be seen in an [https://github.com/WordPress/wordpress-develop/pull/498 existing PR] (now stale) from @enricocarraro. See also #59444 which is about how to improve the developer experience of working with these JavaScript string literals." westonruter Needs Patch 59444 Add language injection comments for embedded languages in PHP General 6.4 normal normal Future Release enhancement new 2023-09-25T20:01:45Z 2023-09-26T17:27:22Z "As part of #4773 and #58775, many manually-constructed inline ` _edit_link`. For most post types, including pages and posts, the `_edit_link` template looks something like this: post.php?post=%d. get_edit_post_link() replaces the placeholder %d with the correct post id to build the edit post link. Each page under Site Editor sidebar contains a link to admin/revision.php for page revisions. However since the ""Go to editor"" links are constructed using `page_object->_edit_link`, they will always link to post editor. I would expect the links to return me to the editor from which I last came. The upshot is that we want the `_edit_link` template to vary depending on the origin of the referring URL. For pages, that means if we're coming from the Site Editor, the return template should be something similar to what the wp_template post object uses, which is site-editor.php?postType=%s&postId=%d&canvas=edit. The question is ""what would be the best way to do this?"" Challenges: 1. admin/revision.php does not know where the revision is coming from, that is Post Editor vs Site Editor, but we could use some sort of `$_GET` query param on `revisions.php` to solve that. E.g., let's call it editor: `revision.php?revision=150&editor=site`. That is very specific and might be too narrow. 2. If 1, what then? Whether we grab the query param on the revision page and pass it to `get_edit_post_link` (thereby changing the function signature), or modify `get_edit_post_link` to do the lot internally, we'd still have to build the link accordingly to some pattern. 3. If 2, where would we store that pattern? `_edit_link` is taken. Maybe a new property on the post object? `_edit_site_link` or something. It can be done I think without great fuss using the `get_edit_post_link` filter. With it we can return whatever we want. We would just have to come up with migration approach for Core and I'm not sure what the best option would be. Thank you for considering this issue! For discussion and context see: https://github.com/WordPress/gutenberg/issues/51343#issuecomment-1724580879" ramonopoly Has Patch / Needs Testing 59416 Add a GitHub Action which alerts contributors to a WordPress Playground link to use for testing PRs Build/Test Tools normal normal 6.6 task (blessed) new has-patch 2023-09-20T20:53:28Z 2024-03-06T06:44:58Z "The following approach could help bring in many new folks to help with testing PRs as they no longer need to have a local set up and able to load patches/PRs locally and can quickly jump into a WordPress Playground environment to help test. ---- Gutenberg has a GitHub Action that builds a ZIP of the plugin ([https://github.com/WordPress/gutenberg/blob/trunk/.github/workflows/build-plugin-zip.yml workflow file], [https://github.com/WordPress/gutenberg/actions/runs/6250831688 example Gutenberg PR with built ZIP attached]) which then [https://developer.wordpress.org/playground/ WordPress Playground] makes use of in the [https://playground.wordpress.net/gutenberg.html Gutenberg PR Previewer]. Taking that above functionality a step further and integrating for Core: 1. Add a GitHub Action for [https://github.com/WordPress/wordpress-develop/ wordpress-develop] that builds a ZIP of core for a PR (similar to the Gutenberg action). 2. Have that same action also add a comment to the PR with a link to a WordPress Playground that's built using the ZIP from the PR. So a comment like: > Thanks <@PR-author>! Here's a link to a site created from this PR that can be used for testing: . In my quick review of the [https://wordpress.github.io/wordpress-playground/ WordPress Playground documentation] it does reference an ability to [https://wordpress.github.io/wordpress-playground/build-your-first-app/#preview-pull-requests-from-your-repositorypreview pull requests from your repository], but I think that's crafted more for plugin developers and not for WordPress core itself. I took a look at [https://wordpress.github.io/wordpress-playground/api/client/interface/ReplaceSiteStep/ ReplaceSiteStep], but I think that's just for loading in alternate content and not a full on separate WordPress ZIP. So, this functionality might require additional functionality within WordPress Playground but I'll try and chase down folks from that team to comment here on the topic. " JeffPaul Needs Patch 59414 XML-RPC - add updateMedia endpoint XML-RPC normal normal Future Release enhancement new 2023-09-20T19:33:26Z 2024-03-05T15:53:56Z "In #58582, @thomashorta reported on alt attributes missing from the XML RPC endpoints. Fetching that data was fixed in [56637], but adding an endpoint to update media that specifically handles media data like alt attributes requires a more substantial enhancement. From #58582: Updating MediaItems through the XML-RPC API is also done directly by the Posts API, more specifically through wp.editPost (codex), which also doesn't support an alt field. This makes sense, as this API is more generic, but at the same time, there are no specific updateMedia methods in the Media API. Suggestion for updating I'm not sure about this one, but I think a new method in the Media API would be needed (e.g.: wp.updateMediaItem) to properly manipulate a specific input struct and call the Post update functions internally." joedolson Needs Patch 59413 PHP Warning: Undefined property: stdClass::$plugin Plugins 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-20T17:17:32Z 2023-10-27T22:06:50Z "Just checking php www-error.log and saw that there was this error: PHP Warning: Undefined property: stdClass::$plugin in /var/www/html/my-website/wp-admin/includes/class-wp-automatic-updater.php on line 228 Site is working as usual but the log is full of these warnings. PHP 8.0.27 Apache 2.4.37 WordPress 6.3.1" zerofoolcoder Needs Dev / Bug Wrangler Feedback 59410 Getting waring related Warning: array_flip() expects parameter 1 to be array Administration 6.3.1 normal normal Awaiting Review defect (bug) new close 2023-09-20T09:51:01Z 2023-10-03T11:23:07Z "Hey Core Team, when I am using the switch user plugin and after switching user gets a warning on the top bar more information you can see the mentioned screenshot. For more information see mentioned screenshot. " sumitsingh Needs Patch 59408 how to fix below error Plugins 6.3 normal critical Awaiting Review defect (bug) new 2023-09-20T09:02:30Z 2023-09-20T09:02:30Z Fatal error: Uncaught Error: Call to undefined function topdeal_options() in /home/u380733166/domains/books.lk/public_html/wp-content/plugins/sw_woocommerce/includes/sw-woocommerce-shortcodes.php:960 Stack trace: #0 /home/u380733166/domains/books.lk/public_html/wp-includes/class-wp-hook.php(310): topdeal_buton('') #1 /home/u380733166/domains/books.lk/public_html/wp-includes/class-wp-hook.php(334): WP_Hook->apply_filters(NULL, Array) #2 /home/u380733166/domains/books.lk/public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #3 /home/u380733166/domains/books.lk/public_html/wp-includes/general-template.php(3069): do_action('wp_footer') #4 /home/u380733166/domains/books.lk/public_html/wp-includes/template-canvas.php(25): wp_footer() #5 /home/u380733166/domains/books.lk/public_html/wp-includes/template-loader.php(106): include('/home/u38073316...') #6 /home/u380733166/domains/books.lk/public_html/wp-blog-header.php(19): require_once('/home/u38073316...') #7 /home/u380733166/domains/books.lk/public_html/index.php(17 in /home/u380733166/domains/books.lk/public_html/wp-content/plugins/sw_woocommerce/includes/sw-woocommerce-shortcodes.php on line 960 nirmal1985 Needs Patch 59403 Inconsistent version numbering Upgrade/Install normal minor Awaiting Review defect (bug) new 2023-09-20T07:19:32Z 2023-09-26T16:03:07Z "WP releases versions with a mix of Major/Minor and Major/Minor/Release, which causes issues when using version_compare with a consistent annotation. e.g. WP 6.3 WP 6.3.1 If you use `version_compare( $wp_version, '6.3.0', '<' )` it will be unexpectedly true-ish for WP 6.3, since 6.3.0 is newer than 6.3 in PHP versioning. Versioning should be made consistent with Major/Minor/Release not only for WP core from the next release, but ideally also a requirement for all submitted plugins, to avoid unexpected behavior due to inconsistent versioning." kkmuffme Needs Early Attention 59402 Plugin cannot be uninstalled if uninstall crashes swissspidy Plugins 2.7 normal normal 6.6 defect (bug) assigned has-patch 2023-09-20T06:59:37Z 2024-02-19T09:31:50Z "If a plugin register the ""register_uninstall_hook"" conditionally (e.g. only on activation,...) a plugin cannot be uninstalled anymore if it exits (e.g. timeout,...) during uninstall. This is because the uninstall file/callback is removed from the option before the actual uninstall happens: https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/includes/plugin.php#L1253 https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/includes/plugin.php#L1269 " kkmuffme Needs Patch 59396 Allow the user to add a poster to YouTube videos Editor 6.4 normal normal Awaiting Review feature request new 2023-09-19T16:07:10Z 2023-09-19T16:07:10Z "YouTube embedded videos get YouTube's branding before they get fired, which is not really clean. Instead, I'd like being able to set a poster." schwipps Changes Requested 59390 Incorrect method / function args used in bin/tests/core/tests/rest-api/wpRestMenuItemsController.php Menus 5.9 normal normal 6.6 defect (bug) new changes-requested 2023-09-19T11:47:40Z 2024-02-17T16:14:41Z "The `Tests_REST_WpRestMenuItemsController::check_get_menu_item_response` method accepts 2 arguments, however 3 are passed to the method in https://core.trac.wordpress.org/browser/trunk/tests/phpunit/tests/rest-api/wpRestMenuItemsController.php?rev=56549#L885 It feels like the `Tests_REST_WpRestMenuItemsController::check_menu_item_data` method was meant to be used here." david.binda Needs Patch 59384 `wp_create_nonce()` should not have a default parameter General normal normal Awaiting Review enhancement new 2023-09-18T12:13:31Z 2023-09-18T12:13:31Z "If `wp_create_nonce()` is called multiple times, it will produce the same nonce, since `wp_create_nonce`'s `$action` defaults to `-1`. This might be against the developer's expectation ""I called this twice, should get a different nonce"", so it might be interpreted as a security trap in a way. {{{#!php wp> wp_create_nonce() => string(10) ""6f11a1efea"" wp> wp_create_nonce() => string(10) ""6f11a1efea"" }}} This is a minor issue/devex improvement, just being more explicit about the nonce's action." bor0 Has Patch / Needs Testing 59381 Issue with WordPress Year Widget for Years Below 1000 General normal normal Awaiting Review defect (bug) new close 2023-09-18T07:27:37Z 2023-10-03T15:17:28Z "I have noticed that the WordPress year widget does not function correctly when years below 1000 are used. For instance, I have created a history page where historical event dates are entered in WordPress date field. When entering a date with a year below 1000, WordPress displays such dates with leading zeros in admin area. For example, if I enter the date as 01.01.420 (dd.mm.yyyy), the Year Archive widget leads to /420/, which does not work as expected (4040 Not found). However, if I manually add a leading zero in front /0420/, it displays correctly as /0420/. How can this issue be resolved? Thank you." idovecer Needs Patch 59378 Image Aspect Ratio Not Staying Fixed In Mobile View Media 6.3.1 normal major Awaiting Review defect (bug) new 2023-09-17T15:59:42Z 2023-10-06T05:28:27Z "When an image size is adjusted within the post/page editor, by clicking on the image and dragging it, the aspect ratio of that image does not stay fixed when looking at it in mobile. The image width looks squished. See this example page. (Ignore the date created. This was just created this morning.) https://www.insidewaters.com/mobile-aspect-ratio-bug-test-page/ This problem is affecting hundreds of existing post/pages, not just newly created post/pages, and it would require an immense amount of work to fix manually on each image across multiple websites of ours. You can see the problem on the page linked to below that was created awhile ago. The top camera picture gets squished in mobile. https://www.tropicalsnorkeling.com/waterproof-snorkel-cameras/ All plugins and themes were turned off to test for conflicts. " gpwebnut Needs Patch 59376 Shortcodes no longer working General normal normal Awaiting Review defect (bug) new 2023-09-17T15:13:17Z 2023-09-17T15:13:17Z This is a problem isn't it if word-press updates can suddenly disallow short-codes because of their updates. I am not sure I can work with an organisation that does this. My entire site, weeks of work thrown out of the window. To say i am furious is an understatement but i expect that is why it is done isn't it? I would say it is a major major drawback. All the code is fine, had it checked just wordpress team stamping its feet for money longtimenoc Has Patch / Needs Testing 59375 "Plugin_Upgrader assumption causes incorrect ""Activate Plugin"" link after plugin installation resulting in ""The plugin does not have a valid header"" error" Plugins 6.3.1 normal normal Awaiting Review defect (bug) new has-patch 2023-09-17T13:13:19Z 2023-09-18T02:02:16Z "''Observed in WordPress 6.3.1'' == Issue Summary == The ""Activate Plugin"" link after installing a new plugin is inconsistent with the ""Activate"" link generated in the Installed Plugins listing table. The ""Activate Plugin"" link on the plugin installation screen makes assumptions that produces an incorrect link which results in the user encountering the ""The plugin does not have a valid header"" error. == Steps to Reproduce == 1. Create a plugin that contains another plugin. 1.a. The contained plugin's basename should be lexicographically less than the wrapper plugin which you are actually trying to install. For example, ""hello-pro/hello-pro.php"" is the main plugin which contains ""hello-pro/hello/hello.php"" as a base/dependency plugin. 2. Add the plugin via wp-admin > Plugins > Add New and upload the plugin zip file. 3. Upon successful installation, click the ""Activate Plugin"" link. 3.a. Notice that the ""?action=activate&plugin=..."" plugin value is wrong as it refers to the contained plugin's main file within the wrapper plugin. 4. Observe the wp_die() error screen which says ""The plugin does not have a valid header"" == Problematic Source Code == The incorrect ""Activate Plugin"" link is generated here: https://github.com/WordPress/WordPress/blob/3546f04e160fbd31b46ba70b583d0a1d9fe1d80b/wp-admin/includes/class-plugin-installer-skin.php#L115 The offending assumption is here: https://github.com/WordPress/WordPress/blob/3546f04e160fbd31b46ba70b583d0a1d9fe1d80b/wp-admin/includes/class-plugin-upgrader.php#L546 Caused by an arbitrary situation here: https://github.com/WordPress/WordPress/blob/3546f04e160fbd31b46ba70b583d0a1d9fe1d80b/wp-admin/includes/plugin.php#L348 === Explanation === The ""Activate Plugin"" link on the ""Installing plugin from uploaded file"" screen in wp-admin uses the least lexicographic plugin basename discovered within the plugin's files. This is an arbitrary situation which can result in the incorrect plugin basename being referenced for activation, which ultimately results in the user experiencing an error screen. == Desired Solution == The ""Activate Plugin"" link after adding a new plugin and the ""Activate"" link in the installed plugin's table row actions should match. The ""Activate"" link in the plugins listing table is preferred as it refers to the correct plugin basename for activation." michelleblanchette Needs Patch 59374 "Bulk Edit does not let me remove ""Uncategorized"" for categorized posts" Posts, Post Types 6.3.1 normal normal Awaiting Review feature request new 2023-09-17T11:23:39Z 2023-09-17T11:23:39Z "Bulk Edit Posts does not let you remove category ""Uncategorized"" even when the posts do all have an additional Category." cmdgw Needs Patch 59373 TypeError: str_contains() argument must be of type string, array given in wp-login.php Login and Registration 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-16T23:06:41Z 2023-10-05T01:24:43Z "This seems to affect PHP 8.0 and higher. Downstream report at https://github.com/jquery/infrastructure-puppet/issues/34 > Seems to be an upstream issue where a `$_GET` or `$_REQUEST` key is checked for existence but not for type, thus prone to misuse when crafting query parameters in the array-form that PHP supports. Easily reproduced, for example, at: * HTTP 500 https://timotijhof.net/wp-login.php?redirect_to[x]=y * HTTP 500 https://jquery.com/wp-login.php?redirect_to[x]=y " TimoTijhof Has Patch / Needs Testing 59365 Deprecated notice when calling get_admin_page_title() on some dashboard pages. Administration normal minor Awaiting Review defect (bug) new has-patch 2023-09-15T11:35:39Z 2023-09-17T17:22:35Z "{{{ Deprecated preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated wp-admin/includes/plugin.php:2092 preg_replace() wp-admin/includes/plugin.php:2092 get_plugin_page_hookname() wp-admin/includes/plugin.php:2056 get_plugin_page_hook() wp-admin/includes/plugin.php:1980 get_admin_page_title() }}} This occurs on all pages where global `$plugin_page` is null (Plugins, Tools, etc.) " apedog Needs Patch 59364 When editing Styles > Layout or Block > * > Dimensions, every possible (and unnecessary) combination of global settings is copied to custom styles Editor 6.3.1 normal blocker Awaiting Review defect (bug) new 2023-09-15T10:04:37Z 2023-09-15T10:04:37Z "In the site editor, when making changes in Styles > Layout, it looks like every possible core block style and setting is copied and saved in the custom styles (wp_global_styles). This results in a ton of unnecessary global styles and settings, such as default colors and default font sizes, even in a theme that has defined settings.color.defaultPalette as false for example. As far as I can tell the only styles option that triggers this are the options in Styles > Layout. I've tried other options such as Typography, Colors, and individual block settings, and they all seem to work as expected in that the only thing saved in the custom styles is the option being edited. No issue with WP 6.2.2 It seems this bug was introduced in WP 6.3 The Gutenberg issue for reference: https://github.com/WordPress/gutenberg/issues/53868" uxl Needs Patch 59363 wp_tag_cloud and apply_filters Editor 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-15T09:59:24Z 2023-09-15T10:19:33Z "Line https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/blocks/tag-cloud.php#L28 {{{ $tag_cloud = wp_tag_cloud( $args ); }}} has to be changed to {{{ $tag_cloud = wp_tag_cloud( apply_filters( 'widget_tag_cloud_args', $args ) ); }}} to be in line with documentation: https://developer.wordpress.org/reference/hooks/widget_tag_cloud_args/ I will attach a patch as documented here: https://make.wordpress.org/core/handbook/contribute/git/ " steffenkrueger Needs Dev / Bug Wrangler Feedback 59362 Display deprecated function usage in Site Health Site Health 6.3.1 normal normal Awaiting Review enhancement new dev-feedback 2023-09-15T09:17:44Z 2023-09-16T19:27:31Z "== Enhancement Request == === Summary === WordPress Site Health provides valuable information about the health and performance of a WordPress instance. However, it does not offer any insights into whether the instance is using deprecated functions, classes, constructors, hooks, file_includes, which can be crucial for maintaining the site's compatibility with future WordPress versions. This enhancement ticket proposes adding an additional check to Site Health that detects and displays information about any deprecated functions, classes, constructors, hooks, file_includes, being used within the WordPress instance. Adding a ""Deprecated Functions"" check to the Site Health tool will be a enhancement for WordPress administrators, helping them identify and replace deprecated functions, classes, constructors, hooks, file_includes, plugins, themes, ensuring the site's long-term stability and compatibility with upcoming WordPress updates. === Details === The deprecated function check should be integrated into the existing Site Health tool as follows: 1. Log: Log deprecated functions, classes, constructors, hooks, file_includes 2. Display Check Results: Under a ""Deprecated Functions"" check, display a list of deprecated functions, classes, constructors, hooks and file_includes used in the WordPress instance. Result should * include the function, class, constructor, hook or file_include name * the version in which it was deprecated * which Plugin or Theme called it, * when in was called the last time * a brief explanation of the recommended action. === Implementation Suggestions === * Utilize existing WordPress core functionality for detecting usage of deprecated functions * Add a action to 'deprecated_{[]}_run' that logs the usage of a deprecated functions * Use debug_backtrace() do indentify the source / code. * The check results should display the log entries with status 'recommended'. * Keep the log process ""stupid"" and put logic etc. into the check, to avoid complexity and potential crashes. === Challenges === * To provide the administrator with sufficient information so that they are capable of taking action. * Decision on how long entries stay in the log e.g. only show deprecated function calls of the last 30 days or allow the (administrative ) user to clear the log? * Should there be one check in Site Health of all kinds of deprecated? Or one for each? === Why It's Important === WordPress is constantly evolving, and maintaining compatibility with newer versions is crucial for security and performance reasons. Deprecated functions may be removed in future releases, causing issues for sites that rely on them. By providing this information in Site Health, WordPress can empower site administrators to keep their installations future proof. " Michi91 Needs Docs or Unit Tests 59361 update_post_meta() strict checks can cause false negatives Options, Meta APIs normal normal Future Release defect (bug) new needs-unit-tests 2023-09-15T07:47:12Z 2023-09-15T07:47:12Z "Follow up: #22192 {{{ add_post_meta( $post_id, 'key', 1 ); update_post_meta( $post_id, 'key', 1 ); }}} The update should not work, because they are the same. However, the meta meta cache will have ""1"" as a string, and then it will strict compare it to 1 as an integer. Thus, an unnecessary update will run. It is quite common to use integers and booleans directly into these functions. They should be smart enough to recognize that ""1"" == 1 == true and ""0"" == 0 == false, and that any numeric string is also equal to a properly cast integer. The new changes need unit tests. Ticket from which this was spun: #22189, saving navigation menus is slow. cc. @flixos90 @spacedmonkey @joemcgill" mukesh27 Needs Patch 59355 TypeError: Cannot read properties of undefined (reading 'hasClass') in wp-auth-check.min.js Security 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-15T04:00:17Z 2023-09-15T04:03:37Z "Here is the trace: {{{ at HTMLDocument.(.../wp-includes/js/wp-auth-check.min.js:2:655) at HTMLDocument.dispatch(.../wp-admin/load-scripts.php:2:39997) at v.handle(.../wp-admin/load-scripts.php:2:37968) at Object.trigger(.../wp-admin/load-scripts.php:2:70063) at HTMLDocument.(.../wp-admin/load-scripts.php:2:70665) at Function.each(.../wp-admin/load-scripts.php:2:3129) at e..each(.../wp-admin/load-scripts.php:2:1594) at e..trigger(.../wp-admin/load-scripts.php:2:70640) at Object.(https://wednesdaynighthop.com/wp-includes/js/heartbeat.min.js:2:2186) at c(.../wp-admin/load-scripts.php:2:25266) }}} " chamois_blanc Needs Docs or Unit Tests 59354 Unnecessary queries performed when updating a post without providing categories or tags Posts, Post Types normal normal Awaiting Review defect (bug) new needs-unit-tests 2023-09-14T22:43:53Z 2023-09-14T22:43:53Z "Given an existing post with at least some categories or tags present, updating the post via `wp_update_post()` (which calls `wp_insert_post()`) with data that does not include categories or tags, many unnecessary taxonomy-related database queries are performed. This slows down the saving significantly. * If `$postarr` doesn't contain a `post_category` element, there's no point in calling `wp_set_post_categories()`. * If `$postarr` doesn't contain a `tags_input` element, there's no point in calling `wp_set_post_tags()` == Todo == * Need tests to verify the above is correct * Need a list of queries that are performed before and after the change == To reproduce == 1. Publish a post with at least one category 2. Update the post via: {{{#!php $id, 'post_content' => 'Hello, World!', ] ); }}} 3. Observe that a significant number of unnecessary taxonomy queries are performed" johnbillion Needs Patch 59351 Add support for querying by an exact date with WP_Date_Query Query normal normal Awaiting Review enhancement new 2023-09-14T20:45:11Z 2023-09-15T23:08:04Z "WP_Date_Query lacks the ability to query for posts with a specific date. Currently, to query for a post with a specific date string you would need to break it down to multiple arguments: {{{#!php [ 'year' => date( 'Y', $date ), 'month' => date( 'm', $date ), 'day' => date( 'd', $date ), 'hour' => date( 'H', $date ), 'minute' => date( 'i', $date ), 'second' => date( 's', $date ), ], ] ); }}} There is no argument on WP_Date_Query that accepts a `strtotime()`-compatible string for an exact date match. One workaround is to use a combination of before/after to get a simplified query. Adding support for an exact match can be used when querying for posts from a specific date as well as including/excluding posts from a specific date for a complex query. Suggested syntax: {{{ // Query for posts after January 1st, 2013 OR exactly on November 7th, 2010 [ 'date_query' => [ 'relation' => 'OR', [ 'after' => 'January 1st, 2013', ], [ 'exact' => 'November 7th, 2010', ], ], ] }}} Relates to #18694." sean212 Needs Patch 59348 Excerpt block length is not full customizable any more Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-09-14T11:40:32Z 2023-09-14T15:19:35Z "Since the latest changes in /src/wp-includes/blocks/post-excerpt.php now the excerpt length is not fully customizable any more. The problem is that previously `$excerpt = get_the_excerpt();` was used, which was filterable with `get_the_excerpt`, but now this excerpt is just getting forcefully trimmed by `wp_trim_words` based on the `excerptLength` option. Which is: a) A number forced to be between 10-100 b) now can not be changed or overwritted with custom code in any way. If I want to display the excerpt of a post on the post's page, now there is no way to correctly display an excerpt that is longer than 100 words. I think this is a loss in features and a bad practice to limit the excerpt's usage in this way. At least allow `$excerpt_length = $attributes['excerptLength'];` to be modified with the already existing `excerpt_length` filter. Mentioned change: https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=56065%40trunk%2Fsrc%2Fwp-includes%2Fblocks%2Fpost-excerpt.php&old=55246%40trunk%2Fsrc%2Fwp-includes%2Fblocks%2Fpost-excerpt.php" frzsombor Needs Patch 59344 Link UI Goes Off The Screen, Can't Acces Advanced Editor 6.3.1 normal major Awaiting Review defect (bug) new 2023-09-14T01:26:38Z 2023-09-14T01:26:38Z "As it says above, can't edit links or access ""advanced"" for links on left side of the screen ... UI pops up mostly out of the window." hmnvtn Needs Patch 59342 Plugins: Provide notification of testing/compatability with current version of WP in plugin/update list Plugins normal normal Awaiting Review enhancement new 2023-09-14T00:15:58Z 2023-09-14T00:15:58Z "An enhancement suggestion from the Support Forums https://wordpress.org/support/topic/idea-plugin-status-preview-before-wordpress-update/ The menu for installing/updating plugins could show if a plugin is compatible with the current installed WordPress version. A similar page which just shows the activated (and maybe installed) plugins and the compatibility to the new wordpress version would be nice. It would also be nice if update-core.php automatically analyze the contents of that page. If every plugins seems to be compatible the update runs. If not everything reports to be compatible there could be a warning with a list of the entries which can cause problems. So at this point it is on your decision to continue or to abort." jordesign Needs Patch 59340 """Open in new tab"" checkbox in hyperlink entry doesn't save" Editor 6.3 normal normal Awaiting Review defect (bug) new 2023-09-13T16:37:54Z 2023-09-29T15:48:45Z "When interfacing, the ""Open in new tab"" selection sometimes doesn't work. Rapidly entering the information on a slow internet connection should reproduce the bug. It's probably tied to network information, where the ""Save"" button SHOULD send a delayed network transmission of the update. Instead, it drops the information. This compounds as a worse problem with the new UI information, since it requires several clicks to confirm each hyperlink's present status. The workaround is to wait 2-3 seconds after selecting the checkbox but before selecting ""Save"". This most heavily affects power users and users with slow internet connections." phileossopher Needs Patch 59339 Conversion to webp causes fatal error when original image is a palette image (as opposed to truecolor) Media 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-13T13:41:52Z 2023-09-13T13:41:52Z "I am working on an image conversion plugin. I've run into a bug when the original image is a ""paletter image""[https://www.thecoderscamp.com/paletter-image-not-supported-by-webp/]"", or in other words, an image that has an indexed palette rather than being truecolor. I believe it's a png. The error I get is: {{{ Fatal error: Paletter image not supported by webp in /home/username/public_html/wp-includes/class-wp-image-editor.php on line 584 }}} And how I'm using it: {{{#!php image_path ); $new_file_info = $this->get_editor()->save( $this->image_path, 'image/webp' ); }}} This method worked fine on hundreds of images of png, jpg, and tiff until I ran into this one that has a ""palette"". In `wp-includes/class-wp-image-editor-gd.php:487`, if the image loaded into WP_Image_Editor is a png, we check for a palette and convert to true color before saving. I believe that we need to also check in the webp conditional and, just like for png, convert to truecolor first. " jakeparis Has Patch / Needs Testing 59337 Change the escape esc_attr() to esc_url() General normal normal Awaiting Review defect (bug) new has-patch 2023-09-13T11:51:04Z 2023-09-14T05:41:00Z "Change the esc_attr() function to esc_url() in ""wp-admin/user-edit.php""" truptikanzariya Has Patch / Needs Testing 59334 In Theme Twenty Nineteen, Twenty seventeen & Twenty Twenty-Two Comment section Reply and cancel reply has no space between them Bundled Theme normal normal Awaiting Review defect (bug) new has-patch 2023-09-13T05:47:18Z 2023-10-18T13:13:27Z "In Theme Twenty Nineteen, Twenty seventeen & Twenty Twenty-Two, in the comment section on clicking reply the reply to user and cancel reply have no space between them Reference Video : https://drive.google.com/file/d/1YBcQquFQdZz7CpUZs3gzYBfK869CTWDB/view " pitamdey Needs Patch 59332 Can't customize search in header General 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-12T19:52:07Z 2023-10-05T14:35:32Z "The search block can't be customized when added to the header navigation. It can be added, but when any customizations are selected, such as ""Change button position"" -> ""No button"", the search box only flickers and nothing changes. This applies to any change I try to make from the toolbar. To reproduce problem: 1. Go to Appearance -> Template Parts 2. Select Header 3. Add navigation block, and add search box to end of nav 4. Try to customize the search block I'm using: - WordPress version 6.3.1; Gutenberg plugin is not installed, tested on custom theme, and Twenty Twenty-Two - Happening in both Chrome and Edge browsers - Using desktop with Windows 11 GIF of issue: https://imgur.com/a/PYccoLh" christinameyne Needs Patch 59331 Image optimizations fail to apply when using Timber Media 6.3 normal normal Future Release defect (bug) new 2023-09-12T17:46:01Z 2023-09-12T21:45:19Z "A user [https://mastodon.social/@grigs@front-end.social/111052735378137214 reported] hero images were getting `loading=lazy` on their site. After inquiring, I found they were using Timber for templating. It makes sense that the logic in `wp_get_loading_optimization_attributes()` wouldn't work properly in this case since it is tightly bound to WordPress's templating system(s). This may actually be an issue better fixed in Timber itself, but ideally WordPress core should be able to do the right thing with alternate templating systems (or even complex templates written in the WordPress way). Ultimately, this may require the use of output buffering and HTML Tag Processor as [https://github.com/WordPress/performance/issues/805 proposed] for a module in the Performance Lab plugin. See #59331 for adding output buffering for template renders with a filter for post-processing. Here's how to reproduce the issue with Timber: 1. Install and activate the [https://wordpress.org/plugins/timber-library/ Timber plugin] from WordPress.org. 2. Install and activate the [https://github.com/timber/starter-theme Timber Starter Theme] from GitHub (i.e. download the ZIP). 3. Add a new post with an initial large image or a featured image. 4. See the image has `loading=lazy` and is missing `fetchpriority=high` on the frontend. Initial image block: {{{
            }}} Featured image markup: {{{ }}}" westonruter Has Patch / Needs Testing 59330 Improvement in wp_parse_args for mutli-dimensional arrays General 6.3.1 normal trivial Awaiting Review enhancement new has-patch 2023-09-12T13:36:22Z 2023-09-17T15:54:28Z "I noticed the function doesn't work well when multi-dimensional arrays are present: Example: Consider having following default params and settings. {{{ $defaults = array( 'settings' => array( 'option1' => 'default-value-1', 'option2' => 'default-value-2' ) ); $settings = array( 'settings' => array( 'option1' => 'new-value-1', ) ); $return = wp_parse_args($settings, $defaults); }}} The above example will return: {{{ Array ( [settings] => Array ( [option1] => new-value-1 ) ) }}} It will completely ignore the option2 key. My suggestion is to update wp_parse_args from: {{{ if (is_array($defaults) && $defaults) { return array_merge($defaults, $parsed_args); } }}} with: {{{ if ( is_array( $defaults ) && $defaults ) { return array_replace_recursive($defaults, $parsed_args); } }}} " Stachethemes Needs Patch 59329 "Firefox gets ""ReferenceError: Â is not defined"" in unminified moxie.js" Upload normal minor defect (bug) new close 2023-09-12T13:04:50Z 2023-11-04T09:36:22Z "In unminified moxie.js, there exists some weird Unicode characters on line 7391, between the BinaryReader constructor fn and the call to Basic.extend(). In a hex editor, you can see the character bytes are ""C2A0"", which is a random Korean Hangul character in Unicode. In Firefox (as of the latest 117), when using Divi, this causes an exception when loading unminified moxie.js. Firefox's Js loader interprets the first byte alone as Â, and fails while loading moxie.js. I can replicate this in FF+Divi, but the problem does not appear in Chrome, Safari, or in FF when using other builders like Classic/Gutenberg/Elementor/Beaver. Minification strips out the problem bytes. This link, https://stackoverflow.com/a/1462039/1201409, suggests the error is leftover from an earlier era of encoding a nonbreaking space before UTF-8 replaced other encodings. Regardless of how the bytes got in there (and whether FF/Divi have bugs), they shouldn't be there, and luckily, the fix is trivial: delete them." kinggmobb Needs Dev / Bug Wrangler Feedback 59324 User list Users 5.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-09-11T11:22:54Z 2023-09-13T03:40:28Z "Hello, I have the site and operates well. But suddenly, the Users menu from dashboard, I can not see the users list even I've loggined as a admin. [[Image(https://imgur.com/a/NxdJG85)]] From the back-end, it seems there are the data in there, but seems the front-end is not displaying the list. Is there any similar case reported? So far, I deactivated all plug-in, but no sucess. I have checked the wp-admin/users.php file but no problem. Please let me know where I can look for. Thanks. " kylechoi Has Patch / Needs Testing 59321 "Block styles set via the ""css"" property in theme.json are ignored on the frontend in classic/hybrid themes" Editor 6.3.1 normal normal Awaiting Review defect (bug) new has-patch 2023-09-11T08:33:26Z 2023-09-14T06:42:37Z "### Description Block styles set via the ""css"" property in theme.json are ignored on the frontend in classic/hybrid themes. An example: {{{ ""blocks"": { ""core/latest-posts"": { ""color"": { ""background"": ""blue"" }, ""css"": ""& li a {color: pink}"" } } }}} The background color set via ""color"" can be seen in both the block editor and the frontend. The link color set via ""css"" can only be seen in the block editor. Block themes (I tested [Twenty Twenty-Three](https://es.wordpress.org/themes/twentytwentythree/)) are not affected by this issue, just classic ones. ### Step-by-step reproduction instructions 1. Install and activate a classic theme that ships a theme.json file, such as [Astra ](https://wordpress.org/themes/astra/). 2. Edit the theme's theme.json file and add the following in the `styles` section: {{{ ""blocks"": { ""core/latest-posts"": { ""color"": { ""background"": ""blue"" }, ""css"": ""& li a {color: pink}"" } } }}} 3. Edit a page and add a Latest Posts block and verify that the background color of the block is blue and the links are pink. 4. Save changes. 5. Head to the frontend version of the page and see that only the background color is applied. The links are not pink. ### Screenshots, screen recording, code snippet **Block editor:** [[Image(https://user-images.githubusercontent.com/2060659/253602606-e56391e7-e320-49f8-b939-7ac60f903a4b.jpg)]] **Frontend:** [[Image(https://user-images.githubusercontent.com/2060659/253602584-875cf30c-c96b-428e-93c6-71b1ad58cc2e.jpg)]] ### Environment info I'm using WP 6.3.1 NO Gutenberg plugin installed. PHP 8.0.22 MySQL 8.0.16 ### Please confirm that you have searched existing issues in the repo. Yes ### Please confirm that you have tested with all plugins deactivated except Gutenberg. Yes" leemon Has Patch / Needs Testing 59318 Block Themes Fatal Error in PHP 8.1 When Referring To Missing Template Parts Themes 6.3.1 normal normal Awaiting Review defect (bug) new has-patch 2023-09-08T14:32:27Z 2024-02-09T16:01:36Z "We have a system that manages template and template part posts, and have noticed that if a template refers to a template part that no longer exists or did not sync to the site, we get a cryptic PHP fatal error about passing null to preg_replace: {{{ preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated }}} This occurs in template-part.php in the render_block_core_template_part function when calling shortcode_unautop: {{{ // Run through the actions that are typically taken on the_content. $content = shortcode_unautop( $content ); }}} In this case $content contains the value null. My expectation is that this would fail gracefully, and there is a check if it is null further up the function, but it only runs if $debug is true: {{{ // WP_DEBUG_DISPLAY must only be honored when WP_DEBUG. This precedent // is set in `wp_debug_mode()`. $is_debug = WP_DEBUG && WP_DEBUG_DISPLAY; if ( is_null( $content ) && $is_debug ) { }}} Meaning that unless WP_DEBUG and WP_DEBUG_DISPLAY are both set to true, there is no protection against null being passed into shortcode_autop" TJNowell Needs Patch 59317 Error on new pattern preview General 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-08T05:48:13Z 2023-09-08T06:44:50Z "While I try to create an new pattern and try to preview the pattern, the page redirects to the error page. On this page, following error will be shown. TypeError: e is not a function at https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/block-editor/index.min.js?ver=148cceb5deef937e87d2:135:7828 at renderContent (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/components/index.min.js?ver=3426334688a22e73bc0c:33:5438) at https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/components/index.min.js?ver=3426334688a22e73bc0c:3:13188 at St (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:47627) at pr (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:54870) at $s (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:122623) at Sl (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:88649) at kl (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:88577) at bl (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:88440) at dl (https://wordpress.org/patterns/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18:1:85597)" labunchemjong Needs Patch 59311 Error on feed link Feeds 6.3.1 normal major Awaiting Review defect (bug) new 2023-09-07T13:32:54Z 2023-09-07T13:32:54Z "Hi! I am revising a web in my job, and I have saw that there is an error in the feed link, it shows all code instead the feed's page. I hope that you could revise and solve this problem. Regards, Rubén." rubenbitrian Has Patch / Needs Testing 59310 Parse blocks being applied unnecessarily Editor 5.3.1 normal normal Awaiting Review defect (bug) assigned has-patch 2023-09-07T13:03:47Z 2024-02-05T22:01:16Z The filter `wp_pre_kses_block_attributes` is applied to any field that runs through `wp_kses_hook`. Any fields on any object field that is run through `wp_filter_kses`. This includes fields like comment_author_email, user_email, term_name and user_last_name. It is extremely unlikely that these text fields will contain block data. This filter should be changed. spacedmonkey Needs Patch 59308 Attachment custom fields not rendered in some cases Media 6.3.1 normal normal Future Release defect (bug) new 2023-09-07T09:50:21Z 2024-02-14T17:05:47Z "This is a follow-up to #58051. I've noticed that in some cases custom fields added via `attachment_fields_to_edit` do not show up when the ""Featured Image"" modal is opened after clicking a ""featured image"". I then need to first click on another attachment and then back to have the custom fields show up. It seems that this bug only happens when you have a lot of images (more than 1 page) and the featured image you're looking at is not on the first page. It's easy to reproduce. If absolutely necessary I can set up a clean WordPress and make a screen recording of this bug, as I rather not share the images and data in our WordPress installation." SeBsZ Needs Patch 59307 Urgent, Uncaught TypeError: this.activateMode is not a function Media 6.3.1 normal critical Awaiting Review defect (bug) new 2023-09-07T08:06:16Z 2023-09-07T08:06:16Z "It's very urgent. There is no response when clicking the media button on the add/edit article page. Showing an error every click on the media button: Uncaught TypeError: this.activateMode is not a function at media-views.min.js?ver=6.3.1:2:59604 at It (provider.js:2:586804) at Function.ma (provider.js:2:621991) at n._createModes (media-views.min.js?ver=6.3.1:2:59564) at n.initialize (media-views.min.js?ver=6.3.1:2:58973) at n.initialize (media-views.min.js?ver=6.3.1:2:79857) at n.initialize (media-views.min.js?ver=6.3.1:2:73432) at n.initialize (media-views.min.js?ver=6.3.1:2:63143) at h.View (load-scripts.php?c=1&load%5Bchunk_0%5D=wp-polyfill-inert,regenerator-runtime,wp-polyfill,wp-hooks,jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-mouse,jquer&load%5Bchunk_1%5D=y-ui-sortable,underscore,backbone,wp-util,wp-backbone,media-models,moxiejs,plupload&ver=6.3.1:151:14648) at n.constructor (load-scripts.php?c=1&load%5Bchunk_0%5D=wp-polyfill-inert,regenerator-runtime,wp-polyfill,wp-hooks,jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-mouse,jquer&load%5Bchunk_1%5D=y-ui-sortable,underscore,backbone,wp-util,wp-backbone,media-models,moxiejs,plupload&ver=6.3.1:155:2602)" jjproitech Needs Reporter Feedback / Steps To Reproduce 59303 Can’t use colors with selected text in Gutenberg Editor 6.3.1 normal major Awaiting Review defect (bug) new reporter-feedback 2023-09-06T23:33:36Z 2023-09-07T14:13:38Z "The form to add color to text was always a bit buggy with Gutenberg. But, since a few versions it doesn’t work anymore. The area with colors appear below the right column. Some versions ago page could be moved to reveal the palette, but now it’s no more possible. See the image below: [[Image(https://i.postimg.cc/ZRZLvL0V/IMG-6233.jpg)]]" locksoft Needs Patch 59301 Incorporate script loading strategies in WP Admin to improve performance where applicable Administration 6.3 normal normal Future Release enhancement new 2023-09-06T20:35:04Z 2024-01-29T19:44:23Z "As of #12009 the script loader now has the ability for scripts to be printed with `async` or `defer`. This is being used on the frontend now for block view scripts (#59115), the `comment-reply` script (#58870), and the `wp-embed` script (#58931). Nevertheless, these new script loading strategies are not currently being used in the admin. There may be opportunities to improve performance by doing so. Typically only `jquery-core`, `jquery-migrate`, and `utils` (less frequently `moxiejs` and `plupload`, and even less frequently `wp-polyfill-inert`, `regenerator-runtime`, `wp-polyfill`, `wp-hooks`, `zxcvbn-async`, `wp-codemirror`, and `underscore`) are loaded in the `head` in the admin; furthermore, these scripts are concatenated together via `load-scripts.php`. For backwards-compatibility, these scripts might not be able to be delayed or moved to the footer. In other cases, there may be existing footer scripts that could be moved to the `head` and made to load with `defer`: this would ensure that they start loading sooner so that they can execute as soon as the document finishes loading. Other scripts could potentially be lazy-loaded only when needed (e.g. `zxcvbn`). Note that the block/site editor screens will benefit the most from [https://github.com/WordPress/gutenberg/discussions/53260#discussioncomment-6870404 block lazy loading]." westonruter Needs Patch 59299 Add Felt.com to the list of oEmbed providers Embeds normal normal Awaiting Review enhancement new 2023-09-06T15:45:40Z 2023-10-08T23:10:54Z "I'd like to request whitelisting the Felt.com's oEmbeds. Their mapping platform is both robust and user-friendly, and would be a great addition to WordPress users interested in sharing maps online. Here's an example URL: https://felt.com/map/Learn-to-Use-Felt-Tutorial-0xljGYVlRzGfxNgRV9A6akC?loc=40.7849,-73.97533,13.94z&share=1 **Is the service is popular enough for core developers to have heard of it before? Is it “mainstream?”** It's probably not mainstream yet, but it's a very well-known service in the GIS community. **If similar services are already supported, how does this service compare in terms of size, features, and backing?** As far as I know, core doesn't whitelist embeds for other mapping platforms. To embed maps from other providers (OpenStreetMaps, Google, Mapbox, etc.), a map block is required. **Does this service have an established social media presence?** Yes. https://twitter.com/felt http://threads.net/@feltmaps http://mas.to/@felt https://www.youtube.com/@feltmaps **Is its oEmbed endpoint clearly established and properly documented? (Sometimes, they are just a developer’s pet project that may not be supported.) ** It's supported, but as far as I know, it's not documented in their dev documents https://feltmaps.notion.site/Getting-Started-With-The-Felt-API-69c8b02b7d8e436daa657a04a2dbaffa **Does the oEmbed endpoint work with WordPress’ oEmbed auto-discovery? If not, could it be made to work with additional HTML tags or attributes being added to the allow-list?** Yes, the embed is discoverable. **Does the service make an effort to build relationships with developers, such as through robust APIs?** **How old is the service?** The company was founded in 2021, the platform was launched at the beginning of 2022. **Does it have a well-established Wikipedia article? (Seriously.)** No, but they are contributors to several big open-source projects. More information https://felt.com/open-source, https://felt.com/blog/felt-flagship-member-of-qgis, and https://blog.qgis.org/2023/03/21/felt-is-our-first-sustaining-member **Has anyone written a WordPress plugin that leverages the service in some way, whether adding it as an oEmbed provider, creating a shortcode, or leveraging other APIs of the service? Do these plugins have any noticeable adoption or traction that would indicate usage and demand?** No, as far as I know. **Is the provider frequently proposed?** No, this would be the first time." javiarce Needs Reporter Feedback / Steps To Reproduce 59298 Twenty Fourteen : search block is having issue with alignment. Bundled Theme 6.3.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-09-06T14:08:03Z 2023-09-06T21:29:35Z "Steps to reproduce the issue :- 1. Activate Twenty Fourteen theme. 2. Choose Search block. 3. Apply center align and check in front side. 4. Apply Right align and then check in front side. You can able to see that center aligned is having issue. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/6p3TmBFwZ91llFT5V52R" nidhidhandhukiya Has Patch / Needs Testing 59297 Remove unused variables General normal normal Awaiting Review defect (bug) new has-patch 2023-09-06T12:56:06Z 2024-02-19T23:49:34Z "I have reviewed the code and found some of the variables are defined but they do not use in the below files. Please check the below files: Files: 1. wp-admin/includes/class-wp-privacy-policy-content.php 2. wp-admin/includes/post.php " upadalavipul Has Patch / Needs Testing 59291 HTML API: Expose raw tag markup to support existing filters HTML API 6.4 normal normal Awaiting Review enhancement new has-patch 2023-09-05T21:26:35Z 2023-09-19T00:50:37Z "Many existing filters in Core (e.g. `wp_targeted_link_rel`) pass segments of the raw HTML markup for matched tags where code implementing those hooks perform futher analyis on those segments. The HTML API attempts to hide the raw inner markup as much as possible, making it hard to provide full backwards compatability with these existing filters. In this patch a new function is added which extracts the raw markup to maintain those existing behaviors. It requires a disclaimer to operate to try and encourage folks to use the structural and semantic methods provided by the HTML API. Where possible, existing code and filters should be updated so that they no longer depend on the raw HTML." dmsnell Needs Patch 59288 Blocks API JSX Map in Save function does not rerender Plugins 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-05T18:39:00Z 2023-09-05T18:39:00Z "Hi, I am building a custom block, it is a hero slider. In the parameters I am defining an attribute called slides which has an empty array as it's default value. In the Edit function : {{{ registerBlockType(""fa-gutenberg-blocks/fa-01-hero-slider"", { edit: Edit, save: Save, }); }}} It loads fine and I can create add new elements to it like so {{{ const addSlide = () => { const emptySlide = { title: """", description: """", media: { url: """", id: null }, ctaLabel: """", ctaURL: """", backgroundColor: ""#CCC"", }; const newCurrentSlide = slides.length; setAttributes({ slides: [...slides, emptySlide], }); setTimeout(() => { setAttributes( { currentSlide: newCurrentSlide, }, 200 ); }); }; }}} However in the Save function it does not load an empty array the attribute is undefined. To try and solve this I set the slides attribute to an empty array if undefined, as I added objects to the slides array they appeared in the Save function. I then called a array map method on the slides in the returned JSX in the save function which returned some html for each array item. When I loaded the the block on the actual page (not the edit screen) it did not render the mapped JSX html, but the attribute slides does contain the updated array. To see the full code view the repo here : https://github.com/frankastin2023/fa-hero-slider " frankastin2023 Changes Requested 59283 "Block Editor: Edit permalink slug for posts is only possible after clicking ""save as draft""" Editor normal normal 6.6 defect (bug) new changes-requested 2023-09-05T08:21:49Z 2024-02-05T21:01:58Z "Originally posted in Gutenberg https://github.com/WordPress/gutenberg/issues/50469 When creating a new post using the block editor, it's impossible to set the permalink of the post before you actually save the first draft of the post. It's different for the page editor where you can do so before. @andrewserong tracked this to the `permalink_template` property not being set on the initial request to fetch the auto-draft post." youknowriad Has Patch / Needs Testing 59282 WordPress should register custom error and exception handlers Bootstrap/Load 6.4 normal normal Awaiting Review feature request new has-patch 2023-09-04T20:06:18Z 2023-09-05T12:51:50Z "WordPress relies on PHP's `display_errors` setting for error reporting. One unfortunate result of that is that errors containing HTML may be served to the browser unescaped. [https://github.com/WordPress/WordPress-Coding-Standards/ WordPress/WordPress-Coding-Standards] tries to help avoid this by having a sniff (WordPress.Security.EscapeOutput) that, among other things, asks that strings passed to `trigger_error()` and `throw new SomeClass()` be escaped. This is not a very good solution for a few reasons: * It doesn't do anything about errors or exceptions thrown by PHP itself. * It doesn't do anything about errors or exceptions thrown by libraries that might be bundled into themes or plugins or any custom code blog authors might inject. * It means that text-based log files, non-HTML emails, CLI output, and the like will contain HTML entities. Instead we should follow the principle that values should be escaped close to the point of output, when we know what kind of escaping will be needed. Which, in the context of PHP, means using `set_error_handler()` and `set_exception_handler()` to handle the outputting. While #43712 is similar to this issue, the reasons and solution space are different. That ticket wants enhanced handling of errors for better user experience. This ticket is satisfied with the existing UX, it just wants error output fixed properly instead of trying to make every generated error be ""safe"" in order to avoid the potential bugs. See also https://github.com/WordPress/WordPress-Coding-Standards/issues/2374#issuecomment-1703370109 where @jrf suggested I file this ticket. " bjorsch Needs Patch 59281 Support for Database Cursor Database normal normal Awaiting Review feature request new 2023-09-04T19:34:08Z 2023-09-27T13:47:35Z Is it possible to do a cursor query using the `$wpdb` instance or could it be added, which will return a generator (yield)? heera Needs Dev / Bug Wrangler Feedback 59276 Wrong notice is showing up on the Privacy Policy page settings in WP dashboard. Privacy normal normal Awaiting Review defect (bug) new dev-feedback 2023-09-04T10:33:04Z 2023-09-05T10:35:59Z "If Admin does not select any page for Privacy policy from the Admin Dashboard and save the settings, the notice that appears shows that the page has been updated. **How to reproduce:** 1. Navigate to Settings > Privacy. 2. Keep 'Change your Privacy Policy page' dropdown unselected. 3. Save settings by clicking on 'Use This Page' button. **Expected Result:** As there is no page selected in dropdown, it should not show the notice that page has been updated. [[Image(https://ibb.co/3hyK6BY)]] **Environment Details:** WordPress version: 6.3.1 Browser: Chrome Version 116.0.5845.111 OS version: Windows 10 PHP version: 7.4.33 Server: Apache/2.4.57 Active Theme: Twenty Twenty-Three Active Plugins: None " anveshika Needs Patch 59275 PHP 8.1 Deprecated function: rtrim(): Passing null to parameter Formatting 6.2.2 normal normal Awaiting Review defect (bug) assigned 2023-09-04T06:09:51Z 2023-09-04T06:11:47Z "Deprecated - rtrim(): Passing null to parameter #1 ($string) of type string is deprecated used in wp-includes/formatting.php:2809 rtrim() wp-includes/formatting.php:2809 untrailingslashit() wp-includes/formatting.php:2794 trailingslashit() wp-content/mu-plugins/http-concat/concat-utils.php:27 WPCOM_Concat_Utils::realpath() wp-content/mu-plugins/http-concat/cssconcat.php:84 WPcom_CSS_Concat->do_items() wp-includes/functions.wp-styles.php:68 wp_print_styles() wp-includes/class-wp-hook.php:308 do_action('wp_head') wp-includes/general-template.php:3049 wp_head() wp-includes/template-canvas.php:17 MU Plugin: http-concat" srishtis Needs Patch 59274 (Updates) update-core.php Upgrade/Install 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-03T23:04:51Z 2023-09-03T23:16:15Z "I am using WordPress 6.3.1. Theme: ColorMag Pro URL: https://suncatcherstudio.com/ When I press on ""Updates"" rather than getting a graphical interface, I am getting a list of textual links as shown in the attached image. Is this a bug? This is the first time I noticed this problem. https://billrosener.com/temp2/wordpress-updates-menu.png Do you know how I can get back to a graphical version?? Thank you, Bill " rosener Needs Patch 59273 Plugin: Create Block Theme Bug General 6.3 normal minor Awaiting Review defect (bug) assigned 2023-09-03T18:40:57Z 2023-09-04T11:40:34Z "I'm not sure where to file this bug. So please put it whereever it's relevant. When I use the Create Block Theme plugin with WP 6.3 and try to install a Google Font this error comes up: ""Error: `DISALLOW_FILE_EDIT` cannot be enabled in wp-config.php to make modifications to the theme using this plugin."" I have tried to enable this in the wp_config.php, but this does not work. Adding fonts should be more easy in the theme. " perthykjaerjensen Needs Patch 59272 wp-admin search/column order not working when running not on port 80 Administration 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-02T12:49:40Z 2023-09-02T12:49:40Z "Hey, we are currently running WP 6.3.1 internally on a different port ( localhost:8182 ). WordPress itself works without problems. Only when you on the wp-admin page search for a keyword in a CPT or change the order, the port gets deleted from the URL. I found following part of the core source where the problem happens: https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/class-wp-list-table.php#L1381 Would be nice to respect the site url from the settings or not delte the port when used." canic Needs Patch 59271 Issue With the Duotone filter With Image in Editor Editor 6.3 normal normal Awaiting Review defect (bug) new 2023-09-02T07:06:23Z 2024-02-20T05:54:26Z "While Adding an Image & apply custom Duotone filter in it & choose custom Shadow & highlights to the image at that time image not display on front end with given shadows. It works in backend editor, But in frontend it doesn't work properly. refer below video form same https://www.awesomescreenshot.com/video/20433189?key=59d607fc51153fcb135dc6af3931b17c WP Version : 6.3 PHP Version : 8.0" dhruval04 Needs Patch 59270 Excerpts Not Showing Bold Text ... Editor 6.3 normal normal 6.6 defect (bug) new 2023-09-02T01:47:36Z 2024-02-17T14:26:45Z The text itself shows, but it does not show the bold attributes as it did up until 6.2.2. hmnvtn Has Patch / Needs Testing 59269 Add support for adding metadata in bulk Database normal normal Awaiting Review enhancement new has-patch 2023-09-01T22:39:01Z 2023-09-01T23:43:31Z "Related: #34848 This ticket aims to introduce functions for bulk inserting metadata in a manner that's more performant than calling the `add_*_meta()` functions multiple times per object. This is particularly beneficial during large imports or data generation where `add_*_meta()` is called many times for a large number of users, posts, comments, or terms. This can be achieved by inserting all the metadata for the object in one INSERT query and only deleting the object's meta cache once. The existing filters and actions that are triggered when calling the `add_*_meta()` functions individually should still all be fired as expected, once for each meta key. The performance benefit should grow as the number of rows to insert increases, because both the number of database queries and the number of cache deletions for the object should remain constant (`O(1)`) rather than increasing correspondingly to the number of rows (`O(n)`). That said, there does appear to be a sweet spot after which the performance of one large INSERT query starts to degrade, although according to the PHPBench tests I've added it still remains overall more performant than multiple queries. Some more testing is needed across different payload sizes and database versions." johnbillion Needs Patch 59266 Fatal error: Uncaught Error: Call to undefined function list_files() General normal normal Awaiting Review defect (bug) new 2023-09-01T17:37:05Z 2023-09-04T06:14:12Z Fatal error: Uncaught Error: Call to undefined function list_files() brunobird Needs Patch 59265 Reset password form is not sending recovery email General 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-01T15:05:47Z 2023-09-01T15:05:47Z "Reset password email is not sending. Once you're ""domain.com/dashboard/retrieve-password/"" URL, after put email or username for recovery, email with link is never sent. It is in WP version 6.3.1" ardaniela Needs Patch 59264 Some block parts (navigation) break when top level folder gets renamed Editor 6.3.1 normal normal Awaiting Review defect (bug) new 2023-09-01T14:03:12Z 2023-09-01T14:25:10Z "Steps to reproduce: - clean install of 6.3.1 - set up any block theme as current theme - rename the top folder where the wordpress installation is lying (i needed to do it because of switching URL) -> block navigation is broken This is also the case when put wordpress into troubleshooting mode or using any other block theme with a menu. I tracked it down and it seems that some css is not coming any more to the page. {{{ this is home.'; if ( is_front_page() ) echo '---------------> this is frontpage.'; ?> }}} see image below where i added the php code [[Image(https://share.getcloudapp.com/lluXB459)]] The complete altered index.php of the 20-21 theme below {{{#!php

            this is home.'; if ( is_front_page() ) echo '---------------> this is frontpage.'; ?> === [https://wiki.php.net/rfc/json_validate New json_validate() function] > > This function is a high-performance way to validate json prior to decoding it. This function cannot be polyfilled without a performance hit. > > However, due to the potential for using json for Denial-of-Service attack vectors (via a HUGE file/stream), I would strongly recommend for WP Core to start using this new function in all appropriate places wrapped within an `if ( function_exists() ) {}`. > > The `json_decode()` function is used 44 times within `src` (excluding external dependencies). > > We may want to consider introducing a `wp_json_decode()` function to ensure the use of `json_validate()` (when available). > This would then mirror the already existing [https://developer.wordpress.org/reference/functions/wp_json_encode/ `wp_json_encode()`] function." jrf Needs Dev / Bug Wrangler Feedback 59233 Improve error handling for unserialize() General normal normal 6.6 task (blessed) new dev-feedback 2023-08-28T23:47:32Z 2024-02-26T22:05:20Z "From https://core.trac.wordpress.org/ticket/59231: > === [https://wiki.php.net/rfc/unserialize_warn_on_trailing_data Make unserialize() emit a warning for trailing bytes] > > While based on the current test suite, WP is not ''directly'' affected by this, the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function could still be confronted by data with trailing bytes. > > However, the call to the PHP native `unserialize()` within `maybe_unserialize()` silences all (PHP 8.0+: non-fatal) errors, so this new warning will not affect WP or its ecosystem as long as the `maybe_unserialize()` function is used. > > Having said that, a critical look at `maybe_unserialize()` may be warranted as the new warning in PHP is related to security issues discovered in other projects, so WP may want to consider rejecting unserialization for data throwing this warning. > > Also note that there are 7 uses of `unserialize()` in total within WP Core, one within `maybe_unserialize()`, but the function is also used in 6 other places and 5 of those do not use error silencing. > > > === [https://wiki.php.net/rfc/improve_unserialize_error_handling Improve unserialize() error handling] > > This, again, affects the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function and this time, the code should probably be adjusted to handle the new errors which `unserialize()` can now throw. > > The change does not affect unserializing valid data, but in the case of invalid data, the type of and severity of the notices/warnings/catchable exceptions have been changed. > > All 7 uses of `unserialize()` in WP Core should be reviewed and for the 6 uses outside of the `maybe_unserialize()` function, it should be reviewed whether they can/should switch to using `maybe_unserialize()` and/or whether they should get their own (improved) error handling. " jrf Has Patch / Needs Testing 59232 Introduce #[Override] attribute to mark overloaded methods General 6.4 normal normal 6.6 enhancement new has-patch 2023-08-28T23:44:04Z 2024-02-12T09:16:58Z "From https://core.trac.wordpress.org/ticket/59231: > === [https://wiki.php.net/rfc/marking_overriden_methods Marking overridden methods] > > This is a new feature which will be introduced in PHP 8.3, with limited validation functionality attached. The attribute basically allows to mark methods in a (child) class/interface which overload a method in a parent class or from an interface, as doing so intentionally. > > Per the RFC: > > ... being able to express if a method is intended to override another method or implement an interface would make it easier to debug a mistake, to refactor and to clean up existing code. Another possible use case is to easily detect a possibly breaking change in a parent class that was provided by a library without needing to read the changelog in detail or missing some item in the list of changes > > I'd like to advocate for adding these attributes to WP Core in all the relevant places as it: > * Increases awareness of the method overload for contributors. > * Can serve as a warning that the method signature should not be touched (unless the parent method signature changes). > * Has no downside as attributes are ignored in older PHP versions and in PHP versions where the attribute referenced does not exist. > > In the rare case that the attribute, once added, would result in a fatal error, that would be fantastic, as that means we have actually found a bug in WP before it got into a stable release." jrf Has Patch / Needs Testing 59231 Prepare for PHP 8.3 General 6.4 normal normal 6.6 task (blessed) new has-patch 2023-08-28T23:15:51Z 2024-02-17T16:12:34Z "This is a meta ticket to track the efforts to prepare for PHP 8.3. For PHP 8.0/8.1/8.2 specific fixes, please refer to the generic WP 6.4 PHP 8.x ticket: #58850 Please link patches related to a specific PHP 8.3 related task to the appropriate dedicated issue, if there is one (see the links in the description below). Generic/one-off PHP 8.3 related patches can be linked to this ticket. ---- == PHP 8.3: Important dates PHP 8.3 is [https://wiki.php.net/todo/php83 expected to be released on November 23 2023]. Other note-worthy dates: * The first alpha was released on June 8th 2023. * Feature freeze started on July 18, 2023. **Note**: The below represents the status per August 28, 2023. As PHP 8.3 is in feature freeze, these statuses should be reasonably reliable. == Readiness of essential tooling === [https://github.com/composer/composer Composer] Current status: * CI for Composer itself was not yet being run against PHP 8.3. I've opened [https://github.com/composer/composer/pull/11601 a PR] for this. ''[JRF: this PR has since been merged]'' * I've ran linting, PHPCompatibility (bleeding edge) and the test suites against PHP 8.3 and found no problems for PHP 8.3 though. * The only issues I've managed to identify are in the test suite of Composer, which has no impact on end-users of Composer. === [https://github.com/sebastianbergmann/phpunit PHPUnit] Current status: * CI for PHPUnit itself is being run against PHP 8.3. * No known issues in the last release supported for the WP test suite (9.6.11). === [https://github.com/Yoast/PHPUnit-Polyfills PHPUnit Polyfills] Current status: * CI for PHPUnit Polyfills itself is being run against PHP 8.3. * No known issues in the last release (1.1.0). === [https://github.com/wp-cli/wp-cli WP-CLI] Current status: * CI for WP-CLI was not (yet) being run against PHP 8.3. A [https://github.com/wp-cli/.github/pull/68 PR to change this has been opened and merged]. * **''Status unknown''**. === Other tooling Other (PHP) tooling doesn't necessarily have to run against PHP 8.3 (yet), so has not been evaluated. == Initial DevOps Tasks Typical tasks which need to be executed to allow WordPress to prepare for PHP 8.3: === [https://github.com/WordPress/wpdev-docker-images Docker] * Add PHP 8.3 to the Docker images. A [https://github.com/WordPress/wpdev-docker-images/pull/113 PR for this] was merged on July 26, 2023 === GitHub Actions * Add PHP 8.3 to the GitHub Actions `phpunit-tests.yml` configuration. [https://github.com/WordPress/wordpress-develop/pull/5106 GH PR #5106] ''[JRF: this PR has since been merged]'' Notes: - Test failures on PHP 8.3 should not (yet) fail the build, but as the actual script to run the tests has been moved, it is currently impossible to use `continue-on-error` as that keyword is not supported when calling a reusable workflow... /cc @desrosj == PHP 8.3 changes for which WordPress will need to prepare === [https://wiki.php.net/rfc/deprecations_php_8_3 Generic deprecations for PHP 8.3] Based on initial (bleeding edge) PHPCompatibility scans + the tests, WP is not affected by the deprecations which passed from this RFC (not all of them did). === [https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signature Deprecation of functions with overloaded signatures] This RFC only partially affects PHP 8.3. If a replacement is readily available already, the deprecation of the overloaded signature takes place in PHP 8.3. If no replacement was available, the replacement functions are being introduced in PHP 8.3 and the actual deprecation of the overloaded signature takes place in PHP 8.4. Based on initial (bleeding edge) PHPCompatibility scans + the tests, WP is affected by two of the deprecations in PHP 8.3: * `get_class()` and `get_parent_class()` - this is already being tracked in #58876, there is a patch available, which IMO is ready for commit. ''[JRF: the PR for this has since been merged]'' * `ReflectionProperty::setValue()` with static properties. [https://github.com/WordPress/wordpress-develop/pull/5105 GH PR #5105] ''[JRF: this PR has since been merged]'' The other deprecations in this RFC do not appear to affect WP Core at this time. There is one - `stream_context_set_option()`, which will impact Requests, but only in PHP 8.4 and [https://github.com/WordPress/Requests/pull/822 a patch has already been pulled] for this. === [https://wiki.php.net/rfc/saner-inc-dec-operators Saner increment/decrement operators] To my surprise, I have not found any issues in WP with this change based on the tests alone, but I would not be surprised if the odd issue around this gets reported over time. === [https://wiki.php.net/rfc/marking_overriden_methods Marking overridden methods] This is a new feature with limited validation functionality attached. The attribute basically allows to mark methods in a (child) class/interface which overload a method in a parent class or from an interface, as doing so intentionally. Per the RFC: > ... being able to express if a method is intended to override another method or implement an interface would make it easier to debug a mistake, to refactor and to clean up existing code. Another possible use case is to easily detect a possibly breaking change in a parent class that was provided by a library without needing to read the changelog in detail or missing some item in the list of changes I'd like to advocate for adding these attributes to WP Core in all the relevant places as it: * Increases awareness of the method overload for contributors. * Can serve as a warning that the method signature should not be touched (unless the parent method signature changes). * Has no downside as attributes are ignored in older PHP versions and in PHP versions where the attribute referenced does not exist. In the rare case that the attribute, once added, would result in a fatal error, that would be fantastic, as that means we have actually found a bug in WP before it got into a stable release. Separate ticket to allow for discussing this proposal in more detail and for patches: #59232. === [https://wiki.php.net/rfc/unserialize_warn_on_trailing_data Make unserialize() emit a warning for trailing bytes] While based on the current test suite, WP is not ''directly'' affected by this, the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function could still be confronted by data with trailing bytes. However, the call to the PHP native `unserialize()` within `maybe_unserialize()` silences all (PHP 8.0+: non-fatal) errors, so this new warning will not affect WP or its ecosystem as long as the `maybe_unserialize()` function is used. Having said that, a critical look at `maybe_unserialize()` may be warranted as the new warning in PHP is related to security issues discovered in other projects, so WP may want to consider rejecting unserialization for data throwing this warning. Also note that there are 7 uses of `unserialize()` in total within WP Core, one within `maybe_unserialize()`, but the function is also used in 6 other places and 5 of those do not use error silencing. === [https://wiki.php.net/rfc/improve_unserialize_error_handling Improve unserialize() error handling] This, again, affects the [https://developer.wordpress.org/reference/functions/maybe_unserialize/ `maybe_unserialize()`] function and this time, the code should probably be adjusted to handle the new errors which `unserialize()` can now throw. The change does not affect unserializing valid data, but in the case of invalid data, the type of and severity of the notices/warnings/catchable exceptions have been changed. All 7 uses of `unserialize()` in WP Core should be reviewed and for the 6 uses outside of the `maybe_unserialize()` function, it should be reviewed whether they can/should switch to using `maybe_unserialize()` and/or whether they should get their own (improved) error handling. Separate ticket to allow for discussing this and the previously listed RFC in more detail and for patches: #59233. === [https://wiki.php.net/rfc/assert-string-eval-cleanup Deprecate remains of string evaluated code assertions] As WP Core does not use assertions, it is not affected by the changes in this RFC. Plugins/themes may still be affected, though I'd hope none of those would use `assert()`.* * `assert()` is intended for dev-only use. The behaviour of `assert()` is heavily affected by ini settings which cannot be changed at runtime, which means that end-users may be confronted by unexpected fatal errors due to the use of `assert()` if they run on an incorrectly configured webhost. === [https://wiki.php.net/rfc/proper-range-semantics Define proper semantics for range() function] This RFC adds a number of errors and warnings for incorrect use of the `range()` function. WP Core has 8 uses of this function in `src`, 2 in `class-wp-text-diff-renderer-table.php` and 6 in various files from external dependencies. I've visually reviewed each of these and they all look to be okay, though a check to safeguard that the WP native uses are covered sufficiently by tests would be prudent. [TODO] === [https://wiki.php.net/rfc/datetime-exceptions More Appropriate Date/Time Exceptions] This RFC reclassifies warnings and errors from the DateTime extension to catchable Exceptions when the OO-interface is used (procedural use of the DateTime functionality is not affected). Based on the tests, WP Core is not affected by this and as the DateTime use of WP Core is pretty well tested, I'm fairly confident, we'll be fine. === [https://wiki.php.net/rfc/json_validate New json_validate() function] This function is a high-performance way to validate json prior to decoding it. This function cannot be polyfilled without a performance hit. However, due to the potential for using json for Denial-of-Service attack vectors (via a HUGE file/stream), I would strongly recommend for WP Core to start using this new function in all appropriate places wrapped within an `if ( function_exists() ) {}`. The `json_decode()` function is used 44 times within `src` (excluding external dependencies). We may want to consider introducing a `wp_json_decode()` function to ensure the use of `json_validate()` (when available). This would then mirror the already existing [https://developer.wordpress.org/reference/functions/wp_json_encode/ `wp_json_encode()`] function. See: #59234 == Status of External Dependencies === [https://github.com/JamesHeinrich/getID3 GetID3] Current status: * Linting is enabled against PHP 8.3. The build passes without finding any PHP 8.3 related issues. * **Important**: the project has no test suite, so the linting passing on PHP 8.3 is only a small comfort and does not provide any real security. * In other words: **''status unknown''**. * WordPress is using the latest version (1.9.22), see #56692 === [https://github.com/PHPMailer/PHPMailer PHPMailer] Current status: * Linting and tests are being run against PHP 8.3. * No known issues in the last release (6.8.0) (aside from something in the PHPMailer test suite, which doesn't affect WP). * WordPress is using the latest version, see #57873 === [https://github.com/WordPress/Requests Requests] Current status: * Linting and tests are being run against PHP 8.3. * No known issues in the last release (2.0.7) (aside from something in the Requests test suite, which doesn't affect WP). * WordPress is using the latest relevant version `2.0.6`, see #58079. Requests 2.0.7 only updated the certificates bundle, while WP uses its own) === [https://github.com/simplepie/simplepie SimplePie] Current status: * Tests are being run against PHP 8.3. * No known issues in the current `master` branch. * WordPress is behind and is still using version `1.5.8`, while the latest release is `1.6.0`, see #55604 I've done a test run of SimplePie 1.5.8 against PHP 8.3 and based on the tests, there are no relevant PHP 8.3 issues known at this moment. === [https://github.com/paragonie/sodium_compat Sodium Compat] Current status: * A [https://github.com/paragonie/sodium_compat/pull/160 PR has been opened] to enable running of the tests against PHP 8.3. The build passes without finding any PHP 8.3 related issues. ''[JRF: this PR has since been merged]'' * No known issues in the last release (1.20.0). * WordPress is using the latest version, see #58224. === [https://github.com/openwall/phpass PHPass] Current status: * Tests are being run against PHP 8.3. * No known issues in the current `main` branch, which translates to the `0.5.4` version. * WordPress is using version `0.5.0`, but the script is a little out of sync with upstream, though not in a way that it impacts the running of WP on PHP 8.3." jrf Needs Patch 59228 Links in 6.3 missing new window.nofollow.etc Editor 6.3 normal normal Awaiting Review defect (bug) new 2023-08-28T18:01:09Z 2024-01-25T21:05:12Z "Hi Updated to 6.3 and when adding a link can add the link but there is no option for new window, nofollow, etc like before. I assume it is just missing not intentionally so passing it on. I can add it with code using the code editor but not as easy. Thanks in advance" tradiecorp Needs Patch 59216 add a filter on WP_User::get_data_by() Users normal normal Awaiting Review feature request new 2023-08-27T09:59:55Z 2023-08-27T09:59:55Z "Hello i speak about this function https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/class-wp-user.php#L193-L260 function WP_User::get_data_by() $user = $wpdb->get_row( $wpdb->prepare( ""SELECT * FROM $wpdb->users WHERE $db_field = %s LIMIT 1"", $value ) ); It would be cool to filter the query or provide a own query. Backstory: i run a shop under different domains and want that user can register with the same mail on different domains but in background is the same WP Instance. " stefanxyz Needs Reporter Feedback / Steps To Reproduce 59215 Bug in wp_set_post_categories function Taxonomy 6.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-08-27T07:58:34Z 2023-08-31T04:49:17Z `wp_set_post_terms( $post_id, $post_categories, 'category', $append );` category is being passed staticky. so `wp_set_post_categories` is not working to map custom category with custom post type. it is not making any entry for custom post type in the table `wp_term_relationships`. faaiq Needs Patch 59211 Plugins should be sandboxed on update to prevent fatal errors Plugins normal normal Awaiting Review enhancement new 2023-08-26T11:33:27Z 2023-08-26T11:33:27Z "If a plugin is already active, it will be updated without sandboxing. Steps to reproduce: - install a plugin - copy the plugin folder elsewhere - make a change in code which will trigger a fatal error (call for non-existing class for example) - bandle the changed folder into zip and install through the plugin upload" oglekler Has Patch / Needs Testing 59207 Twenty Thirteen: correct styling for Button & File block links in front-end widget areas (Footer & Sidebar) Bundled Theme 5.8 normal normal Awaiting Review defect (bug) new has-patch 2023-08-25T17:56:24Z 2023-09-03T04:55:04Z "**Twenty Thirteen Theme:** Button Block Background & Text Color issue & File Button Text Color issue in Frontend Widget Section **Step to Reproduce the Issue:** =========================== 1. Activate Twenty Thirteen Theme. 2. Take Button Block in Widget Section. 3. Check With Default Button styles and Also Check with Background Color & Text Color Selection in Button Block.**(Frontend & Backend button text Colors & Background colors are different)** 4. Check With File Block in Main Widget Area Section** (Button's Text Are not Visible in Frontend Footer)** ** You will able to see below issues:** ============================ i) Default Button Background Color & Text Color are not same in Backend Widget Section and in Frontend. ii) User Selected Text Color & Background Color are not showing in front-end Widget section. iii) When Add File button in Footer Widget Section(Main Widget) , Text is not visible in Frontend Side in footer section. I have attached video for better understanding. Video URL : https://drive.google.com/file/d/1kZtfeubGmEWfMrS5cU78eqBXdwKcD8Po/view" shailu25 Changes Requested 59204 Twenty Nineteen: Separator block does not center as expected Bundled Theme normal normal 6.6 defect (bug) new changes-requested 2023-08-25T10:59:49Z 2024-02-05T20:56:50Z "Steps to reproduce the issue. 1. Activate Twenty Nineteen theme. 2. Take Separator block. 3. Choose WideLine option. 4. Applied Align-center You can able to see both the side in editor and in the Front side that the Separator is not Center aligned. I have attached video for better understanding. Video URL :-https://share.cleanshot.com/TMvKdn60v7Jh0rzKmNG0" nidhidhandhukiya Changes Requested 59203 Twenty Nineteen: fix Separator block's full-width size and placement Bundled Theme 6.3 normal normal Awaiting Review defect (bug) new changes-requested 2023-08-25T10:51:40Z 2023-09-06T03:55:07Z "Steps to Reproduce the issue :- 1. Activate Twenty Nineteen Theme. 2. Take Separator Block. 3. Choose Default from the styles. 4. Choose Full-width. You can able to see two issues. 1> In editor side the separator is not visible. 2> Both side editor and front end even after applying full-width it is not showing in full width. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/4ybJ9CQsCPR33NW1DPLm" nidhidhandhukiya Needs Patch 59201 Taxonomy Query Loop Editor normal normal Awaiting Review feature request new 2023-08-25T08:22:58Z 2023-08-25T14:29:42Z "Hello, In the page editor and FSE, we really need a way to query terms like the ""Query Loop"" block does. Am I the only one who needs this? A ""**Taxonomy Query Loop**"" block would list them by tree structure, displaying the title and description. Either inherited from the query, or on a specific taxonomy and a specific parent term. Thank you so much Stephan" StephanR Changes Requested 59195 deprecation notice triggered in post.php by passing null to parameter #2 in preg_match() Media 6.3 normal normal Awaiting Review defect (bug) new changes-requested 2023-08-24T20:01:52Z 2024-02-15T17:32:16Z "I've trying to force myself to use PHP 8.2 to get our plugins into shape, but am still running into a deprecation notice in post.php when viewing the Media Library in list mode: {{{ PHP Deprecated: preg_match(): Passing null to parameter #2 ($subject) of type string is deprecated in /sites/test.example.com/files/wp-includes/post.php on line 3298 }}} Checking if $real is true before preg_match() is run seems to fix this particular one, but maybe to be safe an is_string( $real ) should be run also?" nosilver4u Needs Patch 59194 Lazy Loading not applying at all in the front page template Editor 6.3 normal critical Awaiting Review defect (bug) new 2023-08-24T19:42:58Z 2023-08-24T19:51:22Z We have many sites built in the full site editor, but none of the images will lazy load within the front page template. No images have the lazy load attribute and google page speed insights detect that none of them are lazy loaded devoantor Needs Reporter Feedback / Steps To Reproduce 59192 New image crop interface don't work in windows 10. Scale works. Media 6.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-08-24T18:33:19Z 2023-08-29T21:44:29Z "Win 10, 64GB RAM, Plenty SSD Shared hosting, Dreamhost Browsers tried: Chrome, Brave, Firefox, even Opera... Loving the new image-edit interface concept, but: Media -> Select Image -> Edit Image -> Crop -> AR: 1:1 -> Apply Crop -> ... Nothing Save Edits remains gray. No changes made. Media -> Select Image -> Edit Image -> Scale -> New Dim: 500w -> Scale ... ""Image Saved"" notice. ""Save Edits"" remains gray. Changes saved. I'm trying to scale and crop an image. It looks like a better workflow than before, but this crop is still a no-go. I am pretty familiar with the old method, so the new method will certainly be an improvement. I use WordPress's crop function regularly. I'd love to see the fixed asap. Hope this helps. Chris" Laughter On Water Needs Patch 59191 Disqus Commenting Plugin Blocked by Twenty Twentythree Theme Comments normal normal Awaiting Review defect (bug) new close 2023-08-24T18:19:29Z 2023-08-24T20:03:20Z "Hi there, This is Ryan at Disqus. We've noticed that WordPress theme Twenty Twenty-three blocks the Disqus Commenting Plugin from loading, which is confusing for WordPress site owners trying to use and test this plugin, or install Disqus generally to their site while using this theme. Please note that the Disqus plugin is designed to load over and replace the native WP comments form. I've attached two images of the same page with different themes, and you can see Disqus appearing correctly in the theme with green background, but only the WP native comments form appears in the Twenty Twenty-three theme We're happy to collaborate or provide additional details as needed, I can be reached directly at `email address removed`. Edit by @audrasjb: email address removed." disqussupport Needs Dev / Bug Wrangler Feedback 59182 Plugin/theme zip update screen max-width Upgrade/Install 5.5 normal minor Awaiting Review enhancement new dev-feedback 2023-08-24T09:55:54Z 2023-08-26T05:22:21Z "Hi, Can we set the max-width to 100rem instead of 40rem? Current CSS for wrap class. {{{ .update-php .wrap { max-width: 40rem; } }}} it should be {{{ .update-php .wrap { max-width: 100rem; } }}} let me know if this makes sense or not, please. For more information see mentioned screenshot below. " sumitsingh Needs Dev / Bug Wrangler Feedback 59177 dbDelta doesn't handle changing the DEFAULT value of a column from NULL to '' Upgrade/Install normal normal Awaiting Review defect (bug) new dev-feedback 2023-08-23T15:40:02Z 2023-09-05T17:33:33Z "Shouldn't this be a strict comparison https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/upgrade.php#L3064? Otherwise that condition will be false and the column will remain unchanged. " bogdanhapcayardicom Has Patch / Needs Testing 59173 Improve optimizations of get_site_url by not using switch_to_blog Networks and Sites normal normal Awaiting Review enhancement new has-patch 2023-08-23T14:15:11Z 2023-08-24T20:57:33Z "I belive a better approach would be to use the `WP_Site_Query` query, as in: {{{#!php domain . $site->path; // If the network has a custom domain, use that instead. if ( $site->domain !== \get_network()->domain ) { $url = get_network()->domain . $site->path; } } $url = set_url_scheme( $url, $scheme ); if ( $path && is_string( $path ) ) { $url .= '/' . ltrim( $path, '/' ); } /** * Filters the site URL. * * @since 2.7.0 * * @param string $url The complete site URL including scheme and path. * @param string $path Path relative to the site URL. Blank string if no path is specified. * @param string|null $scheme Scheme to give the site URL context. Accepts 'http', 'https', 'login', * 'login_post', 'admin', 'relative' or null. * @param int|null $blog_id Site ID, or null for the current site. */ return apply_filters( 'site_url', $url, $path, $scheme, $blog_id ); } }}} " PerS Needs Reporter Feedback / Steps To Reproduce 59172 wp_query meta_query NOT EXISTS not creating correct sql query Database 6.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-08-23T12:53:28Z 2023-09-05T16:55:37Z "With the following wp_query: {{{#!php ""ids"", ""post_type"" => ""shop_order"", ""post_status"" => array('wc-processing'), ""posts_per_page"" => ""-1"", ""offset"" => ""0"", 'meta_query' => array( 'relation' => 'AND', array( 'key' => 'scg_is_glass', 'value' => ""1"", ), [ 'relation' => 'OR', [ 'key' => 'scg_processed', 'value' => ""0"", 'compare' => '=', ], [ 'key' => 'scg_processed', 'value' => ""0"", 'compare' => 'NOT EXISTS', ], ] ), 'date_query' => array( array( 'after' => date('Y-m-d', strtotime('-1 month')), ), ), ); }}} The outputeed sql query is the following: SELECT wp_posts.ID FROM wp_posts LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) LEFT JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id ) LEFT JOIN wp_postmeta AS mt2 ON ( wp_posts.ID = mt2.post_id AND mt2.meta_key = 'scg_processed' ) WHERE 1=1 AND (wp_posts.post_date > '2023-07-23 23:59:59') AND ( ( wp_postmeta.meta_key = 'scg_is_glass' AND wp_postmeta.meta_value = '1' ) AND ( ( mt1.meta_key = 'scg_processed' AND mt1.meta_value = '0' ) OR **mt2.post_id IS NULL** ) ) AND wp_posts.post_type = 'shop_order' AND ((wp_posts.post_status = 'wc-processing')) GROUP BY wp_posts.ID ORDER BY wp_posts.post_date DESC If you looked at the bolded (mt2.post_id IS NULL) above you would expect it to be: **( mt2.meta_key = 'scg_processed' AND mt2.meta_value IS NULL )**" anteatersa Needs Reporter Feedback / Steps To Reproduce 59170 Overlapping text when posting using iPhone Editor 6.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-08-23T09:27:02Z 2023-09-05T16:30:50Z "I have a website and I always get article submissions from authors, they write using Microsoft Office (maybe they use a bit older version, because the new 365 desktop version has no problem), on my iPhone I open the article using Office 365, and a strange thing happens : 1. If I use a block editor, the text will overlap 2. If I use the classic editor, many spaces are lost so that many words are attached without spaces. here I provide you an example of overlapping text: [https://drive.google.com/file/d/1c167tWdPd6k_n7_tWeRwi-9qOmgZ34nr/view?usp=sharing] the website is freshly installed using twenty twenty three theme." readonecc Has Patch / Needs Testing 59169 Deprecated arguments description is a bit misleading. General normal trivial Awaiting Review defect (bug) new close 2023-08-22T23:31:30Z 2023-08-23T09:39:10Z "Here: https://developer.wordpress.org/reference/functions/get_bloginfo/ in the description of the function “Deprecated arguments include: ‘siteurl’ – Use ‘url’ instead” is a bit misleading. “‘siteurl’ – Use ‘wpurl’ instead” is correct." sulemanhelp Needs Patch 59164 Twenty Nineteen : Site Title Block Color Section is not reflecting properly in Editor & Frontend Side Bundled Theme normal normal Awaiting Review defect (bug) new 2023-08-22T12:42:49Z 2023-08-24T04:40:34Z "In Twenty Nineteen theme, 1. The colour selected is not reflected on the frontend side 2. When we select the background then the colour is not reflected in the editor also. Video of the issue generated : https://drive.google.com/file/d/1dv9C0hRltm6bLbmfvw53sSEFj5Zz_lw0/view?usp=sharing" pitamdey Needs Patch 59163 Fatal error: Cannot declare class WP_Metadata_Lazyloader, because the name is already in use in /home1/tarotcardco/public_html/wp-includes/class-wp-metadata-lazyloader.php on line 32 General normal normal defect (bug) reopened 2023-08-22T07:45:57Z 2023-08-22T11:24:59Z i can not login to backend how to fix this error ashwiniravipatil Needs Patch 59162 Link not completely deleted in Firefox TinyMCE normal normal Awaiting Review defect (bug) new 2023-08-21T16:10:46Z 2023-08-24T20:23:11Z "**Steps to reproduce** 1. Create a new page 2. Insert a classic editor block 3. Enter ""Link1"" and ""Link2"" in separate paragraphs and link them to `https://link1.tld` and `https://link2.tld`. The resulting code should look like this: {{{

            Link1

            Link2

            }}} 4. Click on ""Save"" to close the block and reopen it afterwards 5. Start by marking the word ""Link1"" from the back, without clicking in the word first. 6. Press the Delete key on the keyboard. The text will be deleted, but the link will remain. 7. Press the Delete key again. The empty line will be deleted and the previously not completely deleted link will be applied to the text ""Link2"". Thus, Link2 no longer points to `https://link2.tld` but `https://link1.tld`. **Expected result** Link is completely deleted in step 6. **Affected browsers** Firefox (tested in version 116 on Windows 10 and 11) **Test environment** WordPress 6.3 with theme Twenty Twenty-Three 1.2 on PHP 8.1, no plugins installed" dawasi Needs Patch 59158 Altering Details block styles doubling .wp-block-details class in the output Formatting 6.3 normal normal Awaiting Review defect (bug) new 2023-08-21T12:32:34Z 2023-08-21T13:47:23Z "By defaut Details block styles outputs styles for inner paragraph like: {{{ .wp-block-details>:not(summary) { margin-block-end: 0; margin-block-start: var(--wp--style--block-gap); }}} ---- If I want to change margin-block-start on the block level styles I use: {{{ .wp-block-details>:not(summary) { margin-block-start: 0;} }}} BUT it outputs: {{{ .wp-block-details.wp-block-details>:not(summary) { margin-block-start: 0;} }}} ---- HOWEVER, If I use the same in the Additional CSS section of Styles Editor it produce expected: {{{ .wp-block-details>:not(summary) { margin-block-start: 0;} }}} " randewoo Has Patch / Needs Testing 59152 Need some css improvement on wordpress installation ( install.php ) page for mobile screen. General 6.4 normal normal Awaiting Review enhancement new has-patch 2023-08-20T09:51:54Z 2023-08-24T09:04:29Z We can improve the style ( spacing ) of description text below the password field on wordpress installation ( install.php ) page for mobile screen. See the screenshot for more clarification. ravigadhiyawp Needs Dev / Bug Wrangler Feedback 59149 Inconsistent Behaviour of Block Editor while Adding/Searching for Blocks Editor 6.3 normal normal Awaiting Review defect (bug) new dev-feedback 2023-08-19T05:56:17Z 2023-09-02T06:32:59Z "WP Version 6.3 I'm facing an strange issue while searching the fields from the block editor. When I'm at the end of page or when scroll to end of page then I'm trying to search a custom block it suddenly jump from its position. for details refer the below video url for same. https://www.awesomescreenshot.com/video/20061317?key=12384a49ae5e729e95556d9498c1a107 " dhruval04 Needs Patch 59148 WordPress CDN/Mirror plugins/themes... General normal normal Awaiting Review feature request new 2023-08-19T04:16:53Z 2023-08-19T04:16:53Z "Hello. Does the wordpress theme and plugin repository have a distributed CDN/Mirrors system? We are a cloud hosting service provider in Vietnam. Our customers 90% use wordpress. And when connecting to wordpress to download, update, and get plugin/theme information, the connection is often lost. Because our country VN has a connection to the international or interrupted. Don't know if WordPress.org has distributed servers to download data?" tranbinhcse Has Patch / Needs Testing 59142 X/Twitter posts cannot be embedded Embeds normal normal 6.6 enhancement reopened has-patch 2023-08-18T15:42:05Z 2024-02-12T09:14:58Z When a link to a Tweet/X post is copied in the Twitter/X app (iPhone), it is the x.com address that is copied, not the twitter.com address. When this is inserted in a WordPress post, the post is not embedded, like a Twitter.com post. aphandersen Needs Patch 59139 "Marketing / ""fairness"" : Change ""Classic Themes"" to ""Template Themes""" Themes normal normal Awaiting Review enhancement new 2023-08-18T12:03:39Z 2023-09-04T20:54:12Z "With total respect to the term ""Classic themes"", I think it feels old fashioned, which is a bit unfair to the power involved behind the scenes. ""Template Themes"" (WPTT) would be a recognition of WordPress pioneering a long time ago. A tribute to it's visionary approach at that time. And a tribute to its relevance and pioneering today, where we see so many tools and solutions being created with the same intent but not so powerful - if some recognition and dedication would be implemented to maintain it a state of the art solution. FSE is super powerful. PHP templating is super powerful." ridesirat Needs Dev / Bug Wrangler Feedback 59138 Duotone filter selector does not apply when using Image block alignment Editor 6.3 normal normal Future Release defect (bug) new close 2023-08-18T10:52:33Z 2024-02-20T05:50:28Z "Steps to reproduce the issue :- 1. Activate Twenty Seventeen theme. 2. Choose Image block. 3. Use Alignment 4. Give Highlight or shadow to the block. You can able to see it is working fine in editor side but having issue in front side when alignment is applied. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/tDbCt0h3fTLVMMhbK4xt" nidhidhandhukiya Needs Patch 59135 Ability to list plugins by activation date/time Administration normal normal Awaiting Review enhancement new 2023-08-17T20:47:28Z 2023-08-21T10:58:20Z "The idea here is to provide a way to show the list of active plugins ordered by activation date/time. This was suggested by a friend of mine who was having a hard time tracking down which plugin on his site had caused a problem because he couldn't remember which one he had last activated. Given that deactivating plugins one at a time to track down which one is causing problems is a common technique, this seems like it might be generally helpful to WP users. Details need to be flushed out on where and how to show this information. The plugins page seems like the most obvious target, the site health page might be another." josephscott Changes Requested 59133 Collapse Menu title consistency Administration normal normal Awaiting Review enhancement new changes-requested 2023-08-17T18:25:16Z 2023-08-18T20:54:25Z "I notice a thing that every menu and submenu title in administration area are capitalize but Collapse menu title is different. I think it could be capitalize also. " alireyad Needs Reporter Feedback / Steps To Reproduce 59132 Create two filters in wp_scripts() and wp_styles(). Script Loader 4.2 normal normal Awaiting Review enhancement new reporter-feedback 2023-08-17T18:19:00Z 2023-11-27T21:00:48Z "I'd like to know if it's possibile to change this: {{{#!php myDynamicCallback(...); self::myStaticCallback(...); }}} ''**The 3 dots ""..."" are not omission - it is the syntax**'' Now this syntax actually works for `add_filter` however, it can fail (and I've encountered cases where it fails) for `remove_filter` which leads to very unexpected results. Temporary bypass can be done using `remove_all_filters` or the old-school syntax `[__CLASS__, 'myStaticCallback']`. The core issue is in the function `_wp_filter_build_unique_id` which generates the key under which the callback is stored, more specifically, in the way how the PHP's `spl_object_hash` work - this sentence from docs ""This id can be used as a hash key for storing objects, or for identifying an object, **as long as the object is not destroyed**."" Now this is an educated wild guess, but I would guess that the callable objects created by the First-class callable syntax may not live that long and garbage collector can destroy them if it sees fit. Anyways... the core is - `spl_object_hash` is NOT the right tool to cache ALL callables, but can only be used where the callable is passed around (e.g. stored in a variable) and therefore it is ensured it's still the same object (I would hope). **Solution** ...for such cases is to create a `\ReflectionFunction` instance and check for `getClosureScopeClass()` and `getName()` :-) https://www.php.net/manual/en/class.reflectionfunction.php https://www.php.net/manual/en/reflectionfunctionabstract.getclosurescopeclass.php https://www.php.net/manual/en/reflectionfunctionabstract.getname.php" jave.web Needs Patch 59124 Dropdown navigation not displaying past the header Editor 6.3 normal major Awaiting Review defect (bug) new 2023-08-16T18:04:53Z 2023-08-16T18:58:36Z "This is happening on multiple sites. This is an example: https://www.mightyepiphyte.com/ Since the recent WordPress update the drop-down menu is no longer showing below the header." ManellyC Needs Patch 59122 List blocks not working in 6.3 Post Formats 6.3 normal major Awaiting Review defect (bug) new 2023-08-16T15:49:38Z 2023-08-16T16:50:04Z " List blocks can be created in editing, but it is glitchy and jumps around. When the post is saved, the list disappears, along with all information contained in it. Sometimes, it crashes the site (freezes, have to close out and restart) This happened directly after updating to newest version 6.3 Reported by several people in forums https://wordpress.org/support/topic/ordered-unordered-lists-not-working-in-6-3/ " jennyd2 Needs Patch 59120 Measure interactivity metrics in performance tests Build/Test Tools normal normal Future Release defect (bug) new 2023-08-16T08:51:38Z 2023-10-27T10:15:36Z "This is a follow-up to #58360. While we have some good load time metrics so far, we don't measure interactivity metrics yet. We're particularly looking at these 3 metrics: * [https://web.dev/tbt/ Total Blocking Time] (TBT) * [https://web.dev/fid/ First Input Delay] (FID) * [https://web.dev/inp/ Interaction to Next Paint] (INP) They can be measured using libraries like Lighthouse or https://github.com/GoogleChrome/web-vitals. Interactivity metrics require some sort of interaction during the test, so we need to figure out specifics. " swissspidy Needs Patch 59119 Measure layout stability metrics in performance tests Build/Test Tools normal normal Future Release defect (bug) new 2023-08-16T08:48:44Z 2023-08-16T08:48:44Z "This is a follow-up to #58360. While we have some good load time metrics so far, we don't measure layout stability yet. [https://web.dev/cls/ Cumulative Layout Shift] (CLS) can be measured using libraries like Lighthouse or https://github.com/GoogleChrome/web-vitals." swissspidy Needs Patch 59117 The WORST of ALL Bugs (Version 6.3) General 6.3 normal normal Awaiting Review defect (bug) new 2023-08-15T21:47:15Z 2023-08-28T20:26:35Z "Dear friends, good afternoon. I know that, at 1st. Vista may believe that, this is not the right place to write this. But give me a few minutes and I will (de)show you that it is. To gain time, below is the link to the ticket in which the subject was discussed; https://wordpress.org/support/topic/huge-error-for-my-site-when-upgrading-to-6-3/page/2/#post-16969028 If they READ it all (That is, the 2 flaps that said ticket includes), they will realize (I hope) that… 1) It is a problem that you generated ONLY in the latest version 6.3 2) NONE of the solutions provided by v/collaborator WORKED. 3) They caused me (and they cause me) MANY inconveniences (even LEGAL) To summarize (and in case you don't feel like reading so much, heh:)… a) I have been designing my site on v/platform for +3 years. Ergo… b) There is NO way for ME to implement the suggested fixes. And that is why… c) I am NOT going to update WordPress to its latest version (6.3) until this is resolved. So, for finishing… - Why do I say that it is a problem generated by you? Simple. Because until version 6.2 I DID NOT have it. - Why do I think they should fix it as soon as possible? Because if you look, in the same forum, there are MANY similar claims in THAT sense. And finally… Why do I think this is the WORST security bug WordPress can have? Easy. Because if it is not solved (FAST) I (and probably MANY more), will leave our installation with the previous version (6.2.2). And – if so – as I'm sure you know, I'll be left open to whatever attacks you guys have sought to address with your latest version (6.3). And then? So, if my hosting does not suspend me (Potential Legal Problem that I mentioned before), it could even affect other sites that are within my hosting (which is obviously shared, so I can NOT afford the ""luxury"" of anything else ). Ergo. If many sites (like mine) do NOT update to 6.3 and like me, they share their hostings, a problem that is generated in one, could affect ALL of them. Having said that… If you keep track of these tickets, you'll see that in the +3 years I've been using WordPress, there was NEVER an entry to this section, which is said to be for… …”suggest improvements and report bugs in WordPress”… But it seemed necessary to me because, from what I see, SEVERAL days have passed since I created the ticket whose link I attached and, we did NOT find the solution. And, what is worse, I do NOT think you will find them in the forums. Why? Simple. Because if you READ the ticket in question in detail, you will see that the ONLY one in a position to provide a solution is WordPress itself! That's all for now (I hope you understand). I await your comments. Thanks in advance. Greetings. PS: As I already mentioned in the ticket mentioned above, what will NOT happen is that… I have to rewrite my ENTIRE site (+120 thousand words) for a problem that I did NOT create! " atutrabajo Needs Patch 59114 Infinite loop after upgrading from WordPress 6.1.3 to 6.2 Script Loader 6.3 normal normal Awaiting Review defect (bug) new 2023-08-15T20:20:09Z 2023-08-30T18:10:34Z "Regeristing a function with the 'wp_video_shortcode_library' filter hook that enqueues a script causes an infinite loop, resulting in WordPress running out of memory. It seems that the $wp_scripts global is being set to null at some point and being reinitialized, which causes this loop since the 'wp_video_shortcode_library' filter is called as part of the wp_default_scripts function in script-loader.php. This is my theory anyways. I'm not familiar enough with the WordPress codebase to say for sure. To recreate this issue, you can make a basic theme with an empty index.php, only the theme definition inside the style.css, an empty js file (to try to enqueue), and a functions.php that registers the hook. {{{#!php Limit: 20 row(s) (no early end due to SQL_CALC_FOUND_ROWS) (cost=744 rows=20) (actual time=12..13.1 rows=20 loops=1) -> Sort: wp_posts.post_date DESC (cost=744 rows=3620) (actual time=12..12.8 rows=7407 loops=1) -> Filter: ((wp_posts.post_type = 'attachment') and ((wp_posts.post_status = 'inherit') or (wp_posts.post_status = 'private'))) (cost=744 rows=3620) (actual time=0.0505..8.37 rows=7407 loops=1) -> Index range scan on wp_posts using type_status_date over (post_type = 'attachment' AND post_status = 'inherit') OR (post_type = 'attachment' AND post_status = 'private') (cost=744 rows=3620) (actual time=0.0459..5.63 rows=7407 loops=1) }}} {{{ EXPLAIN ANALYZE SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts FORCE INDEX(idx_type_date) WHERE 1=1 AND wp_posts.post_type = 'attachment' AND ((wp_posts.post_status = 'inherit' OR wp_posts.post_status = 'private')) ORDER BY wp_posts.post_date DESC LIMIT 0, 20 -> Limit: 20 row(s) (no early end due to SQL_CALC_FOUND_ROWS) (cost=142 rows=20) (actual time=0.214..15.3 rows=20 loops=1) -> Filter: ((wp_posts.post_status = 'inherit') or (wp_posts.post_status = 'private')) (cost=142 rows=688) (actual time=0.211..15 rows=7407 loops=1) -> Index lookup on wp_posts using idx_type_date (post_type='attachment') (reverse) (cost=142 rows=3619) (actual time=0.207..13.4 rows=7407 loops=1) }}} To replicate this, we've installed latest WordPress version and MySQL 8, and create the following post_status count structure: {{{ mysql> select post_status, count(*) from wp_posts group by post_status; +-------------+----------+ | post_status | count(*) | +-------------+----------+ | inherit | 7407 | | draft | 1 | | publish | 23 | | auto-draft | 1 | +-------------+----------+ 4 rows in set (0.01 sec) }}} Can this be considered as a core improvement to the wp_posts table that would directly benefit the Media related queries? Basically, if MySQL 8 decides that the new index is faster, specially for Media search queries, it will simply pick that on up as opposed to using the original index or dropping it fully if it considers its much more efficient to do a full table scan. From our database, a search query for term `test` shows an improvement of 0.5 seconds of this basic search media query: {{{ MySQL []> SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts FORCE INDEX(type_status_date) WHERE 1=1 AND wp_posts.post_type = 'attachment' AND ((wp_posts.post_status = 'inherit' OR wp_posts.post_status = 'private')) and post_title like ""%test%"" ORDER BY wp_posts.post_date DESC LIMIT 0, 1; +---------+ | ID | +---------+ | xxxxxxx | +---------+ 1 row in set, 1 warning (3.867 sec) MySQL []> SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts FORCE INDEX(idx_type_date) WHERE 1=1 AND wp_posts.post_type = 'attachment' AND ((wp_posts.post_status = 'inherit' OR wppp_posts.post_status = 'private')) and post_title like ""%test%"" ORDER BY wp_posts.post_date DESC LIMIT 0, 1; +---------+ | ID | +---------+ | xxxxxxx | +---------+ 1 row in set, 1 warning (3.244 sec) }}} Thanks for considering this." ovidiul Needs Patch 59104 duotone is not applied to videos in the cover block in safari Editor 6.3 normal normal Awaiting Review defect (bug) new 2023-08-14T16:01:43Z 2023-08-22T20:49:58Z "Dear Team, duotone (svg filter) is not applied to videos in cover block in safari (screenshot safari). In edge for example it works (screenshot ms edge). I would be very happy about a solution. Many greetings Kiril" kiandept Needs Patch 59103 Gutenberg 16.4 Footnotes Critical Bug on PHP 8.0 Editor 6.3 normal critical Awaiting Review defect (bug) new 2023-08-14T15:58:42Z 2023-08-29T00:01:56Z "I am currently using WordPress version 6.3, PHP 8.0. There is no issue initially when creating a post with the footnotes block, and is able to publish the post. After a while, when trying to edit the same post again, I will see the critical error as such as seen in the attachment. {{{ PHP Fatal error: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in /wordpress/plugins/gutenberg/16.4.0/build/block-library/blocks/footnotes.php:37 Stack trace: #0 /wordpress/core/6.3/wp-includes/class-wp-block.php(258): gutenberg_render_block_core_footnotes(Array, '', Object(WP_Block)) #1 /wordpress/core/6.3/wp-includes/blocks.php(1133): WP_Block->render() #2 /wordpress/core/6.3/wp-includes/blocks.php(1171): render_block(Array) #3 /wordpress/core/6.3/wp-includes/class-wp-hook.php(310): do_blocks('

            }}} If I define the constant earlier, for example in the mu-plugins, the problem is solved. Let me know, if I need to provide more details " margaritaperc Needs Patch 59019 WP 6.3 deleted my additional CSS Upgrade/Install 6.3 normal critical Awaiting Review defect (bug) new 2023-08-09T11:01:22Z 2023-08-23T18:31:14Z "I’m developing a new site and trying out the FSE for the first time. My theme is a child of a third-party theme. When I updated to WP 6.3 this morning it completely removed all of my CSS that I have been adding to the FSE > Styles > Additional CSS panel. Luckily I had done a backup just before the update." petervandoorn Needs Patch 59017 Duotone not working in 6.3 Editor 6.3 normal normal Future Release enhancement new 2023-08-09T07:35:24Z 2023-10-03T20:49:01Z "When the WordPress Accessibility Day website updated to 6.3 today the duotone filters we have set on images stopped working. Rolling core back to 6.2.2 solves this problem. #58994 references changes to duotone in 6.3, however, bugs still exist. Here's an example page on a site running 6.3 where duotone is no longer working: https://2023.wpaccessibility.day/about/organizers/. " alh0319 Needs Patch 59016 Able to login successfully .. but I'm unable to open wordpress dashboard.. General 6.3 normal normal Awaiting Review defect (bug) new 2023-08-09T07:06:53Z 2023-08-09T14:53:49Z skylerfashion Needs Reporter Feedback / Steps To Reproduce 59015 Twenty Twenty-Three: Theme failure after updates Bundled Theme 6.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-08-09T05:03:36Z 2023-09-09T09:38:49Z "I updated WordPress to 6,3 - all OK. I updated Twenty-Twenty-three theme. Twenty-Twenty-three Live Preview returns completely blank screen. (Active theme : Generate Press works fine)" rossbateson Needs Patch 59014 PHP Fatal error in post-template.php Posts, Post Types 6.3 normal minor Awaiting Review defect (bug) new 2023-08-09T03:40:21Z 2023-10-31T00:34:33Z "Hi there, I hope this email finds you well. Unfortunately, we've recently encountered a critical error that requires immediate attention. This issue pertains to the single page templates, specifically an example like this: https://volunteeringqld.org.au/governance/before-you-join/. The error was not present a week ago, and we're currently grappling to determine its cause. This problem was initially observed on both WP6.22 and WP6.3. The post https://volunteeringqld.org.au/governance/before-you-join/ connected to a single template php `mytemplate/single-governance-before-you-join.php`, what calls `` what throws error ""There has been a critical error in this website"" and output steam finishes. Log error gives this line: {{{ ""PHP message: PHP Fatal error: Uncaught TypeError: Unsupported operand types: WP_Post - int in /.../wp-includes/post-template.php:330 Stack trace: #0 /.../wp-includes/post-template.php(247): get_the_content() #1 /.../wp-content/themes/volunteeringAU/single-governance-before-you-join.php(411): the_content() #2 /.../wp-includes/template-loader.php(106): include('...') #3 /.../wp-blog-header.php(19): require_once('...') #4 /.../index.php(17): require('...') #5 {main} thrown in /.../wp-includes/post-template.php on line 330', referer: https://volunteeringqld.org.au/governance/"" }}} To address this, we have applied the following code snippet in `post-template.php` line 330: {{{ if( ! is_int($page_no)) { $page_no = 1; // Igor //echo ''; } }}} When echo ancommented it gives {{{ Array ( [page] => WP_Post Object ( [ID] => 5 [post_author] => 7 [post_date] => 2021-10-21 04:24:08 [post_date_gmt] => 2021-10-21 04:24:08 [post_content] => [post_title] => Home [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => home [to_ping] => [pinged] => [post_modified] => 2023-05-26 13:50:03 [post_modified_gmt] => 2023-05-26 03:50:03 [post_content_filtered] => [post_parent] => 0 [guid] => https://volunteeringqld.org.au/?page_id=5 [menu_order] => 0 [post_type] => page [post_mime_type] => [comment_count] => 0 [filter] => raw ) [more] => 1 [preview] => [pages] => Array ( [0] =>

            Achieving a good transition to the next volunteer who will take over from you has benefits for you, the organisation, and the incoming governance member. Let’s explore things you can do to ensure a good handover.

            In this stage of your Governance journey we explore:

            ) [multipage] => 0 ) }}} As you can see, instead of having 1 in `$elements['page']`, it contains a `WP_Post` object of the very first post from the database, even not the one that is displayed. We are hopeful that this information helps you in resolving the issue and that a solution will be included in an upcoming patch. Please don't hesitate to reach out if you require more details or assistance. Best regards, Igor " volqld Needs Patch 59012 Option to change Twitter Bird to Twitter X logo Bundled Theme normal normal Future Release enhancement reopened 2023-08-09T03:33:41Z 2023-08-15T05:29:38Z "The Twitter logo changed to X. The Twitter icon in the social widget block and embed block still has the bird logo in it. " kafleg Has Patch / Needs Testing 59009 units missing in media details Media normal normal Awaiting Review defect (bug) new has-patch 2023-08-08T22:15:29Z 2023-08-09T21:47:37Z "Some units are missing which have been there before, see #39667 Length and Dimensions have no units anymore. I don't know since when, just found out using v6.3 This is the view you get after clicking a video in media gallery (Attachment Details) and then click on ""Edit more details""" Presskopp Needs Patch 59007 Allow to show an additional custom tagline on the blog page Themes 6.3 normal normal Awaiting Review enhancement new close 2023-08-08T20:51:06Z 2023-08-14T14:25:51Z "Hello everybody. Here in Brazil, many major news portals have a part of the news that the editors call the Hat of the news. It's like a subtitle of the news. Ex: Category: Politics Hat: Confusion at the CPI I would like to know if this is possible to be inserted in WordPress without the help of a plugin. Example of sites that use this. G1, UOL among others. In this first print, see that the article is in the Politics category: https://prnt.sc/xOFhUjnjn7kT But here, in the hat, the article category does not appear, a custom title appears: https://prnt.sc/zdaTa4W7DWSx" juniortavares Changes Requested 59006 No title attribute on oEmbed and REST API s audrasjb Embeds 6.2.2 normal normal 6.6 enhancement reviewing changes-requested 2023-08-08T19:24:56Z 2024-02-20T09:28:35Z "By default, WordPress adds three `` of every post. These are missing the `title=""...""` attribute. This means that some browsers will announce the links as ""alternate"" with no explanation of their destination - see screenshot attached. The three links are: {{{ }}} Ideally, these would have `title=""JSON""`, `title=""oEmbed (JSON)""`, `title=""oEmbed (XML)""` or similar." edent Needs Patch 58993 "metadata_exists() returns incorrect value when ""get_{$meta_type}_metadata"" filter returns false." Options, Meta APIs 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-07T14:58:38Z 2023-10-30T18:16:14Z "metadata_exists() applies the ""get_{$meta_type}_metadata"" filter. If the $single metadata value is false, 0, an empty string, or an empty array (see https://www.php.net/manual/en/language.types.boolean.php), then metadata_exists() will return false instead of true (ie. the metadata exists). {{{ function metadata_exists( $meta_type, $object_id, $meta_key ) { . . . $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, true, $meta_type ); if ( null !== $check ) { return (bool) $check; } }}} If any value is returned, then the metadata exists, so the code should be: {{{ function metadata_exists( $meta_type, $object_id, $meta_key ) { . . . $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, true, $meta_type ); if ( null !== $check ) { return true; } }}} js." jsmoriss Needs Patch 58992 "get_metadata_raw() ""get_{$meta_type}_metadata"" filter can return incorrect value for $single = true" Options, Meta APIs 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-07T14:52:21Z 2023-10-30T18:10:59Z "The ""get_{$meta_type}_metadata"" filter includes the $single argument for the filter to return a single element or the complete metadata array. **If the single element happens to be an array**, and that array is returned because $single = true, then **the following code breaks the returned value** (it returns the first element instead of the array). If the array is an associative array, then it also breaks the returned value as `$check[0]` is not a valid element. {{{ $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, $single, $meta_type ); if ( null !== $check ) { if ( $single && is_array( $check ) ) { return $check[0]; } else { return $check; } } }}} Since $single is provided to the filter, the code should respect the returned value: {{{ $check = apply_filters( ""get_{$meta_type}_metadata"", null, $object_id, $meta_key, $single, $meta_type ); if ( null !== $check ) { return $check; } }}} js." jsmoriss Needs Patch 58991 Twenty Twenty One: font-weight setting doesn't work on button block Bundled Theme normal normal Awaiting Review defect (bug) new 2023-08-07T12:31:18Z 2023-08-07T12:31:18Z "Originally reported by @upadalavipul in the Gutenberg project. https://github.com/WordPress/gutenberg/issues/53338 The Button block can have their font-weight changed using the Appearance control in the block sidebar. This style is applied to the element with the `.wp-block-button` class as inline style. However, Twenty Twenty One applies font-weight to the element with the `.wp-block-button__link` class in it, so that style is not applied." wildworks Needs Patch 58989 Avatar block alignment is not working well in some themes Editor normal normal Awaiting Review defect (bug) new close 2023-08-07T07:02:48Z 2024-02-07T08:55:35Z "Avatar block alignment is not working in some themes like Twenty Twenty-one, Twenty nineteen, Twenty Seventeen and Twenty Sixteen but it is working fine with Twenty Twenty-two & Twenty Twenty-Three. **The Main issue is that centre align is not reflected in editor side** Here is a Video of the issue along with how it works : https://drive.google.com/file/d/1YIng2VrJY9Zt1dgqD-Pg7_Lps4LaDoIW/view?usp=sharing" pitamdey Needs Patch 58987 Unify usage of die(), die( '-1' ), exit(); General normal minor Awaiting Review enhancement new 2023-08-06T09:46:23Z 2023-08-06T12:46:51Z "like mentioned [[https://core.trac.wordpress.org/ticket/58420#comment:6|here]] I'd like to know if we want to unify the different die() calls we use: {{{#!php // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } }}} (mostly used, having a comment) {{{#!php if ( ! defined( 'ABSPATH' ) ) { die(); } }}} (**not** having a comment), like seen in **\wp-admin\link-parse-opml.php**, **\wp-admin\site-health-info.php** or even {{{#!php if ( ! defined( 'ABSPATH' ) ) { exit(); } }}} like seen in **\wp-includes\rss-functions.php**" Presskopp Needs Dev / Bug Wrangler Feedback 58986 TypeError: Unsupported operand types: string * int * Date/Time 6.2.2 normal normal Future Release defect (bug) reopened dev-feedback 2023-08-05T17:08:48Z 2024-03-18T17:57:31Z "Path: `/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php` File: `class-wp-rest-posts-controller.php` Line: 1833 **Expression Error:** `get_option('gmt_offset') * HOUR_IN_SECONDS` **Rais Exception:** `TypeError: Unsupported operand types: string * int` Suggested Fix: `intval(get_option('gmt_offset')) * HOUR_IN_SECONDS` Thanks " nurielmeni Needs Patch 58984 WordPress FontSizePicker Default Label issue Editor 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-04T20:41:49Z 2023-08-05T03:57:39Z "If you have five or fewer font sizes, the WordPress `FontSizePicker` component will default to the labels 'S / M / L / XL / XXL'. There doesn't appear to be a way to change these labels, which can problematic, for example if your names begin XS rather than S, or you use numbers for names e.g. 10 / 30 / 50. To recreate the issue, within `theme.json`, add the following (or another) example of 5 or fewer default typography sizes to `settings.typography.fontSizes`: {{{ ""fontSizes"": [ { ""size"": ""clamp(0.625rem, 0.3438rem + 0.75vw, 1rem)"", ""slug"": ""10"", ""name"": ""10"" }, { ""size"": ""clamp(1rem, 0.7188rem + 0.75vw, 1.375rem)"", ""slug"": ""20"", ""name"": ""20"" }, { ""size"": ""clamp(1.25rem, 0.9688rem + 0.75vw, 1.625rem)"", ""slug"": ""30"", ""name"": ""30"" }, { ""size"": ""clamp(1.5rem, 1.2188rem + 0.75vw, 1.875rem)"", ""slug"": ""40"", ""name"": ""40"" }, { ""size"": ""clamp(1.875rem, 1.5938rem + 0.75vw, 2.25rem)"", ""slug"": ""50"", ""name"": ""50"" } ] }}} Then when editing any page, attempt to amend the paragraph size of text (or any other block that uses your font sizes). You'll see that the labels within the `FontSizePicker` component are 'S / M / L / XL / XXL', which have no relationship to the names that you'd set in `theme.json`. Part of a solution could be to add a 'shortLabel' field to `theme.json` `settings.typography.fontSizes`, which would be used instead of the defaults by the `FontSizePicker` react component, when five or fewer font sizes are used. An alternative solution would be to provide a slider, similar to padding and margin resizing." paulpooka Needs Patch 58983 Old error message from 5.1 reappeared in 6.2.2 Networks and Sites 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-04T16:33:41Z 2023-08-08T16:29:04Z "The following error message appears in multisite installations after upgrade to 6.2.2 Performing the network upgrade doesnt seem to get rid of the message `Notice: Function wp_check_site_meta_support_prefilter was called incorrectly. The wp_blogmeta table is not installed. Please run the network database upgrade. Please see Debugging in WordPress for more information. (This message was added in version 5.1.0.) in .../wp-includes/functions.php on line 5865` The table itself doesnt seem to exist in the database nor is it being created. Its no affecting any multi site functionality though. The hosting is Wp-Engine if that matters." namith.jawahar Needs Patch 58982 Tools > Export does not include termmeta data for post categories Export 6.3 normal normal Awaiting Review enhancement new 2023-08-04T12:44:38Z 2023-08-04T18:07:11Z "Steps to reproduce * Populate some posts and categories on a clean WordPress installation. * Add some term meta fields to those categories. * Go to Tools > Export and export Posts, then All categories. * The export file contains no `wp:category` entry for any categories, hence categories term meta fields are not included. * Go back to Tools > Export and export Posts, then a single category. * The new export file contains no `wp:category` entry for the selected category, hence its term meta fields are not included either. " jadpm Needs Patch 58979 "Layout breaking while editing an Image from ""Image Details Edit"" screen." Media 6.3 normal normal Awaiting Review defect (bug) new 2023-08-04T04:57:06Z 2023-08-07T16:13:03Z "== Bug Report === Description The layout is breaking while editing an Image from ""Image Details Edit"" screen. === Environment - WordPress: 6.3-RC3 - PHP: 7.4.12 - Server: Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.12 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.32 / Client: mysqlnd 7.4.12) - Browser: Chrome 114.0.0.0 (macOS) - Theme: Twenty Twenty-Three 1.2 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.2 === Steps to Reproduce 1. Open Media -> Library 2. Select an Image 3. Click the ""Edit Image"" button below the Image 4. Click ""Crop Image"". Crop settings are visible to the right of the Image 5. Now Click ""Scale Image"". Layout breaks. x. 🐞 Bug occurs. === Expected Results 1. ✅ Layout Should not break. At the very least, it should be consistent for scale and crop. === Actual Results 1. ❌ Layout breaks and lack of consistency. I am attaching Screenshots for reference." deepakvijayan Needs Patch 58975 Replace image deletes the link! Editor 6.1.1 normal normal Awaiting Review defect (bug) new 2023-08-03T20:18:55Z 2023-08-03T20:18:55Z "For the image block Gutenberg block, in a widget sidebar panel, I noticed that whenever I go to ""replace"" the image for a Gutenberg widget - with one that is higher resolution for example, the link of the image goes away! Noted this on several, both with ""upload"" and going to media library and uploading there." programmin Needs Patch 58969 Privacy setting > The ''Copied'' text also shows, When double-clicking on the 'Copy suggested policy text to clipboard' option, Privacy 6.3 normal normal Awaiting Review defect (bug) new 2023-08-03T12:09:39Z 2023-08-07T16:11:03Z " When double clicked the ''Copy suggested policy text to clipboard'' and paste it to the notes the ''copied'' text is also showing ( Only when double clicking ) === Environment - WordPress: 6.3-RC3-56344 - PHP: 7.4.33 - Server: TasteWP-S4 Official/3.0.0 - Database: mysqli (Server: 8.0.32-0ubuntu0.20.04.2 / Client: mysqlnd 7.4.33) - Browser: Firefox 116.0 (Windows 10/11) - Theme: Twenty Twenty-Three 1.2 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.2 === Steps to Reproduce 1. Open the wordpress 'policies' section 2. Double Click on the 'Copy suggested policy text to clipboard 'option 3. Paste the policy on the notepad or notes 4. ''Copied '' text is showing === Expected Results When you double-click on the 'Copy suggested policy text to clipboard' option, the 'Copied' text should not be displayed. === Actual Results When you double-click the 'Copy suggested policy text to clipboard' option, the 'Copied' text is also displayed." vivekawsm Needs Reporter Feedback / Steps To Reproduce 58967 Shortcode block text is not visible General 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-08-03T10:05:20Z 2023-08-14T10:18:36Z "Steps to reproduce the issue: 1. Create new page 2. Insert cover block 3. Insert shortcode block inside cover block 4. Result: shortcode block title and text are not visible because they are showing up with white font" johnquail Needs Patch 58965 No luck running WP when running PHP 8.2.8 + mysql Ver 15.1 Database 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-02T22:29:45Z 2023-08-02T23:00:52Z "Welp, cannot figure out how to get the latest version of WP installed...when I load it I get this error message: Your PHP installation appears to be missing the MySQL extension which is required by WordPress. Please check that the mysqli PHP extension is installed and enabled. I am using php-fpm and can see I have enabled: mysqlnd, pdo, pdo_mysql Obv can't run mysqli anymore...so I am not even sure why I am seeing this mysqli error? Anyone know how to work around it? Hopefully, it's just something dumb on my part but I am a bit restricted on the server this is running. " boyz2men Needs Patch 58954 php 8.1 preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated General 6.2.2 normal normal Awaiting Review defect (bug) new 2023-08-01T12:43:30Z 2023-08-01T20:40:21Z " Encountered when editing a page at /wp-admin/post.php?post=2&action=edit On line 6811 of wp-includes/post.php {{{ $ext = preg_replace( '/^.+?\.([^.]+)$/', '$1', $file ); }}} I found a lot of these tickets on trac, but couldnt find any for this specific instance. " TwentyZeroTwo Needs Patch 58952 Add search to get_the_archive_title() Themes normal normal Awaiting Review enhancement new 2023-08-01T09:40:07Z 2023-10-27T22:09:16Z "Add search archive title to get_the_archive_title(): {{{#!php Please wait ... }}} you will receive an error in the web development console section: {{{ GET https://DOMAIN.COM/wp-includes/js/tinymce/plugins/code/plugin.min.js Status 404 Not Found }}} == Does problem occur when all plugins deactivated and use the default theme? N/A == what is the expected output or result? What did you see instead? The expected outcomes would be: 1) the direcotry and file '//DOMAIN.COM/wp-includes/js/tinymce/plugins/code/plugin.min.js'would be available 2) tinymce would show the code icon 3) no error displayed == additional information Not that this really matters for this, more related to wordpress version os: alma 8.8 php: 7.4.33 AND 8.1 browser: not applicable " jobst Has Patch / Needs Testing 58948 Use Elvis operator (`:?`) to replace repeating ternary patterns (`a ? a : b`) General 6.3 normal trivial Awaiting Review enhancement new close 2023-07-31T17:54:39Z 2023-10-17T20:11:44Z "This is a somewhat big change, but a simple one at that. Replaces `a ? a : b` patterns of ternary statements to use the Elvis operator `a ?: b`. Null coalescing operator (`??`) was added in PHP 7.0, which WordPress now requires as the minimum version. However, to make this ticket focused and easier to review, this ticket only proposes the Elvis operator. On tainted lines, it follows WordPress CS to use uppercase constants (`NULL` instead of `null`, for example), and removes a few cases of unnecessary braces. Apart from them, the diff output should be quite minimal and straight forward. Perhaps, the review will be easier with word-diff (`git show --word-diff`), or on GitHub, where it highlights word diffs in the line-diff mode. Thank you." ayeshrajans Needs Patch 58945 Issues with downloading and unpacking plugins with PHP 8.2 Upgrade/Install 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-31T10:56:24Z 2023-10-28T23:46:33Z "Hello, I've encountered an issue when trying to download and install plugins or update WordPress on PHP 8.2, both from the admin dashboard and using WP-CLI. This issue does not occur on PHP 8.1. When attempting to install or update a plugin, the ZIP file is downloaded correctly, but when it comes to unzipping and installing, the process ends with an error of ""Could not copy file."". The same issue occurs during a WordPress update. I conducted a series of tests trying to pinpoint the issue. I carried out tests with both native PHP functions (curl, copy) and WordPress functions (download_url, unzip_file) that are typically used for downloading and installing plugins and updates. Moreover, I noticed that the issue also arises when trying to update to a previous version via WP-CLI. In this case, after the ZIP file is downloaded, unzipped, and attempted to install, an error of ""Warning: Could not copy file."" is produced. Here seems to be a WP-CLI cache clearing issue as empty zip files remain Given the above, I suspect that the problem might be due to some incompatibility between PHP 8.2 and the WordPress functions used for downloading and installing plugins and updates. Could someone take a look at this issue? Any help would be greatly appreciated. {{{ :~/public_html$ wp plugin update classic-editor Downloading update from https://downloads.wordpress.org/plugin/classic-editor.1.6.3.zip... Unpacking the update... Installing the latest version... Removing the old version of the plugin... Plugin updated successfully. +----------------+-------------+-------------+---------+ | name | old_version | new_version | status | +----------------+-------------+-------------+---------+ | classic-editor | 1.6.1 | 1.6.3 | Updated | +----------------+-------------+-------------+---------+ Success: Updated 1 of 1 plugins. :~/public_html$ wp plugin update classic-editor --version=1.6.1 Installing Classic Editor (1.6.1) Downloading installation package from https://downloads.wordpress.org/plugin/classic-editor.1.6.1.zip... Unpacking the package... Installing the plugin... Removing the old version of the plugin... Plugin updated successfully. Success: Installed 1 of 1 plugins. :~/public_html$ wp plugin update classic-editor Downloading update from https://downloads.wordpress.org/plugin/classic-editor.1.6.3.zip... Using cached file '/home/***/.wp-cli/cache/plugin/classic-editor-1.6.3.zip'... Error: Error copying cached file /home/***/.wp-cli/cache/plugin/classic-editor-1.6.3.zip to https://downloads.wordpress.org/plugin/classic-editor.1.6.3.zip :~/.wp-cli/cache/plugin$ ls -l total 0 -rw-r--r-- 1 *** *** 0 Jul 31 10:40 classic-editor-1.6.1.zip -rw-r--r-- 1 *** *** 0 Jul 31 10:40 classic-editor-1.6.3.zip }}} " pablo07 Needs Reporter Feedback / Steps To Reproduce 58944 Upload to Media Library not replicating to all pod's 6.2.2 Media 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-07-31T10:18:52Z 2023-10-04T15:34:54Z "Hello, after updating from WP 6.1.1 to 6.2.2 the new uploaded images start to apear ""broken"" on Media Library. If we refresh the page several time's we will see the image ok, but if we refresh it again it will be broken. We are running the WP in kubernetes, so we have several pod's. This behaviour means the uploaded image is no longer been replicated to all pod's. So it only exist's in one pod. After reverting to 6.1.1 all is ok." vitorgandra Needs Patch 58941 I have found a lot of bugs in fact General normal normal Awaiting Review defect (bug) new 2023-07-31T07:07:49Z 2023-07-31T07:07:49Z "Previously I've already reported a bug as the following link: https://core.trac.wordpress.org/ticket/58875 There is a bug also for the styling in theme.json. I found that once the default style in theme.json file is set, sometimes it is impossible to change again by the user as the style in theme.json have been set to !important. For example, I've set the color for general text to be dark grey, and if I now assign a blue color to the paragraph text, this property is being overridden by theme.json's setting, as I can inspect the property of that text. It has been set to !important. Well, I think that there is really a lot of bugs since I am just a normal user, I am not even a professional web developer. I can discover so many bugs within just a week. I appreciate the search bar feature, but other than that, it is a bit horrible. " titanchan Needs Patch 58939 Option to bypass fetch_feed cache on call. Feeds normal minor Awaiting Review feature request new 2023-07-30T20:47:35Z 2023-07-30T20:47:35Z "I have a use case where users are limited to the normal 12 hour cache restrictions, but I would like to enable admins to be able to bypass the cache and pull the feed. Maybe a filter or optional parameter that would allow this? " picard102 Needs Patch 58938 Custom permalink indexing issue Customize 6.2.2 normal critical Awaiting Review defect (bug) new 2023-07-30T10:35:29Z 2023-07-30T10:35:29Z "Good morning, If we choose the personalized permalink and remove the ""/"" at the end. The site will not index, except for the homepage. No message will appear in the search console. Bug found twice on sites that weren't indexed for more than 30 days. This unblocked the situation in 24 hours. Cordially, LECLERC-WEB" lavega45 Has Patch / Needs Testing 58935 White page on admin.php in WordPress Dashboard General normal normal Awaiting Review enhancement new has-patch 2023-07-29T18:09:08Z 2023-08-02T10:22:12Z "Hello there, As we all know, plugins (e.g. WooCommerce, etc.) are using `wp-admin/admin.php` to handle their option pages. e.g. `http://localhost/wp-admin/admin.php?page=wc-admin` The problem is, when we navigate to `admin.php` without any query string, it shows a white screen. I believe we can improve it by showing a message or redirecting to the main page of the dashboard. e.g. `http://localhost/wp-admin/admin.php`" masoudin Has Patch / Needs Testing 58934 Twenty Twelve: Table Block does not align center on front end Bundled Theme 5.0 normal normal Awaiting Review defect (bug) new has-patch 2023-07-29T14:42:36Z 2023-08-02T05:45:03Z "The table block align center isn't working properly in the Twenty Twelve theme. https://www.awesomescreenshot.com/video/19525205key=509a355b0cb5d20ad84771b9693fbad2" truptikanzariya Needs Reporter Feedback / Steps To Reproduce 58933 plugin-install.php search works incorrect Plugins 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-07-29T11:41:02Z 2023-08-08T16:43:13Z "i got 29 pages as result of search but after i go to last page more results coming also search very weak by default many irrelevant results coming after search with 2 keywords " AlexeyVertinsky Has Patch / Needs Testing 58932 wp_setup_nav_menu_item() throws PHP warning when using virtual menu-items Menus 5.4 normal normal Awaiting Review defect (bug) new has-patch 2023-07-29T00:25:24Z 2023-07-29T00:35:45Z "I believe this bug was introduced in [changeset:""47211""] === TLDR === `wp_setup_nav_menu_item()` calls `get_post()` but does no sanity checking before calling `get_post_states()` with what might be a null. Adding a simple `if ( $menu_post !== null )` before calling `get_post_states()` resolves this issue. I've added a patch. === Details === I have an old plugin (pre-dating above commit) that renders custom dynamically-generated drop-down menus (eg. recent posts, yearly archives). The plugin is somewhat based on https://www.ibenic.com/understanding-wordpress-menu-items/ but is a bit more involved. It's a stable and simple plugin. The way the plugin works is it adds a single menu-item meta-box in the Menu editor page. However on the front it dynamically generates submenu items that don't show on the Edit Menu page. On the front the plugin creates virtual/fake `WP_Post` objects at runtime that are fed into `Walker_Nav_Menu_Checklist`. Therefore these objects have no corresponding `$menu_post` in the database. Since WordPress 5.4, core throws multiple `Attempt to read property ""post_status|ID"" on null` notices on every page load. These notices have been upgraded to warnings in PHP 8. {{{ wp-admin/includes/template.php:2288 get_post_states() wp-includes/nav-menu.php:839 wp_setup_nav_menu_item() wp-includes/nav-menu.php:839 array_map() wp-includes/nav-menu.php:727 wp_get_nav_menu_items() wp-admin/nav-menus.php:596 }}}" apedog Needs Patch 58927 Set featured image missing General 6.2.2 normal major Awaiting Review defect (bug) reopened close 2023-07-28T07:13:02Z 2023-08-24T22:53:05Z "Latest version 6.2.2, php version 8.1 Why it happens - unknown Happens even if all plugins deactivated, changed theme Expected set featured image button, this section is missing Theme support added to the functions.php, but this happens with all twenty themes as well Server information below Set featured image is missing, cannot set featured image. Tried all browsers, disabling all plugins, changing theme. Only installing ""disable gutenberg"" plugin helps and ""set featured image"" back again. Fresh install. Also this happens with other older websites (v6.1.1) On some websites it works fine, but there is slight delay before it appears. cPanel Version 110.0 (build 7) Apache Version 2.4.57 MySQL Version 10.3.38-MariaDB-log-cll-lve Architecture x86_64 Operating System linux Path to Sendmail /usr/sbin/sendmail Path to Perl /usr/bin/perl Perl Version 5.16.3 Kernel Version 3.10.0-962.3.2.lve1.5.80.el7.x86_64" ernasx Needs Patch 58924 Add a small precision on the documentation of the register_taxonomy function Taxonomy 6.2.2 normal minor Awaiting Review feature request new 2023-07-27T13:57:55Z 2023-07-27T14:15:27Z "Hello, I was wondering if it wouldn't be interesting to add a little clarification here https://github.com/WordPress/wordpress-develop/blob/12a0205829c1411f16b4e216a713a153bcc62e2f/src/wp-includes/taxonomy.php#L410 . Indeed, I searched for a while why when editing a CPT I did not have the categories in the form of a checkbox. By searching on https://developer.wordpress.org/reference/functions/register_taxonomy/ I found no indication about the change of UI of the choice of categories on the edition of a post. I would find it interesting to add a very small precision to indicate that the `hierarchical` parameter changes the way of choosing its categories on a post: checkboxes if it is true, input text if false. I hope I wrote and classified my ticket correctly, sorry if not, this is my first ticket / first contribution." ltrihan Has Patch / Needs Testing 58921 wp_kses_allowed_html doesn't allow to add esi:include Formatting 3.5 normal normal Awaiting Review defect (bug) new has-patch 2023-07-27T10:19:28Z 2023-10-12T05:21:52Z "In my plugin I want to implement an [ESI exclusion](https://www.w3.org/TR/esi-lang/) for Litespeed using their filter like this: {{{#!php }}} However, using the unescaped echo is bad practice and is not allowed by WooCommerce (my plugin is published on woocomerce.com, so I can't upload a version that's using `echo`). So I tried using `wp_kses`. Using the `wp_kses_allowed_html` filter, one could add custom tags to `wp_kses`. But it doesn’t work in this particular case because the ESI tag contains a colon `esi:include`. I’m stuck here. I can’t change the [ESI specification](https://www.w3.org/TR/esi-lang/) which specifies the tag `esi:include`. Litespeed (or any other technology that uses ESI) must consume the `esi:include` tag to work. That means we need to output the script somehow. I think there should be a way to add custom tags like `esi:include`." alekv Has Patch / Needs Testing 58917 Email Sending validation doesn't occur when password reset is sent from the Users page Users normal normal Awaiting Review defect (bug) new has-patch 2023-07-26T16:29:48Z 2023-08-15T04:37:20Z "Suppose my site isn't configured to send emails. So, when a user tries to reset his password from the public login page, he gets the below error. https://prnt.sc/q_Z3IIC1f_dy This is expected, but now, if I log in as an admin account, navigate under the Users page, and try to send the reset link for that user, I can see no validation error. The email doesn't get sent in real, but I can't see the error that my site isn't configured for sending emails. https://prnt.sc/O9k_QpycwCfh I think this type of behaviour is kind of confusing for users. We should show that validation error in the admin panel as well." rajinsharwar Needs Patch 58916 Wrong User Password Reset Security 6.2 normal normal Awaiting Review defect (bug) new 2023-07-26T15:29:38Z 2023-07-29T00:28:47Z "We have a lot of users in our database. We occasionally have users in our database that have similar usernames, for instance: 'user 1' and 'user1'. When a password needs to be reset via the e-mail reset link, sometimes the user_activation_key is populated for the wrong user when it was intended for 'user 1', it will be populated for 'user1' or the other way around. They all have different user nicenames and e-mail addresses, but there must be some sanitizing going on with the username and password resets that is making similar but different usernames not technically unique. " dappelman Needs Patch 58914 Full-site editing theme warning about missing header.php Themes 6.2.2 normal minor Awaiting Review defect (bug) new 2023-07-26T13:46:15Z 2023-07-26T20:13:38Z "When using a theme compatible with full site editing, I get this warning from time to time when the page is redirecting. This can be replicated also in WordPress 6.3-RC2-56310 running Twenty Twenty-Three theme. Deprecated: File Theme without header.php is deprecated since version 3.0.0 with no alternative available. Please include a header.php template in your theme. in /public/wp-includes/functions.php on line 5653" Iulia Cazan Has Patch / Needs Testing 58909 width problem in the administration interface Administration normal normal Awaiting Review defect (bug) new has-patch 2023-07-26T07:58:35Z 2024-02-23T17:48:23Z "Hi, With quick edit mode (any post), and with french language, the French translation causes line breaks in the author and password columns : " pasglop Needs Early Attention 58905 Ensure locate_template only loads theme files Themes normal normal 6.6 defect (bug) new needs-unit-tests 2023-07-25T19:44:43Z 2024-02-17T13:41:42Z "It's possible to have locate_template load files that are not template files which could be unexpected behavior that breaks the display of a page. The chance this breaks something is, I think, not infinitesimal. Therefore, this should go in early. An initial patch is attached. " jorbin Needs Patch 58904 delete_expired_transients() does not delete expired transient created with a false/empty transient name Options, Meta APIs 6.3 normal normal Awaiting Review defect (bug) new 2023-07-25T19:40:24Z 2023-07-25T19:40:24Z "Due to a typo/bug in my plugin code, I found that WordPress accepts empty strings, null, and false for the $transient arg, aka: the transient name, in set_transient() function which creates transients in the options database with values of simply `_transient_` and `_transient_timeout_`. The empty string transient is not be cleaned up by the `delete_expired_transients()` routine. Related is patch #58903, though I do not feel comfortable making a patch for this issue as the fix requires has SQL calls." jeremyescott Needs Dev / Bug Wrangler Feedback 58903 set_transient() allows invalid transient name Options, Meta APIs normal normal Future Release defect (bug) new changes-requested 2023-07-25T19:33:17Z 2024-02-08T20:13:48Z "Due to a typo/bug in my plugin code, I found that WordPress accepts empty strings, null, and false for the `$transient` arg, aka: the transient name, in `set_transient()` function which creates transients in the options database with values of simply `_transient_` and `_transient_timeout_`. That said... the transient created with an empty string continued to work (could be set and get and deleted). Because the typo in my code referenced a variable that held the transient name but was empty, the get, set, and delete function calls worked (annoyingly). I did observer two issues... 1. In the event two developers cause the same mistake/error, their transients will collide with each other. 2. More importantly, I observed the empty string transient will not be cleaned up by the delete_expired_transients routine. (The Transients Manager plugin must use delete_expired_transients() as it could not delete the transient either.) I will submit a second ticket for this issue. Upon review of the set_transient() and add_option() code, I observed several opportunities to improve, including: - return false for empty $transient value - return false for bool, non-scalar $transient values - cast $transient as string - return false for strings with more than 172 characters These false returns will guide developers to fix issues with malformed $transient names. I have a pull request to github ready to follow this ticket." jeremyescott Changes Requested 58902 add_query_arg() should esc_url_raw() REQUEST_URI Formatting normal normal 6.6 defect (bug) new changes-requested 2023-07-25T17:43:33Z 2024-02-22T11:22:14Z "add_query_arg assumes that the query argument is an acceptable query argument. In order to help developers from accidently making a URL an unacceptable URL. Some related tickets: #16859, #22951, and #22300. The security team has reviewed this and ok'd it being worked on in public. " jorbin Has Patch / Needs Testing 58901 Flush 'user_activation_key' after successfully login rajinsharwar Login and Registration normal normal 6.6 enhancement assigned has-patch 2023-07-25T08:38:46Z 2024-02-12T09:18:32Z "Hi all, Let's imagine the next steps: 1. User goes to `{site_url}/wp-login.php?action=lostpassword` for getting reset password link to its email. 2. Then go to email and open the reset password link with an expiration time (`DAY_IN_SECONDS` by default). It has been resolved [https://core.trac.wordpress.org/ticket/32429 a long time ago]. But then he remembers his old password and login using a second web browser with its username and old password. At the same time, the link to reset the password remains active in the first browser for a whole day. 3. If it's a public laptop anybody can use the reset password link and login with new credentials and make some hacker things. **Suggestions:** Flush the 'user_activation_key' after successful login: wp-includes/user.php::line 113 before {{{ do_action( 'wp_login', $user->user_login, $user ); }}} Can be added this line: {{{ global $wpdb; $wpdb->update( $wpdb->users, array( 'user_activation_key' => '', ), array( 'ID' => $user->ID ) ); }}} Best Regards!" nsinelnikov Has Patch / Needs Testing 58900 Escaping: Output String did not run through a proper escaping function Security 3.4 normal normal Awaiting Review defect (bug) new close 2023-07-25T04:17:08Z 2023-12-08T21:03:05Z "In class-wp-customize-control.php on line 642 'New page title' did not run through any escaping function. I think esc_html_e() should be applied. " armondal Needs Dev / Bug Wrangler Feedback 58887 "Add a Pattern menu item to the ""+ New"" menu in the WP admin toolbar" Toolbar normal normal Future Release enhancement new dev-feedback 2023-07-24T07:49:59Z 2023-09-08T17:59:08Z "The WP admin toolbar has a menu with the text ""New"" and a dropdown with links to adding a new post, media, page and user. Consider adding a link to the patterns creation interface to this menu. The new menu item should only be visible for users with the correct permissions. " poena Needs Patch 58886 When editing a pattern getting console error on chrome browser Editor normal normal Awaiting Review defect (bug) new 2023-07-24T07:49:43Z 2023-07-24T07:49:43Z "Chrome: Version 115.0.5790.102 (Official Build) (64-bit) screenshot: https://prnt.sc/3XQEoNPkzv1A " chiragrathod103 Needs Dev / Bug Wrangler Feedback 58884 "The image size for the Site Logo block is hard coded to ""full""" audrasjb* General normal normal Awaiting Review enhancement accepted close 2023-07-23T19:41:10Z 2023-09-20T08:27:57Z "The recommended size for the site icon is 512x512. The Site Logo block is coded to use the ""full"" size, in general-templates.php: {{{ $image = wp_get_attachment_image( $custom_logo_id, 'full', false, $custom_logo_attr ); }}} If the icon is at the recommended size of 512x512, the full size is much too big for the common use of the Site Logo block (in the header). That leads to a ""Properly size images"" warning in page-speed tools." asafm7 Needs Patch 58880 HOLD 6.3 and FIX Template Parts vs. Patterns Editor normal major Awaiting Review defect (bug) new 2023-07-23T02:10:29Z 2023-07-25T00:15:33Z "In 6.3 ""Template Parts"" are now found under Patterns and rumored to eventfully be called ""Patterns""? Whoa! NOT GOOD! It is becoming WAY TOO confusing for my clients. PLEASE keep Template Parts (""Partial Templates"" or ""Sub-Templates"" if you like) under the Templates section. If you think is better to call them ""Partial Templates"" or ""Sub-Templates"" that could be good. **Here is what I’m suggesting:** == Patterns === WP Library -xxxx -xxxx === ''user created'' -xxxx -xxxx == Templates === Full Templates -Page -Blog -Blog List -404 -''user created'' -etc. === Partial Templates or “Sub-Templates” or “Template Parts” -Header -Footer -''user created'' -etc. Thank you, Douglas Knoyle" dougster123 Needs Patch 58875 The hover effect in theme.json is not working Editor 6.2.2 normal normal Awaiting Review defect (bug) new close 2023-07-22T07:14:21Z 2024-02-16T21:56:10Z "While the color of nav links is working, the hover color of those is not working. {{{ ""core/navigation"": { ""color"": { ""text"": ""var(--wp--preset--color--midred-2)"" }, ""elements"": { ""link"": { "":hover"": { ""color"": { ""text"": ""var(--wp--preset--color--lightred-3)"" } } } } } }}}" titanchan Needs Dev / Bug Wrangler Feedback 58874 Code Modernization: Consider using the null coalescing operator. costdev* General normal normal Future Release enhancement accepted dev-feedback 2023-07-22T05:41:48Z 2024-03-11T06:27:11Z "== Overview There are currently around 500 instances of `isset( $var ) ? $var : 'default'` in Core. In [https://make.wordpress.org/core/2020/03/20/updating-the-coding-standards-for-modern-php/ Updating the Coding Standards for modern PHP], the proposal states: > The spaceship `<=>`, null coalesce `??` and null coalesce equals `??=` operators can not be used in WordPress Core until the minimum PHP version has been raised to PHP 7.0 (spaceship and null coalesce) or PHP 7.4 (null coalesce equals). With [https://make.wordpress.org/core/2023/07/05/dropping-support-for-php-5/ the dropping of PHP 5 support in WordPress 6.3], we can now make use of the [https://www.php.net/manual/en/migration70.new-features.php#migration70.new-features.null-coalesce-op null coalescing operator]. > The null coalescing operator (`??`) has been added as syntactic sugar for the common case of needing to use a ternary in conjunction with `isset()`. It returns its first operand if it exists and is not `null`; otherwise it returns its second operand. > [https://www.php.net/manual/en/migration70.new-features.php#migration70.new-features.null-coalesce-op PHP.net] This allows changes from: {{{#!php prop ) ? $obj->prop : 'default'; }}} to: {{{#!php prop ?? 'default'; }}} == Proposal This ticket proposes that we update these as the above instances often result in very long lines or very cumbersome conditions. This follows on from similar changes to use `str_starts_with()`, `str_ends_with()` and `str_contains()`, helps usher in the bump to a PHP 7 minimum for WordPress in a safe way compared to other PHP 7+ features, and promotes increased contribution as prospective contributors see WordPress not just enforcing a minimum PHP version or using new features in ''new'' code, but modernising its ''existing'' codebase. As we're very early in 6.4-alpha, making this change now is as ""perfect"" as we could hope to be considering this will invalidate ''some'' patches. However, given the verbosity of `isset()` ternaries, these usually occur on their own line with very little extra code, so the number of invalidated patches should be ''relatively'' low. == Considerations 1. Backporting: This may add extra work if backports involve changing lines containing the affected `isset()` ternaries. This applies to security backports as well as WordPress 6.3 minor releases. However, our earlier changes to `str_starts_with()`, `str_ends_with()` and `str_contains()` had a greater risk of creating extra work. 2. Invalidated patches: Patches that change lines containing the affected `isset()` ternaries will need a refresh. This ''is'' a negative, but it's also likely to be relatively straightforward to resolve for each patch. Our earlier changes to `str_starts_with()`, `str_ends_with()` and `str_contains()` risked invalidating many more patches compared to this proposal. 3. Readability: While objectively this is a benefit for brevity, readability is subjective. 4. [https://make.wordpress.org/core/handbook/contribute/code-refactoring/ Code refactoring should not be done just because we can]: This page details several things needed for proposals such as this: - **Unit tests**, even if the code was not previously covered. We can’t afford regressions, and this will improve our test coverage. - The behaviour of the null coalescing operator is the same as `isset( $var ) ? $var : 'default'`. This proposal does not suggest changing any other instances at this time. - **Performance benchmarks**, before and after. We can’t afford regressions. - The behaviour and performance of the null coalescing operator is the same as `isset( $var ) ? $var : 'default'`. This proposal does not suggest changing any other instances at this time. - **Proper justification and clear rationale of changes are both necessary**. Too often it is impossible to determine the purpose, objective, or focus of these patches. Code should not be rewritten under the cloaks of readability, narrow personal opinion, or general subjectiveness. - Much like the changes to `str_starts_with()`, `str_ends_with()` and `str_contains()`, this provides brevity in the codebase, and per-instance has a much greater reduction in code. - It reduces our time reading and writing code - I appreciate there will be an adjustment period for some. - It provides a clear signal to prospective contributors and to extenders that WordPress is moving forward, encouraging participation and observation for future changes." costdev Needs Patch 58873 Add function to pass variables to scripts Script Loader 5.7 normal normal Awaiting Review feature request new 2023-07-22T03:36:51Z 2023-07-22T03:36:51Z "Since WordPress 5.7 using `wp_localize_scripts` to pass variables to registered scripts throws a `_doing_it_wrong` notice. The suggested ""correct"" way of passing variables to scripts, using `wp_add_inline_script`, feels like a step backwards. - Instead of just passing a variable name and value through a PHP function, that abstracts all of this away, we now have to write fully qualified JavaScript code in PHP strings. - We have to actually parse/decode the values being passed on a case-by-case basis. `wp_localize_script` did this reliably. - Using `wp_add_inline_script` is more verbose and prone to errors. Static analysis tools will not work on PHP strings. - It makes for uglier code that is less human-readable. On a personal note, Converting to `wp_add_inline_script` feels a lot more like I'm ""doing it wrong"" than using `wp_localize_script`. It's simple, short and it works. (I do feel chagrined to see Query Monitor show up brown on every page load. But not enough to go and make my code uglier.) I also doubt other ""in the wild"" developers will forego the use of `wp_localize_script` because of the `_doing_it_wrong` notice. The `wp_add_inline_script` alternative is simply not as robust. Suggestion: Add a function `wp_pass_variables_to_script` (or probably a shorter name) to re-introduce the robust functionality provided by `wp_localize_script`." apedog Needs Patch 58872 wpautop not disabled when blocks are inserted dynamically Formatting 6.1.1 normal minor Awaiting Review defect (bug) new 2023-07-21T18:17:09Z 2023-07-21T18:17:09Z "**WP Version** Tested on 6.1.1, but seems to still be present on the trunk. **Context** Our theme has multiple page-header styles. Users can insert any one of those as the first block of a page, or leave it out. If it's left out, we inject a default header block as the first block of the page using a customer WP_Block_Parser. We've also imported a large number of pages from a previous pre-Gutenberg WP system, so not all posts have block content. **The Problem** On legacy posts that do not have block content, wpautop is enabled, ''even for the injected header block'', resulting in extraneous
            and

            tags. If there's even a single block in the post content, the block renders normally. The source of the issue is that do_blocks (https://core.trac.wordpress.org/browser/trunk/src/wp-includes/blocks.php#L1166) renders the blocks based on the results of the parser, but disables `wpautop` based on a call to has_blocks(), which uses the unparsed content to determine if there are any blocks in the post. I recognize this is an edge case, as we're dealing with both legacy content and an (ab?)use of a custom block parser to inject blocks into blockless content, so it's not likely to be a high priority. But if the ""block_parser_class"" hook is going to allow us to override the parser, do_blocks should respect the blocks that are returned regardless of the original content string, and override wpautop accordingly. **Test Cases** Attached are: * A single.php page template file that succinctly captures the problem * The contents of two pages. One has no blocks and shows the wpautop problem. The other contains a single block and shows wpautop being disabled correctly. Use the Code Editor to enter this content into a page or post." jbeninger Has Patch / Needs Testing 58871 support uca14.0.0 collation in database where available Database 6.3 normal normal Awaiting Review enhancement new has-patch 2023-07-20T23:36:30Z 2023-09-25T00:17:50Z "Like #32105 supporting a modern collation is a good idea. MariaDB added this in 10.10.1 (ref: https://jira.mariadb.org/browse/MDEV-27009). As the current default is case insensitive, we'll follow the same insensitivity and use accent insensitive. So of the collations available, use uca1400_ai_ci. ref: https://mariadb.com/kb/en/supported-character-sets-and-collations/#collations" danielblack Needs Patch 58862 Add filter to allow to change who can add new users with their username on multisite Users normal normal Awaiting Review enhancement new 2023-07-20T09:58:00Z 2023-07-20T10:23:43Z "On multisite, currently, only users with the `manage_network_users` capability can add new users with their usernames. Others need to know the email address of the user in said network. Since WordPress Multisite is used a lot nowadays to create ""trusted"" networks where all users, for example, work for the same company, allowing users with lower capability sets to add users with their usernames would be helpful. Let's say an agency has created the network for a big institution, and they usually don't grant a role that gives `manage_network_users` capability for many users, if any. For example, at work, we grant that only for their IT admins since they typically don't go and mess around with multisite settings that can break sites or the installation. For the people working in marketing, we might give administrator roles only on singular sites. That's how WordCamp.org also works. There are only a handful of people who have roles with `manage_network_users` capability and WordCamp organisers do get administrator role on their event's website. Both examples lead to situations where the multisite installation is ""trusted"", e.g. users most probably know each other or in the case of WordCamp.org, their usernames and profiles are public since WordPress.org uses WordPress.org user tables. In these situations, it would be easier for the single site administrators to search users with autocomplete rather than trying to guess which email the user has used. The default behaviour should still be checked against `manage_network_users` capability since not all multisite installations are ""trusted"", hence the filter. Related issue in WordCamp.org repository: https://github.com/WordPress/wordcamp.org/issues/780" sippis Has Patch / Needs Testing 58860 Potential security issue in is_super_admin Users normal normal Awaiting Review defect (bug) new has-patch 2023-07-20T09:44:15Z 2023-07-20T17:54:25Z "{{{ function is_super_admin( $user_id = false ) { if ( ! $user_id ) { $user = wp_get_current_user(); } else { $user = get_userdata( $user_id ); } ... } }}} If user is logged in as super admin and do `is_super_admin(0);` it will return true; It would be best to use strict comparison: {{{ function is_super_admin( $user_id = false ) { if ( false === $user_id ) { $user = wp_get_current_user(); } else { $user = get_userdata( $user_id ); } ... } }}}" Stachethemes Needs Patch 58859 On pattern edit page not able to open settings panel after close it General normal normal Awaiting Review defect (bug) new 2023-07-20T07:22:57Z 2023-07-20T07:22:57Z "I am trying to edit the pattern and found an issue with the setting panel. Once I closed the settings panel not able to open it by clicking on the setting icon at the top right corner Here I am adding a video https://www.awesomescreenshot.com/video/19274744?key=3fab6b5bb4b249bf197c388f6b47d24e" mikinc860 Needs Patch 58857 Menu class should be in BODY tag Menus 6.2.2 normal normal Awaiting Review enhancement new 2023-07-20T03:57:48Z 2023-07-26T17:29:55Z "Currently, if you assign a class to a menu item, the class is only usable to the menu link alone. It would be 'very' beneficial to have the class in the BODY tag. If you want to keep them separate, you could preface the class with 'body-'. So I have a menu link for 'Sponsors' and I assign the class 'g-sponsor' to the menu link. Right now, it would show similar to this:

          • Sponsors
          • It would be great to have it added to the body class like this: This the class can be use for 'any' element on the page instead of just the menu link. FYI, I have a lot of experience in Joomla and they have had this functionality since the beginning. Now that I am migrating all Joomla websites to WordPress, I no longer have this functionality. It should be a core function of the menu class. Just a suggestion. Luke Douglas Webbering.com" LukeDouglas Needs Dev / Bug Wrangler Feedback 58855 Fix and enhance wp_is_development_mode() to be able to return whether a development mode is beiung used General normal normal Future Release enhancement new dev-feedback 2023-07-19T22:10:58Z 2024-01-30T14:39:56Z "Follow up from: https://core.trac.wordpress.org/ticket/57487#comment:71. The (new in 6.3) `wp_is_development_mode()` helper function cannot be used to check whether a development mode is enabled or not. It can only check for a particular development mode setting: either plugin, theme or core. Being able to check whether a development mode is enabled or not will enhance the above function and improve consistency. Currently this can be achieved by using the returned value from `wp_get_development_mode()` as boolean." azaozz Needs Patch 58854 Users should be able to reset their user preferences to default Users normal normal Awaiting Review feature request new 2023-07-19T17:41:45Z 2023-07-26T20:15:50Z "I work with many end users of the block editor and one thing that has come up frequently is sometimes their user preferences settings have created a view state of the editor that makes it difficult to find a certain feature and gets confusing when we are training them. What I'm hoping for is an option to reset a user's preferences. This would reset all options under Preferences back to default, reset any other toggle they have (full screen, toolbar, etc.) Ideally both a user and an admin would be able to access this function. Thanks for the consideration! Related: https://wordpress.org/support/topic/reset-a-users-preferences-ie-block-editor-preferences/" bozzmedia Needs Patch 58849 Document supported $args for register_rest_route() REST API normal normal Future Release enhancement new 2023-07-19T11:53:01Z 2023-07-19T17:00:04Z "`$args` seems awfully sparse for how important it is: [[Image(https://github.com/WordPress/gutenberg/assets/36432/3d6f6ef2-3e15-4c0a-9bb9-9c3b4822c118)]] It would be nice if all of the supported values were documented." danielbachhuber Has Patch / Needs Testing 58844 Revisions: Compare Revisions layout issues on mobile Revisions 3.6 normal normal Future Release defect (bug) new has-patch 2023-07-18T20:45:48Z 2023-11-30T22:50:02Z "This is a follow-up to #33830. ""Restore This Revision"" button in wp-admin revision page can become hidden behind the diff panel in mobile view, particularly if the post author has a longer name. The problem occurs when the author info (Name & Timestamp) stacks below the Avatar. " plari Needs Patch 58843 Permissions issue with wordpress multisite Users 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-18T19:01:21Z 2023-07-18T19:01:21Z "I have a multisite wordpress installation that is current v 6.2.2 I have the main site and one additional site. Same issue on both sites, but I have been focused on the main site. I have created the new user in the main site and am sure the user has permissions to that site. I have an issue where an editor level user cannot see any pages in the backend. It says there are 96 pages, 84 published, however none are visible. If I create & publish a new page with that user account, that one page is visible. If I change the author to a different user (editor level or other) it is no longer visible to the original editor account. I have tried using the User Role Editor plugin and have even reset all roles to core defaults. The same issue remains. It seems only a super admin level account is able to view all the pages no matter who created them. " NF Graphic Design Needs Patch 58842 "Add a ""change date/time notation"" / ""timezone"" checkbox when changing site languages" Administration normal normal Awaiting Review enhancement new 2023-07-18T17:08:17Z 2023-07-18T17:08:17Z "When I install WP, I usually do it in English. Yet, for some cases I have to change the locale to Dutch. Now, I notice that the timezone and datetime notation stays in the old locale. Which is understandable... We don't want to force it on the user. That's why I'm suggesting that we add a checkbox or two so the user has the choice to also change the datetime/timezone setting to the locale default if they change. It would make things a bit more flexible." NekoJonez Needs Patch 58840 Add Canva as an oEmbed provider Embeds normal normal Future Release enhancement new 2023-07-18T15:06:41Z 2023-08-24T14:38:34Z "**Is the service is popular enough for core developers to have heard of it before? Is it “mainstream?”** It is quite popular with over 100 million users according to Wikipedia. **If similar services are already supported, how does this service compare in terms of size, features, and backing? ** Not sure. **Does this service have an established social media presence?** Almost 300k followers on Twitter: https://twitter.com/canva **Is its oEmbed endpoint clearly established and properly documented? (Sometimes, they are just a developer’s pet project that may not be supported.)** Only found https://www.canva.com/embeds/ and https://www.canva.dev/blog/engineering/how-canva-makes-content-embeddable-and-why-you-should-too/ about this **Does the oEmbed endpoint work with WordPress’ oEmbed auto-discovery? If not, could it be made to work with additional HTML tags or attributes being added to the allow-list? ** oEmbed discovery does not work for Canva because the meta tag is very far down in the page source and WP only parses the first few KB of the response. **Does the service make an effort to build relationships with developers, such as through robust APIs?** Not sure. They do seem to have good dev docs and an engineering blog. **How old is the service?** Over 10 years old. **Does it have a well-established Wikipedia article? (Seriously.)** Yes. https://en.wikipedia.org/wiki/Canva **Has anyone written a WordPress plugin that leverages the service in some way, whether adding it as an oEmbed provider, creating a shortcode, or leveraging other APIs of the service? Do these plugins have any noticeable adoption or traction that would indicate usage and demand?** Years ago they had their own official WordPress plugin but it has been abandoned: https://wordpress.org/plugins/canva/ **Is the provider frequently proposed?** First time AFAIK." swissspidy Needs Patch 58838 Author filter on a posts list page Posts, Post Types normal normal Awaiting Review feature request new 2023-07-18T10:57:32Z 2023-07-18T10:57:32Z "**Current Behaviour** Under the user list, it shows only the published count but when visiting the list page from the user list then it shows all the published and drafts in the list and the count shows different. **Expected Behaviour** If the draft, pending, or any other types are available then it should have a proper count based on the selected author. **Suggestion** The Author filter allows administrators to filter and view posts created by specific authors quickly. This feature is handy when managing large amounts of content or coordinating with multiple authors, making it easier to locate and work with particular posts. Redirecting from the user list page the default author should have to be preselected in the author filter." mikinc860 Has Patch / Needs Testing 58837 Horizontal Scroll Issue in theme/plugin Editor Page File Navigation Section General 6.3 normal minor Awaiting Review defect (bug) new has-patch 2023-07-18T09:45:04Z 2023-07-19T12:52:37Z "The bug pertains to the horizontal scroll behavior of the file navigation section on the theme/plugin editor page when the display width is below 780 pixels. **Expected Behavior:** The file navigation section should adapt its layout and display the necessary elements within the available width, without requiring horizontal scrolling. **Current Behavior:** When the display width falls below 780 pixels, the file navigation section in the theme/plugin editor page fails to adjust its layout properly. As a result, some elements within the file navigation section extend beyond the visible area, causing a horizontal scroll to appear. **Steps to Reproduce:** 1. Open the theme/plugin editor page. 2. Reduce the width of the display to below 780 pixels. 3. Navigate to the file navigation section on the editor page. Video Link: https://www.awesomescreenshot.com/video/19213200?key=de8384bcde8ae4bd0a80d87836612609 " mikinc860 Needs Reporter Feedback / Steps To Reproduce 58836 Remove IE specific checks from more default themes (6.4) Bundled Theme normal normal Future Release enhancement new reporter-feedback 2023-07-18T09:26:42Z 2023-09-12T20:24:03Z "Follow-up to #56699 Remove IE conditional statements and register external resources without enqueuing them for four more themes: - Twenty Eleven - Twenty Twelve - Twenty Fourteen - Twenty Sixteen" sabernhardt Needs Patch 58828 Whenever bulk updates are done in wp-admin/update-core.php, no feedback is given, until all updates are done williampatton Upgrade/Install 6.2.2 normal normal Future Release defect (bug) assigned 2023-07-18T05:46:45Z 2024-03-13T04:31:21Z "This bug exists since I know WP, and it still persists on the latest version. 1. Go to wp-admin/update-core.php 2. Check all boxes for pending updates 3. Click update - The page reloads. - Nothing happens. The page just stays grey (admin bar etc are there, but the page itself is empty) - After a while, which can be a very long while if a lot of updates are pending, the screen gets populated (without page reload) with log like {{{#!php The update process is starting. This process may take a while on some hosts, so please be patient. Enabling Maintenance mode… Updating Plugin {Plugin name} (1/12) {Plugin name} updated successfully. Show details. Updating Plugin {Plugin name} [etc] All updates have been completed. Go to Plugins page | Go to WordPress Updates page }}} This log clearly should happen _while_ it is updating, and not once it is done. There is no spinner, no feedback, nothing that tells the user ""something is working"" " bedas Needs Patch 58826 Please add a default post relations table Database normal critical Awaiting Review enhancement new 2023-07-17T22:10:52Z 2023-07-17T22:10:52Z "As I am sure you know, people have bee using wordpress for a lot of things other than a simple blogging platform. And while your structure allows for basic functionality and relationships, There is a lot of room for improvement. As people continue to add more and more custom post types and related meta, the default posts/post meta tables will quickly become filled and make web queries slow. In addition, the taxonomy system is very limiting, as that is not the only way one would want to group like items. The most common way, would be POST relationships. If a Class has many students, and students have many classes, Displaying an intermediary page between the two is very difficult with the current set up. Therefore, I'd like to request an extension to the database structure as described below in the link below. At minimum the 1st option should be considered as an alternative to archive pages with taxonomies. [https://imgur.com/a/L9q4bAf] If I type domain.exp/articles/for/baseball where baseball is a sports custom post type and arcticles is just one of several custom post types, I expect a query select * from articles where hobby_slug = 'baseball' Currently everyone expects me to make the sport CPT a taxonomy, but if the sport has its own custom fields, and taxonomies already attached, that does not work. This system would be usable in a thousand different use cases and would make your platform more versatile. USERS, comments, posts and custom post types are all Models. Make it easier to establish any relation between them please. " jcc5018 Has Patch / Needs Testing 58824 Add a filter to change the classes in posts list table in admin General normal normal Awaiting Review enhancement new has-patch 2023-07-17T19:26:57Z 2023-07-21T18:04:39Z "Currently, there is no way to change the classes in the posts list table, and the posts list table template is hardcoded. So there is no way to add any classes, for example, specific classes for custom post types there. **Proposal:** Add a filter to ""WP_List_Table::get_table_classes()"" function, like this: {{{#!php _args['plural'] ), $this ); }}} " zahardoc Needs Patch 58822 Gutenberg - releases must work with the latest react version General 6.3 normal blocker Awaiting Review defect (bug) new 2023-07-17T17:43:40Z 2023-07-17T17:59:23Z "Gutenberg is falling behind more and more, bundling outdated/unmaintained packages, preventing the use of the latest react. e.g. https://www.npmjs.com/package/@wordpress/block-editor bundles >""react-autosize-textarea"": ""^7.1.0"", Which requires react 16 (!!). There are far more examples than that, that all shipped with WP 6.2. Github issues for dependencies mostly go unhandled too, because there are 200 packages now + the @types ones (which are also inconsistent, since some have types bundled while others haven't) The way gutenberg is maintained, organized and managed needs some major discussion and overhaul by someone who has enough credentials in the WP community to provide a clear plan ahead with Gutenberg." malthert Needs Patch 58819 Critical error on this website Site Health 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-17T08:48:21Z 2023-07-18T08:28:00Z "Hi, recently we (and our clients) are receiving more and more ""critical error"" messages. Looking at the message in detail we see, that the message (and the whole error detection) refers to an outdated PHP version (e.g. 7.0). Yet the monitored WP implementation works with PHP version 8.0 Question: why does the routine use an outdated and unused PHP version for the monitoring? It would be fine if the error detection routine would use the same PHP version for its monitoring as the website uses. Or if these particular messages could be stopped, as they are not only useless but confusing. " ewerkstatt Needs Patch 58817 Edit page in wordpress default editor cousing overload on 3 diffrent servers. General normal normal Awaiting Review defect (bug) new 2023-07-17T06:00:35Z 2023-07-17T06:00:35Z "Hello guys, how are you? I think i found something very wired and i not so sure issue connected to the core, but it is worth a try. I have 3 different machines on Google cloud, dedicated machine for 1 WordPress site. (e2-micro machine) All my 3 websites identical with the same design, theme, plugins and code. The only different between them is the language of WordPress. The problem is, i am experience overload on all the machines when editing a page in the default WordPress editor. Even if i only get in the default editor and only refresh the editor (F5), i get overload on my machine. **I notice jumps of 150mb – 200mb when i refreshing the page.** What causing kswapd0 to be triggered on my server and this is look like this: https://ibb.co/fNdYrxn In the start all the 3 VMs was experience the same overload. I was suspect on the post revision + autosave and wp-cron. **So, i limit the time of wp-cron and turn off the post revision completely + autosave for 1 day in wp-config:** define( 'AUTOSAVE_INTERVAL', 86400 ); define( 'WP_POST_REVISIONS', false ); define( 'WP_CRON_LOCK_TIMEOUT', 60 ); This helps a lot for all the 3 websites in general. But still i was getting overload on 2 different machines. Only in my English, WordPress not experience overload anymore. (this way i think isiue is with the language of WordPress as well) My other 2 WordPress websites in different language experience overload after 24 any time i am editing a page… (the other WordPress is in Catalan and Spanish) **So for the final conclusion:** 1. I suspect in Autosave, because issue happens after 24 hours (i change the wp-config). 2. I think it is a language issue too. (websites identical as i said before) 3. In the English WordPress, we not experience the overload (we're still seeing 150 – 200mb when refreshing the page, but don't have overload). 4. Why when i refresh the default page editor it consumes 150mb – 200mb? Be happy for your help guys. " 123nadav Needs Patch 58816 MariaDB 11.x: deprecated alias for MySQL Build/Test Tools normal normal Awaiting Review defect (bug) reopened 2023-07-17T05:10:50Z 2024-01-25T04:35:12Z "Since MariaDB 11.0, there is a “deprecated warning message”: {{{ PHPUnitFrameworkException: mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead }}} One random test where you can find it: https://make.wordpress.org/hosting/test-results/r56244/wpsaedgebot-r56244/" JavierCasares Needs Patch 58815 Opinionated styles (add_theme_support(wp-block-styles)) set margin top to 0 for image and other blocks Editor 6.3 normal normal Awaiting Review defect (bug) new 2023-07-16T23:53:36Z 2023-08-23T07:36:52Z "Is `add_theme_support('wp-block-styles')` being deprecated in WP 6.3? If not, maybe it needs to be updated. The extra block styles include margin settings, for example {{{ .wp-block-image { margin: 0 0 1em; } }}} This is done for image, audio, embed, table or video blocks. The top margin styling is overridden in WP 6.2 by styles with targeting such as {{{ body .is-layout-flow > * + * { margin-block-start: var(–wp–preset–spacing–normal); } }}} so the blocks get the `margin-top` which they require as per the page layout. However, WP 6.3 changes the targeting of these styles to, for example {{{ :where(body .is-layout-flow) > * { margin-block-start: var(–wp–preset–spacing–normal); } }}} This is less specific, with the result that the `wp-block-styles` margin setting overrides it and will set the margin-tops to 0 for the above blocks. This will affect existing content on many sites which use this `add_theme_support` and these blocks. Twenty twenty-two theme is an example. To test, create a page with a paragraph followed by an image, in twenty twenty-two theme." aileenf Has Patch / Needs Testing 58813 Editing Slug to an Existing Slug causes wrong content to display Editor normal normal Awaiting Review defect (bug) new has-patch 2023-07-14T19:14:37Z 2023-07-19T18:52:15Z "**NOTE** This only works if you have the Classic Editor plugin active. I made a ticket there - https://github.com/WordPress/classic-editor/issues/201 - but they said it's a core bug. I am aware this is a weird one. The setup is as follows: 1. Make a clean website 2. Make a couple posts (content does not matter) 3. Install and Activate Classic Editor 4. Make a new post and save as draft 5. Copy the permalink from an existing post and paste it into the new post as the permalink, save as DRAFT (do not publish) 6. You will see the NEW post has a -2 added to the permalink (this is as expected) 7. Open the ORIGINAL existing post with the non -2 8. The post will display the content (title and all!) from the NEW post that is still in draft (this is NOT expected) This **does not** happen with the Block Editor, it can only be reproduced in Classic Editor, however the CE side feels this is a bug in core. I dug up that this is fixed in Gutenberg per #52422 however it still exists in classic editor. I can confirm that this happens from WP 4.9.x through 6.0.x '''without''' Classic Editor. As of 6.1.3, this is fixed in Block Editor, and only appears if you have the Classic Editor active." Ipstenu Needs Dev / Bug Wrangler Feedback 58808 Proposal: track object cache type in update checks Upgrade/Install normal normal Awaiting Review enhancement new dev-feedback 2023-07-14T10:54:07Z 2023-07-14T16:49:23Z "Related: #56751, #48116 I think it would be helpful to send the `wp_using_ext_object_cache()` value as part of the update requests. We already send the list of installed PHP extensions, so it's possible to know whether e.g. redis or memcached are installed, but not if they are actually used. Ideally we would also know the exact type of object cache that is being used (e.g. if it's actually redis or memcached or something else). That would be also very useful for the `wp cache type` command, [https://github.com/wp-cli/cache-command/issues/68#issuecomment-1433755427 as suggested here]. This could be done via `WP_Object_Cache::get_type()` and a `wp_cache_type()` function for example." swissspidy Needs Patch 58806 Unexpected ordering result when ordering based on multiple clauses Query 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-14T08:17:52Z 2023-07-14T08:17:52Z "I am not sure if this is a bug or this is a mis-understanding from my side on how the ordering works but Consider the following `WP_Query`: {{{#!php 'ids', 'post_type' => 'post', 'post_status' => 'publish', 'posts_per_page' => -1, 'meta_query' => [ 'relation' => 'OR', 'sticky_clause' => [ 'key' => '_sticky', 'type' => 'UNSIGNED', ], [ 'key' => '_sticky', 'compare' => 'NOT EXISTS', ], ], 'orderby' => [ 'sticky_clause' => 'desc', 'title' => 'asc', ], ] ); }}} The expected behavior is that the query should show posts that have a `_sticky` meta first, then shows the rest of the posts sorted by their title alphabetically. However it doesn't happen. {{{ array(7) { [0]=> string(20) ""A guide to WordPress"" [1]=> string(27) ""Brotherhood of creativeness"" [2]=> string(30) ""Gather all information you can"" [3]=> string(16) ""Yet another post"" [4]=> string(12) ""Hello world!"" [5]=> string(36) ""Opera browser released a new version"" [6]=> string(27) ""Zebras are cool and relaxed"" } }}} In the above output of post titles, the `""Hello World!""` has `_sticky` meta, but the sorting isn't correct (nor alphabetically and nor by `_sticky` meta first) This is the SQL query generated by this query: {{{#!php SELECT wp_posts.ID FROM wp_posts LEFT JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) LEFT JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id AND mt1.meta_key = '_sticky' ) WHERE 1 = 1 AND ( wp_postmeta.meta_key = '_sticky' OR mt1.post_id IS NULL ) AND wp_posts.post_type = 'post' AND ( (wp_posts.post_status = 'publish') ) GROUP BY wp_posts.ID ORDER BY CAST( wp_postmeta.meta_value AS UNSIGNED ) DESC, wp_posts.post_title ASC }}} If I am not wrong the issue happens at the position `ORDER BY CAST(wp_postmeta.meta_value AS UNSIGNED) DESC`, it should use the alias instead of the table name here (should be `mt1.meta_value`)" pelentak Needs Patch 58803 Infinite loop in canonical.php Canonical 6.2 normal minor Awaiting Review defect (bug) new 2023-07-13T17:49:02Z 2023-08-30T17:44:26Z "A site 24x7 monitor that points to a URL on our website leads to an error with infinite loops reported. This error started after the page being pointed by the monitor received a new Slug, leading to HTTP redirection due to autocomplete to the closest URL. Still, I believe it occurs only during periods of transient availability of our shared host. Looking at the source code [REF2] I believe there is potential for an infinite loop on line 800. Possible fix in [REF3]. By assigning the result of redirect_canonical() to a variable ($chained_redirect) before the if statement, we ensure that the same value is used throughout the if block preventing unnecessary recursive calls. References ---------- [REF1] HTTP/1.1 508 Loop Detected Server : nginx ... [REF2] https://github.com/WordPress/wordpress-develop/blob/6.2/src/wp-includes/canonical.php#L780-812 [REF3] // Protect against chained redirects. $chained_redirect = redirect_canonical($redirect_url, false); if (!$chained_redirect) " emerlen Needs Dev / Bug Wrangler Feedback 58801 Prefetch Block Editor from Posts page adamsilverstein Editor normal normal Future Release enhancement assigned needs-unit-tests 2023-07-13T15:44:37Z 2023-12-04T22:00:53Z "One of the most common user journeys in wp-admin for creating or editing a Post is navigating to the Posts page (`wp-admin/edit.php`) then to the Block Editor (either by clicking a post to edit or clicking the ""New Post"" button or sidebar menu). We can greatly increase up the speed with which the editor loads by prefetching the edit screen once the user reaches the Posts page. Prefetch will ""prime the html cache"" for all of the resources needed by the editor, resulting in the editor loading much faster for users. Note: since users can also reach the editor from the wp-admin bar, we might want to consider adding prefetch when the user interacts or opens the ""New"" menu. However, to keep this initial proposal small and easier to test I decided to limit the scope to the Posts page." adamsilverstein Has Patch / Needs Testing 58799 Need to add filter to register a template in [NEW] WordPress site editor through a plugin Editor 6.2.2 normal blocker Awaiting Review enhancement new has-patch 2023-07-13T11:55:00Z 2024-03-01T10:09:22Z "I am trying to add a new template in the WordPress site editor like this like this but unable to do it with my custom plugin. I have found a filter to register a custom template {{{ add_filter( 'default_template_types', 'register_template_type' ); function register_template_type( $templates ) { $templates['help-us'] = array( 'title' => _x( 'Page: Help Us', 'Template Name' ), 'description' => __( 'Displays Help Us template' ), ); return $templates; } }}} after adding this code I have figured out that by adding a file in the theme's template directory help-us.html I was able to register and display my custom template. **What if I want to add a custom template via plugin?** I was not able to find a way to add a custom template via the plugin. Previously I was using customizer in my plugin to customize the layout of a page with some custom functionality, now I am looking for a way to customize this page with the help of NEW site editor. **REF**: https://wordpress.stackexchange.com/questions/417325/how-to-register-a-template-in-new-wordpress-site-editor-through-a-plugin After going through, I figured out that we just need to make the template html file visible from the plugin to the template loop in order to display it. So I went over and added filter hooks in two places which just worked for me. We need to add filters in following two lines; 1- wp-includes\block-template-utils.php:263 {{{ $themes = array( get_stylesheet() => get_stylesheet_directory(), get_template() => get_template_directory(), ); // NEW Filter hook $themes = apply_filters( 'block_editor_templates_files', $themes, $template_type ); $template_files = array(); }}} 2- wp-includes\block-template-utils.php:306 {{{ $themes = array( get_stylesheet() => get_stylesheet_directory(), get_template() => get_template_directory(), ); // NEW Filter hook $themes = apply_filters( 'block_editor_templates_files', $themes ); }}} Looking forward to your feedback and consideration. Thanks " saadiqbal Needs Patch 58798 Fix possible PHP warning in /wp-includes/feed.php Feeds 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-13T10:12:27Z 2023-11-27T12:36:13Z "If some plugins or themes use ""enclosure"" meta field as a one-line string, it results in PHP warnings: PHP Warning: Undefined array key 2 in /wp-includes/feed.php on line 484 PHP Warning: Undefined array key 1 in /wp-includes/feed.php on line 494 It happens because there is no check of string content there: {{{ foreach ( (array) get_post_custom() as $key => $val ) { if ( 'enclosure' === $key && is_array( $val ) ) { foreach ( (array) $val as $enc ) { $enclosure = explode( ""\n"", $enc ); / Only get the first element, e.g. 'audio/mpeg' from 'audio/mpeg mpga mp2 mp3'. $t = preg_split( '/[ \t]/', trim( $enclosure[2] ) ); $type = $t[0]; /** * Filters the RSS enclosure HTML link tag for the current post. * * @since 2.2.0 * * @param string $html_link_tag The HTML link tag with a URI and other attributes. */ echo apply_filters( 'rss_enclosure', '' . ""\n"" ); } } } }}} **Proposal:** Add checks if the enclosure is an array, and each item can be exploded into exactly 3 items: {{{ if ( 'enclosure' === $key && is_array( $val ) ) {} }}} And this: {{{ $enclosure = explode( ""\n"", $enc ); if ( 3 !== count( $enclosure ) ) { continue; } }}} " zahardoc Needs Patch 58795 Multisite Network Admin Sites - Search doesn't work well Networks and Sites normal normal Awaiting Review defect (bug) new 2023-07-12T20:36:32Z 2023-07-24T19:45:39Z The built-in Search functionality in the Multisite Network Admin area has not been working well. Whenever I update a Site Name on a Subsite to be the unique Subdomain, the Search box does not seem to index or cache the new Site Name (even after I clear the cache on the network). So the only way to find sites on my multisite network is to browse through hundreds of site domains until I find the one I am looking for. If I know the Site ID, I can input it into the Search box and the site comes right up. For some reason, text from the subdomain in the Site Name field do not seem to get searched through. paulpleasant Needs Patch 58794 Edit Image UX needs improvement Media 6.3 normal major Awaiting Review defect (bug) new 2023-07-12T12:25:30Z 2023-07-15T20:38:10Z "== Bug Report === Description When **editing**(scale and crop) an image via ""**Attachment details**"". The **settings** for the selected feature are shown at the **end of the popup**. This would be fine in the case of smaller images. But for **larger images**, especially ones in the **portrait orientation**, these settings are not visible on the screen unless one scrolls down. There seems to be room for UX improvement here. I think we can keep the settings on the **right-hand side** of the popup, which would remove the need to scroll down to use them, no matter what the image size is. Also, I felt this must have been done as such since not all features need a settings section. But can't that be handled by maybe toggling the section altogether? ( if placed on the right that is ) Attaching videos for reference. The video names describe the test cases. === Environment - WordPress: 6.3-beta4 - PHP: 7.4.12 - Server: Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.12 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1 - Database: mysqli (Server: 5.7.32 / Client: mysqlnd 7.4.12) - Browser: Chrome 114.0.0.0 (macOS) - Theme: Twenty Twenty-Three 1.1 - MU-Plugins: None activated - Plugins: * WordPress Beta Tester 3.5.1 === Steps to Reproduce 1. Navigate to Media Library 2. Select a large Image to edit(preferably Portrait orientation) 3. Edit Image 4. Click on the ""Scale"" button 5. Nothing happens 6. Settings are shown at the end of the popup which can only be seen if scrolled. === Expected Results 1. On clicking the ""Scale"" button, the settings to edit the scale should be visible to the user. === Actual Results 1. Right now ""Scale & Crop"" settings are only visible if scrolled down(for bigger images)." deepakvijayan Needs Patch 58789 Not countable. row_actions @ /wp-admin/includes/class-wp-list-table.php Administration 6.2 normal major Awaiting Review defect (bug) new 2023-07-12T05:11:05Z 2023-10-30T19:43:58Z "Commonly getting not countable for the users lists, across many sites not sure of the source of the issue, but easy solution seems to be to modify. `/wp-admin/includes/class-wp-list-table.php` {{{ protected function row_actions( $actions, $always_visible = false ) ++ if(!isset($actions)) { return ''; } $action_count = count( $actions ); if ( ! $action_count ) { return ''; } }}}" Nate1 Needs Patch 58787 when upload it multi upload duplicate the files in the media Upload 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-11T21:56:53Z 2023-10-30T19:36:30Z "{{{ $attachment_id->get_error_message()); } else { // The file was uploaded successfully $response = array('success' => 'File uploaded successfully with attachment ID ' . $attachment_id); } } else { // No file was selected $response = array('error' => 'No file selected.'); } // Send the response back to the client-side script echo json_encode($response); } // IMPORTANT: Don't forget to exit at the end of your callback function exit; } ?>
            "" enctype=""multipart/form-data"">
            }}}" wasimo Needs Patch 58786 Support for adding custom, post-level meta descriptions in WP core. Editor normal normal Awaiting Review feature request new 2023-07-11T21:22:29Z 2023-10-30T13:25:23Z "Hi, the WordPress page/post editor needs a field for a custom written meta description. Meta descriptions are ubiquitous, been around forever, supported by all other (major) CMSs out there, an accessibility feature. Users should not need to install third party software for something this basic. Thanks." xroox Needs Dev / Bug Wrangler Feedback 58781 Change wording of field description for tagline Administration normal normal Future Release enhancement new dev-feedback 2023-07-11T06:26:54Z 2024-01-19T06:33:34Z "This is a follow-up to #57675 I [https://core.trac.wordpress.org/ticket/57675#comment:28 raised my concerns there], but it was too late in the cycle. So here we go: These are my concerns about the solution we use now: 1) The example is misleading, the tagline should be meaningful, and just not like in the example Using a unique and descriptive tagline is important for search engine optimization (SEO) purposes, as it helps convey the website's purpose and relevance to both search engines and visitors. 2) The “ and ” could be misunderstood so people would enter quotation marks into the tagline. This can impact the visual presentation and readability of the tagline to visitors. To keep the iconic phrase ""Just another WordPress site"" while being informative at the same time we could formulate: In a few words, explain what this site is about. We're sure your site is so much more than ""Just another WordPress site""" Presskopp Needs Patch 58774 Sorting Posts after Published Date OR Last Update should be a standard function Date/Time 6.2.2 normal normal Awaiting Review feature request new 2023-07-10T20:19:01Z 2023-07-10T20:19:01Z "I am quite surprised that it is not a standard WP function to let the users of my website choose whether to sort Posts after Published Date OR Last Update Date! I have not even been able to find a plugin that adds this function. " hero2 Needs Patch 58773 Improve oEmbed lazy loading adamsilverstein Embeds normal normal Future Release defect (bug) assigned 2023-07-10T20:09:21Z 2023-12-20T16:47:44Z "== Why lazy load oEmbed iframes? * Lazy loading prevents wasted resources from loading if the user never scrolls down to view the oEmbed * Iframe lazy loading is handled directly by the browser, making the change simple (add a single attriute) and ensuring users get a great experience == Lazy loaded oEmbeds history WordPress has [https://make.wordpress.org/core/2021/02/19/lazy-loading-iframes-in-5-7/ lazy loaded iframes] since version 5.7 and the original proposal included lazy loading for oEmbed iframes (as long as the provider also included width and height attributes). Ultimately, dynamic addition of lazy loading of oEmbeds was removed from core because it was found to create issues, especially with embeds of other WordPress posts. == Proposed Solution This ticket proposes slightly different approach that relies on altering the iframe instance on the fly for each oEmbed. In particular: * When the oEmbed iframe HTML is displayed, if it doesn't already contain a `loading` attribute, it is run through `wp_iframe_tag_add_loading_attr` to add the lazy loading iframe under the correct conditions * Will not add lazy loading to WordPress iframes because of the `data-secret` check * Only adds lazy loading to iframes with the height and width present. * Runs before the `oembed_result` filter, so developers can remove the attribute if desired. " adamsilverstein Needs Patch 58771 Someone logged onto my WordPress Admin Site, changed the password, and created a User Registration Security normal normal Awaiting Review defect (bug) new 2023-07-10T16:16:34Z 2023-07-10T16:16:34Z "I checked settings and the ""Anyone can register"" is unchecked. I was able to regenerate a password and delete the user registration. I received several emails over the weekend regarding this activity. My password was 15 characters long, so I am not sure how anyone could have figured out my password. I am concerned and wanted to let someone know of this security vulnerability. EMAIL 1: 7/8/2023 07:18 AM Howdy! Some plugins have automatically updated to their latest versions on your site at https://www.privotechnologies.com. No further action is needed on your part. These plugins are now up to date: - Protect Uploads (from version 0.3 to 0.4) If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help. https://wordpress.org/support/forums/ The WordPress Team EMAIL 2: 07/10/2023 12:20 AM New user registration on your site Privo Technologies, Inc.: Username: wadminw Email: wadminw@wordpress.com EMAIL 3: 07/10/2023 12/21 AM New user registration on your site Privo Technologies, Inc.: Username: wadminw Email: wadminw@wordpress.com EMAIL 4: 07/10/2023 5:46 AM Hi privomain, This notice confirms that your password was changed on Privo Technologies, Inc.. If you did not change your password, please contact the Site Administrator at pgoldberg@privotechnologies.com This email has been sent to peter.goldberg@comcast.net Regards, All at Privo Technologies, Inc. https://www.privotechnologies.com EMAIL 5: 07/10/2023 5:47 AM New user registration on your site Privo Technologies, Inc.: Username: admmega123 Email: admmega123@outlook.com " peterg1206 Has Patch / Needs Testing 58765 the_block_template_skip_link() - XSS vulnerability - Apply FIX Security 5.8 normal normal Awaiting Review enhancement new has-patch 2023-07-08T12:07:38Z 2023-07-08T15:25:45Z "Dear people at WordPress, I have already reported this problem on HackerOne, it has been reviewed by a member of the WordPress security team, and they asked me to publish the issue here. Issue: I would like to implement on my website the CSP (Content Security Policy): require-trusted-types-for ‘script’; If I do it, I get the following error message in the browser Console: “This document requires TrustedHTML assignment” because “innerHTML” is used in this script: `the_block_template_skip_link()` Impact DOM XSS FIX: in the script, replace ""innerHTML"" with ""innerText"" and the skiplink will still work. I have done that on my own homepage: `remove_action( 'wp_footer', 'the_block_template_skip_link' );` and then I have added the skiplink again, replacing ""innerHTML"" with ""innerText"" in the script. The code works (used theme: Twenty Twenty-Three)." micromadness Needs Dev / Bug Wrangler Feedback 58764 Incorrect return type in `WP_Rewrite::using_index_permalinks()`. costdev Permalinks 2.7 normal normal Awaiting Review defect (bug) assigned dev-feedback 2023-07-08T10:08:29Z 2023-07-31T12:58:33Z "== Overview In [8899], [https://github.com/WordPress/wordpress-develop/blob/6.2/src/wp-includes/class-wp-rewrite.php#L357-L373 WP_Rewrite::using_index_permalinks()] was documented to return `bool`. However, its actual return type is `int|false`. A guard explicitly returns `false`, however the final return statement returns the result of a `preg_match()` call. Per [https://www.php.net/manual/en/function.preg-match.php the PHP manual]: > `preg_match()` returns 1 if the pattern matches given subject, 0 if it does not, or false on failure. == Docs change, or `bool` cast? === Docs change We could change the return type to: {{{#!php @return int|false 1 if permalink links are enabled and index.php is in the URL, 0 if permalinks are enabled but there was a failure, false if permalinks are disabled. }}} However, I think this is an overly complicated return for a method called `using_index_permalinks()` that suggests, and is currently documented as, a simple `bool` return type. === `bool` cast: Is there a backward compatibility concern? Yes, but a very small one. WP Directory shows: - [https://wpdirectory.net/search/01H4T8ZA3EYAHNCJH57EKTSYH2 all 135 plugins] and [https://wpdirectory.net/search/01H4TEEJ598PDEK1WCRJ4C3SGW all 138 themes] that call this method use a loose check on the result, treating `0` and `false` as ""No, it does not use index permalinks"". These are safe from a `(bool)` cast. - It's possible that someone out there is using `1 === $wp_rewrite->using_index_permalinks()`, but as the method is documented to return `bool`, they're most likely using a loose check after an assumed attempt of `true ===` would have always failed, as the method currently ''never'' returns `true`. === When does `preg_match()` return `false`? Per PHP-src, a call to [https://github.com/php/php-src/blob/c6b9db2131deda7ca0683a6006fe9ae8dd767f51/ext/pcre/php_pcre.c#L1465 preg_match] eventually leads to [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L589C26-L589C58 pcre_get_compiled_regex_cache_ex]. The following failure conditions are listed: - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L642 Empty regular expression] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L654 Delimiter must not be alphanumeric, backslash, or NUL] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L698 No ending delimiter '%c' found] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L700 No ending matching delimiter '%c' found] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L750 Unknown modifier '%c'] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L752 NUL is not a valid modifier] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L764 The /e modifier is no longer supported, use preg_replace_callback instead] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L779 Failed to generate locale character tables] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L801 Compilation failed: %s at offset %zu] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L852 Internal pcre2_pattern_info() error %d] - [https://github.com/php/php-src/blob/master/ext/pcre/php_pcre.c#L862 Internal pcre_pattern_info() error %d] === Which of these failures could happen here? In the context of `WP_Rewrite::using_index_permalinks()`, there is only one possible failure: `WP_Rewrite::$index` contains the delimiter, `#`. [https://3v4l.org/M94EH 3v4l]. The `index` property is set to `'index.php'` by default. However, it's a `public` property and could therefore be directly overridden, or set in a subclass of `WP_Rewrite`. WP Directory shows: - [https://wpdirectory.net/search/01H4TBP4HXJZQ8G58BGB6A0QFE 0 plugins] directly assign a value to this property. - [https://wpdirectory.net/search/01H4TBT9RAKWGY41CCPD320RBA 0 themes] directly assign a value to this property. - [https://wpdirectory.net/search/01H4TBW9JQNVX9Q580Z0FPD6DH 1 plugin] extends the `WP_Rewrite` class, but does not set a value for the property. - [https://wpdirectory.net/search/01H4TC0P3CYKZ27FK2KBGJQSP5 0 themes] extend the `WP_Rewrite` class. === Can we prevent the potential failure? Yes, by using `preg_quote( $this->index, '#' )`. [https://3v4l.org/CYsS7 3v4l]. === ''Should'' we prevent the potential failure? As demonstrated by the failure, the regex is currently susceptible to special characters. When the default value of `$this->index` (`'index.php'`) is concatenated, the resulting pattern is `'#^/*index.php#'`. See the `.`? The `preg_match()` call is currently vulnerable to `index[any character except newline]php`. [https://3v4l.org/LQSOG 3v4l]. Given this, it's possible that a developer out there has set a custom `$index` value that contains a regex pattern. However, I think that's very unlikely. Contrarily, the flawed regex has the potential to cause false positives if, for example, the permalink structure starts with `/index2php`. While that's also unlikely, using `preg_quote()` here would prevent that false positive. ----- == Call for opinions 1. Should we just change the documented return type and description? If so, what makes sense here? 2. OR should we cast the result to `bool`? 3. ADDITIONALLY should we use `preg_quote()` here to prevent the potential failure?" costdev Needs Early Attention 58763 Inconsistent add/get/update/delete_post_meta() functions leads to deleting post metadata. General normal major 6.6 defect (bug) new has-patch 2023-07-08T09:48:05Z 2024-02-19T20:57:08Z "The add_post_meta(), delete_post_meta(), and update_post_meta() functions all use wp_is_post_revision() to add/delete/update the metadata of the post, not its revision. That's fine, but the get_post_meta() function does NOT use wp_is_post_revision(). As a consequence, if you use get_post_meta() and update_post_meta() during the saving process for a revision, the post metadata ends up being overwritten/deleted: The get_post_meta() function gets the **revision** metadata, and then the update_post_meta() function updates the **post** metadata, NOT the revision metadata. js." jsmoriss Needs Patch 58761 Make the filter option_page_capability_options available when access options.php directly Options, Meta APIs normal normal Awaiting Review defect (bug) new 2023-07-08T05:43:13Z 2023-07-08T05:43:13Z "The problem is that when wp-admin/options.php is accessed directly $option_page is Empty, and the filter for option_page_capability_options is bypassed. For a requirement to prevent direct access to this page, which exposes all WordPress options, this filter is needed to modify the capability from 'manage_options' to 'do_not_allow'. For any other settings page the value of $option_page is set to something other than 'options' and would not be affected by this change. I'd also suggest the 'back compat' comment is irrelevant and could be removed (or at least better explained if it is relevant). The suggested change is from: {{{#!php Permalinks. 4. Scroll down to the Optional section." sabernhardt Needs Patch 58720 Page-Specific template in Site Editor detaches itself from the page when page slug is updated. Editor normal normal Awaiting Review defect (bug) new 2023-07-05T19:15:26Z 2023-10-31T03:16:11Z "If the page slug is updated, the Page-Specific template that was created within the Appearance > Editor section will detach itself from the page.\\ \\ **Steps to Reproduce**\\ 1. Create a new page.\\ 2. Create a new page-specific template within Appearance > Editor specifically for the page you created.\\ 3. Change the slug (URL) of the newly created page.\\ 4. Upon changing the slug, you will notice that the page-specific template becomes detached from the page, meaning it is no longer associated with it." talhaqureshi Has Patch / Needs Testing 58719 Bump the minimum PHP version to 7.2 johnbillion* General normal normal 6.6 enhancement accepted has-patch 2023-07-05T17:59:52Z 2024-03-11T04:40:57Z "Background: #51043, #57345 Per discussion in #51043 (and reaffirmed in #57345, specifically https://core.trac.wordpress.org/ticket/57345#comment:29 and https://core.trac.wordpress.org/ticket/57345#comment:83 ), for WordPress to consider dropping support for a PHP version, the versions need to get below 5% usage, regardless of the WordPress version used on those sites. As of 5 July 2023, [PHP usage for all WordPress sites](https://wordpress.org/about/stats/) - PHP 5.6 is at 3.93% - PHP 7.0 is at 2.05% - PHP 7.1 is at 1.38% #57345 is slated to drop support for 5.6, which means barring the unlikely event that migrating users choose PHP 7.0 or 7.1 instead of a later version, the collective usage of PHP 7.0+7.1 is <%5 and eligible to be dropped. That said (and as evidenced in the referenced tickets), dropping support for a PHP version is an orchestrated event that requires leadership approval, coordination with web hosts, and an announcement post that gives users ample time to prepare. In an effort to prevent some of the planning hiccups around previous version drops, and hopefully continuing to standardize the process, I propose we already begin planning the eventual removal of the next slated PHP version. Specifically, * We should choose a ""go/no-go"" date for when we should evaluate the stats and determine which versions (collectively) meet the <%5 threshold (my assumption is that we will want to pad #57345 to see where the migrations land). * We should determine the minimum ideal time before dropping support for an announcement post (several in #57345 suggested 2-3 months advanced notice) Previously: #57345 Bumping the minimum PHP version to 7.0 in WordPress 6.3 (targeted) #46594 Bumping the minimum PHP version to 5.6 in WordPress 5.2 #16917 Bumping the minimum PHP version to 5.2 in WordPress 3.2 " justlevine Has Patch / Needs Testing 58715 WP Themes: Improve various globals documentation. Bundled Theme normal normal Awaiting Review defect (bug) new has-patch 2023-07-05T13:04:58Z 2024-01-22T06:56:12Z "I have reviewed the code and found some of the files need to be improved comment code. Please check the below files. File Name: - wp-content/themes/twentysixteen/functions.php - wp-content/themes/twentytwelve/functions.php - wp-content/themes/twentytwenty/functions.php" upadalavipul Needs Patch 58714 View post link issue in post/article listing screen Posts, Post Types normal normal Awaiting Review defect (bug) new 2023-07-05T10:04:19Z 2023-07-05T10:04:19Z "Hello, View post or permalink not generated when ""public"" argument is ""false"" in custom post type but ""View"" link show in post/article listing screen if ""public"" argument is ""false"" so It should be not shown in listing screen" hiren1094 Needs Patch 58710 REST: media (images) deleted or replaced are returned by their new id when requested by their old id REST API 6.2.2 normal major Awaiting Review defect (bug) new 2023-07-04T12:08:44Z 2023-10-16T14:53:56Z "An article has got a featured image assigned (id X). The featured image is replaced* using Media library (id Y). REST API for article delivers old image id (X). Upon requesting fields (id, src) for old image id (X) from REST API media endpoint, the field id returned is the new image id (Y). I expect the requested id and the returned id to match. Alternatively I like to be able to get to know which id returned correlates to which id requested. Example: https://deananddavid.com/wp-json/wp/v2/media/?include=77793&_fields=id,source_url&per_page=100 ""include"" as per documentation requests certain ids. Notice the returned id is 77795 (5 instead 3 at last digit). '* the replacement was done by an editor. I don't know the exact procedure she/he took." vialars Needs Patch 58709 Bug 6.3 beta-3: Black screen when selecting blocks in List view outside the block editor viewport. Editor normal major Awaiting Review defect (bug) new 2023-07-04T06:06:04Z 2023-07-04T06:54:43Z "When using the List View in the block editor, if a block is not currently visible in the viewport of the editor, selecting that block from the List View results in a black screen. Steps to Reproduce: - Install WordPress **6.3 Beta-3**. - Create a new post or page. - Add multiple blocks, ensuring that some of them are not currently visible within the viewport of the block editor. - Switch to List View to see the list of blocks. - Choose ""Select"" from Tools. - Attempt to select a block from the List View that is not currently visible in the viewport. Screenshot - https://share.getcloudapp.com/p9uZbOz2" abhijitnage Needs Patch 58708 Twenty Seventeen: caption alignment is different in editor and frontend Bundled Theme 5.8 normal normal Awaiting Review defect (bug) new 2023-07-04T05:46:57Z 2023-08-21T15:35:40Z In Twenty Seventeen theme the table caption is center in the editor but it is aligned to the left in the frontend pitamdey Needs Patch 58707 Page looks fine, but after clicking to edit page, some text disappears, even after deactivating all plug-ins General 6.2.2 normal normal Awaiting Review defect (bug) new 2023-07-04T02:10:13Z 2023-08-25T21:04:41Z "My theme is Twenty Twenty-One. Text after some footnotes seems to disappear in edit mode, but I have the same issue even after deactivating the footnote plug-in, as well as all other plug-ins. This started happening after I upgraded to the latest version of WordPress. Before I upgraded, my site had quit working altogether. After I upgraded WordPress, my site came back, but the editing of pages is messing up, as described above." avnerstein Needs Reporter Feedback / Steps To Reproduce 58706 SoundCloud block error Embeds 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-07-03T17:12:27Z 2023-07-03T23:31:01Z "Hello, I am running 6.2.2. Whenever I paste any SoundCloud story into the Block Editor, I always get an error that reads ""Sorry, this content could not be embedded"". I'm able to use the HTML block and embed that way. It appears others are seeing this problem too: https://wordpress.org/support/topic/soundcloud-embeds-stopped-working-2/ Thanks for your help! -Tyler" paywall Needs Patch 58700 wp_set_comment_status() modifies post_content Comments 6.2.2 normal major Awaiting Review defect (bug) new 2023-07-03T04:42:14Z 2023-07-14T21:06:45Z "I've created a standalone PHP script that runs on cron and uses wp_set_comment_status() to automatically approve select comments (based on user name, ip address, etc). When a comment is approved, if the post_content contains a video tag, the video tag is rewritten. From : {{{ }}} To : {{{ }}} My code : {{{#!php $comTime ) { wp_set_comment_status($comment_id, 'approve', false); } }}} Any idea why this is happening? I've had to go back and edit a lot of posts due to this issue." tweakfreaks Needs Patch 58694 Enhancement in wordpress Database API Database 6.2.2 normal normal Awaiting Review feature request reopened 2023-07-01T12:11:08Z 2023-08-30T17:51:17Z "Hi im a wordpress developer and freelancer i also do wordpress Database optimization for my customers and I have a very smart suggestion to optimize the database structure of Beloved WordPress! issue: Keep in mind that every plugin and theme installed in WordPress will inject some data (options/post-metas/ etc) to the wpdb and when you remove them their data will remain (unused) inside user wp database with no clue or indication of what template or plugin the information was for! My suggestion: you can simply add an extra Argument for the core functions for adding options or metas (update_option or update_post_meta/update_user_meta) this Arg will add that plugin or theme base name to the added option or meta added like this -> update_option(""myopt"", ""myvalue"", $autoload, ""wooslider"") which the 4th arg is the name of my example plugin and its REQUIRED type ALSO the name of the plg/theme can be auto inserted from an PHP constant -> (define('WOODMART_CORE', __FILE__); ) NOTE: By using this new system, whenever a person wants to manually optimize the database, she/he can easily find out which information is not needed and quickly query and delete them, Also, the plugins that perform database cleaning are much easier and more efficient, fully automatically find out which plugins no longer exist and which information is related to them and can be deleted without any trouble! See the pic plz... https://mdezign.ir/wp-content/uploads/2023/07/aasdsadasdasd.jpg Consider this as a Great New development in order to optimize and speed up all WordPress sites! Thanks a lot. " mdesignfa Has Patch / Needs Testing 58693 wordpress posts custom-meta box issue Options, Meta APIs 6.2.2 normal normal Awaiting Review defect (bug) new has-patch 2023-07-01T11:37:35Z 2023-07-02T06:30:37Z "Hello to the WordPress development team! im a wordpress plugin developer and I developed a Custom-Plugin for my customer (www.delbarbash.com) and I found a critical issue with post/products meta_box when i disable custom_meta (checkbox) form the screen-options (top-page) and reload the admin posts page or products page But again, the field was taken by PHP rendered (I saw this from view-page-source) Issue: and when i update some product meta value from database or by ajax or somewhere else and then update the post the post will send the old meta_keys and meta_values to the wpdb and it seems to be a bug or malfunction Of course I disabled entirely the meta_box with the aid of remove_meta_box function (in my plugin) My suggestion: to get rid of this weird issue I suggest a new system that when a user disable this meta_box (or all other boxes) from screen option an JS Confirmation take effect and ask the user (if you dont have un-saved values on this page, we will reload the page again) After page reload the page must-not render that box with PHP again! (instead of hidden that box with just CSS) Thanks a lot! Thank you for considering and checking my request and believe that this can be a big problem!" mdesignfa Needs Patch 58688 Posts get unlinked from our site's taxonomy when being converted to Block Editor General normal normal Awaiting Review defect (bug) assigned 2023-06-30T16:01:52Z 2023-06-30T16:01:52Z "Sorry, I don't know how to describe this better. I work for HelloSubscription and we usually link our posts at hellosubscription.com by categories (news, coupons, reviews). We have taxonomies to link them to our directory (boxes.hellosubscription.com) so the post gets redirected to the right brand/box (we are a subscription box reviews website). However, these past week or so, whenever we convert the posts from Classic editor to Block editor, these taxonomies gets removed so the posts we publish doesn't get link to our directory page. Sorry if this sounds confusing, but that's basically our little problem now." hspaula Needs Patch 58679 meta key field in usermeta table should NOT use accent insensitive collations Security normal major Awaiting Review defect (bug) new 2023-06-30T09:09:50Z 2023-10-30T18:22:48Z "Looking at the latest string of vulnerability issues that came up related to the [Ultimate Member plugin](https://wordpress.org/plugins/ultimate-member/) I discovered that the usermeta table has an accent insensitive collation for the `meta_key` field. This results in queries for `wp_cãpăbilitiës` to return the actual `wp_capabilities` row! See `update_metadata()` function in wp-includes/meta.php Imagine the attack surface this brings. In fact, don't imagine, just look at the recent attacks in the wild. Fix: use accent insensitive collations (or even ASCII BINARY)" madhazelnut Needs Patch 58676 Twenty Twenty-Two: Comment text box is touching the screen border for mobile devices Bundled Theme normal normal Awaiting Review defect (bug) new 2023-06-30T04:53:24Z 2023-09-09T09:38:01Z "The comment textarea box is touching the screen border so the design does not look proper for different mobile devices like iPhone 12 pro, iPhone XR etc. Screenshot: [https://share.cleanshot.com/jFVNrx7tRZ2dNzvcjyfr]" himshekhar07 Needs Reporter Feedback / Steps To Reproduce 58669 Twenty Twenty-Three: Search input border does not display on font side. Bundled Theme normal normal Awaiting Review defect (bug) new reporter-feedback 2023-06-29T12:59:15Z 2023-09-04T06:59:41Z "I have reviewed Search block in different different themes and I found search input border does not display in frontend side for Twenty Twenty-Three. Please check the below provided video recording for a better understanding. Video Recording: https://share.cleanshot.com/Px5DpDrD3DLYKF1rYVd5" upadalavipul Has Patch / Needs Testing 58668 "wrong ""domain"" returned by wpmu_validate_blog_signup when using on subsite in subdomain multisite" General 3.0 normal minor Awaiting Review defect (bug) new has-patch 2023-06-29T06:25:06Z 2023-06-29T06:30:52Z "`wpmu_validate_blog_signup` function relies on global `$domain` which will give wrong results when its triggered on subsite of subdomain multisite. In cases like this, `$domain` will be set to current subsite, which will lead to unexpected value of ""domain"" element in returned array. Triggering the function on subsite will lead to ""domain"" element having value like ""newsite.currentsubsite.network"" instead of ""newsite.network"". To fix this, `$domain` should be set based on `$current_network->domain` instead of global `$domain`." maniu Needs Patch 58666 added HTML tags in HTML block Formatting 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-29T02:41:45Z 2023-06-29T02:41:45Z If you add code, like css or javascript to an HTML block, save it and revisit it later on, HTML tags have been added, mostly line breaks
            . This breaks the added code. RichWP - Felix Needs Patch 58663 Emoji: Consider eliminating expiry-based invalidation of wpEmojiSettingsSupports sessionStorage cache Emoji 6.3 lowest trivial Future Release defect (bug) new 2023-06-28T20:06:05Z 2023-07-19T16:09:30Z "Currently the results of the emoji-loader's tests for whether or not emoji are supported get cached in the browser's `sessionStorage` for 1 week. For most users, this expiration will never be reached since the browser tab would be closed and the `sessionStorage` cleared anyway. For the minority of users who keep a single tab open for weeks at a time, including those who restore tabs after installing an OS update, there can be scenarios where (1) the OS or Twemoji was updated to support emoji but the cache causes Twemoji to still be loaded, or (2) the emoji support was not changed and yet the browser re-checks support after a week unnecessarily. See [https://github.com/WordPress/wordpress-develop/pull/4562#discussion_r1243983163 GitHub pull request discussion] for more context and possible solutions. Nevertheless, as of #58472 the emoji tests have been greatly optimized so the cost of re-calculating support unnecessarily is not a meaningful performance hit, especially since ever since emoji support was introduced until now, the tests were being run on every page load anyway. This may not be worth the effort to resolve." westonruter Needs Patch 58662 Transients cannot contain non-ascii characters Cache API 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-28T19:34:17Z 2023-06-28T19:34:17Z "set_transient reference says: * Transient name is expected to not be SQL-escaped. Must be 172 characters or fewer in length. * Transient value must be serializable if non-scalar. Expected to not be SQL-escaped. Making note of above, and trying to set transient value with plain text, but containing non-ascii characters, the function fails to save the transient. Using simple preg_replace('/[^A-Za-z0-9 ]/','', )); solves the problem, but the transient no longer contains the original text string. As far as I see, serialization or json encoding the text string does not help, as it would still contain non-ascii characters. So, either the set_transient function should accept more complex value parameters, or documentation should state the limitation on the value parameter. I understand this may also be due to underlying memcached, but I do not see any mention in WP_Object_Cache documentation either that there are any limitations for the value/data to be stored." iarovuo Needs Patch 58659 Bullet points General normal normal Awaiting Review defect (bug) new 2023-06-28T14:45:13Z 2023-06-29T09:14:32Z When adding a bullet pointed list, I am unable to easily make a new bullet point. Hitting 'enter' does not make a new bullet point. mrwilsondfsa Needs Patch 58658 WP_Locale add get_month_genitive() method I18N 4.4 normal minor Awaiting Review enhancement new 2023-06-28T14:07:49Z 2023-06-28T14:36:02Z "The `WP_Locale` class has `get_month()` and `get_month_abbrev()` methods, but does not have `get_month_genitive()`. It should be there as well. We should add such a code: {{{ /** * Retrieves the full translated month in genitive case by month number. * * @since 6.2.3 * * @param string|int $month_number From 1 to 12. If a number less than 10 is * passed in integer or string format, a '0' will be added before it. * * @return string Translated full month name in genitive case. */ public function get_month_genitive( $month_number ) { return $this->month_genitive[ zeroise( $month_number, 2 ) ]; } }}} " Tkama Needs Patch 58650 Reset cache in development mode Cache API normal normal Awaiting Review enhancement new 2023-06-28T00:47:17Z 2023-06-28T17:47:41Z "https://core.trac.wordpress.org/ticket/57487 added support for development mode in order that the WordPress code is aware of different methods and levels of caching. Tests in the Gutenberg plugin utilize methods such as `wp_theme_has_theme_json`. In Core, this method checks the current development mode and deal with the cache accordingly. Because Gutenberg had not set the required constants, PHP unit tests were failing, probably because the cache was not being cleared between tests (`$can_use_cached` was always true). In order to get the tests running on the Gutenberg CI, the constant `WP_RUN_CORE_TESTS` needed to be declared in [Gutenberg's PHPUnit bootstrap file]https://github.com/WordPress/gutenberg/pull/51950/files#diff-a51f75ea7a86ddd18edea3fe94a0482427795fcd7b247e6959149cbac60964dfR27. PR: https://github.com/WordPress/gutenberg/pull/51950 An alternative way suggested by @noisysocks was for Core to update Core's implementation of `wp_theme_has_theme_json` to cache the return value in a way that is reset by `wp_clean_theme_json_cache`. cc @flixos90 Related discussion: https://github.com/WordPress/wordpress-develop/commit/4a16702090984caef24af5a07d598cc5afff2fdc#r119747488 " ramonopoly Needs Patch 58649 Legacy Widget does not save additional css classes Widgets 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-28T00:31:32Z 2023-06-28T00:31:32Z "Additional CSS Classes do not save on Legacy Widgets. * Install a new WordPress 6.2.2 site. * Activate a non-block theme that supports widgets. I used Twenty Twenty-One * Navigate to Appearance > Widgets * Select Footer area * Add a Navigation Menu (this creates a Legacy Widget) or add a Legacy Widget * Navigate to the Legacy Widget block options Advanced > Additional CSS Class(es) * Add any class name and update the widget area * Refresh admin screen * Navigate back to the Legacy Widget block options Advanced > Additional CSS Class(es) * The additional class name has not been saved. Also - if a legacy widget has any class names for earlier non-block-enabled widget areas, the class names are not pulled through to the Legacy Widget block options. If you edit a Legacy Widget, it will lose any additional class names previously applied (before the widget area was blockified). Loom recording example: https://www.loom.com/share/89afd2521bd44b25adc22642fd9be030" DeveloperWil Needs Patch 58647 wp_generate_attachment_metadata generates scaled images Media 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-27T21:34:17Z 2023-06-27T21:34:17Z "When using wp_generate_attachment_metadata() it seems to ignore the filter to turn off ""big_image_size_threshold"". add_filter( 'big_image_size_threshold', '__return_false' ); $generateThumbs = wp_generate_attachment_metadata( $attachmentId, $file ); This results in a scaled version of the media being created and _wp_attached_file meta being replaced with the scaled versions path. " picard102 Needs Patch 58644 embed height fix Embeds 4.4 normal normal Awaiting Review defect (bug) new 2023-06-27T15:59:11Z 2023-06-27T16:48:10Z "It seems that this fixes the issue of embeds cutting off at the bottom. It would be great if it could be implemented into the core. I have tested it and it works and fixes the issue: [https://medium.com/@wlarch/overwrite-and-bypass-wordpress-iframe-height-dimension-limit-using-javascript-9d5035c89e37 Overwrite and bypass WordPress iframe height dimension limit using JavaScript]" iamhugo76 Needs Patch 58640 Navigation Block renders wrong menu Menus 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-27T07:15:00Z 2023-06-27T07:25:32Z I have been experiencing a problem with block editor in the theme block theme that I am developing. The core/navigation block does not renders the manu I select in editor. However, in editor, the menu that gets rendered is one selected. mechaartistix Has Patch / Needs Testing 58639 Entity Name vs. Entity Number, for 6.4 Administration normal normal Awaiting Review defect (bug) new has-patch 2023-06-27T06:18:42Z 2023-06-27T06:18:42Z "This is a follow up ticket to #30796, which had some changes included in WordPress 6.3. See that ticket for discussion and history. The list of @sabernhardt findings of strings using `’`: [https://docs.google.com/spreadsheets/d/1HrJsZSuTfWeAiZFu1STBrhrMT6U49qeeb26-cjUIiFo/edit?usp=sharingText strings with the apostrophe character code] A PR at GitHub with some changes implemented from that list: [https://github.com/WordPress/wordpress-develop/pull/4672 PR #4672]" kebbet Needs Dev / Bug Wrangler Feedback 58638 Add 'close' button to dashboard widgets oglekler Administration normal normal Future Release enhancement assigned dev-feedback 2023-06-27T04:59:43Z 2024-02-12T09:12:32Z In the Dashboard it isn't obvious that widgets can be removed from it via Screen options and sometimes widgets are annoying, or you just don't need them. I suggest adding `close` button into dashboard widget header. oglekler Needs Patch 58636 Automatic Sanitization of Nonces in wp_verify_nonce Security normal normal Awaiting Review enhancement new 2023-06-26T21:28:18Z 2023-06-26T21:28:18Z "There's a [in-depth discussion](https://github.com/WordPress/WordPress-Coding-Standards/issues/869) in the WordPress Coding Standards repository over the question of whether nonces should be sanitized prior to being passed to `wp_verify_nonce()`. At present, developers are required to sanitize the input themselves before it's passed to `wp_verify_nonce`. This practice is mandates by the PHPCS WordPress Coding Standard: {{{ #!php insert` function is advantageous due to its automatic data preparation. However, this solution does raise a potential issue with pluggable nonces. If a nonce created by `wp_create_nonce` employs characters outside of the standard range and if `wp_verify_nonce` is not also plugged to accommodate these special characters, this implementation could potentially break. We must also assume that a plugged `wp_verify_nonce` should sanitize the nonce it receives. While there are some concerns associated with sanitizing nonces, the benefits largely outweigh the risks. These benefits include improved development experience, and stronger security, especially given the fact that many WordPress developers do not utilize PHPCS with WordPress Core Security Rules in their codebase, and may therefore be unaware of the need for nonce sanitization. This presents an opportunity to build a safer and more developer-friendly environment." lucasbustamante Needs Patch 58631 "decoding=""async"" is added wildly, even if loading=""eager"" is there" General 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-26T14:54:25Z 2023-06-28T12:45:57Z "Could we do something about {{{decoding=""async""}}} parameter being added wildly on EVERY image? It might seem to be a good idea, but it's not. I'm developing custom themes, and although it was introduced in 6.1, it touched me probably with some changes in 6.2 where {{{ wp_filter_content_tags() }}} is replacing images without the parameter (and {{{wp_get_attachment_image_attributes}}} filter is not called in this case. I was using loading=""eager"" for my hero images (rendered in the template via Timber) which should be a no-no to adding decoding=""async"" for that. I might help to fix the issue if somebody guides me through track and svn (but I'm fluent in git repos if there is finally a way to contribute this way). Suggesting - checking for fetch priority and loading=eager params, and if present, do not add {{{decoding=""async""}}} or {{{loading=""lazy.""}}} I'm currently doing this, but it's silly to be fixing it on every site: {{{#!php '...', ); $args = array( 'title_reply' => __('Leave a Reply', 'xxx'), // This value works 'title_reply_to' => __('Leave a Reply to %s', 'xxx'), // This value doesn't work 'title_reply_before' => '

            ', // The problem is when I add an icon to this value 'title_reply_after' => '

            ', 'fields' => apply_filters('comment_form_default_fields', $fields) ); comment_form($args); }}} " metinmete Needs Patch 58600 wp_query Enhancement Query 6.2 normal normal Awaiting Review feature request new close 2023-06-22T13:21:56Z 2023-07-03T16:51:04Z "I wolud like to enhance the wp_query to retrive post base on catgory orders. Category Ex. with post Mobile -: Post-1, Post-3, Post-6 Appliance -: Post-2, Post-8, Post-10 I Need Posts like in this order using wp_query of order by category ASC/DESC Current output is according to ID order Post-1 Post-2 Post-3 Post-6 Post-8 Post-10 Expected output Post-2 Post-8 Post-10 Post-1 Post-3 Post-6" thakordarshil Needs Patch 58595 Add a new admin page with support information and resources Help/About 3.1 normal normal Awaiting Review enhancement new 2023-06-22T01:08:57Z 2023-06-22T01:08:57Z "The links under the 'W' menu are little used links in a high-traffic context. They are also external links in a menu that otherwise only accesses information within WordPress. Following up from discussions on #55960, I'm proposing that we remove the dropdown of links currently attached to the 'W' menu and replace it with a single link for support and resource information. This would allow us to create a page that offers much more significant user and developer assistance by directing users to a wide variety of resources on WordPress.org. " joedolson Needs Patch 58594 Media file changes no longer trigger updated/modified statuses. Media 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-21T19:54:38Z 2023-06-21T19:54:38Z "In older versions of WP, when media files like PDFs were updated it would trigger an event that could be listened to and acted upon by plugins. In the current version of WP (6.2.2) if a user changes the uploaded date or otherwise modifies a media file's properties, the change is no longer picked up by audit trail plugins like WP Activity Log, nor is it seen as an update to a ""post"". Plugins that have ""Clear cache whenever a post or page is updated"" functionality are now broken when it comes to media file changes. For instance, if a site is using Sucuri's WAF and caching plugin as well as the Enable Media Replace plugin, when a user replaces a media file with a new one it doesn't trigger Sucuri's cache clearing functionality anymore. I have reviewed both Enable Media Replace and Sucuri's plugins to make sure neither of them are at fault for breaking this functionality. Additionally, neither Sucuri nor WP Activity Log pick up the changes to display in their activity logs. I do not know if media file post types were explicitly excluded from using the process pages and posts use to broadcast changes, but this new behavior is only present in the most recent version(s) of WP and is a bug if this wasn't a planned change." sbeaney Needs Patch 58593 Slow list of posts in the admin panel (with a large wp_posts table) Query 6.2.2 normal normal Awaiting Review enhancement new 2023-06-21T17:23:18Z 2023-06-26T15:42:55Z "Hello. With a large wp_posts table (more than 1 GB, more than 100k published posts), the list of posts in the admin panel may open for several seconds. Slow SQL query that calculates the number of ""my"" posts: SELECT COUNT( 1 ) FROM wp_posts WHERE post_type = '' AND post_status NOT IN ( 'trash','auto-draft','inherit','request-pending','request-confirmed','request-failed','request-completed' ) AND post_author = 1 Solution: ALTER TABLE `wp_posts` ADD KEY `type_status_author` ( `post_type`, `post_status`, `post_author` );" Shoorf Needs Patch 58583 edit widget gutenberg blocks > can't see or add reusable blocks Widgets 6.2.2 normal major Awaiting Review defect (bug) new close 2023-06-20T22:05:31Z 2023-11-01T21:26:28Z No longer can + see or add reusable blocks when trying to edit widget areas using gutenberg block editor wordmax Needs Patch 58574 PHP warnings General 6.2.2 normal normal Awaiting Review defect (bug) new close 2023-06-19T12:27:42Z 2023-06-19T20:58:50Z "Hey, I'm using PHP 8.1, and I have encountered these PHP notices (I don't sure if they are all related to WordPress Core) {{{ Warning: Undefined property: wpdb::$actionscheduler_actions in /home/......./....../wp-includes/class-wpdb.php on line 789 WordPress database error: [Table 'doryos1_dream_press.a' doesn't exist] SELECT a.action_id FROM a WHERE 1=1 AND a.hook='rocket_preload_job_check_finished' AND a.status IN ('pending') ORDER BY a.scheduled_date_gmt ASC LIMIT 0, 5 Warning: Undefined property: wpdb::$actionscheduler_groups in /home/......./....../wp-includes/class-wpdb.php on line 789 WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE slug='rocket-preload'' at line 1] SELECT group_id FROM WHERE slug='rocket-preload' Warning: Undefined property: wpdb::$actionscheduler_groups in /home/......./....../wp-includes/class-wpdb.php on line 789 Deprecated: strtolower(): Passing null to parameter #1 ($string) of type string is deprecated in /home/......./....../wp-includes/class-wpdb.php on line 3255 Deprecated: strtolower(): Passing null to parameter #1 ($string) of type string is deprecated in /home/......./....../wp-includes/class-wpdb.php on line 3151 Deprecated: explode(): Passing null to parameter #2 ($string) of type string is deprecated in /home/......./....../wp-includes/class-wpdb.php on line 3177 WordPress database error: [Incorrect table name ''] SHOW FULL COLUMNS FROM `` ===================================================== Notice: Function wp_enqueue_script() was called incorrectly. ""wp-editor"" script should not be enqueued together with the new widgets editor (wp-edit-widgets or wp-customize-widgets). Please see Debugging in WordPress for more information. (This message was added in version 5.8.0.) in /home/......./....../wp-includes/functions.php on line 5865 }}}" dyos Needs Patch 58567 Updates inconsistently missing from Updates page and no update count bubbles in admin menu Upgrade/Install normal normal Awaiting Review defect (bug) new 2023-06-18T00:50:49Z 2023-06-18T00:59:48Z "Until a few weeks ago, when there were X outstanding plugin updates, the Updates page showed them all, and the Updates and Plugins items in the admin menu showed a red bubble with X in it. Now, when I log into WordPress, there are no red bubbles, and navigating to the Updates or Plugins page causes the bubbles to reappear, but the respective page may or may not show all the outstanding updates. Sometimes, forcing the update check results in a full list, and sometimes, simply re-navigating to the same page completes the list. But sometimes, some updates disappear for no apparent reason. I suspect this is related to having a premium plugin update on the list, but can't be sure. It just seems like partial lists contain a premium update, and often, it's one of those missing. I've ruled out browser caching and there are no console errors or PHP error log message that could be related." galbaras Has Patch / Needs Testing 58565 Twenty Fifteen: Border Style Issue in Pullquote Block Bundled Theme 5.4 normal normal Awaiting Review defect (bug) new has-patch 2023-06-17T08:01:41Z 2023-09-04T07:04:24Z "In the Twenty Fifteen Theme, when we add a Pullquote block in the Gutenberg editor (backend) and apply a border style, we can see that the border is displayed at the top and bottom in the Gutenberg editor. However, when we view the same Pullquote block on the frontend, the border is not visible. " huzaifaalmesbah Needs Patch 58559 Database error bug in wordpress current version Database normal normal Awaiting Review defect (bug) new 2023-06-16T13:10:15Z 2023-07-03T17:13:01Z "{{{ 2023-06-16 8:52:53 47 [Warning] Aborted connection 47 to db: 'wordpressdb' user: 'wpuser' host: 'localhost' (Got an error reading communication packets) 2023-06-16 8:52:53 46 [Warning] Aborted connection 46 to db: 'wordpressdb' user: 'wpuser' host: 'localhost' (Got an error writing communication packets) }}} I am constantly seeing read and write errors in database due to wordpress in the current version. I have been running wordpress for years. Upon checking the logs the read errors last query is {{{ SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1 AND (wp_posts.post_author = 2) AND ((wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish'))) ORDER BY wp_posts.post_date DESC LIMIT 0, 32 }}} The write error last query is {{{ SELECT DISTINCT post_author FROM wp_posts WHERE post_type = 'post' AND post_status = 'publish' LIMIT 2 }}} Both queries execute fine manually. The problem is not related to timeouts or max allowed packets as both execute manually. I noticed they are both increasing the aborted clients value in mysql. There is also no quit sent at the end of the mysql connections. It seems to be a bug within wordpress. I have literally gone through everything else possible to solve this bug." zoddshop63 Needs Patch 58553 Two query blocks on home template (FSE) breaks the second one Query 6.2 normal normal Awaiting Review defect (bug) new 2023-06-16T06:47:30Z 2023-06-16T06:47:30Z "On a site we have a home.html template where we display a custom query with sticky posts before the main query (inherited). We also filter the main query to do not display sticky posts again. Since we updated to 6.1.3 the second query skips the first post (that is the most recent non-sticky post). After some debugging I realize that the `$wp_query->current_post` value is 0 after the first loop instead of -1, causing it to skip the first item (index 0) on the `$wp_query->posts array`. Following the logic in wp-includes I cannot find any obvious change introduced on 6.1.3 to produce this error. I’ve reproduced the issue on a fresh new installation of wp (with 6.2 version): * I have created several posts (duplications of Hello world) * I have crated a new category. * I have assigned three posts to the new category * I have modified the home template (on the site editor) to add a custom query before the main one, where I display the three posts from the new category [[Image(https://images2.imgbox.com/3d/5c/wfm9rpvl_o.png)]] Result with wp 6.1.2 When I update to 6.1.3, the “last one” disapears: [[Image(https://images2.imgbox.com/43/b0/OMZDY2ba_o.png)]] I have found a quick fix that solves it: {{{#!php is_home){ global $wp_query; //sets the $wp_query->current_post to -1 $wp_query->current_post = -1; } }); }}} But I assume this may potentially affect more users and should be fixd on the core. BTW: Using two custom queries doesn’t work for us because we want to keep the default pagination settings with the `/page/2` urls" acaballerog Needs Dev / Bug Wrangler Feedback 58547 Twenty Seventeen: Calendar block header cells should be centered Bundled Theme 6.2.2 normal trivial Awaiting Review defect (bug) new dev-feedback 2023-06-15T17:51:49Z 2023-06-15T19:01:32Z "The th elements in the Calendar block are not centered like the rest of the text in the Calendar which looks odd. " nkeller15 Has Patch / Needs Testing 58544 Need to verify safe website URL in comment form Comments normal normal Awaiting Review defect (bug) reopened has-patch 2023-06-15T12:18:00Z 2023-06-21T20:50:17Z "Hello, We need to verify the website URL in the comment form and It should be safe before inserting into the database." hiren1094 Needs Reporter Feedback / Steps To Reproduce 58543 There are two problems with wordpress General 6.2.2 normal normal Awaiting Review defect (bug) reopened reporter-feedback 2023-06-15T12:10:26Z 2023-06-19T21:18:26Z The wordpress backend menu can't show submenus when hovering, and can't drag and drop images to sort images in the product gallery. wujuan911800262 Needs Patch 58542 Theme.json / Restricting general settings like font sizes on blocks generates a lot of duplication Themes normal normal Awaiting Review feature request new 2023-06-15T10:21:56Z 2023-06-15T10:21:56Z "Hello. In my theme.json file, let's say I declare 20 font sizes in my settings / typography / fontSizes section. As per the official schema, it is an array of objects with a size, slug, and name property. I've seen a project declaring 20 of those. Then I would like to restrict core/paragraphs to use only 5 of them, and core/headings to use only three. With the current theme.json implementation, I need to declare a settings / blocks / ""core/paragraph"" object, then copy / paste the 5 font sizes objects I allow to my user to use with paragraphs. The current problems I face are as follows : - It generates a lot of code duplication - The two declarations are not linked together, which can be used as an advantage, but also seen as an inconvenient, especially when adjusting main settings, which would then not be updated in blocks. Proposal : - Add a new attribute to the blocks settings, like ""restrict"", ""include"" or ""exclude"" which would be an array of slugs coming from the main settings declaration. - It could work with color palettes, fontSizes, spaces, or any array that supports slugs. - This way when declaring block specific settings, we could have less duplication, and a synchronization with main settings. Example: {{{#!json { ""blocks"": { ""core/button"": { ""typography"": { ""fontSizesInclude"": [""sizeSlugA"",""sizeSlugB""] }, ""color"": { ""paletteExclude"": [""colorSlugA"",""colorSlugB""] } } } } }}} Thank you for your work and your time reading me. Best Regards. Jeremy." jdmweb Needs Dev / Bug Wrangler Feedback 58541 WP_Filesystem_SSH2:put_contents (and others) does not check for $sftp_link to be up Filesystem API normal major Future Release defect (bug) new changes-requested 2023-06-15T06:47:39Z 2023-10-27T14:18:47Z "This is a bit long, as I need to explain the reason why it is a problem not to check for the link '$sftp_link' to be up. In short: WordPress allows choosing between various FS_METHODS (wp-config.php), e.g. 'direct' or 'ssh2'. While neither choice will affect WordPress updating itself at all, it has implications when some plugins updating files writing content to a file (htaccess, css etc) via {{{ $wp_filesystem->put_contents($file, $content); }}} The function put_contents should check whether the link is up. There is a big difference how one needs to setup the '$wp_filesystem' instance if you use 'direct' or 'ssh2' - the first one does not need to connect, the second needs to setup a connection before being able to write. For FS_METHODS 'direct': {{{ global $wp_filesystem; if(empty($wp_filesystem)) { require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); } $wp_filesystem->put_contents($file, $content); }}} For FS_METHODS 'ssh2': {{{ global $wp_filesystem; if(empty($wp_filesystem)) { require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); // this is the ONLY difference to 'direct' $wp_filesystem->connect(); } $wp_filesystem->put_contents($file, $content); }}} In the file ABSPATH/wp-admin/includes/file.php (around line 2051) the function WP_Filesystem() simply sets up an instance of the class defined by FS_METHOD, but does NOT connect if FS_METHOD is set to 'ssh2'. Now many plugins that need to write a file (css,htacess,etc) simply assume that FS_METHOD is set to 'direct' or even assume WP_Filesystem() will connect as well. I have three plugins (there are more, but these are the ones I am 100% sure) that have problems writing - Ultimate Addons for Elementor - Astra Addons - Sensei Now I could tell those developers to do it properly. However I think the function $wp_filesystem->put_contents() should CHECK whether the link is up and if NOT, call a function within the class and setup the link to the server, after all I would consider this is proper coding pratice. {{{ public function put_contents( $file, $contents, $mode = false ) { // so this is for people who come from the outside // just setting up the class and dont care whether // a call to ""connect"" is required. error_log(""class-wp-filesystem-ssh2.php -> put_contents -> $file ""); if(!$this->sftp_link) { error_log(""class-wp-filesystem-ssh2.php link is null, connecting ....""); // this function is similar to connect $rc = $this->build_options_connect(); } // put the contents $ret = file_put_contents( $this->sftp_path( $file ), $contents ); if ( strlen( $contents ) !== $ret ) { return false; } $this->chmod( $file, $mode ); return true; } }}} The function $this->build_options_connect() sets up the required data structure similar to the function ""request_filesystem_credentials()"" in file ABSPATH/wp-admin/includes/file.php (around line 2250) and then sets up the connection similar to the function $wp_filesystem->connect() in file ABSPATH/wp-admin/includes/class-wp-filesystem-ssh2.php (around line 120). I have done this on all of my servers for a few weeks now. Message like this one example (of many) below have completely disappeared. {{{ [10-Jun-2023 18:25:12 UTC] PHP Warning: file_put_contents(ssh2.sftp:///HIDDEN/htdocs/wp-content/uploads/uael_uploads/.htaccess): failed to open stream: operation failed in /HIDDEN/htdocs/wp-admin/includes/class-wp-filesystem-ssh2.php on line 283 }}} While I stated 'has patch' (I do), let's first see what people say about this." jobst Has Patch / Needs Testing 58539 Twenty Seventeen: Image block figcaption text alignment inconsistency Bundled Theme 5.8 normal normal Awaiting Review defect (bug) new has-patch 2023-06-14T19:45:56Z 2024-02-28T17:43:55Z "Steps to reproduce: 1. Activate Twenty Seventeen theme 2. Add an image using the image block 3. Notice center alignment of caption in the editor 4. Save page and view, noticing left alignment of caption now " nkeller15 Needs Patch 58538 Wrong menu is shown after adding new Header Template parts Menus 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-14T18:51:11Z 2023-06-14T18:51:11Z "I believe I have found a repeatable bug, and workaround, pertaining to adding new Header Template Parts in WordPress 6.2.2, using multiple FSE themes. The goal: To have (at least) three custom Page templates, each with a different Nav block in its header. The current site has a working header, containing a Nav block with ""menu 1"" selected from the Classic menu list, in the Front Page, Page (and other) Templates - so it's necessary to add two more Template Parts for Headers, and two new Custom Page Templates, using each new Header. Steps: - Add second Header Template Part, with a second menu selected from existing Classic menus. - Add third Header Template Part, with a third menu selected from existing Classic menus. - Add Custom Page Template 2, using Header Template Part 2, including Nav 2. - Add Custom Page Template 3, using Header Template Part 3, including Nav 3. **- Note that both new page Templates and Header Template Parts show the correct Nav menu in the editor. ** - Assign one or more pages to Custom Page Template 2 - Assign one or more pages to Custom Page Template 3 - **BUG: All pages assigned to BOTH Custom Page Templates 2 and 3 will show only Nav menu 3**. **In other words, creating the third Header Template Part seems to to overwrite the Nav menu selected in the second Header Template Part. ** THE WORKAROUND: For each of the two new Header Template Parts (2 and 3) - Modify the menu of each Header Template Part in some way, such as: - Add an item to the menu at the end (anything - just an empty item is fine). - Save the Header Template Part, and test it. You will see the correct menu with the new item. - Return to the Header Template Part, remove the extraneous item from the menu, and save it again. - After doing this for both of Header Template Parts 2 and 3, they should then function correctly throughout the site. " littleen Needs Patch 58536 url_to_postid does not work at MS install in context of another blog when $wp_rewrite->use_verbose_page_rules differs Rewrite Rules normal normal Awaiting Review defect (bug) new 2023-06-14T11:18:44Z 2023-10-29T06:02:12Z "In a multisite installation, where there are blogs with mixed permastruct of some have the `$wp_rewrite->use_verbose_page_rules` set to `true` and some to `false`, the `url_to_postid` fails to find a post, since it's queried as a page, [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rewrite.php?rev=54364#L609 due to a falsey check]. As the rewrites rules are untouched upon `switch_to_blog` action and as the `url_to_postid` function works directly with the `rewrite_rules` option ([https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rewrite.php?rev=54364#L563 via `WP_Rewrite::wp_rewrite_rules()` function] ), IMHO the best way to fix such a case would be to not rely on the property, but perform the same check as when the `use_verbose_page_rules` property is being set (see the attached patch)." david.binda Needs Patch 58535 "Undefined array key ""file"" in function wp_calculate_image_srcset()" General normal normal Future Release defect (bug) new 2023-06-14T09:53:55Z 2023-06-14T16:19:41Z " I noticed the following two warnings in the error log: {{{ PHP Warning: Undefined array key ""file"" in xxx/wp-includes/media.php on line 1367"" PHP Warning: Undefined array key ""file"" in xxx/wp-includes/media.php on line 1373"" }}} " martinjhenne Has Patch / Needs Testing 58527 Rest password error handling issue for email Users normal normal Awaiting Review defect (bug) new has-patch 2023-06-13T12:13:02Z 2023-06-23T08:48:39Z "Hello, I am trying to reset password in user edit screen without configuring email services so I got **""Error: The email could not be sent. Your site may not be correctly configured to send emails. Get support for resetting your password.""** but same thing I am trying in user listing page so I got **""Password reset link sent.""** this message. so It should be same." hiren1094 Needs Dev / Bug Wrangler Feedback 58519 Inline styles block styles in bundled themes Bundled Theme 5.8 normal normal Awaiting Review enhancement new dev-feedback 2023-06-12T14:11:07Z 2023-06-19T16:59:26Z "In [50836] function was added, to inline block styles, so for better performance. There are a number of small stylesheets in bundled themes that could do with that could use this functionality. To opt-in a stylesheet, simply add the path add an extra piece of data of the stylesheet. Like this. {{{#!php wp_enqueue_style( 'twentyfifteen-block-style', get_template_directory_uri() . '/css/blocks.css', array( 'twentyfifteen-style' ), '20230122' ); wp_style_add_data( 'twentyfifteen-block-style', 'path', get_template_directory() . '/css/blocks.css' ); }}} This could improve FE performance, as it remove a blocking request. " spacedmonkey Needs Patch 58518 """More info about performance optimization"" links in Site Health go to 404 error on WordPress.org" Site Health normal normal Awaiting Review defect (bug) new 2023-06-12T14:03:56Z 2023-06-13T06:47:37Z "On the Site Health page, at least under the ""Enqueued scripts"" improvements, the links for ""More info about performance optimization"" go to a broken link on wordpress.org (https://wordpress.org/support/article/optimization/). According to archive.org, it looks like that link was live as late as May 16, 2023. Not sure if there is now a new page. The only optimization page is https://wordpress.org/documentation/article/search-engine-optimization/." jeffgreendesign Has Patch / Needs Testing 58516 url_to_postid does not return post id for static Posts page Rewrite Rules normal normal Awaiting Review defect (bug) new has-patch 2023-06-12T13:29:36Z 2023-06-12T13:38:13Z "Steps to reproduce: - Create a page called ""Blog"", slug: blog. ID: 10 permalink: https://a.com/blog/ - Go to WordPress->Settings->Reading-> Your homepage displays -> A static page -> Posts page -> set the previously created ""Blog"" page. - Call -> {{{#!php is_singular will return false. The following code would solve this issue: {{{#!php posts) && $query->is_singular) { return $query->post->ID; } else { if ($query->get_queried_object() instanceof WP_POST) { return $query->queried_object_id; } return 0; } }}} " nextendweb Needs Dev / Bug Wrangler Feedback 58515 Need to use $wpdb->prepare instead of sprintf Query normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-12T13:04:00Z 2023-06-22T07:25:46Z "Need to use $wpdb->prepare instead of sprintf in ""_prime_comment_caches"" functions. File: wp-includes/comment.php" hiren1094 Needs Patch 58513 Uploading JSON file of 1MB or less fails to upload Upload 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-12T11:21:01Z 2023-06-12T11:25:04Z "When uploading a JSON file of exactly 1048577 bytes or less leads to: {filename} has failed to upload. Sorry, you are not allowed to upload this file type. Even though the file type is allowed. Tested with JSON file of valid JSON of 1048578 bytes (success) and 1048577 byes (failure)." oliward@… Needs Dev / Bug Wrangler Feedback 58512 Enhancing Security and User Experience: Addressing Password Length Limitations and Improving Validation Process Posts, Post Types 6.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-12T11:08:25Z 2023-07-14T11:31:15Z "When I attempted to use a password consisting of 256 characters and tried to publish my post, I encountered an error message stating, ""Updating failed. Could not update post in the database."" It appears that this issue may affect all users. Therefore, I kindly request that you consider addressing this problem by either fixing it or implementing validation on the input field to prevent such errors in the future. I used below password for password protect post : 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 **Total Characters: 255** Could you please verify the attached video URL, https://www.awesomescreenshot.com/video/18248088?key=dd7a62697a5b66aaf5d332dec3a0a9b9" utsav72640 Has Patch / Needs Testing 58511 Escaping function missing in wp-trackback.php Pings/Trackbacks normal normal Awaiting Review defect (bug) new has-patch 2023-06-12T06:30:58Z 2023-06-12T07:07:00Z Escaping function missing in wp-trackback.php file. utsav72640 Needs Dev / Bug Wrangler Feedback 58508 Gutenberg and CSS Editor 6.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-11T00:20:52Z 2023-06-11T00:20:52Z "ENGLISH Hello. I created a page, but when I deleted a photo from the gallery, all the content was deleted. Going to the revisions I was able to restore the content, but when updating, everything is deleted again. I changed the version from PHP8.0 to 8.1 but still the same. I deactivated the plugins and the error was repeated. Finally, with all these changes, I restored the page revision that has all the content, but I added a full stop to some text, I UPDATED and the content was no longer deleted. I activated all the plugins and the error returned. I started to disable GUTENBERG first, restored the revision without making changes to it, saved the page and it works fine. PS: I had to change from PHP8.1 to 8.0 because it throws errors in the Backend (css is disabled, still changing themes) THEME: ASTRA WP: 6.2.2 PHP at startup: 8.1 PHP at the end: 8.0 ---- ESPAÑOL Hola. He creado una página, pero al borrar una foto de la galería, se borró todo el contenido. Yendo a la revisiones pude restaurar el contenido, pero al actualizar, vuelve a borrarse todo. Cambié la versión de PHP8.0 a 8.1 pero seguía igual. Desactivé los plugins y el error se repetía. Por último, con todo estos cambios, restauré la revisión de página que tiene todo el contenido, pero le agregué un punto final a un texto, ACTUALICÉ y ya no se borró más el contenido. Activé todos los plugins y volvió el error. Empecé a desactivar primero GUTENBERG, restauré la revisión sin hacerle cambios, guardé la página y funciona bien. PD: Tuve que cambiar de PHP8.1 a 8.0 porque arroja errores en el Backend (se desactiva el css, aún cambiando de temas) TEMA: ASTRA WP: 6.2.2 PHP al inicio: 8.1 PHP al final: 8.0 " aiteok Has Patch / Needs Testing 58507 GitHub actions are failing General normal normal Awaiting Review defect (bug) new has-patch 2023-06-10T20:45:46Z 2023-06-10T20:58:12Z "GitHub actions are failing due to the following error: {{{ - Installing squizlabs/php_codesniffer (3.6.0): Extracting archive [Composer\Plugin\PluginBlockedException] dealerdirect/phpcodesniffer-composer-installer contains a Composer plugin which is blocked by your allow-plugins config. You may add it to the list if you consider it safe. You can run ""composer config --no-plugins allow-plugins.dealerdirect/phpcodesniffer-composer-installer [true|false]"" to enable it (true) or disable it explicitly and suppress this exception (false) See https://getcomposer.org/allow-plugins }}} " h71 Needs Patch 58505 Using WORDPRESS_DB_HOST variable Cannot connect to the database, must be configu General 6.2.2 normal major Awaiting Review defect (bug) new 2023-06-10T07:07:08Z 2023-11-18T13:21:13Z "I use kubernetes to run wordpress, and configure the WORDPRESS_DB_HOST variable, but it can not connect to the database, manually configure the database IP can be, mast have i to manually configure? I also tried using docker and 'WORDPRESS_DB_HOST' didn't work either. The image I used is wordpress:php8.2" chentc Needs Patch 58504 Errors after WordPress 6.2.2 update General 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-10T06:25:36Z 2023-06-10T06:25:36Z "According to the instructions, the Twenty Twenty-Three theme without using any plugins and the errors I get when I activate my preferred theme are listed. I would like to point out that these errors occur when trying to add New Plugin, New Themes. It also gives errors in language files. I hope the problems will be fixed quickly. Good luck to you. Status: WordPress 6.2.2 running Twenty Twenty-Three theme. Current version: 6.2.2 Last checked on June 10, 2023 at 9:16 am GMT+0300. Check again. This site is automatically kept up to date with each new version of WordPress. Switch to automatic updates for maintenance and security releases only. Wordpress 6.2.2 Error List General Language Error ""Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /home/oxowpxyz/oak.oxowp.xyz/wp-admin/includes/translation-install.php on line 68."" Add new plugins page Error ""An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums."" Add Themes page Error ""An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.""" bakgun1 Needs Dev / Bug Wrangler Feedback 58502 Visiting /wp-admin/options-permalink.php causing Fatal Error Permalinks 6.2.2 normal normal Awaiting Review defect (bug) new close 2023-06-09T10:05:47Z 2023-06-28T15:48:07Z "I'm using WordPress 6.2.2 on PHP 8.1.x `Fatal error: Uncaught ValueError: Unknown format specifier ""<"" in /wp-admin/options-permalink.php:38 Stack trace: #0 /wp-admin/options-permalink.php(38): sprintf() #1 {main} thrown in /wp-admin/options-permalink.php on line 38` Here is the WordPress Health Status: {{{ ### wp-core ### version: 6.2.2 site_language: bn_BD user_language: bn_BD timezone: Asia/Dhaka permalink: /%postname%/ https_status: true multisite: false user_registration: 0 blog_public: 1 default_comment_status: open environment_type: production user_count: 1 dotorg_communication: true ### wp-paths-sizes ### wordpress_path: /home/PATHTRUNCATED wordpress_size: 685.79 MB (719102256 bytes) uploads_path: /home/PATHTRUNCATED/wp-content/uploads uploads_size: 584.80 MB (613205338 bytes) themes_path: /home/PATHTRUNCATED/wp-content/themes themes_size: 7.46 মেগাবাইট (7824982 bytes) plugins_path: /home/PATHTRUNCATED/wp-content/plugins plugins_size: 121.31 MB (127206397 bytes) database_size: 25.04 MB (26253129 bytes) total_size: 1.39 GB (1493592102 bytes) ### wp-dropins (1) ### maintenance.php: true ### wp-active-theme ### name: Twenty Fifteen (twentyfifteen) version: 3.4 author: ওয়ার্ডপ্রেস টিম author_website: https://wordpress.org/%20 parent_theme: none theme_features: core-block-patterns, widgets-block-editor, automatic-feed-links, title-tag, post-thumbnails, menus, html5, post-formats, custom-logo, custom-background, editor-style, editor-styles, wp-block-styles, responsive-embeds, editor-color-palette, editor-gradient-presets, customize-selective-refresh-widgets, custom-header, widgets theme_path: /home/PATHTRUNCATED/wp-content/themes/twentyfifteen auto_update: off ### wp-themes-inactive (1) ### Twenty Twenty-Three: version: 1.1, author: the WordPress team, automated updates is turned off ### wp-mu-plugins (1) ### InfiniteWP - Client Loader: version: 1.0.1, author: Revmakx ### wp-plugins-active (1) ### Maintenano: version: 0.0.1, author: nanodesigns, automated updates is turned off ### wp-media ### image_editor: WP_Image_Editor_GD imagick_module_version: not found imagemagick_version: not found imagick_version: not found file_uploads: File uploads is turned off post_max_size: 8M upload_max_filesize: 2M max_effective_size: 2 মেগাবাইট max_file_uploads: 20 gd_version: 2.3.3 gd_formats: GIF, JPEG, PNG, WebP, BMP, AVIF, XPM ghostscript_version: 9.25 ### wp-server ### server_architecture: Linux 4.18.0-348.20.1.lve.1.el7h.x86_64 x86_64 httpd_software: LiteSpeed php_version: 8.1.18 64bit php_sapi: litespeed max_input_variables: 1000 time_limit: 180 memory_limit: 128M admin_memory_limit: 256M max_input_time: 60 upload_max_filesize: 2M php_post_max_size: 8M curl_version: 7.87.0 OpenSSL/1.1.1p suhosin: false imagick_availability: false pretty_permalinks: true htaccess_extra_rules: true ### wp-database ### extension: mysqli server_version: 10.3.39-MariaDB client_version: mysqlnd 8.1.18 max_allowed_packet: 268435456 max_connections: 151 ### wp-constants ### WP_HOME: undefined WP_SITEURL: undefined WP_CONTENT_DIR: /home/PATHTRUNCATED/wp-content WP_PLUGIN_DIR: /home/PATHTRUNCATED/wp-content/plugins WP_MEMORY_LIMIT: 40M WP_MAX_MEMORY_LIMIT: 256M WP_DEBUG: true WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: false SCRIPT_DEBUG: false WP_CACHE: false CONCATENATE_SCRIPTS: undefined COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_ENVIRONMENT_TYPE: undefined DB_CHARSET: utf8mb4 DB_COLLATE: undefined ### wp-filesystem ### wordpress: writable wp-content: writable uploads: writable plugins: writable themes: writable mu-plugins: writable }}}" wzislam Needs Reporter Feedback / Steps To Reproduce 58501 Need to change in docs comment in xmlrpc.php General normal normal Awaiting Review defect (bug) new reporter-feedback 2023-06-09T09:59:58Z 2023-06-13T05:07:37Z "Hello, Need to change below the comment for this ""logIO()"" function. Need to change comment ""logIO() - Writes logging info to a file."" line and It should be ""Writes logging info to a file - logIO()."" Also, add a full stop in the last for this line ""@param string $io Whether input or output"" As per phpcs coding standard." hiren1094 Has Patch / Needs Testing 58500 Twenty Twenty: Separator block's Default style is wider than Wide Line style in editor Bundled Theme 6.2.2 normal minor Awaiting Review defect (bug) new has-patch 2023-06-09T08:22:02Z 2023-06-10T09:27:47Z "Steps to reproduce the issue. 1. Activate Twenty Twenty theme. 2. Take separator block. 3. Choose wide-width and check that editor and front both side. In front side default and wide width working as expected but in editor side it not works proper. I have attached video for better understanding. Video URL :- https://share.cleanshot.com/xLbqrymSPhRf1kPpSw7B" nidhidhandhukiya Has Patch / Needs Testing 58499 Twenty Twenty theme table block having issue with color Bundled Theme 6.2.2 normal minor Awaiting Review defect (bug) new has-patch 2023-06-09T07:33:23Z 2023-07-13T06:57:04Z "Steps to reproduce the issue. 1. Activate Twenty Twenty theme. 2. Take table block. 3. Add some text. 4. Apply background color black or pink. 5. Now apply any color to the text. You can able to see it will not take the value of that choosen color if black or pink is set as a background color for editor side. Front side it is working fine it is having issue only in editor side. I have attached video for better understandng. Video URL :- https://share.cleanshot.com/plqBT1cn6hMbRR5g6Grz " nidhidhandhukiya Needs Dev / Bug Wrangler Feedback 58497 when the content of a page is structured into two columns, it causes the menu bar background to change unexpectedly. Bundled Theme 6.2.2 normal normal Awaiting Review defect (bug) new dev-feedback 2023-06-08T23:27:10Z 2024-02-01T09:31:25Z "Not sure how to put this one in to words. 1. I have a nav bar at the top of twenty twenty three. Background color is set works fine. 2. yesterday I tried out adding a two column block in a page content area on edit page. (Still learning the new flow. getting better at it but still a learning curve). 3. about half of the nav bar on these pages with columns in the content area turns white. Not all of the nave bar, but half. 4. Confused me and looked for css solution before realizing it was the same template working fine on other pages and then realized it was the column. 5. Removing the column from the page content area fixes the issue. " noelhefele Has Patch / Needs Testing 58495 Twenty Twenty: Pull Quote Block issues Bundled Theme 6.2.2 normal normal Awaiting Review defect (bug) new has-patch 2023-06-08T13:33:24Z 2023-06-10T04:38:59Z "Pull Quote block citation on Twenty Twenty theme has these issues: 1. Pull Quote citation is always shown in Italics in Block Editor but normal in Frontend. 2. Pull Quote is shown in Bold in Frontend even if not selected in Block Editor. Even selecting options from Appearance has no effect on the frontend. 3. If you make the citation Italic, it becomes Italic & bolder. Then if you select Bold, it becomes bold. But if you select Bold first and then Italic, font becomes bolder and not bold. The HTML element depends on the first chosen option. How to Replicate: 1. Activate the Twenty Twenty theme 2. Insert Pull Quote block and enter quote and citation." jyolsna Has Patch / Needs Testing 58492 Plugin Search Issue: Trimming of Keywords with Ampersand (&) upon Page Refresh Plugins 6.3 normal normal Awaiting Review defect (bug) new has-patch 2023-06-08T12:45:54Z 2023-07-14T15:41:28Z "I have encountered a peculiar issue with the plugin search functionality in the WordPress backend. When performing a plugin search using keywords that contain an ampersand (&) character and refreshing the page twice, the keywords are getting trimmed, resulting in incomplete search results. Steps to Reproduce: 1. Access the WordPress backend. 2. Navigate to the Plugins section. 3. In the search box, enter keywords that include an ampersand character, e.g., ""search & replace"" 4. Press Enter or click the Search button. 5. Note the search results. 6. Refresh the page twice by pressing F5 or using the browser's refresh button. 7. Observe that the search keywords are being trimmed to ""search"" only. 8. The search results are now incomplete, as the full keywords were not used for the search. Expected Results: The plugin search should retain the complete keywords, including the ampersand character, upon page refreshes. This would ensure accurate and consistent search results, even after multiple page refreshes. Actual Results: Upon refreshing the plugin search page twice, the keywords containing an ampersand (&) are trimmed, resulting in incomplete search results. Reproducibility: Consistently reproducible. " adhun Needs Patch 58491 UI problem when search for block while adding a post Editor 6.2.2 normal normal Awaiting Review defect (bug) new close 2023-06-08T12:35:02Z 2023-11-28T16:15:27Z "**Precondition:** - Gutenberg version 15.9.1 - WP 6.2.2 - PHP 8.2.5 - Ubuntu 23.04 **Steps:** 1- Create a new post 2- Click the + icon and search for 'block' 3- The UI expands slowly with no interaction Expected: spaces fit automatically Screencast: https://jmp.sh/KsMTIFiM" mai21 Has Patch / Needs Testing 58490 Make wp_update_term_count function site context aware for the multisite Taxonomy normal normal Awaiting Review defect (bug) new has-patch 2023-06-08T12:32:40Z 2023-06-08T13:57:45Z "During the import process, a performance problem arose because of term counting with each insert. However, this issue was reported and resolved with ticket #5377. Unfortunately, the solution is not compatible with multisite. The syndication plugin causes delays in the syndication of multiple posts between sites in the multisite, primarily because of the term counting required during each insert. Suppose you need to synchronise content across subsites and want to enhance the sync performance by turning off the term counting logic. In that case, you would follow these steps. {{{ $post_list = [1, 2, 3]; switch_to_blog(2); wp_defer_term_counting(true); do_multiple_syncs( $post_list ); wp_defer_term_counting(false); restore_current_blog(); }}} We made a change by disabling term counting during each insertion and performing it after the inserts, as planned. However, this caused some problems. The menus on our website kept disappearing without any apparent reason, and we had to resave them to restore them manually. Upon inspection, it was discovered that the `wp_update_term_count` function does not consider the multisite when the term counting is disabled [https://github.com/WordPress/wordpress-develop/blob/6.2/src/wp-includes/taxonomy.php#L3464]. For instance, in the sync job mentioned above, if the list of term IDs from subsite 2 is added for a recount in a static variable, the function incorrectly recounts it in the main site. The term count was updated to `0` in the database. This is because the term ID doesn't exist on the main site or no posts have been assigned. It causes the check (https://github.com/WordPress/wordpress-develop/blob/6.2/src/wp-includes/nav-menu.php#L721-L725) to fail on the `wp_get_nav_menu_items` function and menus disappear." sathyapulse Has Patch / Needs Testing 58488 Improve performance of wp-admin -> Comments Administration normal normal Awaiting Review defect (bug) new has-patch 2023-06-08T11:12:24Z 2023-06-08T11:22:25Z "Our wp-admin -> Comments screens just got slower over time and the reason is the ""All comment types"" drop down filter. Here's how much that single select box adds on some of our websites depending on the number of comments: * 6 seconds for website with 2,668,659 comments * 1 second for website with 795,581 comments So it's really too much delay anytime you open wp-admin -> Comments just to get that single filtering option. The problematic code is in the WP_Comments_List_Table::comment_type_dropdown() function which calls: {{{#!php get_comments( array( 'number' => 1, 'type' => $type, ) ); }}} That code runs query like: {{{#!sql SELECT wp_comments.comment_ID FROM wp_comments WHERE ( ( comment_approved = '0' OR comment_approved = '1' ) ) AND comment_type IN ('pingback', 'trackback') ORDER BY wp_comments.comment_date_gmt DESC LIMIT 0,1 }}} As illustrated that query can take seconds to finish - as much as 6 seconds in our case and we have to wait that long anytime we open wp-admin -> Comments. There are two causes of the poor performance: === **1) Missing comment_type index** Running SQL EXPLAIN command on the query reveals that it only uses the comment_date_gmt index. Adding the comment_type index helps: ALTER TABLE `wp_comments` ADD INDEX `comment_type` (`comment_type`) Here's how much time adding that index took: * 5 seconds for 2,668,659 comments (dedicated SQL server with low load) * 23 second for 795,581 comments (shared server with higher load) I see the wp-admin/includes/upgrade.php does a fair amount of ALTER TABLE with ADD INDEX. We prepared that upgrade code in wp-admin/includes/upgrade.php. And of course added that index for new install in wp-admin/includes/schema.php. === **2) Using ORDER BY when not required** On one of our databases (using MariaDB) just adding the comment_type index fixed the issue, but on some other we **also** had to get rid of the ORDER BY in the query as it's not important when you are checking if there are any Pings. get_comments() just does that automatically. This can be easily fixed by adding 'oderby' => 'none' to the call in WP_Comments_List_Table::comment_type_dropdown() in wp-admin/includes/class-wp-comments-list-table.php: {{{#!php get_comments( array( 'number' => 1, 'orderby' => 'none', 'type' => $type, ) ) }}} This fix can be seen in the Github pull request. --- With both fixes the performance is now much better: * 0.4 seconds for website with 2,668,659 comments * 0.12 seconds for website with 795,581 comments " FolioVision Needs Patch 58487 Text editor problem Posts, Post Types 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-08T11:07:40Z 2023-06-08T14:02:19Z "Hi, the < character causes corruption. lines are concatenating and shortcodes don't work 1: https://ibb.co/yndnCP1 2: https://ibb.co/Rhd2r87 If there is no < character, everything will look normal. 3: https://ibb.co/1Xvvw7V" burhi Needs Patch 58486 Using WordPress 5.7.8 (but also all other more recent branches) - characters are stripped through TinyMCE Copy paste from Word TinyMCE 5.7.2 normal normal Awaiting Review defect (bug) new 2023-06-08T09:44:51Z 2023-06-08T09:44:51Z "Hi Using WordPress 5.7.8 (but also all other more recent branches) - characters are stripped through TinyMCE Copy paste from Word. Under conditions: Bulleted list, from word, pasted, containing a dot at the end of the word. Detailed descpription with fix here: https://github.com/tinymce/tinymce/issues/3480 https://github.com/aautio/tinymce/commit/b5f4db5a8377d2beb9ca3a1a7164587b280acbf4 Seems implemented in TinyMCE since March 31 2021, however the update of TinyMCE editor has not yet been included in current WordPress versions. Can this still be applied? Kind regards, Ralph Gortzen Application manager Atos.net Group site. " rgortzen Has Patch / Needs Testing 58484 Site Health: Improve display of constants in debug data SergeyBiryukov Site Health 6.3 normal normal 6.6 enhancement reviewing has-patch 2023-06-08T08:05:12Z 2024-02-23T12:53:00Z "This is a follow up on #55741. where we need to have just a single function to be called which determines the environment type. As wp-admin/includes/class-wp-debug-data.php is already using: {{{ $environment_type = wp_get_environment_type(); }}} and later on: this happens {{{ // Check WP_ENVIRONMENT_TYPE. if ( defined( 'WP_ENVIRONMENT_TYPE' ) && WP_ENVIRONMENT_TYPE ) { $wp_environment_type = WP_ENVIRONMENT_TYPE; } else { $wp_environment_type = __( 'Undefined' ); } }}} so this is not the same as what happens at wp_get_environment_type(); So this ticket is where we remove that lines of code. " ramon fincken Needs Patch 58483 UI issue in uploasd multiple media in mobile Media 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-08T07:40:16Z 2023-06-08T07:40:16Z "Hi, We need to add padding on the right side for maintaining alignment on the right side in uploading multiple media on mobile. The more informed nation you can see mentioned screenshot. " sumitsingh Has Patch / Needs Testing 58479 Add notice if no posts are selected in Bulk Edit quadthemes Quick/Bulk Edit 6.2.2 normal normal 6.6 enhancement assigned has-patch 2023-06-08T07:13:01Z 2024-02-18T16:10:37Z "On the Posts screen(s), clicking the bulk actions Apply button without selecting any posts does not show an error message. 1. Visit the Posts screen. 2. Choose ""Edit"" in the Bulk actions dropdown. 3. Without checking any checkboxes, click the Apply button. Nothing seems to happen. 4. Choose ""Move to Trash"" in the Bulk actions dropdown. 5. Click the Apply button. The page reloads but cannot move anything to Trash. 6. Choose ""Bulk actions"" at the top of the Bulk actions dropdown. 7. Click the Apply button. The page reloads with a query string in the URL. I have checked and it should be a message on the page/post list as per added notice message on the plugin page. For more information, you can see mentioned quick video. Thank you" sumitsingh Needs Reporter Feedback / Steps To Reproduce 58478 Text mis-aligned count bubbles on mobile Administration 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-06-08T06:56:34Z 2023-06-08T07:19:58Z "Hi, Small UI issue in the mobile device. it is not properly alignment on a mobile device. For more information, you can see mentioned screenshot." sumitsingh Needs Patch 58476 preg_split(): Passing null to parameter #2 ($subject) of type string is deprecated Posts, Post Types 6.3 normal normal Awaiting Review defect (bug) new 2023-06-08T00:16:08Z 2023-12-12T20:54:33Z "== Bug Report === Description Using the filter hook 'the_content' and passing an empty string or null produces the preg_split deprecation notice in the convert_smilies() function. === Environment - WordPress: 6.3-alpha-55892 - PHP: 8.2.2 - Server: Apache/2.4.54 (Win64) PHP/8.2.2 mod_fcgid/2.3.10-dev - Database: mysqli (Server: 8.0.27 / Client: mysqlnd 8.2.2) - Browser: Chrome 114.0.0.0 (Windows 10/11) - Theme: Seele 1.1.1 - MU-Plugins: * WP Migrate DB Pro Compatibility 1.1 - Plugins: * bbPress 2.6.9 * Classic Widgets 0.3 * Contact Form 7 5.7.7 * Database Backup for WordPress 2.5.2 * Envato Market 2.0.8 * Force Plugin Updates Check 1.0.2 * Optimize Database after Deleting Revisions 5.0.110 * Query Monitor 3.12.3 * Redux Framework 4.4.1.4 * Regenerate Thumbnails 3.1.5 * Requite Core 1.1.13 * Slider Revolution 6.6.14 * Slider Revolution Paint-Brush Add-On 3.0.4 * Slider Revolution Particles Effect 3.3.2 * Slider Revolution Slicey Add-On 3.0.4 * Theme Check 20230417 * Ultimate Addons for WPBakery Page Builder 3.19.14 * WooCommerce 7.7.2 * WordPress Beta Tester 3.4.1 * WordPress Importer 0.8.1 * WPBakery Page Builder 6.13.0 * WP Crontrol 1.15.2 * WP Migrate DB Pro 1.8.1 * WP Migrate DB Pro CLI 1.3.2 * WP Migrate DB Pro Media Files 1.4.9 * WP Migrate DB Pro Multisite Tools 1.2 === Steps to Reproduce 1. Use this filter, ensuring $content is empty or null: $content = apply_filters( 'the_content', $content ); preg_split(): Passing null to parameter #2 ($subject) of type string is deprecated wp-includes/formatting.php:3482 preg_split() wp-includes/formatting.php:3482 convert_smilies() wp-includes/class-wp-hook.php:310 apply_filters('the_content') x. 🐞 Bug occurs. === Expected Results 1. ✅ The filtered content. === Actual Results 1. ❌ The indicated deprecation error due to preg_split not liking a null value." KProvance Has Patch / Needs Testing 58475 Twenty Twenty-Three: Aubergine variation's background implementation causes any block that impacts page height to impact header Bundled Theme low normal Awaiting Review defect (bug) new has-patch 2023-06-07T20:16:11Z 2023-06-20T16:59:53Z "Originally reported here and moving over: [https://github.com/WordPress/gutenberg/issues/51248 GB51248] This variation does the following for the background: {{{ linear-gradient(180deg, var(--wp--preset--color--base) 0 min(24rem, 10%), var(--wp--preset--color--secondary) 0% 30%, var(--wp--preset--color--base) 100%) }}} As Justin notes, in particular, the `min(24rem, 10%)` is essentially saying to use the lower value (either `24rem` or `10%`). On pages with little content, it is pretty much guaranteed to be 10% of the `` height. As a result, any block that can change the page height will run into issues. " annezazu Needs Dev / Bug Wrangler Feedback 58474 Twenty Seventeen: Box shadow on Site Logo block looks odd Bundled Theme 6.2.2 normal minor Awaiting Review defect (bug) new dev-feedback 2023-06-07T15:26:43Z 2023-06-09T22:08:13Z "Steps to reproduce: 1. Activate the Twenty Seventeen theme 2. Add the Site Logo block to any page or post and add an image 3. Make sure link to home setting is toggled on 4. Save and view on front end " nkeller15 Needs Patch 58473 The menu messages rework Menus normal minor Awaiting Review enhancement new 2023-06-07T06:49:51Z 2023-06-27T11:41:41Z "Compared to the page message after a page has been created or updated, the menu messages can be reworked 1. When a menu has been created, there is no message shown.[https://imgur.com/iBoAUDB] 2. When the menu has been saved, the message can be reworked. [https://imgur.com/4Dz1oDE] This can be similar to the Pages created, updated message" 254volkan Needs Patch 58470 Add configurable batching to `wp_scheduled_delete` for controlling cleanup operations Cron API 6.3 normal normal Awaiting Review enhancement new 2023-06-06T22:08:46Z 2023-06-07T14:17:17Z "When posts are trashed, they are automatically cleaned up by the `wp_scheduled_delete` wp-cron task. However, both the frequency that this cron task runs and the number of posts that can be cleaned up at once time lack configurability. Imagine a shop which has more than 100,000 orders: trashing thousands or tens of thousands of them at once could cause the website to become unresponsive when it comes time to clean up the trash. I suggest adding two constants: ||= Constant Name =||= Default Value =||= Description =|| || `EMPTY_TRASH_SCHEDULE` || `daily` || The cron schedule on which the trash scheduler runs. This is useful for increasing the number of times the cleanup process runs when using batching to delete many posts. || || `EMPTY_TRASH_BATCH_SIZE` || `50` || The maximum number of posts to delete at once. || It may also be useful for these and `EMPTY_TRASH_DAYS` to have filters to improve cleanup operations overall." johnrom Needs Patch 58469 Changeset 55832 broke shortcodes saved in block attributes and rendered serverside Shortcodes 6.2.2 normal normal Awaiting Review defect (bug) new 2023-06-06T21:31:53Z 2023-06-07T16:29:15Z "simply put, if a shortcode is saved to a block attribute and rendered as part of its `render_callback`, it no longer parses the shortcode as `do_shortcode` is now called before `do_blocks` see [55832]" brumack Changes Requested 58455 The admin menu remains sticky when displaying warning or error messages on the Site Health page. audrasjb Administration normal normal Future Release defect (bug) reviewing changes-requested 2023-06-05T12:15:55Z 2024-02-20T09:54:47Z "Improper Sticky Behavior of Admin Menu when displaying warning or error messages on the Site Health page. Refrance: https://www.loom.com/share/3565aaf2d04e4b0b87dee361ee8335bb" dhrumilk Needs Patch 58452 Add text-wrap: balance to theme styles Bundled Theme 6.2.2 normal normal Future Release enhancement new 2023-06-04T07:21:40Z 2024-02-21T12:59:39Z "Chrome 114 has introduced ""text-wrap:balance"" for CSS. The importance of it is explained in: https://developer.chrome.com/en/blog/new-in-chrome-114/ This helps in displaying content more evenly and often required for headings such as site title and description below it. So WordPress themes should have it. " superpoincare Needs Patch 58450 WP_Comment_Query status argument documentation misses any Comments normal normal Awaiting Review defect (bug) new 2023-06-03T15:50:16Z 2023-06-03T15:50:16Z "In the code, there is a comment that reads 'any' overrides other statuses. 'all', if I read correctly, would not cover 'spam' or 'trash'. So, the documentation should be amended." dshanske Needs Patch 58448 inconsistency in the $items parameter to the handle_bulk_actions-{$screen} action Administration normal normal Awaiting Review enhancement new 2023-06-03T00:54:37Z 2023-06-03T00:54:37Z "The [https://developer.wordpress.org/reference/hooks/handle_bulk_actions-screen/ handle_bulk_actions-{$screen}] action is fired when custom bulk actions are applied on various screens that have list tables. On `/wp-admin/plugins.php`, `$items` is an array of plugin paths relative to `WP_PLUGINS_DIR` (e.g., `classic-editor/classic-editor.php`). On all the other screens, the `$items` parameter passed to the action's callback is an array of IDs (e.g., post IDs, term IDs, comment IDs, etc). The inconsistency this ticket is about that on some screens the IDs in `$items` are ints and on other screens they are strings. Specifically, `/wp-admin/edit.php` (Posts list table), `/wp-admin/upload.php` (Media list table), and `/wp-admin/edit-comments.php` (Comments list table), the IDs are cast to ints via something like `array_map( 'intval', (array) $post_ids )` before `handle_bulk_actions-{$screen}` is fired. However, on all the other screens (`/wp-admin/edit-tags.php`, `/wp-admin-link-manager.php` (Links list table), and `/wp-admin/users.php`) the IDs are strings. I think it would be easier on developers (e.g., plugin authors) if when `$items` is an array of IDs, all IDs were ints. I don't know if this case be changed at this stage due to BC considerations. But if it can be, I'd be happy to add a patch to that effect." pbiron Needs Patch 58447 Posts with ‘Stick to the top of the blog’ should also stick to the top of the categories it belongs to Posts, Post Types 6.2.2 normal normal Awaiting Review feature request new 2023-06-02T18:38:43Z 2023-11-20T17:35:19Z "According to the WordPress documentation ‘Stick to the top of the blog’ seems to be designed to only stick to the top of the front page. I don't think that makes sense. It should also stick to the top of the categories it belongs to! At least the main category. " hero2 Needs Patch 58446 Twenty Fourteen: no space between Buttons block and Columns block on front end Bundled Theme 5.9 normal normal Awaiting Review defect (bug) new 2023-06-02T18:30:51Z 2023-07-07T19:09:01Z "Follow the Steps to reproduce the issue. 1. Activate the Twenty-Fourteen theme. 2. Choose a Button and a column block. 3. Add some text. 4. Apply to customize styles 5. Now check it on the user side. It is looking proper in the editor but having issues on the user side. I have attached a video for better understanding. Video Link: [https://www.loom.com/share/48f0cb53627a4448a9133595fb0e54ff] " algorithmsunlocks Has Patch / Needs Testing 58442 Add parameters for the wp_get_archive function that allows to filter the archive for particular years and months. General normal normal Awaiting Review enhancement new has-patch 2023-06-02T09:00:49Z 2023-06-06T07:49:00Z "Right now there is no way to get the monthly archive for particular year {{{#!php prepare( ""WHERE post_type = %s AND post_status = 'publish'"", $parsed_args['post_type'] ); }}} In order to do that we have to use the filter to change the where clause as below. {{{#!php significant image color problems Media normal normal Awaiting Review enhancement new 2023-05-31T17:10:59Z 2023-06-14T14:03:00Z "If you upload a JPG with an embedded profile (such as P3 or some other wide gamut), the reprocessed image in the media library is stripped of its color profile. This is likely to result in significant display errors for any image not encoded as sRGB, including: desaturation, clipping of gradients or vibrant colors, and hue shifts. Tested with WP v6.2.2 and PHP v7.4.33 " gregbenz Has Patch / Needs Testing 58433 WP version in Etag header in load-styles.php file General normal normal Awaiting Review enhancement new has-patch 2023-05-31T11:16:13Z 2023-06-19T00:44:33Z "Hi I know there are plenty of plugins to hide WP version. You also decided to hide WP version from readme.html some time ago. When the user uses all possible methods to hide WP version, current version still can be checked by load-styles.php and load-scripts.php files. It is visible in eTag header. I know, this is not a big issue but I think is worth considering to use here some hash or checksum. Regards Dawid " dav4 Needs Patch 58432 "BUG: Custom Core Block Variation details not updated in ""Settings Sidebar"" section" Editor normal major Awaiting Review defect (bug) new 2023-05-31T06:10:30Z 2023-06-13T16:31:52Z "**Issue:** When adding a custom **core block variation**, the details ( title, icon, description ) are not updated in the **""Settings Sidebar""** section. Hence there is no way to distinguish between custom core block **variations** and core **blocks** once a block is added. **How to reproduce:** 1. Add support for block variations to your existing theme. {{{ function prefix_editor_assets() { wp_enqueue_script( 'prefix-block-variations', get_template_directory_uri() . '/assets/js/blocks/block-variations.js', array( 'wp-blocks' ) ); } add_action( 'enqueue_block_editor_assets', 'prefix_editor_assets' ); }}} 2. Create a custom **core block variation** {{{ wp.blocks.registerBlockVariation( 'core/group', { name: 'card-group', title: 'Card group', description: 'A group with card styling', label: 'Card group', icon: 'wordpress', attributes: { className: 'card-group', }, innerBlocks: [ [ 'core/heading', { content: '' } ], [ 'core/paragraph', { content: '' } ], ] } ); }}} 3. Check inside editor for new core block variation. 4. Add new core block variation and check the siderbar with the block selected. Attaching pic & screen recording of the issue as well. Note: I used the following tutorial by **Carolina Nymark** to create the variation https://fullsiteediting.com/lessons/block-variations/ " deepakvijayan Needs Dev / Bug Wrangler Feedback 58427 Retain existing user session when changing password Users 4.0 normal normal Awaiting Review defect (bug) new dev-feedback 2023-05-30T03:59:13Z 2023-05-30T04:45:30Z "When a user changes their password, their existing user session is ignored and a new session is started. This happens due to `wp_update_user()` not passing the current session token to `wp_set_auth_cookie()`. https://github.com/WordPress/wordpress-develop/blob/e82251df5bd59fb4327d0b0aa7a57ade20fe97c2/src/wp-includes/user.php#L2717-L2735 This can cause problems for some plugins which use the `attach_session_information` hook, or, which add additional information to the current session through `WP_Session_Manager::update()`. Other issues that occur is when the password is updated through the rest api, is that a new session will be created, but the response (and rest of the rest api processing) will be operating with the old session token, as that's what's set in `$_COOKIE`. So if any user fields in the rest-api response are reliant upon a piece of session metadata, it'll be incorrect for the following HTTP requests from the user. The workaround for plugins is to hook to `attach_session_information` and when a new session is being created for the current user, copy the current sessions metadata over to the new session. This is less than ideal, as it's not clear that the new session is definitely the same as the clients session (ie. The newly created session might not come from `wp_set_auth_cookie()` and might be a new session created for another purpose). PR attached, which retains the existing session when changing the password. " dd32 Needs Reporter Feedback / Steps To Reproduce 58419 Changing categories Taxonomy 6.2.2 normal normal Awaiting Review defect (bug) new reporter-feedback 2023-05-29T03:10:19Z 2023-05-29T13:18:49Z "I have a post with a file in category A. I add category B to the post so the post now should show in both category A & B. The post moves and now shows in A & B but the wrong file is displayed in B. I did a ""Replace"" and the file is now correct in both places." jgostl Needs Docs or Unit Tests 58416 Media Title field should soft wrap in Media Modal: For better readability/editing of long titles. Media 3.5 normal normal Awaiting Review enhancement new needs-unit-tests 2023-05-26T20:48:37Z 2023-06-13T11:08:12Z "**Usability Issue:** - In the **Media Modal** the **Title** field currently is an `` and as such is single line only. - Scrolling a ~50 character long title within a ~20 char text field sucks. - Soft wrapping would really benefit longer media titles in terms of instant readability and easy editing. **Solution Approaches:** 1. Leaving it a `` and tweak it to soft wrapping with CSS only. - I found the [https://stackoverflow.com/questions/5286663/wrapping-text-inside-input-type-text-element-html-css exact same request on StackOverflow] for HTML in general (CMS agnostic) - Pure [https://stackoverflow.com/a/31814539/199400 CSS solutions for this] which once worked, became unsupported around 2016 in major browsers. - Bottom line: `` is single line only and always, user agents allow no circumventions. 2. Alternative approach: Use a ` }}} But whenever I go to edit the post, inside all textarea metaboxes values are pre-loaded with leading spaces (exactly 10 spaces) and additional line breaks! Also tried `esc_atr(trim(br2nl($meta_value)))` with no avail." subrataemfluence Needs Patch 40785 Image caption in WYSIWYG is not displaying in post page Media 4.7.5 normal normal Awaiting Review defect (bug) new 2017-05-17T13:53:07Z 2017-05-19T11:15:53Z "I have uploaded an image to my post via Media upload utility of WYSIWYG editor and added a caption to it. When I go the post page, the image is there but the caption is not showing up anywhere, which ideally should be underneath the image. In wp_posts table the content was saved as: {{{
            Nestled among ski slopes in the Garhwal Himalayas, this secluded hotel is 23 km from Panch Prayag temple and 25 km from Nanda Devi National Park. In winter, the property is only accessible by cable car.
            Ranging from studios to 2-bedroom suites, the cosy lodgings come with cable TV and kitchenettes with minifridges, microwaves and stoves. Suites add living rooms and dining areas.
            Breakfast is free. There's also a relaxed restaurant, a game room and a bonfire area with regular entertainment. Ski equipment rentals and lessons are available, as are guided hikes and in-room massages. The property has a generator.
            [caption id=""attachment_713"" align=""alignnone"" width=""1600""] Cliff Top Restaurant at 10000ft[/caption]
            }}}" subrataemfluence Has Patch / Needs Testing 40784 WP_HTTP_IXR_Client constructor needs to check that $server is valid HTTP API 4.7.4 normal normal Awaiting Review defect (bug) new has-patch 2017-05-17T12:11:28Z 2017-08-04T22:03:31Z "ErrorException is thrown: {{{Undefined index: host}}} and {{{Undefined index: scheme }}} When WP_HTTP_IXR_Client is instantiated in {{{pingback()}}}, {{{$path}}} is checked, but {{{$server}}} may still be invalid or false, which sends an invalid URL to {{{parse_url()}}}. Instantiation: {{{ $client = new WP_HTTP_IXR_Client($pingback_server_url); }}} Excerpt from class: {{{#!php scheme = $bits['scheme']; $this->server = $bits['host']; ... }}} In the code that instantiates {{{WP_HTTP_IXR_Client}}}, it is clear that {{{discover_pingback_server_uri}}} could return false, which then gets passed as a constructor parameter. Relevant code block: {{{ $pingback_server_url = discover_pingback_server_uri( $pagelinkedto ); if ( $pingback_server_url ) { @ set_time_limit( 60 ); // Now, the RPC call $pagelinkedfrom = get_permalink( $post ); // using a timeout of 3 seconds should be enough to cover slow servers $client = new WP_HTTP_IXR_Client($pingback_server_url); $client->timeout = 3; }}} Possible resolution: {{{filter_var($server, FILTER_VALIDATE_URL) }}} should be used to test the URL prior to {{{parse_url($server)}}}" chrispecoraro Needs Dev / Bug Wrangler Feedback 40779 function_exists() audit in wp-db.php Database low minor Awaiting Review defect (bug) new dev-feedback 2017-05-16T14:47:06Z 2021-06-01T12:50:59Z "A few `function_exists()` checks can be removed from `wp-db.php`, thanks to recent load order changes, probably nobody having looked in a while, and generally being afraid to break DB drop-ins: All of these functions are in files now loaded ahead of `require_wp_db()`: * `is_multisite` (load.php) * `_deprecated_function` (functions.php) * `mb_strlen` (compat.php) Bonus: * `mb_check_encoding()` could *maybe* be a new function in compat.php (it's used 3 times in core, using `@` or `function_exists`) ---- The only caveats are the installation process, and 10+ year-old HyperDB versions that do the old-school deep-integration thing, of directly including files – they'll need extra scrutiny." johnjamesjacoby Needs Patch 40776 "Feature request : Need class parameter for ""Twitter"" embed share" Embeds normal normal Awaiting Review enhancement new 2017-05-16T06:47:48Z 2019-04-25T13:08:46Z "'''Note:''' Twitter embedded share already working nicely. This is an only feature request. I want to update twitter embed share, but I can't edit or modify that default twitter embed share because it's an iframe. ''For example'', I want to make twitter share as a 'center aligned' within my content area when writing blog posts. (There are number of possibilities as well.) Yes, I found the solution for twitter share center alignment. We need to add one class with iframe - '''''tw-align-center''''' but there is no input box/area available in popup where I can write down my custom classes. Please check this screenshot for more detail - https://d.pr/f32E0" sanjaydabhoya Has Patch / Needs Testing 40774 Refine error message when embedding invalid Video (URL) Media 4.8 normal normal Awaiting Review enhancement new has-patch 2017-05-16T02:11:00Z 2017-09-14T19:00:17Z "like in #40771 you get the following error when your link is invalid: {{{ Sorry, we can’t display the video file type selected. Please select a supported video file (...) or stream (YouTube or Vimeo) instead. }}} When posting an incomplete youtube link for example it's not the file type but a character wrong or missing. I propose to change the error message like in the patch attached: {{{ Sorry, either the selected file type is not supported or the video stream is invalid. Please make sure to select one of the following video file types (%1$s) or a valid stream (YouTube or Vimeo) instead. }}} " Presskopp Needs Patch 40769 Translators' note required for singular/plural strings where both strings are in the singular form I18N 4.8 normal normal Awaiting Review enhancement new 2017-05-15T14:33:18Z 2021-11-23T11:44:53Z "There is some confusion for translators in GlotPress over WordPress 4.8.x as some of the singular/plural strings are singular in the originals. For example: Singular: Audio Widget (%d) Plural: Audio Widget (%d) A translators' note would be handy here to explain why the plural is not Audio Widget'''s''' in this case. This currently relates to four strings: [https://translate.wordpress.org/projects/wp/dev/en-gb/default?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=4483096&filters%5Btranslation_id%5D=49716087/ Audio Widget] [https://translate.wordpress.org/projects/wp/dev/en-gb/default?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=4483106&filters%5Btranslation_id%5D=49716079/ Image Widget] [https://translate.wordpress.org/projects/wp/dev/en-gb/default?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=4483125&filters%5Btranslation_id%5D=49716063/ Media Widget] [https://translate.wordpress.org/projects/wp/dev/en-gb/default?filters%5Bstatus%5D=either&filters%5Boriginal_id%5D=4483114&filters%5Btranslation_id%5D=49716070/ Video Widget]" pidengmor Has Patch / Needs Testing 40768 site.com/login should not redirect to login page when user is already logged in Login and Registration normal normal Awaiting Review enhancement new has-patch 2017-05-15T13:53:08Z 2023-08-18T11:01:29Z "When I am already logged in I should not be redirected to Login page if I type in `mysite.com/login`. Rather WordPress should be able to decide which page I should be on in this situation. Being redirected to Login page even when I am already logged in must be treated as a bug. The reason is I am being able to login as a different user by going to login page directly when I am already logged in! For example if I am already logged in as admin and type in `mysite.com/login` I should directly be taken to `wp-admin`. Same decision could be taken for different user privileges like if I am logged in as a subscriber or as a participant then I might land on site's home page. Inspired from #40762 I have modified the decider so that WordPress can take this decision itself and stop landing logged in users to login page." subrataemfluence Has Patch / Needs Testing 40761 Make Walker_Category::start_lvl more flexible by introducing filters for class name(s) at least Taxonomy normal normal Awaiting Review enhancement new has-patch 2017-05-14T13:24:12Z 2017-05-15T16:31:15Z " Related: #36163, #40359, #40666, #40760 We should harmonize the filters available in the 3 main `Walker` classes." pbiron Has Patch / Needs Testing 40760 Make Walker_Page::start_lvl more flexible by introducing filters for class name(s) at least Menus normal normal Awaiting Review enhancement new has-patch 2017-05-14T13:22:04Z 2017-05-15T16:59:37Z "Related: #36163, #40359, #40666 We should harmonize the filters available in the 3 main `Walker` classes. " pbiron Has Patch / Needs Testing 40759 Word Count Discrepancies Editor normal normal Awaiting Review defect (bug) new has-patch 2017-05-14T12:36:09Z 2020-11-24T06:27:13Z "I've noticed several discrepancies between how WordPress, Pages, Google Docs, and Word count words. Given the following text, all four count things quite differently. {{{ a 1 foo-bar e.g. jack & jill 5 @ $4.99 . fuzz@baz.blog }}} || ||= WordPress =||= Word =||= Pages =||= Docs =|| || Individual Words (a, jack, jill) || 3 || 3 || 3 || 3 || || Individual Numbers (1, 5) || 0 || 2 || 2 || 2 || || Hyphenated Words (foo-bar) || 1 || 1 || 2 || 1 || || Abbreviations (e.g.) || 1 || 1 || 2 || 2 || || Punctuation that translates to a word (&) || 0 || 1 || 0 || 0 || || Punctuation that translates to a word in this usage (@) || 0 || 1 || 0 || 0 || || Punctuation that doesn't translate to a word (.) || 0 || 1 || 0 || 0 || || Compound number ($4.99) || 0 || 1 || 1 || 2 || || Email address (`fuzz@baz.blog`) || 1 || 1 || 3 || 3 || I tend to fall in the camp of ""what would a reasonable native speaker count as a word"", which is probably closest to Word's definition, minus the punctuation that doesn't translate to a word." pento Has Patch / Needs Testing 40751 Login form - Consider making Back to {site name} & Lost your password inline. General 4.7.4 normal normal Awaiting Review enhancement new has-patch 2017-05-13T06:11:34Z 2017-05-15T14:44:39Z "Will it not look good, if we make the login and Back to site button below the login-form inline? Or atleast we can remove padding-left from login and back to site button, so it will be aligned with the login form. {{{ .login #nav, .login #backtoblog { font-size: 13px; padding: 0 24px 0; } }}} [[Image(https://goo.gl/KZ7elv)]] " pratik028 Needs Dev / Bug Wrangler Feedback 40748 Use REST API for Community Events REST API 4.8 normal normal Future Release enhancement new needs-unit-tests 2017-05-12T17:39:23Z 2020-10-25T03:56:50Z "#40702 introduced new Community Events to the News widget on the Dashboard screen, but it uses admin-AJAX. Converting to the REST API is a good opportunity to lay some groundwork for migration the rest of wp-admin in the future. The work for this was started in #40702, but it'll be easier to keep track of with a new ticket. I'm working on an updated version of `40702.11.diff` and will upload it soon." iandunn Has Patch / Needs Testing 40737 Script tags inside unclosed HTML comment in value passed to WP_Script->localize() breaks page Script Loader normal normal Awaiting Review defect (bug) new has-patch 2017-05-11T19:26:30Z 2017-06-01T18:45:45Z "Hi. Thanks for your time. I encountered an edge case with the WP_Script->localize() method that can cause malformed html and cause javascript on the page to break. Our site has a custom field for adding pixel tracking code html snippets. On the post edit admin page, the values from the custom fields are run through the localize method by the Wordpress-SEO plugin which adds their values to the wpseoReplaceVarsL10n var. One of our users pasted code into this field like the following: {{{ }}} This gets serialized to JSON by WP_Script->localize and ends up being output like this. I simplified the structure a bit for the example. {{{ result` was measured as size in bytes, so debugging tools had a better sense of how much data was running over the network. danielbachhuber Needs Dev / Bug Wrangler Feedback 38750 Split wp_signups into wp_user_signups and wp_blog_signups Login and Registration 3.0 normal normal Awaiting Review feature request new needs-unit-tests 2016-11-10T19:07:00Z 2019-05-26T19:10:11Z "Right now, `wp_signups` (and the entire related API) does double-duty. It's 1 database table that's used for both users & blogs, but there are a few issues with this approach: * Open sign-ups may or may not include ability to create sites * There is no UI for managing sign-ups in WordPress core * Sign-ups are different between singlesite & multi-site * Plugins like BuddyPress do their best to include and/or work-around WordPress's core functionality, but end up writing a ton of additional code to manage this * Other membership plugins are forced to roll their own approach every single time * It's possible for multisite sign-up race conditions to exist, with users & sites created or activated from underneath each other (documented in `wpmu_activate_signup()`) I'm adding the multisite focus to this issue, because all of the current code is only relevant to multisite, but I'd like to see single-site inherit whatever future approach we can come up with. The core sign-ups code, stinks. Yet open registration is part of what makes WordPress & community/membership sites great. I think it would be great to take what we've learned from BuddyPress, WordPress.org, WordPress.com, and the bevy of Membership plugins, and make a great sign-up component/API for WordPress core." johnjamesjacoby Needs Patch 38743 Introduce add_action_once() Plugins normal normal Awaiting Review feature request new 2016-11-10T10:26:25Z 2018-03-23T20:04:13Z "Hi there. I was wondering if noone ever needed to add a callback to some action or filter hook only if it hasn't been added (potentially by someone else) before. Possible use cases are: * only add `my_callback` if it hasn't been added before, no matter with what priority; * only add `my_callback` if it hasn't been added before with a specific priority. Naming-wise, I'd suggest `add_action_once()` and `add_filter_once()`, respetively, although one could be more verbose (e.g., `add_action_if_not_exists()` etc.). Here is a possible implementation of this: {{{#!php cap->assign_terms` for example. This becomes a problem with custom post types that define a custom capabilities array specifying a different edit capability and the usual ""edit_posts"" capability for particular roles is removed, though they have the proper edit CPT capability. Then the corresponding meta box on the CPT edit screen is not properly interactive. For example, I create a CPT called ""Contributions"" and map the ""edit_posts"" capability to ""edit_contributions"". I also create a ""Contributor"" role that has all the expected capabilities for Contributions posts, including ""edit_contributions"" This role does not have the usual ""edit_posts"" and other default post and page capabilities, other than ""read"". The role also has ""manage_categories"" capability. When logged in as a user with only the Contributor role, when I go to the edit contributions screen, I can see the categories meta box, but cannot assign any terms to the current contributions post. The checkboxes are inactive. Similarly for tags, I can see the tags meta box, but it has no content. This issue was brought up in this forums post: https://wordpress.org/support/topic/custom-post-type-with-categories-and-tags-checkbox-disabled/" bcworkz Needs Patch 38713 Shortcodes and utf-8 no-break whitespace (\xc2\xa0) Shortcodes 4.6.1 normal normal Awaiting Review defect (bug) new 2016-11-08T16:27:46Z 2019-03-25T23:52:31Z "Recently I encountered a problem with one of my posts where Wordpress failed to process some of the shortcodes. After hours of digging I found that one shortcode contains no-breaking space as separator between shortcode name and parameters. {{{ [myshortcode\xc2\xa0param=""... }}} Seems like somebody used external editor to edit post content and then pasted it into wp's editor. I used following quick fix to permit this problem in future : {{{ add_filter( 'the_content', function( $text ) { return str_replace( ""\xc2\xa0"", "" "", $text ); }, 0, 1); }}} I think, it's not very good approach. Thus the question to core developers to fix this in shortcode parsing functions." mazursv Needs Reporter Feedback / Steps To Reproduce 38711 Invalid Cookie domain for wp-settings-time-* Users normal normal Awaiting Review defect (bug) new reporter-feedback 2016-11-08T14:58:21Z 2019-03-26T12:54:02Z "I have set cookie domain {{{#!php

            `, but the corresponding opening and closing tags won't exist. For example, `

            a\n\nb
            ` will produce `
            a

            b

            `, when it really should produce `
            \n

            a

            \n

            b

            \n
            `." pento Needs Patch 38650 Provide some guidance on what conditionals can/should be used in default-filters.php Bootstrap/Load low minor Awaiting Review enhancement new 2016-11-03T22:37:50Z 2017-06-21T23:12:12Z There are a lot of things you can't use in `default-filters.php`, such as `get_option()` or `is_customize_preview()`. Those deeply familiar with how load works might have some idea as to what's safe and what isn't, but it's generally confusing and a little opaque. I'd suggest some kind of inline comment at the top explaining the point of the file and what's generally safe (i.e. stuff in `load.php` as I understand?). helen Changes Requested 38643 Show toolbar (admin bar) in the user's locale (language) Toolbar 4.7 normal normal Future Release enhancement new changes-requested 2016-11-03T09:31:06Z 2024-02-24T13:18:53Z "After #29783 and #26511 it might make sense to show the toolbar on the front-end in the user's locale, while keeping the rest of the site in the site's locale. #29783 actually has a proof-of-concept for that. Screenshot: https://twitter.com/swissspidy/status/773571032963751936" swissspidy Needs Patch 38641 Support partial ISO8601 dates in queries REST API 4.7 normal normal Future Release enhancement new 2016-11-03T01:17:39Z 2022-01-18T13:48:52Z "Right now, we support sending `date` or `modified` with a full ISO 8601 date (`yyyy-mm-ddThh:ii:ssZ`), and we also support `before` and `after`. However, there's no easy way to get posts for a certain month, without building the `before` and `after` yourself. [https://en.wikipedia.org/wiki/ISO_8601 ISO 8601] gives us a way to specify partial dates: `yyyy` and `yyyy-mm` are both valid, and we could totally support them. This avoids the need for a separate `year` or `month` query parameter. Internally, this can map to `before` and `after` values." rmccue Needs Patch 38637 Fix autocomplete search suggestions support for Safari + VoiceOver Administration normal normal Future Release defect (bug) new 2016-11-02T22:31:28Z 2021-02-25T20:28:18Z "Splitting this out from #33902. The first implementation of a combobox with autocomplete search suggestions was the link inline toolbar in the Editor, implemented in #33301. In a first moment, that didn't work for Safari + VoiceOver, and a specific fix was introduced in WordPress 4.5.1, see #36458. Worth noting the fix was extensively tested and confirmed to solve the issue. That was on El Capitan + Safari 9 + VoiceOver. Now, some months later, both the link inline toolbar suggestions and the new implementation for the Tags autocomplete (see #33902) are not announced correctly when using Safari + VoiceOver, that is macOS Sierra + Safari 10 + VoiceOver. Not sure why, sometimes the wrong option gets announced. See screenshot below: [[Image(https://cldup.com/rkDTqypw5Q.png)]] Whether or not it's a Sierra/Safari 10 regression (very likely) a possible fix should be investigated. Note: the only example I've found working it's the Twitter search suggestion, which is a very similar implementation, so investigation should probably start from there. Any feedback welcome :) " afercia Has Patch / Needs Testing 38636 Allow data attributes to be added to WP Admin Bar menu items Toolbar normal normal Future Release enhancement new has-patch 2016-11-02T22:19:44Z 2021-07-09T05:20:33Z "It is currently not possible to add your own parameters to WP Admin Bar. For improved flexibility with javascript I think this could be a good feature. Example: {{{#!php add_node( 'id' => '', 'parent' => '', 'title' => '', 'href' => '', 'meta' => array( 'title' => '', 'data' => array( 'test' => 'data-test content' ) ), ) ); }}} Example code for class-wp-admin-bar.php (L 497 - 533) {{{#!php meta['data'] ) && ! is_array( $node->meta['data'] ) ) { $node->meta['data'] = array( 'data' => (string) $node->meta['data'] ); } ?>
          • id ); ?>""> href=""href ) ?>""meta['onclick'] ) ) : ?> onclick=""meta['onclick'] ); ?>""meta['target'] ) ) : ?> target=""meta['target'] ); ?>""meta['title'] ) ) : ?> title=""meta['title'] ); ?>""meta['rel'] ) ) : ?> rel=""meta['rel'] ); ?>""meta['lang'] ) ) : ?> lang=""meta['lang'] ); ?>""meta['dir'] ) ) : ?> dir=""meta['dir'] ); ?>""meta['data'] ) ) : foreach ( $node->meta['data'] as $attr => $data ) : ?> data-="""">
            meta['title'] ) ) : ?> title=""meta['title'] ); ?>""meta['lang'] ) ) : ?> lang=""meta['lang'] ); ?>""meta['dir'] ) ) : ?> dir=""meta['dir'] ); ?>""meta['data'] ) ) : foreach ( $node->meta['data'] as $attr => $data ) : ?> data-=""""> Themes -> Add New 2. Search for 'Twenty' 3. Install theme 'Twenty Twelve' and wait for installation to complete. The 'Installed' flag will appear above the installed theme. 4. Refine search results by changing search term to 'Twenty T' 5. The theme 'Twenty Twelve' will appear in the search results but will not have the 'Installed' flag. If you attempt to install the theme again you receive an error message stating 'Installation failed: Destination folder already exists.' '''The specifics ...''' Installed themes are stored in a JavaScript array - _wpThemeSettings.installedThemes The array is being created when the page loads and needs to be updated when a theme is installed so that new search results (which use Ajax and do not reload the page) have the complete list of installed themes. '''The solution ...''' Once the installed theme is successfully installed, push the theme slug into the array. e.g. {{{ _wpThemeSettings.installedThemes.push( response.slug ); }}} Attached patch with how I would see this being done." ovann86 Needs Docs or Unit Tests 38560 Add support for uploading arrayed $_FILES Media normal normal Future Release feature request new needs-unit-tests 2016-10-29T13:11:24Z 2017-08-10T17:33:05Z "When you have form code that references [several file uploads](http://php.net/manual/en/features.file-upload.multiple.php) as array, the media_handle_upload() function fails to handle this. For example this: {{{ }}} Will result in a $_FILES array that's creates subarrays shaped like so: {{{ $_FILES['userfile']['name'][0] $_FILES['userfile']['name'][1] $_FILES['userfile']['tmp_name'][0] $_FILES['userfile']['tmp_name'][1] $_FILES['userfile']['size'][0] $_FILES['userfile']['size'][1] $_FILES['userfile']['type'][0] $_FILES['userfile']['type'][1] }}} This will fail when passed to media_handle_upload, since [https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-admin/includes/media.php#L281 the implementation does not handle this array structure] nor is this documented." kontur Needs Dev / Bug Wrangler Feedback 38557 Format for registering a default header image is ambiguous joemcgill* Themes normal normal Future Release defect (bug) accepted dev-feedback 2016-10-28T23:33:02Z 2019-03-26T13:16:14Z "When registering a custom header with a default image, most resources seem to recommend using an absolute URL ([https://developer.wordpress.org/themes/functionality/custom-headers/ Handbook], [https://codex.wordpress.org/Custom_Headers Codex], [https://make.wordpress.org/themes/2012/04/06/updating-custom-backgrounds-and-custom-headers-for-wordpress-3-4/ Make post]). However, it can be registered with `sprintf` placeholders, which is what the old `HEADER_IMAGE` [https://themes.trac.wordpress.org/browser/twentyten/1.0.3/functions.php#L106 constant accepted]. It's registered that way in [https://themes.trac.wordpress.org/browser/twentythirteen/2.0/inc/custom-header.php#L27 Twenty Thirteen] as well. Any time core references the default image URL, it needs to account for the replacements. The problem is it doesn't take this into consideration in at least a couple places and obscures the replacement a bit by passing the default string through `get_theme_mod()` in some cases, which handles the replacement itself. Here are a couple of places where the replacement isn't handled in core: * [https://github.com/WordPress/WordPress/blob/f7552bbf53c183753eb8ac0e723f79e0d98260ae/wp-includes/class-wp-customize-manager.php#L3438 wp-includes/class-wp-customize-manager.php] * [https://github.com/WordPress/WordPress/blob/f7552bbf53c183753eb8ac0e723f79e0d98260ae/wp-admin/custom-header.php#L642-L643 wp-admin/custom-header.php] To see how this manifests itself: 1. Switch to Twenty Ten or Twenty Thirteen 2. Delete the `header_image` and `header_image_data` theme mods 3. Access the Customizer 4. Open the Header Image section In either theme, the default image that was visible on the front end is missing in the Customizer preview and the ""Current header"" control doesn't show an image as being set. If you access the old Custom Header screen in the admin panel (wp-admin/themes.php?page=custom-header), the option to reset the image is visible when it shouldn't be. I imagine this also affects default images for the custom background feature as well." bradyvercher Needs Dev / Bug Wrangler Feedback 38549 Additional CSS lost when changing themes Customize 4.7 normal normal Future Release enhancement new dev-feedback 2016-10-28T14:37:14Z 2021-05-23T23:39:27Z When you change themes, the Additional CSS is lost. Change the theme back and it returns. I think there should be an option to retain the Additional CSS across any theme used. If we do not implement that, I have a funny feeling that many users will be confused as to where their custom CSS went. scottwyden Needs Patch 38548 Add new filters on wp_script_is/wp_style_is Script Loader 4.7 normal normal Awaiting Review enhancement new 2016-10-28T13:41:52Z 2019-03-26T13:30:07Z "Minification engines tend to group dependencies and then enqueue them in a single file so enqueues handles change their names. So imagine this situation: Handles `style-1` and `style-2` are now grouped into a file and the new handle name is `group-1` Once grouping is done `wp_style_is('style-1', 'done')` won't work as style-1 and 2 are now inside `group-1` so `wp_style_is('group-1', 'done')` would work but this is just known by the plugin that minifies the styles/scripts. I don't know if the point is clear enough. By adding a new filter this would help a lot to remap those handles names. The filter can be placed easily in `WP_Dependencies::query()` method like this: {{{#!php registered[ $handle ] ) ) { $query = $this->registered[ $handle ]; } break; case 'enqueued' : case 'queue' : if ( in_array( $handle, $this->queue ) ) { $query = true; } else { $query = $this->recurse_deps( $this->queue, $handle ); } break; case 'to_do' : case 'to_print': // back compat $query = in_array( $handle, $this->to_do ); break; case 'done' : case 'printed': // back compat $query = in_array( $handle, $this->done ); break; } return apply_filters( 'script_is_query', $query, $handle, $list, $this ); } }}} Any thoughts? " igmoweb Needs Patch 38536 Hook/Function to Set Content-Security-Policy Security 4.7 normal normal Awaiting Review feature request new 2016-10-27T20:51:06Z 2019-06-04T18:12:39Z "I would like to see a function to set the Content-Security-Policy header. I believe it should be in core so plugins and themes can hook into to set the whitelist domains/urls. By having it in core would allow the function to prevent duplicates. Maybe default to using any script enqueued on page load? Further Reading: https://scotthelme.co.uk/content-security-policy-an-introduction/ https://securityheaders.io " bhubbard Needs Patch 38518 Rewrite Rules rebuilding on parse_request Rewrite Rules 4.6.1 normal normal Awaiting Review defect (bug) new 2016-10-26T18:33:59Z 2019-03-26T17:20:05Z "Hi, We have an issue that when flush_rewrite_rules is flushing, another request is coming in an parse_request is firing. While update_option('rewrite_rules', ' ') is deleted and the rules are being processed, parse_request is passing the conditional and writing it's own rules. I've created a patch that has flush_rewrite_rules being solely responsible for rebuilding the rewrite rules. Otherwise, parse request will just read the current rules." andyphillips82 Has Patch / Needs Testing 38507 Quick Edit: Parent label without input when editing page Posts, Post Types normal normal Future Release defect (bug) new has-patch 2016-10-26T07:53:42Z 2019-03-26T21:27:57Z "Noticed while working on #18375. To reproduce: 1. Delete all pages 2. Create a new page, save as Draft 3. Click Quick Edit or Bulk Edit 4. Notice a 'Parent' label without any dropdown It might make sense to always use 'show_option_none' in `wp_dropdown_pages()`, even when there are no pages. However, that might lead to data loss when a parent ID is set but the page does not exist anymore. Instead, the 'Parent' label could be hidden. Screenshot: [[Image(https://cldup.com/tUquX3xYvS.png)]] " swissspidy Needs Docs or Unit Tests 38486 current_page_parent class wrongly added to menu item williampatton Menus 4.6.1 normal normal Awaiting Review defect (bug) assigned needs-unit-tests 2016-10-25T15:46:20Z 2020-07-31T16:06:44Z "If the current page being viewed is either of the following: - a custom post type archive - a custom post type single item a {{{current_page_parent}}} class is added to the menu item assigned as the {{{page_for_posts}}}. I believe this is wrong because the page assigned as the {{{page_for_posts}}} is associated with ''posts'' only. It has nothing to do with CPTs." henry.wright Needs Dev / Bug Wrangler Feedback 38481 wp_handle_upload_prefilter not used before deriving attachment title Upload 4.6.1 normal normal Awaiting Review enhancement new dev-feedback 2016-10-25T08:30:18Z 2019-03-26T21:28:44Z "I created a module that modifies upload behavior. I use the wp_handle_upload_prefilter to alter the $_FILES data - specifically the 'name' property of the uploaded file. This works well for changing the name of the file being stored in the file system, but the title of the attachment post still accesses the $_FILES['async-upload']['name'] on line 281 of media.php. To be able to override the title, I had to hook into the 'sanitize_title' filter on line 293 of media.php - and doing that is, in my book, a hack. This sanitize_title filter should specify a context." frodeborli Needs Patch 38479 Need to check utf8_encode() is available before use. Media 4.4 normal normal Future Release defect (bug) new 2016-10-25T04:38:14Z 2017-08-10T18:05:17Z "The DOM/XML extension isn't necessarily installed on some distros so use of `utf8_encode()` should be checked for availability first. It's not checked in `wp_read_image_metadata()` in ""wp-admin/includes/image.php"" (where I encountered its lack on a Ubuntu 16.04 PHP 7 server), introduced in [36429] and [36430], nor in `wxr_cdata()` in ""wp-admin/includes/export.php"", introduced in the distant past. (Also it does ISO-8859-1 not Windows-1252 so more than likely not that good in the image situation anyway.)" gitlost Has Patch / Needs Testing 38474 wp_signups.activation_key stores activation keys in plain text SergeyBiryukov Security 4.6.1 normal normal Future Release enhancement reviewing has-patch 2016-10-24T16:17:29Z 2019-01-08T04:04:42Z "== Steps 1. Visit /wp-admin/user-new.php (on a multisite installation - I haven't tested on single site) 2. Fill out the ""Add New User"" form but do not check the ""Skip Confirmation Email"" checkbox 3. The user will be sent an email containing a link to /wp-activate.php?key=7259c714857ef009 == Actual behaviour This key is stored in the database unencrypted: {{{ mysql> select activation_key from wp_signups where signup_id=4; +------------------+ | activation_key | +------------------+ | 7259c714857ef009 | +------------------+ 1 row in set (0.00 sec) }}} == Expected behaviour wp_users.user_activation_key contains a timestamp and a hash of the key. wp_signups.activation_key is no less important to security and so should include these security features too." tomdxw Needs Patch 38453 New UI for the settings page of the dashboard Administration normal normal Awaiting Review enhancement new 2016-10-23T12:00:08Z 2019-10-26T09:12:42Z "The dashboard settings page is very basic looking - build using simple table markup and has almost zero stylings applied. I would like to suggest a change to this, where new visual elements and better organization is added to the page. Meaning - better separation between different components, description, larger click area/input fields, validation of the input fields and so on. In short - bring the settings pages to more modern look. It won't add new features to it, so the users won't be required to make choices but instead it will make the general experience of the page better. I am attaching sample mockup/idea screenshot I had on top of which I can work more based on the feedback and if this is needed in the first place. Any input regarding is welcome. ---- Here is the screenshot: [[Image(http://i.imgur.com/KQHZiHk.png)]] The validation is there to show how it can look, not that I focus on this. Honestly, I believe while it would be awesome it's not of very high priority to have it. Another thing I want to comment about the design - the tabs on top are also only an idea, I can see how they can be a problem instead of a solution, so thoughts regarding this is also welcome. It's there just to show it visually" xavortm Has Patch / Needs Testing 38442 Error when WP_Query parses orderby array in function parse_order Query 4.2 normal normal Future Release defect (bug) new has-patch 2016-10-21T22:17:25Z 2019-04-02T20:03:42Z "Example of query where I want to order by two custom fields in meta query '''start_date_order''' and '''is_sticky''' {{{#!php true , 'posts_per_page' => 4, 'post_type' => 'event', 'post_status' => 'publish', 'meta_query' => array( 'relation' => 'AND', array( 'key' => 'start_date_order', 'type' => 'UNSIGNED', ), array( 'key' => 'is_sticky', 'type' => 'UNSIGNED', ), ), 'orderby' => array( 'start_date_order' => 'DESC', 'is_sticky' => 'ASC', ), ); $result_query = new WP_Query( $args ); echo $result_query->request; }}} The wrong SQL query generated is {{{ SELECT wp_posts.ID FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) INNER JOIN wp_postmeta AS mt1 ON ( wp_posts.ID = mt1.post_id ) WHERE 1=1 AND ( wp_postmeta.meta_key = 'start_date_order' AND mt1.meta_key = 'is_sticky' ) AND wp_posts.post_type = 'event' AND ((wp_posts.post_status = 'publish')) GROUP BY wp_posts.ID ORDER BY CAST(wp_postmeta.meta_value AS UNSIGNED) DESC LIMIT 0, 3 }}} The '$primary_meta_query' var in method parse_order( $order ) is set forever with the first item of '$meta_clauses' array see line 2336 /wp-includes/query.php {{{#!php "" method=""post"">

            ... }}} The other forms (lostpasswordform, registerform and resetpassform) would be updated with similar action hooks at the top of each form." pagewidth Needs Patch 38312 Network setup step 2 throws warning in certain server setups Networks and Sites 3.5 normal normal Awaiting Review defect (bug) new 2016-10-14T14:31:02Z 2019-04-01T13:47:23Z "Hi, I got this error on my local server: ''Warning: Strpos(): Empty delimiter in wp-admin\includes\network.php line 344'' I tracked this down to line: $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path(); After some more digging, it seems to me that it's possible that this line is causing the initial problem: $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) ); Since realpath() can be false in some server setups, $document_root_fix can be empty as well (hence the error) From http://stackoverflow.com/questions/7906513/realpath-returns-empty-string: ''Note: The running script must have executable permissions on all directories in the hierarchy, otherwise realpath() will return FALSE. So your web server should have access also to pre-webroot directories.'' Leaving us with perhaps unexpected behavior of the lines following. I'm not quite sure what to do next, since the next couple of lines are quite hard to grasp. Thanks, Ruud " ruud@… Needs Docs or Unit Tests 38310 "Improve ""wp_update_term"" documentation" ruudjoyo Taxonomy 4.7 normal normal Future Release enhancement reopened needs-unit-tests 2016-10-14T10:10:06Z 2021-09-29T05:26:16Z "Hi all, When using the wp_update_term function and reading through its inline docs, it struck me that some part of the inline docs is kind of vague (highly subjective, I know). I will add a patch with a proposal for a more specific inline docs. Thanks, Ruud" ruud@… Needs Patch 38308 Accept 'meta_query' parameter in `WP_Tax_Query` Taxonomy 4.4 normal normal Future Release feature request new 2016-10-14T08:27:03Z 2017-07-30T15:37:16Z "It would by possible to extend like that? {{{#!php 'post', 'tax_query' => array( array( 'taxonomy' => 'people', 'field' => 'meta', 'meta_query' => array( array( 'key' => 'map', 'compare' => 'EXIST' ) ) ), ), ); $query = new WP_Query( $args ); ?> }}} " Hrohh Has Patch / Needs Testing 38304 It is not possible to filter posts by category or date on mobile devices Administration 3.8.9 normal normal Awaiting Review defect (bug) new has-patch 2016-10-13T15:08:15Z 2022-06-02T11:17:16Z On mobile devices, this [https://github.com/WordPress/WordPress/blob/4.6.1/wp-admin/css/list-tables.css#L1703-L1706 css rule] hides the actions available at the top of the posts list table. This is not a major issue for bulk actions as the we can find them at the bottom of the list table, but filters (category, date) are totally hidden. Chouby Needs Docs or Unit Tests 38303 register_meta and capabilities aren't working as expected rmccue Role/Capability 4.6 normal normal Future Release defect (bug) reopened needs-unit-tests 2016-10-13T14:43:18Z 2017-06-25T20:31:21Z "The first part of this is #38284, there aren't capabilities for object types other than posts. The second part is best described by a use case: I want logged in users to be able to flag inappropriate comments. After 10 flags, the comment gets unpublished and a notice goes to a moderator to check it. I'm going to store these flags and the user in the comment meta table using something like {{{#!php 'string', 'show_in_rest' => true, 'auth_callback' => 'check_logged_in' ); register_meta( 'comment', 'flagged', $args ); function check_logged_in(){ return is_user_logged_in(); } }}} However, I don't want them to be able to edit the comment itself so `current_user_can( 'edit_comment' )` should return false. So that's the use case. What happens at the moment is, well, no one can update the comment because there's no edit_comment_meta capability. But it's not a problem making the capabilities work like that. However, `edit_post_meta` currently doesn't work like that. For `current_user_can( 'edit_post_meta' )` to return true, a user also has to have the `edit_post` capability. It's straightforward to change, but does have one backwards incompatibility: if someone is using current_user_can( 'edit_post_meta' ) with a registered meta key which has an auth_callback that returns true but they really ''don't'' want the person to update the post meta so are relying on the fact that they don't have the edit_post capability, then that will change and that person will be able to update the post meta. It's a slightly convoluted edge case, admittedly. Attached is a patch that shows how it would work with unit tests. " tharsheblows Needs Patch 38300 Got a PHP warning: class-wp-xmlrpc-server.php L596: array_unshift() ... XML-RPC 4.6.1 normal normal Awaiting Review defect (bug) reopened 2016-10-13T06:46:16Z 2017-02-06T03:13:45Z "Sometimes the php_error.log file got a warning: {{{ PHP Warning: array_unshift() expects parameter 1 to be array, null given in /wp-includes/class-wp-xmlrpc-server.php on line 596 }}} {{{#!php blogger_getUsersBlogs( $args ); } ... } }}} The $args is NULL, it doesn't matter?" kmvan Needs Patch 38288 Connection Timeout when importing heavy .xml (LiteSpeed) Import 4.6.1 normal normal Awaiting Review defect (bug) new 2016-10-11T21:24:41Z 2019-04-01T14:49:05Z "When importing big .xml files using the WordPress importer, the connection times out on LiteSpeed servers. This is due to server not sending new content to the browser, so connection automatically closes. This is different to a PHP timeout due to low max_execution_time. This might be prevented by showing some sort of progress bar so the connection is not closed due to inactivity." jscrm Has Patch / Needs Testing 38285 Object lookups by ID (or primary key) are not managed properly, lots of memory leaks Cache API normal normal Awaiting Review defect (bug) new has-patch 2016-10-11T17:02:42Z 2019-04-01T15:00:53Z "tl;dr this affects every object that uses the `WP_Post::get_instance()` paradigm of ""managing instances"" (spoiler: they are not) `WP_Post` and friends are supposed to add more sanity to caching and sanitization. They are not models, they are read-only data objects that strongly-type database rows. As such, it should be easy to maintain only one reference to any given row = one object per row, regardless of method of query, you should always get the exact same object. This tends to work if you pass around objects, but not when passing around IDs. Passing around IDs is a common use-case: {{{ $ids = get_favorite_posts(); foreach ( $ids as $id ) { $post = get_post( $id ); // wreak havoc } }}} In a theme: {{{ get_the_title( get_the_ID() ); }}} In Doctrine (or Hibernate, or any other ORM), each type is an Entity that is managed by an Entity Manager. There is never more than one instance of a single item. In WordPress, we get `get_post()` and a built-in non-persistent Array Cache. We also get `WP_Post::get_instance( $id )`, which makes us believe that `WP_Post` is managing instances. It is not. The Array Cache is maintaining all of these references. A few problems: * calls to `::get_instance()` will always touch the cache * The Array Cache clones objects before storing them, and clones objects before returning them * The Array Cache is storing `stdClass` instances, not `WP_Post` instance, so every item out of the cache also has to become a brand new instance of `WP_Post`. Storing the items as `WP_Post` objects would seemingly remove the need to return new instances, but they would be new instances nonetheless, since the cache clones every object before saving / returning. What needs to be done: * Object rows are stored strongly-typed * Cache does not clone objects How to test that this is happening (using WP-CLI): {{{ contains( $p ) ) { $store->attach( $p ); } } $mem2 = memory_get_usage(); \WP_CLI::line( round( ( $mem2 - $mem1 ) / 1024, 2 ) ); \WP_CLI::line( $store->count() ); } public function ids() { $store = new \SplObjectStorage(); $mem1 = memory_get_usage(); foreach ( range( 1, 20 ) as $i ) { $p = get_post( 27 ); if ( ! $store->contains( $p ) ) { $store->attach( $p ); } } $mem2 = memory_get_usage(); \WP_CLI::line( round( ( $mem2 - $mem1 ) / 1024, 2 ) ); \WP_CLI::line( $store->count() ); } } if ( class_exists( '\WP_CLI' ) ) { \WP_CLI::add_command( 'prof', Prof::class ); } }}} Both should print out 1. Without the patch, `ids` will print out 20 + a bunch of leaked memory. Patch for `WP_Post` + `WP_Object_Cache` attached" wonderboymusic Has Patch / Needs Testing 38283 Some `WP_Query` query vars undocumented Query normal normal Future Release defect (bug) new has-patch 2016-10-11T15:07:18Z 2019-03-27T15:20:20Z "While working on #38276, I noticed that the `has_password` and `post_password` query args (added in [27395]) aren't included in the inline docs for `WP_Query::parse_query()` with the other args. I did a search for all of the args used in `WP_Query`, and discovered that the following args are used but not documented: {{{ attachment caller_get_posts embed error feed has_password minute post_password posts_per_rss preview robots search_orderby_title search_terms search_terms_count showposts static subpost subpost_id taxonomy tb term term_id withcomments withoutcomments }}} Some of these may be deprecated, discouraged, or internal. If there has been a previous decision not to include them for some reason, then I apologize for bringing it up. But I couldn't find any tickets relating to the password related args not being documented, so I have a feeling that some of these may have just been overlooked. Perhaps some of these shouldn't be documented, although we could document deprecated args and that they are deprecated, rather than just leaving them out. But at least this ticket will provide us a central place where we can state why certain ones aren't going to be documented, if indeed that's the decision." jdgrimes Has Patch / Needs Testing 38282 Trackbacks do not return proper XML on double entries and flood Pings/Trackbacks normal normal Awaiting Review defect (bug) new has-patch 2016-10-11T09:49:18Z 2019-04-01T15:10:22Z "If an comment is double or part of a comment flood, `wp_new_comment()` tends to `wp_die()`. With #36901 we can now get a proper `WP_Error` instead and utilize this in ''wp_trackback.php''" websupporter Has Patch / Needs Testing 38280 Make term count for a specific object type available desrosj Taxonomy 4.7 normal normal Future Release enhancement assigned has-patch 2016-10-10T21:54:15Z 2020-06-11T14:29:45Z "Term count is the total number of relationships with no context of the object types the relationships belong to. Currently, the best way to determine the count of a term for a specific object type is to run a `WP_Query` with a `WP_Tax_Query` for that term. {{{#!php $term_count_query = new WP_Query( array( 'post_type' => 'some-post-type', 'tax_query' => array( array( 'taxonomy' => 'some-taxonomy', 'field' => 'slug', 'terms' => array( 'term-slug' ) ), ), 'posts_per_page' => 1, ) ); $term_count_for_post_type = $term_count_query->found_posts; }}} Now that term meta is in core, it would be great if these counts were stored in term meta for easy access. To start, these counts could be available through a function. To go a step further, an argument could be added to `get_terms()` and other functions to filter the term counts and reflect the object types terms are being grabbed for." desrosj Needs Dev / Bug Wrangler Feedback 38278 Only query taxonomies assigned to the post types being queried Taxonomy 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-10-10T20:28:53Z 2017-04-20T03:02:26Z "While working on #31383 (Add `WP_Tax_Query` support to `WP_User_Query`), it was brought up that taxonomy queries do not check to see whether the requested taxonomies are registered to the requested post type. Opening this ticket to discuss further. Should taxonomies always match the queried `post_type`? From @boonebgorges on the other ticket: Here's a way to frame the issue: are we likely to confuse developers if we allow (ie, don't throw errors for) queries like `get_users( ... 'tax_query' => ... 'taxonomy=post_tag' )`? Or `get_posts( ... 'tax_query' => ... 'taxonomy=some_user_taxonomy' )`? Or maybe these queries will just always end up empty? We should think through the possible confusions (or, maybe, lack thereof). " desrosj Needs Dev / Bug Wrangler Feedback 38276 """Is thing public/accessible"" API" Role/Capability 4.7 normal normal Awaiting Review feature request new dev-feedback 2016-10-10T16:13:16Z 2017-09-23T20:45:44Z "'''Question:''' How do you check if a non-logged-in user is allowed to view something in WordPress? (Posts specifically, and also in general?) '''Answer:''' Within WordPress there is no API for checking whether a non-logged-in user is allowed to view a post or other object. == Capabilities API There is the role and capabilities API, but only logged-in users will have a role or any capabilities. A visitor to the site who is not logged-in will thus not have even the `read` capability. `WP_User::has_cap( 'read' )`, and thus `current_user_can( 'read' )`, will return `false`, while `user_can()` will peremptorily return `false` if the user ID passed does not exist before even calling `WP_User::has_cap()`. ''Thus, while we can check if a logged-in/existing user can view a post via the capability API, we cannot use it to check whether a non-logged-in user can view the post.'' == Underlying Philosophy The underlying philosophy that is used within WordPress is that objects such as posts are public by default. '''Everything is accessible to everyone unless specifically restricted.''' This is, in a word, a blacklist-style approach. The object is public, unless it blacklists/restricts itself in some way. When an object is public, the capabilities API, and the concept of capabilities in general, no longer applies as to whether that object is accessible. The object is accessible by default. The question becomes “is this post publicly visible?” rather than “does this user have the ability to view this post?"" The capabilities API, on the other hand, operates on a whitelist philosophy—nobody is allowed to do anything (and thus nobody has any capabilities), unless specifically granted permission. These two different approaches make sense in different scenarios. However, it starts to get sticky when the two intersect. And that is exactly what happens with the `read` capability: we're now checking the whitelist to check a blacklist. And when the user isn't logged in, the capability isn't in the whitelist, which causes everything to get blacklisted—they don't have the capabilities to read any posts at all. == Why doesn't this explode? Obviously, WordPress has gotten along quite well up to this point without everything flying apart though. Non-logged-in users ''can'' view public posts—otherwise you and I wouldn't be able to see about 25% of the web right now. So yes, of course non-logged-in users do get to view those posts. They are public, they aren't restricted. But they get to view them despite not having the `read` capability. In other words, usually this doesn't cause any issues. That's why nobody has brought it up before (that I know of—probably they have). Why? Because usually posts are retrieved for display via `WP_Query`, and it bypasses the `read` capability. Instead, it works from the philosophy of public by default discussed above, and internally handles all of the logic for checking if the post is publicly visible or restricted from the current user. So, any time that you are using `WP_Query`, you will automatically get all of the posts, minus those that were restricted in some way (blacklisting, as it were). == Okay, so then who cares? Good question. After all, shouldn't we always be using `WP_Query` to retrieve posts? === People not using `WP_Query` Well, yes. But, what if we aren't retrieving a post? What if we have a plugin where we are storing some information that relates to a post in a separate table, and we want to display that information publicly on the site. But because that information references the post in a potentially identifying manner, we can't show it to users who can't view the post. I'd say that's a perfectly valid use-case. So how would we check if the current user can see the information for a particular post? I know what you were about to suggest: ""Use `current_user_can()`!"" But yeah, now you know why that won't work: that's a capability check, and non-logged-in users will not have any capabilities. So non-logged-in users wouldn't be able to view the information for any of the posts, even those that they can view publicly on the site. Now, you might say, ""Just check if the post is public."" Yes, and thanks for telling my how to do that. Should I use the `just_check_if_the_post_is_public()` function? :-) That's what this ticket is about. === People adding accessibility restrictions Another reason to care about this is that it means that when somebody wants to restrict the visibility of posts they have to hook-in multiple places: in the capabilities API for the `read` cap, and for the post retrieval logic in `WP_Query`. That is not the main focus of this ticket, and it may not really be practical to solve at all. However, I'm not sure how many developers realize that they need to consider both of these things. == So what do you propose? In this ticket, I'm '''not''' really suggesting that we: - throw out the `read` capability. (Back-compat nightmare.) - modify the caps API to handle non-logged-in users differently. (Fundamental change in an API, probably not practical.) I ''am'' suggesting that there is a need for a new API, to formally provide a means of determining whether a post (or any object) is publicly accessible. This API would include a function like `is_thing_accessible( $thing_id )` (and perhaps `is_thing_accessible_for_user( $user_id, $thing_id )`). == Is that ''really'' needed? Now, I know that some might suggest that this really isn't needed, because you can just check if the post has a public status. That is true in theory, but in practice things are more complex. First, let me reiterate that what I'm proposing isn't just for posts, it is for any objects, of which posts are one, comments another, users another. Secondly, using posts as an example,a plugin can add extra restrictions that cause posts with otherwise public stati to not be publicly accessible to all users. So it isn't a viable solution to just duplicate each core check that would normally apply to posts—others might be added by plugins. For capability checks I don't have to worry about that. I just check for a particular cap and anything that affects that cap will just hook into `map_meta_cap` and I never have to know. But if the user is logged out I can't use the capability API, and suddenly the onus is on me to know about every possible restriction that could ever apply to a post, in order to check if the post is public. I should be able to check `is_thing_accessible( $post_id )` and just forget it, same as I can do with `current_user_can( 'read_post', $post_id )`. We are talking about non-logged-in users here after all. If a restriction isn't taken into account, it doesn't just mean that some less privileged users can view the object, it means that everybody can. ---- I [https://wordpress.slack.com/archives/core/p1476106801005182 brought this up] and [https://wordpress.slack.com/archives/core/p1476107282005192 discussed it with @johnbillion] in the `#core` channel on Slack before creating this (admittedly long-winded) ticket. " jdgrimes Needs Dev / Bug Wrangler Feedback 38265 Add term_relationship_id column to wp_term_relationships Taxonomy normal normal Awaiting Review feature request new dev-feedback 2016-10-09T01:11:01Z 2017-10-25T16:44:02Z "I have a need to attach additional information to the post/term relationships themselves. I'd prefer not to stash this data in postmeta or termmeta, as this data is strictly about the connection between the two, and not about either object. Naturally, my solution for this is to create a metadata database table (like we did with comments years ago, and taxonomy terms recently.) The first of many steps towards a `term_relationshipmeta` database table is that `wp_term_relationships` lacks a `term_relationship_id` primary column in the database. ---- On the extreme end of this idea, probably lives a `WP_Term_Relationship` object, with methods for adding/editing/removing relationships, which the `wp_*_object_terms` functions would become wrappers for. Before any of that is really feasible, or for very much work to continue even in private as a plugin first, term relationships need a unique identifier." johnjamesjacoby Needs Patch 38262 Task: Opt in SSL Improvements Security normal normal Awaiting Review enhancement reopened 2016-10-08T17:06:50Z 2020-02-05T06:46:51Z "In the core-https meeting we have been discussing how we can improve opt in support for https. The first stage of this is to introduce constants to force https on various components. This ticket is the canonical place for this discussion. So far we are proposing the below constants: {{{FORCE_SSL}}} #28521 {{{FORCE_SSL_CONTENT}}} #38259 {{{FORCE_SSL_CANONICAL}}} #38260 {{{FORCE_SSL_SCRIPTS}}} #38261 These will be in addition to the existing {{{FORCE_SSL_ADMIN}}} constant." LoreleiAurora Needs Patch 38261 A FORCE_SSL_SCRIPTS constant Security normal normal Awaiting Review enhancement new 2016-10-08T17:06:12Z 2019-06-04T18:12:36Z "If this constant is set, we will: - Force local enqueued scripts and styles to https - Force non-local enqueued scripts and styles to https" LoreleiAurora Needs Patch 38260 A FORCE_SSL_CANONICAL constant Security normal normal Awaiting Review enhancement new 2016-10-08T17:04:21Z 2019-06-04T18:12:35Z "If this constant is set, we will: - Force canonical links to https - Turn on {{{FORCE_SSL_CONTENT}}} - see #38259" LoreleiAurora Needs Patch 38259 A FORCE_SSL_CONTENT constant Security normal normal Awaiting Review enhancement new 2016-10-08T17:03:15Z 2019-06-04T18:12:33Z "If this constant is set, we will: - Force local URLs within content to https What we won't do: - Force non-local URLs within content to https - Force the https version of oEmbeds just yet - see #28507" LoreleiAurora Needs Docs or Unit Tests 38243 Attempting to create a term with invalid UTF8 characters creates a blank term Taxonomy normal normal Future Release defect (bug) new needs-unit-tests 2016-10-06T13:52:37Z 2019-04-01T17:41:28Z "Attempting to insert a term which contains invalid UTF8 characters will incorrectly create a term in the database with a blank name & slug. This happens as we check that the term name & slug is provided, but fail to check after sanitizing the term. In the scenario that I've run into, something similar to this happens: {{{ $term_name = urldecode( ""360%BF"" ); // Invalid UTF8 character wp_insert_term( $term_name, 'my_taxonomy' ); }}} What this causes is * the checks on `$name` to pass * it then hits `sanitize_term()` and after passing through `sanitize_text_field()` and then `wp_check_invalid_utf8()` the `name` field of the term is set to an empty string. * `wp_insert_term()` then takes this empty name and creates an equally empty slug from it. * `wp_insert_term()` then calls `get_terms( array( 'name' => '' ) )` and needlessly & badly loads up all 60,000 terms into memory of the custom taxonomy * `wp_insert_term()` then see's an empty slug and ultimates settles on a setting the slug to the numeric ID of the term somehow * `wp_insert_term()` finally inserts a term with a numeric slug and empty `name` field I think at a minimum, we should verify that the term name is still valid after term sanitisation. See patch for that." dd32 Has Patch / Needs Testing 38238 Sorting a list table by some kind of count should default to DESC initially helen Administration normal normal Awaiting Review enhancement reviewing has-patch 2016-10-05T21:32:01Z 2020-06-29T11:01:52Z "List tables that can be sorted by some kind of count (posts with that term, comments on that post, etc.) should likely use `DESC` for that sort initially, as more frequent user workflows involve wanting to see things with many X (popularity/usage), as opposed to items with no X (cleanup). For example, you may want to see which categories are most popular (related: #36964) or which posts have generated a lot of comments. Should also consider how sortable custom columns indicate whether to use `ASC` or `DESC` initially." helen Needs Dev / Bug Wrangler Feedback 38228 Add filter to default gallery shortcode output Gallery 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-10-04T18:27:54Z 2018-04-12T14:05:03Z "Right now the only way to alter the default gallery shortcode output is to use the ""post_gallery"" shortcode which effectively requires the developer to rewrite the entire shortcode. There is a lot of redundancy in here since in most cases, we do not want to alter the retrieval of gallery items. By adding a simple filter at the end of the gallery, we can save a lot of code as well as not effect anyone currently using the post_gallery filter. See my proposed patch." tristangemus Needs Patch 38227 Term Status API Taxonomy normal normal Future Release task (blessed) new 2016-10-04T15:52:34Z 2021-04-10T18:04:51Z See #37914, #37915, and make/core post (coming in a moment). boonebgorges Needs Dev / Bug Wrangler Feedback 38224 Not enough results in menu-page-add-search Menus 4.6.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-10-04T09:42:08Z 2017-01-31T20:35:38Z "While editing menu, trying to add a page, searching for the page ""research"" in a database with hundreds! of pages with this word in it, looking for that ONE page with just 'research' as title, the page is not listed admin/includes/nav-menu.php, _wp_ajax_menu_quick_search with type=quick-search-posttype-page the WP_Query lists posts_per_page = 10, but the search does NOT provide a paginator. I call this a bug because it is not working as intended; I assume you intended that the search would allow a page to be found, so the bug would be ""pagination is missing"" I have hard-coded a -1 to avoid the issue for now possible solutions are: - add pagination - add a filter on the arguments so we can set a different page-size without altering the code " clearsite Needs Patch 38223 Add indicators to off-site links in wp-admin General normal normal Awaiting Review enhancement new 2016-10-04T07:31:51Z 2020-03-16T18:10:46Z "Now that `target=""_blank""` has been removed from links in the help tab on pages, off-site links will take the user away from their current screen. While a fan of removing `_blank` links, we should set expectations for users, the tabs on one side open new panels, on the other side they take you to Codex articles on .org while still retaining a similar style. I can see this as being a frustrating point for users who'd use the help tab and suddenly find them selves not only losing data from their forms etc that may not be fully filled in, but also taken to a completely new domain. Introducing a new screen reader text alerting users to a link taking you to an external source, as well as an icon or similar for non-sr users would be good in regard to UX. I believe the link icon of a box with an arrow going diagonally out of it has become a well established indicator of external links, we even have a [https://developer.wordpress.org/resource/dashicons/#external dashicon] ready for it" Clorith Has Patch / Needs Testing 38211 Interference of AJAX search with input field auto-complete adamsilverstein Plugins 4.6 normal normal Future Release defect (bug) assigned has-patch 2016-10-02T12:09:55Z 2021-10-29T19:23:00Z "In WordPress 4.6 new feature was introduced in ""Add Plugin"" page - user input in ""Search Plugin"" field triggers AJAX search. That's great but it also makes browser's auto-complete of this field to disappear (at least in Chrome). Therefore it's difficult to select an already existing option of plugin name that browser's auto-complete offers because AJAX search gets triggered very soon after you type a letter in input field. So, in most cases I need to type full name of the plugin or try to select auto-complete option before AJAX gets triggered. I'm not sure what the solution for this would be but I don't think it's difficult to press Enter or tap Search button after you have written everything you wanted without system interfering with the process without user wanting it. In addition, the fact that button Search disappeared some time ago made it impossible to add a plugin on touch devices. I see that AJAX search perhaps tries to fix this but it breaks auto-complete as I mention above." armandsdz Needs Dev / Bug Wrangler Feedback 38207 Disable Trackbacks by Default Keep Pingbacks On Pings/Trackbacks low minor Awaiting Review enhancement new dev-feedback 2016-10-01T19:21:01Z 2017-03-07T23:23:29Z "Trackback is a manual technology. Pingback is an automated technology(automatically pings sites linked to in post content). The question comes from me as the component maintainer and I'm opening this as a place for if the proliferation of Trackback Spam and the manual requirement has made it worth disabling the receipt and/or sending of trackbacks by default while leaving pingbacks enabled. I continue to be committed to pingback and the concept in general, but I have to ask regarding the interest in trackback. I'm putting out a call for comment in this regard. The only recent trackback related requests involve expensive queries to send trackbacks(See #36824). Related #37007." dshanske Needs Dev / Bug Wrangler Feedback 38204 enhancement: custom pathname to wp-config.php Bootstrap/Load 4.7 normal normal Awaiting Review enhancement new dev-feedback 2016-10-01T15:01:18Z 2022-10-20T18:18:29Z "This patch allows for setting the pathname to the {{{wp-config.php}}} file with a {{{WP_CONFIG_FILE}}} environment variable. The end goal is to have wordpress code separate (and possibly read-only) from the config file, and from the state (user content). " gdamjan Needs Dev / Bug Wrangler Feedback 38203 Remove `absint` on object IDs in `delete_metadata`, etc Options, Meta APIs 2.9 normal normal Awaiting Review defect (bug) new dev-feedback 2016-10-01T06:40:14Z 2017-04-19T02:50:43Z "Absint is run on the object ID in the functions called with a meta key: `delete_metadata()`, `get_metadata()`, `add_metadata()`, `update_metadata()` and `metadata_exists()`. This leads to unexpected behavior in the event a negative or floating object ID is passed. Related #37746, #37738, #33372." peterwilsoncc Has Patch / Needs Testing 38197 Update Pingback function To Add Return Pings/Trackbacks normal normal Future Release enhancement assigned has-patch 2016-09-30T11:07:47Z 2022-09-30T14:43:00Z "Related to #36824. Updated to reflect focus on the return issue. In #36824, the proposal was to improve performance of the do_all_pings function. Part of this involves the fact that if a pending trackback URL is sent a pingback successfully, it should not also send a trackback. The function should also optionally return which URLs were successfully pinged or a WP_Error object in the event the sending fails, etc. This would change the signature of the function but would allow for debugging, response to errors, as well as assist in optimizing the do_all_pings function. The original proposal was to deprecate pingback because it includes $content, a parameter better retrieved from the post itself for purposes of integrity. However, that can be addressed in other ways." dshanske Needs Patch 38186 Database Collations Bypassed by determine_charset() in wp-db.php Charset 4.6.1 normal major Awaiting Review defect (bug) new 2016-09-29T14:26:56Z 2017-02-10T14:32:55Z "The function 'determine_charset' in wp-db.php, since 4.6.0 will try to set the database collation to the best option available, 'utf8mb4_unicode_520_ci'. This makes sense when the collation is not explicitly defined in wp-config.php, and most likely beneficial to novice developers. However, this assumptive behavior occurs even when the DB collation ''is'' explicitly defined in wp-config, effectively ignoring 'utf8_general_ci', 'utf8mb4_unicode_ci', and collations starting with 'utf8_' in certain environments. There appears to be no way to force these collations when defined by the developer. If the developer has set the collation in the config file, shouldn't the software obey the word of the developer? In short, ''a valid database collation set in wp-config should not be bypassed by WP Core.'' There is no workaround that vindicates the logic in determine_charset(). A possible solution would involve determine_charset() checking for a config setting such as 'FORCE_DB_COLLATE'. If true, use the collation defined in wp-config without assuming otherwise. " natecf Needs Dev / Bug Wrangler Feedback 38183 Add hooks to be run before and after each callback Plugins normal normal Future Release enhancement new needs-unit-tests 2016-09-28T23:41:23Z 2017-08-25T21:15:07Z "Since before the dawn of time, debugging tools have relied on the `all` hook to collect information about how long hooks take to run, and which callbacks are registered to that hook. This has a few drawbacks. Primarily, it's not possible to collect timing information about individual callbacks, and it's quite difficult to manage recursive hook behaviour. With that in mind, hooks that run before and after each callback would be quite valuable, but they do need to be considered carefully. * What kind of performance impact would they have? If there are no callbacks registered to these hooks, there should ideally be no performance impact. * Should they be `WP_DEBUG` only? This would discourage plugins from abusing them on production systems - they would only be used if the site admin explicitly sets the site to debugging mode. * Dealing with recursion is fun, should they provide any helpers for indicating recursion level, or is it up to the code hooking into them to handle that?" pento Needs Patch 38173 Meta query creates unecessary multiple left joins when using the same meta key Query 3.2 normal normal Future Release enhancement new 2016-09-27T16:36:27Z 2017-02-17T03:06:46Z "If you specify the below as a meta_query wordpress creates an extremely bad and inefficient query, it seems to unnecessarily create a left join for each array even though they have the same key when it could use the same join {{{#!php 'OR', array( 'key' => 'product', 'value' => '1', 'compare' => '!=' ), array( 'key' => 'product', 'compare' => 'NOT EXISTS' ) ); }}} {{{ SELECT SQL_CALC_FOUND_ROWS vvc_posts.ID FROM vvc_posts LEFT JOIN vvc_postmeta ON ( vvc_posts.ID = vvc_postmeta.post_id ) LEFT JOIN vvc_postmeta AS mt1 ON (vvc_posts.ID = mt1.post_id AND mt1.meta_key = 'product' ) WHERE 1=1 AND ( ( vvc_postmeta.meta_key = 'product' AND CAST(vvc_postmeta.meta_value AS CHAR) != '1' ) OR mt1.post_id IS NULL ) AND vvc_posts.post_type = 'news' AND ((vvc_posts.post_status = 'publish')) GROUP BY vvc_posts.ID ORDER BY vvc_posts.post_date DESC LIMIT 0, 10 }}} On my site this query takes a huge 6.640 sec, more than 80% of the page's ttfb. {{{ SELECT SQL_CALC_FOUND_ROWS vvc_posts.ID FROM vvc_posts LEFT JOIN vvc_postmeta ON ( vvc_posts.ID = vvc_postmeta.post_id && vvc_postmeta.meta_key = 'product') WHERE 1=1 AND (CAST(vvc_postmeta.meta_value AS CHAR) != '1' OR vvc_postmeta.post_id IS NULL ) AND vvc_posts.post_type = 'news' GROUP BY vvc_posts.ID ORDER BY vvc_posts.post_date }}} whereas an optimized version takes only 0.969 sec." neonWired Needs Dev / Bug Wrangler Feedback 38171 A site within a network has no more users when those users are deleted from the network Networks and Sites 3.0 normal normal Awaiting Review feature request new dev-feedback 2016-09-27T14:08:40Z 2020-01-06T17:33:20Z "In a multisite installation, if a site has only one user and you delete this user, the site has no more users. That seams logical, but this is not what super admin expects when he deletes a user from the network. When deleting a user, the following question appears : What should be done with content owned by XXX ? But even if he chooses ""Attribute all content to:"" option, the site in question is left without any user. I don't think this is impacting the site functions, but perhaps we should add a note ? We have several options : * if a user is selected to attribute the content to, it should also be added as a site user * OR, display a warning somewhere that a site will be left without any user before deleting the user * OR, do nothing and be responsible of some heart attacks when a super admin discovers that a site has no more active user. " Fab1en Needs Early Attention 38133 "Core widget fields fail to render value of ""0"" when empty() checks are used" stevenkword Widgets 2.6 normal normal Future Release defect (bug) reviewing has-patch 2016-09-22T19:52:55Z 2019-04-02T17:46:37Z "If you put a single zero 0 the instance property for in many default widgets, it won't output any thing if an `empty()` check is used since `empty( '0' ) === true`. You can try putting a 0 in any widget title or content. It works if you put 00 or anything else. The reason being our use of `empty( $variable )` and `! empty( $variable )` in the default widgets. `empty` returns FALSE if var exists and has a non-empty, non-zero value. So it will be better to use `isset( $variable) && $variable != ''` instead. Wanted to submit a patch but wanted to know if above method will be the best one." hardeepasrani Needs Patch 38128 Twitter Embed - Enhancement change theme Embeds lowest normal Future Release enhancement new 2016-09-22T13:34:18Z 2023-05-30T08:59:36Z "I would like to suggest to add a option to set the twitter embed theme. Currently you only can use the standard White Theme, some possibility to customize it to dark as example for dark sites would be great." Deexgnome Has Patch / Needs Testing 38112 Deleting an Active Plugin via Bulk Actions Fails Silently Plugins normal normal Future Release defect (bug) assigned has-patch 2016-09-20T17:43:26Z 2022-09-21T12:03:20Z "With the introduction of shinier updates in 4.6, it appears that the error messaging around deleting an activated plugin wasn't ported into the new system properly. '''To reproduce:''' 1. On Plugins Screen, select an activated plugin. 2. From ""Bulk Actions"" select ""Delete"" 3. Click Apply '''Result:''' Nothing happens. Silent failure (to delete). '''Expected Result:''' Error message explaining that you can't delete activated plugins. In one case, I actually saw the expected error message after refreshing the plugins page, but I haven't been able to replicate that since." mrwweb Needs Dev / Bug Wrangler Feedback 38109 Improvements to user deletion Users normal normal Awaiting Review enhancement new dev-feedback 2016-09-20T13:50:32Z 2019-04-01T23:06:06Z "User deletion in WordPress, at the moment, is not straightforward. When you click ""delete"" on users who have authored content, you are presented with this ultimatum: [[Image(https://i.imgur.com/11ex3hz.png)]] At my company, we build and host WP sites for clients and we almost never make decisions about content. But we do sometimes want to delete users, for instance in the situation where a person who works for a client leaves their position as they have been promoted or left for another job. In that case we would like to be able to delete the user account of that person. But without knowing how to answer the question of which user to assign their content to, we're forced to ask the client to make that decision. With a view to making it possible for sysadmins to delete users without having to consult with the client, I'd like to propose two solutions: 1. WordPress disassociates user accounts from authorship information (like in the Automattic plugin [https://wordpress.org/plugins/co-authors-plus/ co-authors-plus]) 2. WordPress allows deactivating user accounts so that the user can no longer login or reset their password, but the account still exists" tomdxw Needs Patch 38102 Email header Content-Type: multipart boundary ignored by wp_mail Mail 4.6 normal normal Awaiting Review defect (bug) new 2016-09-20T07:29:15Z 2019-04-01T20:37:11Z "I have a requirement to send a multipart email with a csv attachment via wp_mail. The code I am using worked prior to upgrading to Wordpress 4.6. Following the upgrade, emails sent by my code appear to have no content when received. Examining the email source shows that both the content and attachment are present, but the header field Content-Type: multipart/mixed; boundary=... is missing, so the email client can't determine the content. Here is a simplified example of code that sends a multipart (text and html) email demonstrating the problem: {{{#!php \r\n"" . ""\r\n"" . ""\r\n"" . ""\r\n"" . ""\r\n"" . ""\r\n"" . ""\r\n"" . ""

            This is a red paragraph

            \r\n"" . ""\r\n"" . ""\r\n"" . ""--$multipart_boundary--""; wp_mail( 'whoever@example.com', 'Multipart email test', $body, $headers ); }}} The email sent by this code should show either the text part or the html part, depending on the email client. I use Thunderbird and it shows no content at all. The source of the problem is in the Wordpress file /includes/pluggable.php, function wp_mail(). The function argument $headers array/string supplied by the user is assigned to a variable $tempheaders and then $headers is set to an empty array. $tempheaders is then processed in a switch statement block starting at line 251 to extract the header fields From, Content_Type, Cc, Bcc and Reply-To. Any other header fields are considered 'custom headers' and are added back into the $headers array by the default case of the switch block. At the end of processing $tempheaders, if there are no 'custom header' fields present, then the $headers variable remains an empty array. At line 441, the $headers variable is tested to see if any 'custom headers' need setting. {{{#!php $content ) { $phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); } if ( false !== stripos( $content_type, 'multipart' ) && ! empty($boundary) ) $phpmailer->AddCustomHeader( sprintf( ""Content-Type: %s;\n\t boundary=\""%s\"""", $content_type, $boundary ) ); } }}} Strangely, not only does this if statement block set the 'custom headers' ($headers) when they exist, it also sets the Content-Type: multipart/...; boundary=... Hence, if $headers is empty, as is the case for my example above, the multipart boundary is not set. The question is: why is setting the multipart boundary dependent on there being these so called 'custom headers'? I have only noticed this problem since Wordpress 4.6+. Since version 4.6, the header field Reply-To was added to Wordpress' list of 'non-custom headers'. Prior to version 4.6, Reply-To was considered a 'custom header' and so, $headers was not empty and my code worked. As a work-around, if I add Return-Path: ... to my headers, then everything works and my emails are readable again. However, I shouldn't need to do this. I think this problem needs some serious attention. Tony " drtonyb Has Patch / Needs Testing 38100 Gallery Caption Filter Gallery 4.6.1 normal normal Awaiting Review feature request new has-patch 2016-09-19T20:03:19Z 2018-11-30T13:13:38Z In media.php on line 1767: https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/media.php#L1767 there is no way to filter a gallery's caption. A filter here would be really helpful to include attachment meta data within a gallery's caption. darrenshea Needs Patch 38098 Use common naming for context switching functions / classes General normal normal Awaiting Review defect (bug) new 2016-09-19T17:13:08Z 2017-04-04T16:12:55Z "I'm creating this ticket after discussions in #26511 and #25293. A quick overview: As we all know, there are `switch_to_blog()` and `restore_current_blog()` to switch between different sites by adding the sites to the global `$_wp_switched_stack` and doing a bunch of other stuff. Now, #26511 aims to introduce `switch_to_locale()` to do the same for the site's locale. To avoid using (too many) global variables, a `WP_Locale_Switcher` class was suggested. The locale names are stored in a stack as well #25293 is about improving `switch_to_blog()` and introducing `switch_to_site()` as well as `switch_to_network()`. #37958 suggests using `Network_Sate` objects for the stack instead of simply the blog IDs. #19572 is somewhat related as well, though I don't think a `switch_to_post()` function makes sense. Fun fact: `WP_Query` was once named `WP_Query_State`, see [1449]. ---- Now, I want to suggest using some kind of naming convention for new `WP_Locale_State` and `WP_Site_State` / `WP_Network_State` classes to make things easier for developers. Those essentially do the same thing: * Switch to a new state * Add this state to a stack * Pop an item off the stack * Pop all items off the stack (#37958) Solid naming is very important to avoid confusion. As mentioned, there are `switch_to_blog()` and `restore_current_blog()`. #26511 suggests adding `switch_to_locale()` & `restore_previous_locale()`. #19572 suggests `switch_to_post()` and `restore_post()`. Ugh. The simplest solution for that is to introduce an interface that these new classes would need to implement. Basically something along the lines of this: {{{#!php waste of time and difficult to maintain. We have big problem - if somebody edit page and I start edit the same page we have conficts and overwrite own changes. I can't see notice about that somebody edit this page because we use one account. My best idea! When user is logged in i create new cookie: `wordpress_logged_in_unique_COOKIEHASH` with unique hash -> user agent + wp_generate_password(). I save user hash if `_edit_lock_hash` was saved. So I can't check that post is locked or. So I write filter for return value of wp_check_post_lock() and... this work! I suggest add this filter (idea) to core or show me other way to resolve my problem." sebastian.pisula Has Patch / Needs Testing 38062 SELECT DISTINCT ... ORDER BY ... Query 4.6 normal normal Awaiting Review defect (bug) new has-patch 2016-09-14T22:36:46Z 2019-04-09T18:51:23Z "I'm not 100% certain of how best to change this in the code, but I've attached a patch that I believe is correct and fixes it ... In '''./wp-includes/class-wp-query.php:2810''' (trunk), there is a query that looks like: {{{ SELECT $found_rows $distinct {$this->db->posts}.ID FROM {$this->db->posts} $join WHERE 1=1 $where $groupby $orderby $limits }}} When run, in some cases at least, the query turns into: {{{ SELECT SQL_CALC_FOUND_ROWS distinct wp_posts.ID FROM wp_posts ... ORDER BY wp_posts.post_date ... }}} The problem with the query is that it could potentially give unpredictable results ... the only reason it doesn't is because wp_posts.ID happens to be a Primary Key, and therefore, is already guaranteed that the post_date+ID will always be unique. Now, I understand why the 'distinct' is used, as there are JOINs involved in the expanded query that could result in multiple rows being returned for each wp_post.ID, ie: ID post_date 1 2016-09-01 2 2016-08-01 3 2016-07-01 4 2016-06-01 1 2016-09-01 4 2016-06-01 , but if that weren't the case, then the unpredictable results could come from a case like: ID post_date 1 2016-09-01 2 2016-08-01 3 2016-07-01 4 2016-06-01 1 2016-05-01 4 2016-04-01 For the above query, which 1,4 date is to be used? If the first, then the order would be 1,2,3,4 ... if the second, the order would be 2,3,1,4 ... If the query was changed to: {{{ SELECT SQL_CALC_FOUND_ROWS distinct wp_posts.ID, wp_posts.post_date }}} ... then the query becomes SQL compliant, and it is no longer possible to get unpredictable results, since in both my 'bad example' above, and in the case of the actually database table as defined for WordPress, the result would end up being: 1,2,3,4 I attached a patch that fixes the query in such a way that makes the query SQL Compliant and removes the potential unpredicatability of the results that right now is protected against by ensuring that the field itself is always UNIQUE in the first place ... " yscrappy Has Patch / Needs Testing 38061 Rename the text window name on the editor Editor normal normal Future Release enhancement assigned has-patch 2016-09-14T22:10:52Z 2019-06-21T06:36:36Z "The text window on the editor name should be something that makes better sense to new users. Since the reality is it is a way to tab between the visual editor and actual view the code. So if a new user who does not know this if they tab between Visual and Text it does not make total sense." lukecavanagh Has Patch / Needs Testing 38057 'wp_update_nav_menu' action returns inconsistent number of arguments johnbillion Menus 4.6 normal normal Future Release enhancement reviewing has-patch 2016-09-14T16:13:56Z 2023-02-09T13:31:46Z "The 'wp_update_nav_menu' action is fired in two places with a different amount of arguments. - [https://core.trac.wordpress.org/browser/branches/4.6/src/wp-includes/nav-menu.php#L348 wp-includes/nav-menu.php] `do_action( 'wp_update_nav_menu', $menu_id, $menu_data );` - [https://core.trac.wordpress.org/browser/branches/4.6/src/wp-admin/includes/nav-menu.php#L1070 wp-admin/includes/nav-menu.php] `do_action( 'wp_update_nav_menu', $nav_menu_selected_id );` The first one passes along the menu id and menu data, where the second one only returns the menu id. " barryceelen Needs Reporter Feedback / Steps To Reproduce 38054 class.wp-scripts.php - add_action when init is already doing Script Loader 4.6.1 normal normal Awaiting Review enhancement new reporter-feedback 2016-09-14T13:12:13Z 2019-04-09T21:27:34Z "Hi, I've simple WP installation and I'm trying to make ""my profiler"" which will show executing times of all actions. I just found an issue in class.wp-scripts.php. Plugin Query monitor runs `wp_register_script( 'debug-bar', false, array( 'query-monitor') );` inside init action. (it's first call of wp_register_script). Then constructor of WP_Scripts runs `add_action( 'init', array( $this, 'init' ), 0 )`, but action is already doing and my profiler shows warning about it (`$merged_filters['init']` has reset state). I think that constructor should be: {{{ public function __construct() { $this->init(); if ( ! did_action( 'init' ) ) add_action( 'init', array( $this, 'init' ), 0 ); } }}} Sasa " stodorovic Needs Docs or Unit Tests 38052 wp-utility.js misses function argument null General 4.6 normal major Awaiting Review defect (bug) new needs-unit-tests 2016-09-14T09:26:29Z 2017-07-28T08:57:16Z "Since 4.6 the wp-utility is updated. The null parameter has been removed here: {{{ compiled = compiled || _.template( $( '#tmpl-' + id ).html(), null, options ); }}} to {{{ compiled = compiled || _.template( $( '#tmpl-' + id ).html(), options ); }}} Which can give the following error: {{{ wp-util.min.js:1 Uncaught TypeError: (intermediate value)(intermediate value) is not a function }}} This is fixed by adding that null value again like this: {{{ compiled = compiled || _.template( $( '#tmpl-' + id ).html(), null, options ); }}} Affects version 4.6 and 4.6.1" wiardvanrij Needs Patch 38044 Make seems_utf8() RFC 3629 compliant. Formatting 1.2.1 normal normal Future Release defect (bug) new 2016-09-13T21:07:56Z 2019-04-09T21:41:24Z `seems_utf8()` should be made [https://www.ietf.org/rfc/rfc3629.txt RFC 3629] compliant. Currently it accepts overlong sequences and surrogates, which will cause PHP functions expecting valid UTF-8 strings to fail. gitlost Needs Patch 38037 Maximum User ID Issue Users lowest normal Awaiting Review defect (bug) new 2016-09-13T10:46:57Z 2019-04-10T07:47:18Z "Hi, We found that if you set the AUTO_INCREMENT value to 18446744073709551614 (which is 1 less than the maximum value of BIGINT), it creates a blank user in the admin user table. upon checking the mySQL database details, we found that the ID (_users) is 18446744073709551614 and the user_id (_usermeta) is 9223372036854775807. the reason for the test is, we have created a plugin that allows an admin to change the user ID of any user, so we where testing the maximum upper limits of. The only way to delete this user is manually, the delete option fails. it would seem the ID (_users) supports 0 to 18446744073709551615 and it would seem the user_id (_usermeta) supports -9223372036854775808 to 9223372036854775807 this can be checked in https://dev.mysql.com/doc/refman/5.5/en/integer-types.html thanks" akaracing Needs Patch 38036 Add support for the utf8mb4_0900_ai_ci collation Database normal normal Future Release enhancement new 2016-09-13T10:11:38Z 2023-04-05T10:24:05Z "MySQL 8.0 adds the `utf8mb4_0900_ai_ci` collation, based on the current Unicode Collation algorithm. We should use it when possible. Note that the version check will need to be a little more complex than the `utf8mb4_520` check - MariaDB 10.x doesn't support `utf8mb4_0900_ai_ci`. " pento Has Patch / Needs Testing 38031 Allow modifying args for the_widget Widgets normal normal Awaiting Review enhancement new has-patch 2016-09-13T05:55:19Z 2019-04-28T12:12:55Z "Some plugins used function the_widget outside of sidebar with default args, this enhancement should be added to the next version so theme developers can modify args Original code: {{{#!php `, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default `
            `. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `

            `. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `

            `. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; $widget_obj = $wp_widget_factory->widgets[$widget]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '
            ', 'after_widget' => ""
            "", 'before_title' => '

            ', 'after_title' => '

            ', ); $args = wp_parse_args( $args, $default_args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args($instance); /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set(-1); $widget_obj->widget($args, $instance); } }}} Enhanced {{{#!php `, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default ``. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `

            `. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `

            `. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; $widget_obj = $wp_widget_factory->widgets[$widget]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '
            ', 'after_widget' => ""
            "", 'before_title' => '

            ', 'after_title' => '

            ', ); $args = wp_parse_args( $args, $default_args ); //Allow modifying widget args via filter hook $args = apply_filters( 'the_widget_args', $args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args($instance); /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set(-1); $widget_obj->widget($args, $instance); } }}} " mnmlthms Needs Dev / Bug Wrangler Feedback 38028 Send emails via an action Mail normal normal Awaiting Review enhancement new dev-feedback 2016-09-12T20:55:20Z 2020-01-16T14:30:48Z "There are a number of ways that you may want to interact with core emails in WordPress. To name two * Use a different server to send (e.g. to benefit from DKIM/SPF) * Use custom templates, HTML, multipart etc. Currently solutions to achieve these things are not ideal. Pluggable functions leave exposure to other core changes and leave no scope for a 'fallback' to default if it is necessary. Filters for content are inconsistently (if at all) applied leaving some messages totally inaccessible to developers, save through the wp_mail filter - which is hacky at best (try catching a translated message). My proposal is relatively simple - send all emails in core through an action hook. `do_action( 'wp_mail_{email_id}', $args );` `$args` of course would carry the necessary elements for the dynamic parts of a message. An call add_action can then exactly replace what is being done at present to generate the message and make the `wp_mail` call. Any developer that wants to interact with the message can then simply remove the core action and add their own - to alter the message and/or send using an alternative mechanism to `wp_mail`, falling back to it if necessary. Possibilities for developers are then endless. `wp_mail` stays in tact and as the hook call replaces current functionality there is no issue with backward compatibility - all existing filters can stay in place." markcallen Has Patch / Needs Testing 38026 Add Delete link to details modal when file in trash Media 4.0 normal normal Awaiting Review enhancement new has-patch 2016-09-12T18:10:26Z 2019-04-18T16:14:02Z "First enable media trash by adding {{{define('MEDIA_TRASH', true);}}} to wp-config.php and move a media file to trash by clicking its ""Trash"" Link either in grid view or list view. Then navigate to the trash view. In list view there are two links on each item (""Restore"" and ""Delete Permanently""). In the details modal of the grid view there's only one link (""Untrash""). In addition this link is red like a delete link, but it actually restores the file. To delete the file you have to close the modal, select it with bulk select and then click the delete button in the toolbar. I think there should be a second link ""Delete Permanently"" in the details modal and the ""Untrash"" link should be blue to avoid confusion." mahu2401 Needs Reporter Feedback / Steps To Reproduce 38019 Notify site admin when domain or IP changes and Search Engine Visibilty is set to off Administration 3.0 normal normal Awaiting Review enhancement new reporter-feedback 2016-09-10T19:13:23Z 2020-02-15T10:08:59Z "It would be very valuable to me (and some other wp folks too) if I could get an '''email notification''' when a site is moved from '''localhost''' or '''staging''' to '''production''' site and '''Search Engine Visibility''' is set to '''Discourage'''. It could be as easy as setting two options, domain and ip and checking them in some hook. If not matching and SEO off - send email. The possibility of a misfire and an occasional nag is well worth the SEO points, or so the SEO guys say." vaniivan Needs Reporter Feedback / Steps To Reproduce 38012 Improve data validation in plugin.php Plugins 4.6 normal normal Awaiting Review defect (bug) new reporter-feedback 2016-09-09T19:04:22Z 2022-08-27T23:33:18Z "function plugin_basename does not do proper data validation of $realdir variable before attempting to use strpos(): PHP Warning: strpos(): Empty needle in /wp-includes/plugin.php on line 736" rpayne7264 Needs Patch 37976 wp_users deleted but warning does not appear. Users 4.7 normal normal Awaiting Review enhancement new 2016-09-07T21:19:43Z 2019-04-05T19:06:38Z "Hi, Shortly before for to try I deleted wp_users but warning does not appear. Wp-admin entered new user create form or warning appear needed. Thanks" truser Needs Patch 37975 Duplicate tag names aren't supported Taxonomy normal normal Future Release defect (bug) new 2016-09-07T20:32:16Z 2019-04-05T19:06:19Z "WP has an inherent requirement on unique tag names, if there are multiple tags with the same name, there is no way to pick which tag to assign. Repro steps: Create three tags name = test, slug = test-1 name = test, slug = test-2 name = test, slug = test-3 Open the post editor and try and search for test, you will have three tags with the name test, if you try and add more than 1, you will not be able to pick which of the three you're assigning. The search: /wp-admin/admin-ajax.php?action=ajax-tag-search&tax=post_tag&q=test will only return tag names, and those are used to assign the tag to a post. wp_insert_posts() calls: {{{#!php if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $post_type, 'post_tag' ) ) { wp_set_post_tags( $post_ID, $postarr['tags_input'] ); } }}} https://core.trac.wordpress.org/browser/tags/4.6.1/src/wp-includes/post.php#L3238" ivankk Has Patch / Needs Testing 37972 Image size (height/width) arguments are not used in output for custom_logo Themes 4.6 normal normal Awaiting Review defect (bug) new has-patch 2016-09-07T18:09:37Z 2021-06-24T00:48:19Z "when setting up the custom logo in theme support, it allows for height/width to be set. When outputting, the default and only option for the output (via the_custom_logo() ) is ""full"" (as set in the get_custom_logo function call) This is carry over from commit [37135] for #36327" BinaryKitten Needs Patch 37971 Menus screen: improve the responsive view Menus normal normal Awaiting Review defect (bug) new 2016-09-07T17:30:27Z 2019-04-05T19:01:01Z "Noticed while working on #37969, the responsive view of the Menus screen needs some improvements. Not sure if there's already a specific ticket (haven't found one). Some CSS rules used in this screen work just in the ""Desktop"" view: 100% widths+margins, some floats, the `13em` spacing between menu item titles and controls and probably more stuff need to be reset/adjusted. Not sure it nesting the menu items can work on very small displays, probably needs a different approach. Any thoughts welcome! [[Image(https://cldup.com/qvBPJULT7f.png)]]" afercia Needs Dev / Bug Wrangler Feedback 37965 Add post_last_activity column to posts database table Posts, Post Types normal normal Awaiting Review feature request new dev-feedback 2016-09-07T07:49:59Z 2019-08-05T22:45:26Z "I have a need to order posts by their most recent ""activity."" Activity is purposely ambiguous, but in the context of WordPress core, this would likely mean either: * the publish time if no comments * the time of the most recent comment * For something like bbPress, this would mean the `post_date` of the most recent child post I'm currently storing this data in `postmeta`, but even with type hinting, ordering `meta_value` by `DATETIME` is a slow query, particularly when there are millions of rows in both the `posts` and `postmeta` database tables. (I'd considered repurposing the `post_modified`, but unwinding the way core uses this internally, paired with not wanting to confuse other developers with the oddity, along with `post_modified` not being an indexed column, made this a lot of work for not very much gain.) To be efficient, this new column would require additional compound indexes akin to `type_status_date`. I suspect it would also need an accompanying `post_last_activity_gmt` column, as well as some kind of back-fill upgrade routine on existing posts. Rather than hacking this into bbPress core in a bespoke way, or creating a separate plugin to shoe-horn this idea into all of the core queries, I figured I'd drop the feature request here for deeper discussion first, to get a read on how viable modifying core like this is to everyone." johnjamesjacoby Needs Patch 37958 Improve looping through sites and restoring Networks and Sites normal normal Awaiting Review enhancement new 2016-09-06T17:58:26Z 2017-01-27T08:31:29Z "[https://wordpress.slack.com/archives/core-multisite/p1473179575000111 As discussed] in the recent multisite ~~hours~~ minutes, I would like to propose (and discuss) a better means to looping through a number of (or even all) sites and finally restoring to the state before the loop. The naive approach looks like the following: {{{#!php site_id = get_current_blog_id(); $this->stack = $_wp_switched_stack; $this->switched = $switched; } /** * Returns a new instance representing the current network state. * * @return static Network state object. */ public static function create() { return new static(); } /** * Restores the saved network state. * * @return void */ public function restore() { switch_to_blog( $this->site_id ); $GLOBALS['_wp_switched_stack'] = $this->stack; $GLOBALS['switched'] = $this->switched; } } }}} With this class, the `foreach`-loop code from before can become this: {{{#!php restore(); }}} No matter what happens in the loop (and thus in any called function or method), we restore to the exact same state the network was in before the loop. The above implementation works with the (currently available and used) globals. As soon as there is some other way (see #37699), this can easily be adapted as it's internals only. The naming is just a suggestion, and we can, of course, baptize all the things differently. Core could make use of it, too. For example in the [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/ms.php?rev=38334#L221 `wpmu_delete_user()] function, during [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/network/upgrade.php?rev=38229#L64 Network upgrade], or in the [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/admin-bar.php?rev=38470#L461 wp_admin_bar_my_sites_menu()] function (!), which means: On. Every. Single. Page. Load. I'd be happy to provide a full patch against trunk. I just wanted to propose this first and give opportunity to discuss this." tfrommen Needs Docs or Unit Tests 37938 Make existing HTML parsing functionality from REST API and Press This reusable kraftbj* Pings/Trackbacks 4.2 low minor Future Release enhancement accepted needs-unit-tests 2016-09-03T17:08:26Z 2023-05-30T11:34:09Z "WordPress already has an HTML parsing function in the form of WP_Press_This::source_data_fetch_fallback and its private called functions. Suggesting this be split off so it can be used elsewhere. Specifically, my use case is over on the Ping and Trackbacks component. One of the proposals I keep advocating for is improving the presentation. As we already have this code in WordPress that allows for parsing of HTML for images, embeds, meta tags, etc, it should be used over writing new code to do the same. But if it were to be called right now, it would reretrieve source HTML already retrieved by the Pingback code and passed into the comment array." dshanske Has Patch / Needs Testing 37937 Support boolean strings for the 'public', 'archived', 'mature', 'spam' and 'deleted' attributes in WP_Site_Query Networks and Sites 4.6 normal normal Future Release enhancement new has-patch 2016-09-03T16:29:51Z 2017-10-03T05:28:54Z "According to the documentation for the {{{WP_Site_Query}}} class: {{{ * @type int $public Limit results to public sites. Accepts '1' or '0'. Default empty. * @type int $archived Limit results to archived sites. Accepts '1' or '0'. Default empty. * @type int $mature Limit results to mature sites. Accepts '1' or '0'. Default empty. * @type int $spam Limit results to spam sites. Accepts '1' or '0'. Default empty. * @type int $deleted Limit results to deleted sites. Accepts '1' or '0'. Default empty. }}} these attributes accepts values {{{'1'}}} and {{{'0'}}} (also {{{1}}} and {{{0}}} to be more specific). I would suggest adding support for general boolean values so these attributes can also support e.g. {{{true, false, 'true', 'false' }}}. Currently each attribute is handled like this: {{{ if ( is_numeric( $this->query_vars['archived'] ) ) { $archived = absint( $this->query_vars['archived'] ); $this->sql_clauses['where']['archived'] = $wpdb->prepare( ""archived = %d "", $archived ); } }}} Here we see why e.g. {{{true}}} doesn't work, because {{{is_numeric( true )}}} is {{{false}}} and the SQL modification is skipped. I want to suggest using e.g. {{{wp_validate_boolean()}}} for the validation. Here's an example: {{{ if ( isset( $this->query_vars['archived'] ) ) { $archived = wp_validate_boolean( $this->query_vars['archived'] ); $this->sql_clauses['where']['archived'] = $wpdb->prepare( ""archived = %d "", $archived ); } }}} or we could be more specific with: {{{ if ( isset( $this->query_vars['archived'] ) ) { $archived = wp_validate_boolean( $this->query_vars['archived'] ) ? 1 : 0; $this->sql_clauses['where']['archived'] = $wpdb->prepare( ""archived = %d "", $archived ); } }}} etc. I added a patch as a starting example. There I added {{{@type mixed}}} to the documentation because that's how the input of {{{wp_validate_boolean()}}} is documented (it can be a general boolean value like {{{int}}}, {{{bool}}} or {{{string}}}). " birgire Needs Patch 37934 Separate account settings and profile settings Users normal normal Awaiting Review enhancement new 2016-09-03T13:36:41Z 2023-01-10T18:35:40Z "Current limitations of profile management in WordPress: On `wp-admin/profile.php` there's too much you can do: * Change personal preferences * Account and session management * Update publicly visible profile data If plugins add additional fields to that page, it gets very long quite quickly. Even without plugins you have to scroll all the way down to change your password. Pretty sure you change your password more often than disabling the visual editor, so that order isn't ideal. Idea: Separate account management and profile settings. Platforms like WordPress.com, Facebook or Twitter do this for a reason. This was recently mentioned in a discussion about adding 2FA to core, see https://wordpress.slack.com/archives/core/p1470765550002658. The plugin I mentioned there: https://wordpress.org/plugins/wp-user-profiles/ Slightly related: #26769. Account management: * Change backend preferences * Change email address * Change password * Log out everywhere else (perhaps with a session overview in the future as was originally the plan) Profile management: * Show/change profile picture * Change biographical info like name, contact methods" swissspidy Has Patch / Needs Testing 37929 Add `pre_delete_option` filter Options, Meta APIs normal normal Awaiting Review enhancement new has-patch 2016-09-03T07:15:29Z 2017-04-21T18:48:57Z "`get_option()` and `update_option()` already have filters to short-circuit their respective processes, so I think a similar filter should be added to `delete_option()` as well. Related: #37928" flixos90 Has Patch / Needs Testing 37928 add `pre_add_option` filter Options, Meta APIs normal normal Awaiting Review enhancement new has-patch 2016-09-03T07:13:16Z 2024-01-07T02:55:53Z `get_option()` and `update_option()` already have filters to short-circuit their respective processes, so I think a similar filter should be added to `add_option()` as well. flixos90 Needs Dev / Bug Wrangler Feedback 37921 "Make ""newbloguser"" URL segment customizable/filterable" Users normal normal Awaiting Review feature request new dev-feedback 2016-09-02T16:25:45Z 2019-04-19T13:33:20Z "The built-in multisite user invitation URL is forced into using `/newbloguser/` as the invitation endpoint to all sites. When employing WordPress Multisite in an environment that isn't for blogging, this endpoint does't make much sense. Because this value is hardcoded, the only way to change this is to roll your own invitation system entirely, which is a lot of work for a little bit of vanity. I don't think the invitation system itself is too bad, and it will be easy to make this segment filterable." johnjamesjacoby Needs Dev / Bug Wrangler Feedback 37920 `the_title` filter called in 2 places inconsistently Menus normal normal Awaiting Review defect (bug) new dev-feedback 2016-09-02T14:20:21Z 2019-04-19T13:22:41Z "This is a follow-up to #35317. When calling `wp_nav_menu()` to build a frontend nav menu, the filter `the_title` ends up being called 2 times on page links, due to the above ticket. It is called here https://github.com/WordPress/WordPress/blob/master/wp-includes/nav-menu.php#L754 and then here https://github.com/WordPress/WordPress/blob/master/wp-includes/class-walker-nav-menu.php#L169. So it is called once when getting the post object title and then again when actually outputting the nav menu. I think this is negative for 2 reasons: 1) Anyone who wants to filter `the_title` for nav menu items will end up having it called 2 different times, which is odd and can provide inconsistency 2) In both cases, an object ID is included, but the first call the object ID is the Post that the menu item links to (where the title comes from) and the second call the object ID is the nav menu item ID. This means, if a developer anticipates the 2 calls, they cannot check against the supplied object ID to confirm operations only happen once." joelworsham Needs Dev / Bug Wrangler Feedback 37917 Users without the edit_private_posts capability can still create private posts Posts, Post Types 2.1 normal normal Awaiting Review defect (bug) new dev-feedback 2016-09-01T21:32:26Z 2019-04-19T13:20:11Z "Currently, users without the ""edit_private_posts"" capability, can still view the ""Private"" radio button under ""Visibility"". They can also save / publish the post (depending on their capabilities) with no issue. The same goes for pages as well with the ""edit_private_pages"" capability. I think it's reasonable enough to assume that users that don't have the ""edit_private_{post_type}"" capability, shouldn't be able to create posts with a visibility of private." ryan.kanner Needs Patch 37916 Customize: ability to disable content creation in menus Customize 4.7 normal normal Future Release enhancement new 2016-09-01T20:55:33Z 2019-06-04T19:41:28Z "There should be a hook to disable the ability to create new posts (and eventually terms, see #37915) in nav menus in the customizer. Ideally, it should be able to be disabled for specific post types as well as all post types. For terms, we'll need to turn it off for the `post_format` taxonomy. This is being split out from the initial merge in #34923, where there are patches with an approach we could take here." celloexpressions Needs Dev / Bug Wrangler Feedback 37915 Customize: allow terms to be created in nav menus boonebgorges Customize 4.7 normal normal Future Release enhancement assigned dev-feedback 2016-09-01T20:51:39Z 2021-05-23T23:16:18Z "Follow up to #34923. When setting up initial site structure, in many cases it's as important to be able to create new terms to add to menus as the ability to create posts. For users, the distinction between terms and posts probably isn't immediately clear, so this functionality gap may be confusing. There are several patches on #34923 that contain the needed framework here, but we need the ability to preview terms before we can add support for terms. This depends on #37914. Milestoning for 4.7 now for tracking, but we're waiting for that ticket before we can proceed here." celloexpressions Needs Dev / Bug Wrangler Feedback 37914 Taxonomy: Allow terms to be previewed before publishing Taxonomy 4.7 normal normal Future Release enhancement new dev-feedback 2016-09-01T20:40:31Z 2019-06-04T21:26:08Z "There is currently no mechanism to preview or draft taxonomy terms. As soon as a draft post with new terms is saved, for example, the new term is published, visible to other users in wp-admin, and could be visible on the front end of the site depending on the theme and plugins. The lack of a draft or preview mechanism also makes it impossible to manage terms in the customizer. Long term, the goal is to enable posts and terms to be able to be live-previewed with front end context, based on functionality being developed in the [https://github.com/xwp/wp-customize-posts Customize Posts] and, now, [https://github.com/xwp/wp-customize-terms Customize Terms] plugins. In 4.7, with the new ability to create posts wintih nav menus (#34923), we'd like users to also be able to create terms so that they an set up their site structure. Unfortunately this is not possible until we have a mechanism for previewing terms. I'm currently milestoning this for 4.7 so that we can try to add support for that feature (in a separate ticket), but this ticket is for API support only and still may be more than we can complete in time for 4.7. Based on comments from @boonebgorges on #34923, there are a couple of potential approaches for enabling term previewing: - Introduce a `term_status` field > Even if we don't have anything as robust as a ""term status API"", we still have to be sure that, at the very least, term_status != 'publish' terms are excluded from most queries - a change that has the potential for weird back compat issues. - An internal taxonomy for draft terms, which may be more conservative but also more complex, especially if we want to support things like hierarchy for draft terms. > It may be easier (maybe more code, but fewer hacks) to do on-the-fly registration of a separate internal taxonomy for each taxonomy that's getting a draft term added via the Customizer. We'll want a future-proof solution that can support term meta being previewable as well. `auto_draft` posts are the inspiration on the posts end for the customizer approach." celloexpressions Needs Patch 37899 Make Profile Picture Section of Edit User Admin Page Filterable Users 4.7 normal normal Awaiting Review enhancement new 2016-08-31T19:52:52Z 2017-02-02T12:55:00Z "Currently the Edit User page contains a section under the Biography showing the user's Profile Picture (avatar). This picture isn't editable, because WordPress uses Gravatar. This behavior isn't typical. More commonly, websites with self-created user accounts also allow the user to upload a custom profile picture. There are a number of plugins which implement this behavior: https://wordpress.org/plugins/custom-user-profile-photo/ https://wordpress.org/plugins/metronet-profile-picture/ https://wordpress.org/plugins/wp-user-avatar/ https://wordpress.org/plugins/basic-user-avatars/ https://wordpress.org/plugins/simple-local-avatars/ They all share a problem though, which is that they can't touch the native Profile Picture section. They all add their own HTML elsewhere on the page. This results in an Edit User page with two Profile Picture sections. CSS can hide the native non-editable section, but that's not ideal. I'd like to propose that we make the native profile section filterable, so that plugins can override it to enhance it directly rather than adding another section to the page. If we move the hard-coded HTML of that section into a function call that is filterable, plugins could just enhance the native section itself. This would prevent multiple Profile Picture sections and keep everything in the native location on the page. Alternatively and less ideally, just adding a do_action() call at the end of the native Profile Picture section would at least allow for the new controls to be added in the correct location on the page." Kelderic Needs Patch 37887 Make attachments atomic until a Customizer session is published Customize 4.7 normal normal Future Release enhancement new 2016-08-30T16:50:18Z 2017-10-16T06:45:09Z "== Current behavior == When you upload attachments via a Customizer session they are: 1. Added to the filesystem. 2. Saved to the database as a new post. 3. Immediately visible in the Media Library to all other logged in users. == Desired behavior == Attachments that are uploaded during a Customizer session should not be published, or even visible by other logged in users, until the user decides to publish the changes. == Possible idea Until Customizer changed are published, all `attachment` posts that have been uploaded inside the Customizer could have their post status set to `auto-draft` rather than `inherit`. This will make them invisible inside the Media Library from other logged in users. All `attachment` posts uploaded during the Customizer session could be stored inside the new Customizer transaction, and the Media Library query could be made to only show those uploads during the current unpublished session. == Publish or Discard If a transaction (customizer changes) is '''published''', then the post status on these `attachment` IDs can be set to `inherit`, making them visible inside in the Media Library like normal. If a transaction (the customizer changes) is '''discarded''', then the `attachment` IDs can be force deleted via `wp_delete_attachment( $ID, true )` which will not only delete them from the database, but also from the filesystem." fjarrett Needs Dev / Bug Wrangler Feedback 37882 Typo in the tests/qunit/wp-admin/js/customize-header.js Customize 3.9 normal normal Future Release defect (bug) new dev-feedback 2016-08-30T13:56:49Z 2019-04-18T19:02:19Z Fix test header in the 'Custom Header: HeaderImage shouldBeCropped()' module tymvie Needs Reporter Feedback / Steps To Reproduce 37878 Post filtering and use of Quick Edit Quick/Bulk Edit 4.7 normal normal Awaiting Review defect (bug) new reporter-feedback 2016-08-30T09:51:44Z 2023-02-07T19:06:34Z "Assuming I have a draft post I want to quickly publish. - I head to the Posts page. - I click on Draft above the list of posts, - I then click on Quick Edit, - Change the Post Status to Publish and Click update, - The Post Status will now be updated although it still appears on this list. A more expected result would be to remove / hide this post on update and also update the numbers of each status using AJAX. This also happens when changing to any other Post Status and includes Pages and Custom Post Types. " ShaneJones Needs Dev / Bug Wrangler Feedback 37870 Adding hints to login/registration form fields Login and Registration 4.6 normal normal Awaiting Review enhancement new dev-feedback 2016-08-29T21:22:51Z 2019-04-19T16:04:22Z "Could it be possible to clarify a bit the login/registration system for computer-illiterate people, by putting a grayed-out example of the kind of data they have to enter in each login field? I have already seen this on other websites, and it is very effective IMHO. For example: - ID: grayed-out johnsmith - Email: grayed-out john@smith.org - Etc. Of course, the grayed-out examples should be considered for i18n, so that the form displays examples relevant to each culture/language." davidbourguignon Needs Early Attention 37868 Avoid default width styles in the markup of the audio player wonderboymusic Embeds 4.6 normal normal Future Release enhancement assigned has-patch 2016-08-29T18:51:47Z 2019-04-19T16:03:03Z "The markup for every audio player contains inline styles for setting its width to 100%, like below (simplified): {{{
            I link this"", array('a'=>array( 'style' => array() )), array('http') ); }}} One way to fix this would be to use an anonymous function, but I guess that's only available on PHP >= 5.3. Another way is to encapsulate the callback in a class and tie the arguments to an instance of this class." xknown Needs Dev / Bug Wrangler Feedback 37692 Introduce WP_Database_Table base class Database normal normal Awaiting Review enhancement new dev-feedback 2016-08-17T13:23:28Z 2017-03-15T17:20:50Z "I've always thought it odd that WordPress only versions blogs, and not each individual database table. On one hand, it's great that the schema changes rarely enough that WordPress core would not get a lot of use out of it. On the other, many plugins would benefit pretty hugely from a smart base class that encapsulated a lot of the procedural work of having custom database tables and maintaining a schema. BuddyPress, for example, comes with several object & metadata pairs, for groups, activity, friends, profiles, messages, notifications, etc... It currently takes WordPress's approach of having a big-dumb installer and a bunch of tangled together upgrade routines. I'd love it if each component could manage it's own schema on the fly, with it's own upgrade routines and database table classes to separate the responsibilities, but without needing to setup `admin_init` hooks and `version_compare()` checks for each component. Django has something similar currently, as do other open-source projects like Piwik, GitLab, Mattermost, etc... ---- I'm imagining that each core database table would extend the `WP_DB_Table` class, each with their own `db_version` and their own methods for upgrading to newer versions. Global tables (like `wp_users`) would use `site_id` `-1` in the `wp_sitemeta` database table to distinguish them as global, and not per-network or per-site. ---- This way, when a plugin like WooCommerce wants to introduce new database tables, they just extend the base class, pass in an array of column-keys & attributes, and the base class would handle the `$wpdb` table registration and all of the other bits and bobs. Eventually... eventually it could get paired up with some kind of a `WP_Base_Query` class to automatically handle cache-key assignments, and generate basic crud methods based on the parameters in the associated `WP_Database_Table` extension. ---- I think this becomes particularly useful in REST applications, where WordPress's APIs can be used and extended for any manner of scalable data storage outside of the core database schemas. Obviously this is a huge idea with lots of moving parts, and without a core need ideas like this are pretty slow on the go. I am already starting to do something similar in my own plugins though - just without the base class - and it feels much easier to maintain each plugin knowing there is a similar convention between them. See: https://code.flox.io/stuttter/wp-site-aliases/blob/master/includes/class-wp-site-aliases-db-table.php" johnjamesjacoby Needs Patch 37687 Multisite - Enormous number of update queries during site creation (user roles) Networks and Sites normal normal Awaiting Review enhancement new 2016-08-17T10:33:27Z 2019-01-23T22:45:54Z "This is mostly because the wp_roles+caps are added one by one causing a very nice overhead. {{{ query: INSERT INTO `wp_86_options` (`option_name`, `option_value`, `autoload`) VALUES ('wp_86_user_roles', 'a:1:{s:13:\""administrator\"";a:2:{s:4:\""name\"";s:13:\""Administrator\"";s:12:\""capabilities\"";a:0:{}}}', 'yes') ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`) query: UPDATE `wp_86_options` SET `option_value` = 'a:2:{s:13:\""administrator\"";a:2:{s:4:\""name\"";s:13:\""Administrator\"";s:12:\""capabilities\"";a:0:{}}s:6:\""editor\"";a:2:{s:4:\""name\"";s:6:\""Editor\"";s:12:\""capabilities\"";a:0:{}}}' WHERE `option_name` = 'wp_86_user_roles' query: UPDATE `wp_86_options` SET `option_value` = 'a:3:{s:13:\""administrator\"";a:2:{s:4:\""name\"";s:13:\""Administrator\"";s:12:\""capabilities\"";a:0:{}}s:6:\""editor\"";a:2:{s:4:\""name\"";s:6:\""Editor\"";s:12:\""capabilities\"";a:0:{}}s:6:\""author\"";a:2:{s:4:\""name\"";s:6:\""Author\"";s:12:\""capabilities\"";a:0:{}}}' WHERE `option_name` = 'wp_86_user_roles' query: UPDATE `wp_86_options` SET `option_value` = 'a:5:{s:13:\""administrator\"";a:2:{s:4:\""name\"";s:13:\""Administrator\"";s:12:\""capabilities\"";a:3:{s:13:\""switch_themes\"";b:1;s:11:\""edit_themes\"";b:1;s:16:\""activate_plugins\"";b:1;}}s:6:\""editor\"";a:2:{s:4:\""name\"";s:6:\""Editor\"";s:12:\""capabilities\"";a:0:{}}s:6:\""author\"";a:2:{s:4:\""name\"";s:6:\""Author\"";s:12:\""capabilities\"";a:0:{}}s:11:\""contributor\"";a:2:{s:4:\""name\"";s:11:\""Contributor\"";s:12:\""capabilities\"";a:0:{}}s:10:\""subscriber\"";a:2:{s:4:\""name\"";s:10:\""Subscriber\"";s:12:\""capabilities\"";a:0:{}}}' WHERE `option_name` = 'wp_86_user_roles' [...] One hunder queries later: UPDATE `wp_86_options` SET `option_value` = 'a:5:{s:13:\""administrator\"";a:2:{s:4:\""name\"";s:13:\""Administrator\"";s:12:\""capabilities\"";a:61:{s:13:\""switch_themes\"";b:1;s:11:\""edit_themes\"";b:1;s:16:\""activate_plugins\"";b:1;s:12:\""edit_plugins\"";b:1;s:10:\""edit_users\"";b:1;s:10:\""edit_files\"";b:1;s:14:\""manage_options\"";b:1;s:17:\""moderate_comments\"";b:1;s:17:\""manage_categories\"";b:1;s:12:\""manage_links\"";b:1;s:12:\""upload_files\"";b:1;s:6:\""import\"";b:1;s:15:\""unfiltered_html\"";b:1;s:10:\""edit_posts\"";b:1;s:17:\""edit_others_posts\"";b:1;s:20:\""edit_published_posts\"";b:1;s:13:\""publish_posts\"";b:1;s:10:\""edit_pages\"";b:1;s:4:\""read\"";b:1;s:8:\""level_10\"";b:1;s:7:\""level_9\"";b:1;s:7:\""level_8\"";b:1;s:7:\""level_7\"";b:1;s:7:\""level_6\"";b:1;s:7:\""level_5\"";b:1;s:7:\""level_4\"";b:1;s:7:\""level_3\"";b:1;s:7:\""level_2\"";b:1;s:7:\""level_1\"";b:1;s:7:\""level_0\"";b:1;s:17:\""edit_others_pages\"";b:1;s:20:\""edit_published_pages\"";b:1;s:13:\""publish_pages\"";b:1;s:12:\""delete_pages\"";b:1;s:19:\""delete_others_pages\"";b:1;s:22:\""delete_published_pages\"";b:1;s:12:\""delete_posts\"";b:1;s:19:\""delete_others_posts\"";b:1;s:22:\""delete_published_posts\"";b:1;s:20:\""delete_private_posts\"";b:1;s:18:\""edit_private_posts\"";b:1;s:18:\""read_private_posts\"";b:1;s:20:\""delete_private_pages\"";b:1;s:18:\""edit_private_pages\"";b:1;s:18:\""read_private_pages\"";b:1;s:12:\""delete_users\"";b:1;s:12:\""create_users\"";b:1;s:17:\""unfiltered_upload\"";b:1;s:14:\""edit_dashboard\"";b:1;s:14:\""update_plugins\"";b:1;s:14:\""delete_plugins\"";b:1;s:15:\""install_plugins\"";b:1;s:13:\""update_themes\"";b:1;s:14:\""install_themes\"";b:1;s:11:\""update_core\"";b:1;s:10:\""list_users\"";b:1;s:12:\""remove_users\"";b:1;s:13:\""promote_users\"";b:1;s:18:\""edit_theme_options\"";b:1;s:13:\""delete_themes\"";b:1;s:6:\""export\"";b:1;}}s:6:\""editor\"";a:2:{s:4:\""name\"";s:6:\""Editor\"";s:12:\""capabilities\"";a:34:{s:17:\""moderate_comments\"";b:1;s:17:\""manage_categories\"";b:1;s:12:\""manage_links\"";b:1;s:12:\""upload_files\"";b:1;s:15:\""unfiltered_html\"";b:1;s:10:\""edit_posts\"";b:1;s:17:\""edit_others_posts\"";b:1;s:20:\""edit_published_posts\"";b:1;s:13:\""publish_posts\"";b:1;s:10:\""edit_pages\"";b:1;s:4:\""read\"";b:1;s:7:\""level_7\"";b:1;s:7:\""level_6\"";b:1;s:7:\""level_5\"";b:1;s:7:\""level_4\"";b:1;s:7:\""level_3\"";b:1;s:7:\""level_2\"";b:1;s:7:\""level_1\"";b:1;s:7:\""level_0\"";b:1;s:17:\""edit_others_pages\"";b:1;s:20:\""edit_published_pages\"";b:1;s:13:\""publish_pages\"";b:1;s:12:\""delete_pages\"";b:1;s:19:\""delete_others_pages\"";b:1;s:22:\""delete_published_pages\"";b:1;s:12:\""delete_posts\"";b:1;s:19:\""delete_others_posts\"";b:1;s:22:\""delete_published_posts\"";b:1;s:20:\""delete_private_posts\"";b:1;s:18:\""edit_private_posts\"";b:1;s:18:\""read_private_posts\"";b:1;s:20:\""delete_private_pages\"";b:1;s:18:\""edit_private_pages\"";b:1;s:18:\""read_private_pages\"";b:1;}}s:6:\""author\"";a:2:{s:4:\""name\"";s:6:\""Author\"";s:12:\""capabilities\"";a:10:{s:12:\""upload_files\"";b:1;s:10:\""edit_posts\"";b:1;s:20:\""edit_published_posts\"";b:1;s:13:\""publish_posts\"";b:1;s:4:\""read\"";b:1;s:7:\""level_2\"";b:1;s:7:\""level_1\"";b:1;s:7:\""level_0\"";b:1;s:12:\""delete_posts\"";b:1;s:22:\""delete_published_posts\"";b:1;}}s:11:\""contributor\"";a:2:{s:4:\""name\"";s:11:\""Contributor\"";s:12:\""capabilities\"";a:5:{s:10:\""edit_posts\"";b:1;s:4:\""read\"";b:1;s:7:\""level_1\"";b:1;s:7:\""level_0\"";b:1;s:12:\""delete_posts\"";b:1;}}s:10:\""subscriber\"";a:2:{s:4:\""name\"";s:10:\""Subscriber\"";s:12:\""capabilities\"";a:2:{s:4:\""read\"";b:1;s:7:\""level_0\"";b:1;}}}' WHERE `option_name` = 'wp_86_user_roles' }}} Possible idea: instantiate `wp_roles` with `use_db` false during blog creation and force saving roles data into database after `populate_roles();` function." fliespl Needs Reporter Feedback / Steps To Reproduce 37685 Creating new multisite blog - wpmu_create_blog tries to execute queries on non-existent tables Networks and Sites normal normal defect (bug) new reporter-feedback 2016-08-17T10:04:45Z 2019-06-04T21:03:08Z "I have noticed that while creating new wordpress site in multisite install I get quite a few notices about executed queries while using verbose logging. {{{ query: SELECT option_name, option_value FROM wp_85_options WHERE autoload = 'yes' status: ERR: Table 'wp1.wp_85_options' doesn't exist }}} which is triggered by `wp_roles()->reinit();` during switch_to_blog function Another are from get_blogaddress_by_id (inside install_blog function): {{{ query: SELECT option_name, option_value FROM wp_85_options status: ERR: Table 'wp1.wp_85_options' doesn't exist query: SELECT option_value FROM wp_85_options WHERE option_name = 'home' LIMIT 1 status: ERR: Table 'wp1.wp_85_options' doesn't exist query: SELECT option_value FROM wp_85_options WHERE option_name = 'blogname' LIMIT 1 status: ERR: Table 'wp1.wp_85_options' doesn't exist query: SELECT option_value FROM wp_85_options WHERE option_name = 'siteurl' LIMIT 1 status: ERR: Table 'wp1.wp_85_options' doesn't exist query: SELECT option_value FROM wp_85_options WHERE option_name = 'post_count' LIMIT 1 status: ERR: Table 'wp1.wp_85_options' doesn't exist query: SELECT option_name, option_value FROM wp_85_options WHERE autoload = 'yes' status: ERR: Table 'wp1.wp_85_options' doesn't exist }}} Wouldn't it make sense to skip execution of those queries unless tables has been created? 1. `get_blogaddress_by_id` calls get_blog_details with $get_all as true while it makes no sense since additional fields will either be empty. 2. Do not call reinit of wp_roles if in blog creation mode" fliespl Needs Dev / Bug Wrangler Feedback 37678 Add an action hook for plugins to do database upgrades on Database normal normal Awaiting Review defect (bug) new dev-feedback 2016-08-16T18:10:59Z 2019-04-18T21:27:24Z "Currently, plugins that have custom database tables usually hook into `admin_init` and pray for rain when comes to their database alterations. This pollutes the `admin_init` hook namespace quite a bit, particularly with database actions that are almost always necessary in order for plugins to actually work correctly. It would be nice if WordPress core had a dedicated action hook meant for executing database alterations & upgrades, no different than there being one for `plugins_loaded`, `template_redirect`, et all... I'm conflicted on where exactly this hook should be. I'm 95% sure it belongs somewhere after `admin_init` so that admin area plugins have a chance to hook everything in. I'm also 95% certain I don't want this as part of the plugin activation sequence, because it's becoming more common to deploy plugins via WP CLI, version control, or some other deployment process, and activation hooks aren't usually ran that way." johnjamesjacoby Needs Patch 37677 Introduce WP_Plugin class analogous to WP_Theme Plugins normal normal Awaiting Review enhancement new 2016-08-16T15:50:59Z 2017-05-04T19:30:55Z "Background: This ticket emerged from #37656. A `WP_Plugin` class has been previously mentioned in #22256 and brought up with a patch in #21883, but only in regards of hooks and filters (i.e. `$GLOBALS['wp_global_hooks'] = new WP_Plugin();`. With #17817 in contention, that approach would need some more tweaking. Also, the class name isn't ideal too because of `WP_Theme`. Using `WP_Plugin` for hooks but themes can use hooks too? Confusing. Proposal: Introducing a new `WP_Plugin` class that does similar things as the already existing `WP_Theme` class but for plugins. This would mainly mean handling caching, retrieving data from plugin file headers and adding any needed helper methods. As a result, we're less prone to errors since we can use 1 reliable API instead of `get_plugin_data()`, `get_plugins()`, etc." swissspidy Has Patch / Needs Testing 37672 wpautop adds a closing p-tag without an opening p-tag Formatting 4.5.3 normal normal Awaiting Review defect (bug) new has-patch 2016-08-15T19:06:03Z 2019-04-18T21:39:39Z "Following code result in ill-formed HTML. {{{#!php This is a paragraph. This is another paragraph.
            EOT; echo wpautop($pee); }}} This is the output: {{{
            This is a paragraph.

            This is another paragraph.

            }}} As you can see, the first paragraph lacks an opening

            . " TBarregren Needs Docs or Unit Tests 37671 Emptying Bin with large amount of posts results in whitescreen Posts, Post Types normal normal Future Release enhancement new needs-unit-tests 2016-08-15T16:01:56Z 2017-08-06T00:31:10Z "When the Bin has a large amount of posts, e.g over 1,500, clicking Empty takes a long time to load, several minutes. After it finishes, it loads a blank white page and has only deleted about 75% of the posts. There's ~500 remaining." atomicjack Needs Reporter Feedback / Steps To Reproduce 37670 wp_validate_redirect fails when running WordPress on a port Security 4.5.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2016-08-15T15:19:35Z 2019-06-04T18:12:31Z "$allowed_hosts is checking againts host value the parsed host value doesn't contain the port number and $wpp does. Thereror hosts aren't matched and wp_validate_redirect fails. {{{ $lp = @parse_url($test); }}} equals {{{ array (size=4) 'scheme' => string 'http' (length=4) 'host' => string 'localhost' (length=9) 'port' => int 3002 'path' => string '/project/xactly-com/insights/' (length=29) }}} where {{{ $wpp = parse_url(home_url()); }}} equals {{{ array (size=2) 'scheme' => string 'http' (length=4) 'host' => string 'localhost:3002' (length=23) }}} will result in {{{ if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) { }}} failing The server is running on a local proxy." raptor235 Has Patch / Needs Testing 37669 Shiny Updates: Cancelling the filesystem credentials when updating within the pop-up prevents updating again (without closing/opening) and leaves UI artefacts Themes 4.6 normal normal Future Release defect (bug) new has-patch 2016-08-15T14:16:55Z 2021-02-06T11:39:52Z "Reproducible on RC3: 4.6-RC3-38260 Reproducible: every time Steps to reproduce: 1) Set up WordPress, and set permissions to that the 'filesystem credentials' dialog will be required when performing theme updates. 2) Tweak a version number so that you will have a theme that needs an update. Then, go to /wp-admin/themes.php 3) Do *not* click on the immediately visible ""Update now"". Instead, click on the theme such that the pop-up pops up. 4) Click on the ""Update now"" link within the pop-up. If step 1) was done correctly, then the filesystem dialog should now pop up. 5) Close the filesystem credentials dialog. Result: ""Updating..."" will still show there. But nothing will be updating. You cannot update until you close the pop-up and re-open it. Excepted result: The ""update now"" link re-appears, and ""Updating.."" disappears. Result: nothing happens. #37285 is similar, but a separate (and now fixed) issue. " DavidAnderson Has Patch / Needs Testing 37667 Handle post type support in `WP_Post_Type` Posts, Post Types 4.6 normal normal Future Release enhancement new has-patch 2016-08-15T11:29:21Z 2019-04-18T21:43:17Z "Currently post type features are stored in a global variable `$_wp_post_type_features`. Now that we have `WP_Post_Type`, I think it would make sense to let the class handle this functionality. Post type features are part of a post type, so they should also be part of it in the implementation. This would also allow us to get rid of the global variable we currently use (note that it's private, so it's not intended to be used directly by other developers). There's a single possible caveat I would see with this implementation: That would be if post type support is added before the post type is even registered. However, I would think we might be able to change this (with a dev note) since it should be best practices to add post type support either directly (via the `supports` argument in `register_post_type()`) or after registering the post type. Adding a post type feature without the post type being registered is not logical in my opinion." flixos90 Has Patch / Needs Testing 37665 Font Natively: Google maps can change the active font General 4.6 normal normal Awaiting Review defect (bug) new has-patch 2016-08-15T06:09:47Z 2019-04-18T21:46:27Z "Because of the font stack ordering, Roboto has a high priority. This is also the font used by Google Maps, so adding google maps embeds will change the font in use in the admin when viewing post pages. Reported at https://wordpress.org/support/topic/system-fonts-easily-overridden-by-google-maps-api?replies=3&view=all" Clorith Needs Reporter Feedback / Steps To Reproduce 37662 Category sub-category problem Taxonomy 4.5.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2016-08-15T03:56:06Z 2019-04-30T02:19:49Z "If I have one category and change it to sub-category the behavior is of one category. For exp, in ""all in one seo plugin"" if you put category in title in some categories write the category that is correct I think, but in another write the sub-category. This no is only for the plugin, I don't remember now but also the error can be in the quantity post for categories or the address url post with category and sub-category (in this moment I don't can reproduce it but the plugin is one indication). Another behavior is '''at the end of the post where you show the categories''' of the post, in the post where show correctly the category in title, appear first the category and right side the subcategory. In the wrong behavior, appear first the sub-category and right side the category. One time for change this behavior I create one new category and delete the older with one wrong behavior but I don't remember the problem now, was some months ago and maybe was the url post and now maybe is solved because I no can reproduce it. Check this and try to reproduce the error. This is for change from sub-category to category, or category to subcategory." Guillermo77 Needs Dev / Bug Wrangler Feedback 37656 Improve plugin bootstrapping processes Plugins normal normal Awaiting Review enhancement new dev-feedback 2016-08-14T11:32:28Z 2019-12-13T19:04:03Z "I recently thought about if we could make bootstrapping plugins easier and take away some common tasks that (should) happen in every plugin. It would also be nice to have a general plugin class registry. What I was thinking of is to introduce an abstract class `WP_Plugin` that plugin developers can extend for their plugin's main class. Then they would call a new function `register_plugin( __FILE__, $plugin_class_name )` to register that class with WordPress. We could take some regular processes away from the developer and, by doing that, also make sure that they don't implement it the wrong way. For example, we could take care of plugin installation routines: If the class implements a static method `install()`, the base class `WP_Plugin` would register an activation hook to an internal function that takes care of whether the plugin is activated network-wide. The actual `install()` method would only contain those steps necessary for the setup on the current site (`WP_Plugin` would take care of switching sites as appropriate). Many plugin developers overlook Multisite in their setup routines, causing the plugin to only install on the main site although being network-activated. We could also deal with other tasks, like hooking the `bootstrap()` method of the plugin class in `plugins_loaded` or `muplugins_loaded` (detected by the base class). I think this whole concept could improve the way plugins initialize themselves. It would not be mandatory (since several plugins don't even use classes), but it would become a best practice. This is just an idea that I wanted to throw on Trac to discuss about it. If we get to the point that we agree this is a good idea, we would need to come up with actual details (of which I don't have any yet)." flixos90 Needs Docs or Unit Tests 37653 "customizer sections with 'active_callback' set to 'is_front_page' don't show when ""Front page displays"" ""a static page"" and no page is selected" Customize 3.4 normal normal defect (bug) new needs-unit-tests 2016-08-13T18:02:08Z 2019-06-04T19:41:19Z "When using a theme with customizer sections set up with the ""active_callback"" feature set to ""is_front_page"", when customizing the theme on a blog which has ""Front page displays a static page"" under ""Reading setting"", these sections to not show up when accessing ""Appearance""->""Customize"". The problem appears to be that when running ""Customize"", the WP_Query object is started with an empty string. When the query is empty, then `is_front_page` looks at the value of `get_option( 'show_on_front')` and if it is set to ""posts"" it checks `is_home` - which resolves to `true` when the query is empty. On the other hand, if `get_option( 'show_on_front')` resolves to ""pages"", `is_front_page` then checks `$this->is_page( get_option( 'page_on_front' ) )` which never resolves to true when starting with an empty query. The problem with `is_page` not responding correctly `get_option( 'show_on_front') == ""pages""` is that `WP_Query::__construct()` will not do anything if `empty($query)` and will not run `WP_Query::query()` - which would in turn run `get_posts()` and then `parse_query` only there does `get_option('show_on_front')` gets resolved and `is_page` is set if needed. Tested on 4.5.1, but the code paths I traced exist without change in trunk. I'm running my tests on a mutli-site set up, so that might also contribute to the issue, but not in anyway I managed to detect." Guss77 Has Patch / Needs Testing 37647 FTP Credentials Modal should have a 'button-primary' class on the 'Proceed' button Administration 4.6 normal normal Future Release enhancement new has-patch 2016-08-12T21:31:47Z 2020-01-07T20:11:34Z "When reviewing another ticket's screenshots (#32194), I noticed that the 'Proceed' button in the FTP Credentials modal doesn't have the 'button-primary' class on it. Existing view: [[Image(https://cldup.com/2dIi9fsIrd.png)]] Proposed view with 'button-primary' class [[Image(https://cldup.com/dr8Gu8K_sE.png)]]" mapk Needs Dev / Bug Wrangler Feedback 37646 Make wp-settings.php a series of do_actions() Bootstrap/Load normal normal Awaiting Review enhancement new dev-feedback 2016-08-12T19:07:44Z 2017-02-23T04:41:29Z "Now that #36819 is in, my master plan for `wp-settings.php` can begin. ---- '''Problem''' `wp-settings.php` makes many assumptions, many on purpose, others by necessity, some on consequence, and a few by accident. It is somewhat poorly named for what it is, and it's a mishmash of globals, function calls, class instantiations, and do_action() calls. ---- '''Solution''' `do_action()` all of the things. Make `wp-settings.php` a series of action calls. One for setting versions, one for initial constants, one for environmental setup, translations, database, plugins, themes, users, template output, and so on... Introduce a file named `wp-includes/default-actions.php` that serves 2 purposes: * Includes a bunch of new functions that wrap up sections of what's already in `wp-settings.php` * Hooks those new functions into the new actions in `wp-settings.php` ---- '''Why do we do this?''' As more robust and sophisticated plugins, themes, APIs, and systems start to use, rely on, and bend WordPress to their will, the need to override more & more pieces becomes apparent. While WordPress comes with a very handy set of default post types, taxonomies, APIs, helpers, wrappers, and tools, it may be desirable to unhook (or never load) certain pieces so that other pieces can take their place. In the past, this is done only with great intent, with strategic actions & filters in places where specific needs are being addressed. This is good in that it's predictable, but bad in that it's impossible for anyone to truly know what action or hook is *best* to perform any given subsequent action. By breaking `wp-settings.php` up into many clearly named `do_action()` calls, it becomes clearly obvious what actions perform what duties, while also introducing literally maximum flexibility in the entire system for new and exciting things to happen around WordPress itself. Imagine something like: {{{ // Load versions do_action( 'wp_settings_load_versions' ); // Load constants do_action( 'wp_settings_load_constants' ); // Load translations do_action( 'wp_settings_load_translations' ); // Load environment do_action( 'wp_settings_load_environment' ); // Load early WordPress settings do_action( 'wp_settings_load_early' ); // Load database do_action( 'wp_settings_load_database' ); // and on, and on... }}} ---- '''Epilogue''' This is a huge idea, easily scoffed at, and introduces code-churn like whoa. It would mean doubling down on WordPress's actions API, trusting it implicitly to load all of WordPress's core pieces & parts. It would open many doors to many unforeseen oddities while developers start dissecting all the ways things are tied together. It would also enable really cool external tools, like REST API drop-ins that can `SHORTINIT` WordPress if auth is missing, or WP CLI commands that can `die()` literally anywhere in the stack after they've done what they need to do. This is something I've wanted in WordPress since 2006 having seen similar in other libraries, and even old BackPress & bbPress gave nods and hints to back in the day. I'm also happy to give this a first patch if it's helpful to see visually the destruction it causes, or guide someone else along my vision for this if someone is willing and able to see it through before I am. <3" johnjamesjacoby Has Patch / Needs Testing 37645 Changes made to certain is_*() functions generates PHP Notices when arrays or objects are present Query 4.5 normal normal Awaiting Review defect (bug) new has-patch 2016-08-12T16:12:38Z 2021-07-23T10:35:28Z "The patch added by #35902 can generate PHP Array to string conversion notices if an array is passed that contains sub-arrays or objects that don't implement `__toString()`. The supplied patch applies the `strval` conversion taking those special conditions into account. Functions affected: is_attachment() is_author() is_category() is_tag() is_page() is_single() I came across this using plugin I built which adds custom data, in the form of an array, to the WP_Post object for my templates to use. When `strval` is run (by post_class() calling is_attachment()) it throws notices when it comes across the arrays." Enchiridion Has Patch / Needs Testing 37641 Support queries on `spam` and `deleted` fields in `WP_User_Query` on multisite Users 3.1 normal normal Awaiting Review enhancement new has-patch 2016-08-12T09:54:11Z 2019-04-25T11:09:00Z The users database table on multisite contains two additional fields `spam` and `deleted` which need to be queried in some cases. For example the function `wp_update_network_user_counts()` makes a direct SQL query at the moment, but that could be improved if `WP_User_Query` supported these fields (only on multisite that is). flixos90 Needs Patch 37640 Add WPLANG to `.maintenance` Upgrade/Install 4.0 normal normal Awaiting Review enhancement new 2016-08-12T05:37:25Z 2018-07-16T02:18:52Z "Currently, maintenance display is English. This will be WPLANG definition is deprecated in version 4.0 or later, I think that it is due to the fact that now is not the translation information of each language is loaded at the time of the maintenance display. I think the problem can be solved by adding a WPLANG defined in `.maintenance` that is created at the time of maintenance. *Currently(/wp-admin/includes/update-core.php : line936) {{{ $maintenance_string = ''; }}} *Change {{{ $language = get_option( 'WPLANG' ); if ( $language ) { $maintenance_string = ''; } else { $maintenance_string = ''; } }}} Please consider this matter." tmatsuur Needs Patch 37635 BUG in get_option Options, Meta APIs normal normal Awaiting Review defect (bug) new 2016-08-11T08:11:58Z 2020-12-17T23:11:48Z "in wp_options, i had saved this large serialized string: http://pastebin.com/raw/hxwETuHX however, when i run `get_option(""option_name"")` it returns false... i have spent time and found out, that it's because that get_option tries to unserialize it and return the result, but it have problems while unserializing. then i decided to manually grab the value and unserialize by hand.. and i succeeded! {{{#!php $raw_data=$wpdb->get_var(""Select option_value from wp_options Where option_name='option_name'""); unserialize(Serialized_Fixer($raw_data)); function Serialized_Fixer($serialized_string){ // securities if ( !preg_match('/^[aOs]:/', $serialized_string) ) return $serialized_string; if ( @unserialize($serialized_string) !== false ) return $serialized_string; return preg_replace_callback( '/s\:(\d+)\:\""(.*?)\"";/s', function ($matches){ return 's:'.strlen($matches[2]).':""'.$matches[2].'"";'; }, $serialized_string ) ; } }}} and that worked! this is seriously a bug of WP! please fix it! thanks!" tazotodua Needs Patch 37632 Incorrect Image Previews for SVG Media normal normal Awaiting Review defect (bug) new 2016-08-11T01:52:35Z 2021-06-03T15:02:06Z "Hi guys, When using the `upload_mimes` filter to add new mime types for the media uploader, it handles SVG uploads strangely. Here is my code to add SVG support {{{#!php ID); foreach ( $metadata as $key => $value ) { if ( is_protected_meta( $metadata[ $key ][ 'meta_key' ], 'post' ) || ! current_user_can( 'edit_post_meta', $post->ID, $metadata[ $key ][ 'meta_key' ] ) ) unset( $metadata[ $key ] ); } list_meta( $metadata ); }}} but it does not take in account meta values, which are skipped later. ''This might be considered an edge case, but it is better to be noted.'' Discovered this when I reported: #37626" implenton Needs Patch 37624 Strings should not have different translators comments? swissspidy I18N normal normal Future Release enhancement assigned 2016-08-10T15:41:33Z 2024-02-28T16:40:59Z "See for example here: https://translate.wordpress.org/projects/wp/dev/admin/cs/default?filters[status]=either&filters[original_id]=3731&filters[translation_id]=139896 String `Install %s` have 3 different comments, but there should be only one? If special context is not needed (I am not sure, especially for importer), there should be one comment `translators: %s: Importer, plugin or theme name`? Or maybe any general solution for GlotPress to unite these comments and display it better for translators? Or any special tool to automatically check for these differences?" pavelevap Needs Patch 37616 Replace `is_super_admin()` calls with real capability checks Role/Capability normal normal Future Release task (blessed) reviewing 2016-08-09T18:18:57Z 2017-05-08T17:18:40Z "As discussed in Multisite office hours (https://wordpress.slack.com/archives/core-multisite/p1470762377000454), there are plans to improve capability handling in WordPress, to also support network-wide (and possibly global) capabilities. The current `is_super_admin()` check system is no actual role- and capability-based system which makes it impractical to refine roles and capabilities on this level. While a super admin should have access to all capabilities, we should get rid of all `is_super_admin()` checks that happen outside of `WP_User` and the `map_meta_cap()` function and replace those calls with dedicated capabilities. There might be a few other occurrences where `is_super_admin()` is actually the right choice, but generally it shouldn't be used in other locations anymore. This will open up new possibilities to think about how we can implement a true role- and capability-based system beyond the scope of a site. The hardest part of this ticket will probably be finding names for the new capabilities. The good thing is that we most likely won't need to touch any roles or adjust `map_meta_cap()` since the new capabilities should only be granted to the super admin for now anyway. We should probably create a list of occurrences and think about names for the capabilities (or whether we can use existing capabilities) first." flixos90 Needs Patch 37614 WP_PROXY_BYPASS_HOSTS has no effect inside curl transport, if http_proxy or https_proxy is set on the system HTTP API normal normal defect (bug) new 2016-08-09T13:20:22Z 2019-06-04T20:00:40Z "OS: Debian Squeeze PHP Version tested: 5.3.29 Will try to provide results from newer distros later today. -- In case server hosting website has environmental settings for proxy, it's not possible to skip using it even for addresses that should be bypassed. Let's take for example that printenv returns following: {{{ http_proxy=http://proxy.com:8080 https_proxy=http://proxy.com::8080 }}} In this case, if we execute `wp_remote_get` (with domain that should be bypassed via WP_PROXY_BYPASS_HOSTS) it will still use system variable http_proxy in curl transport. I think that wp_remote_get should explicitely set `curl_setopt($handle, CURLOPT_PROXY, null);`, if proxy is disabled inside wordpress or url SHOULD be bypassed." fliespl Needs Patch 37611 Ordering of the Site Language entries I18N 4.0 normal normal Awaiting Review defect (bug) new 2016-08-09T08:48:11Z 2019-04-05T19:08:37Z "The ordering of the language selector in options-general.php is based off the locale, but the visual (and quick-access by typing) entries are using the languages native name. Would it not make more sense to order by the native name here, I don't think I know of any other language selector that isn't alphabetically ordered by the visual element of it?" Clorith Needs Dev / Bug Wrangler Feedback 37604 'Password Lost/Changed' emails should give indication of the strength of the new password Security 3.7 normal normal Future Release feature request new dev-feedback 2016-08-08T19:08:40Z 2018-04-09T13:18:35Z "When any user changes their password, the site's owner gets an email that currently just says: ""Password Lost and Changed for user: [username]"" It would help administrators if the email also included WordPress's assessment of the strength of the new one. I don't always agree with that assessment, but it is better than saying nothing. As it is, there's no way to know if the user has just picked an extremely weak password and thanks to the repeated user privilege escalation exploit issues, even low level users with weak passwords can put the whole site at risk." lovingboth Needs Patch 37597 served oEmbed from cache even when expired Embeds 4.0 normal normal Awaiting Review defect (bug) reopened 2016-08-08T11:37:17Z 2018-03-05T15:26:53Z "There is wrong condition in wp-includes/class-wp-embed.php Embeds are pulled from cache even if $cached_recently is false = expired. This condition: {{{#!php usecache || $cached_recently ) { }}} should be changed to: {{{#!php usecache && $cached_recently ) { }}}" zabatonni Needs Dev / Bug Wrangler Feedback 37593 "Replace ""Super Admin"" with ""Network Administrator""" Mista-Flo Administration normal normal Future Release enhancement assigned dev-feedback 2016-08-07T19:17:59Z 2018-09-24T16:39:10Z "After a note by @ocean90 (https://wordpress.slack.com/archives/core-multisite/p1470482829000310) and a following discussion (see particularly https://wordpress.slack.com/archives/core-multisite/p1470579794000339), it was cleared that the term ""Super Admin"" is used inconsistently in Core at the moment. Given that there is no Multinetwork UI in Core at the moment, all usages of the term ""Super Admin"" should probably be replaced by ""Network Administrator"". The term ""super admin"" should rather denote the user level where a user has control over all networks in an entire setup. While for a basic Multisite with one network ""super admin"" and ""network administrator"" denote a similar user level, the terms are different for a Multinetwork - and the way Core works currently, it should probably only use ""Network Administrator""." flixos90 Needs Dev / Bug Wrangler Feedback 37586 Menu customizer: search results not properly filtered Customize 4.3 normal normal Future Release defect (bug) new dev-feedback 2016-08-05T16:36:50Z 2019-10-06T09:10:16Z "{{{customize_nav_menu_available_item_types}}} is a filter located in {{{class-wp-customize-nav-menus.php}}}. The purpouse of this filter is to restrict item types available in the Menu Customizer. This filter should be applied even if I perform a research using the search field in Menu Customizer. But this does not happens. While in Menu Customizer, doing a research, in search results shows up even items of specific types excluded with {{{customize_nav_menu_available_item_types}}} filter. We can resolve this issue using another filter always located in the same class: the {{{customize_nav_menu_searched_items}}} filter. With this filter we can restrict the selections of items received from the search result just before sending them to the frontend (ajax response). But this could be considered only a workaround and not a solution, because items should be filtered/excluded by type BEFORE wordpress performs the query to the database. We should suppose that, if we uses the {{{customize_nav_menu_available_item_types}}} to filter item types available on Menu Customizer, most likely we do not want search for elements of theese item types. " virgodesign Has Patch / Needs Testing 37581 text overflows, if it has no hyphens on media upload error notices Media 4.5.3 normal normal Awaiting Review defect (bug) new has-patch 2016-08-05T09:34:58Z 2020-08-18T07:28:31Z "Long text overflows and adding horizontal scroll in message box . if text has no hyphens, it extending beyond the parent div and look bad or worse, cause layout problems. " gk.loveweb Needs Patch 37579 Inconsistent names for `update_(network_)option` actions Options, Meta APIs 4.5.3 normal normal enhancement new 2016-08-05T03:11:39Z 2019-06-04T21:02:49Z "I noticed that there seems to be some inconsistency in the hook naming convention, regarding the setting, deleting, and updating of options and transients. It would be nice if all the hooks indicated when in the function they were occurring, and matched the others (see the list below). For example, if all hooks that occurred before the action were prefixed with `pre_`, and all hooks occurring after were in the past tense: `added_`, `deleted_`, `updated_`. I'm not sure how this was allowed to happen to begin with, so if I'm missing something, please inform and then close this ticket... but if it's simply a result of sloppiness, cleanup should be performed (volunteering myself). Here is the list of the actions that are performed (in `wp-includes/options.php`), grouped by when the action fires (before or after): == BEFORE == - `update_option` - `add_option` - `delete_option` - `delete_transient_{$transient}` - `set_transient_{$transient}` - `pre_delete_site_option_{$option}` - `delete_site_transient_{$transient}` == AFTER == - `add_site_option_{$option}` - `add_site_option` - `add_option_{$option}` - `added_option` - `setted_transient` - `set_site_transient_{$transient}` - `setted_site_transient` - `update_site_option_{$option}` - `update_site_option` - `update_option_{$option}` - `updated_option` - `delete_site_option_{$option}` - `delete_site_option` - `delete_option_{$option}` - `deleted_option` - `deleted_transient` - `deleted_site_transient`" crstauf Has Patch / Needs Testing 37578 Dashboard Recent Activity widget - new filters to manipulate output Administration 4.6 normal normal enhancement new has-patch 2016-08-05T01:41:43Z 2021-03-23T05:25:04Z "It is currently not possible to manipulate the recent post activity dashboard widget. Output is built using `wp_dashboard_recent_posts()`. 2 filters could be introduced for the parameters for future and recent posts. This would allow easy interaction with the parameters array, for instance increasing the amount of posts shown, changing order, post status, CSS ID etc - would definitely make it more useful! I realise that there is a filter `dashboard_recent_posts_query_args` inside the`wp_dashboard_recent_posts()` function (used to build the queries, useful for switching post type etc), but there is currently no way to interact with the calls to this function." Jonnyauk Needs Dev / Bug Wrangler Feedback 37577 "Allow users to ""petition"" for a post lock to be released" Editor normal normal Future Release enhancement new dev-feedback 2016-08-04T21:23:34Z 2020-05-25T17:12:05Z "Our post locking prevents two people from editing the same post, but introduces some awkwardness, in that your options are to wait and hope they exit the post (which slows you down), or boot them out (which could be rude or disruptive), or communicate with them through some other medium (which you might not have). It would be nice if there was a third option... to ""raise your hand"" about wanting to edit the post. If the editing user is actually working on the post, they could say ""not now,"" or they could ""save and release"". Or, if there is no response, that could be communicated to the petitioning user, as that could indicate that the editing user has left the post open and abandoned their computer. We could even communicate when the last mouse movement or on-page activity was." markjaquith Needs Patch 37559 Password protected pages require the password only once Security 4.5.3 normal normal Awaiting Review defect (bug) new 2016-08-03T20:58:26Z 2019-06-04T18:12:30Z after entering the password for a password protected page it does not ask for the password again to see the page after logging out of wordpress and logging in again. This could be a security vulnerability and a bug because the password for Wordpress and the password for the Password protected page are different. ctienshi Has Patch / Needs Testing 37549 Add optional parameter to wp_generate_attachment_metadata for image dimensions. joemcgill Media 4.6 normal normal Awaiting Review enhancement reviewing has-patch 2016-08-02T22:00:41Z 2020-01-07T20:05:16Z "My plugin [https://wordpress.org/plugins/scalable-vector-graphics-svg/ Scalable Vector Graphics] received a support request, [https://wordpress.org/support/topic/svg-in-image-gallery-is-not-working?replies=16#post-8710513 SVG in image gallery is not working] -- which caused me to do some digging in core. I realized the reason the Theme wasn't doing what it intended to do is because it is reyling on `wp_get_attachment_metadata()` -- which lead me to realize that SVG files -- although being uploaded and working for the most part, are missing the meta information normally generated for images such as JPG files. The function that does that is `wp_generate_attachment_metadata`. The reason it is not doing that is because `file_is_displayable_image` is returning false, which I can override if I want with the filter -- BUT -- the function also depends on `getimagesize` -- which I cannot navigate around and does not work with SVG files. It would be cool if {{{#!php description){ echo '

            '; echo esc_html( $post_type_object->description); echo '

            '; }?> }}} It's a pretty small update but its pretty useful for clients so that know what this admin edit screen is for. I use them for outlining what type of content will be added here. If the content type doesn't have a description nothing is outputted. I can submit a pull request since it's a fairly straightforward change. Cheers Simon " simonrcodrington Needs Docs or Unit Tests 37530 is_front_page() is based on wrong data -> gives wrong results Query 4.5.3 normal normal Future Release defect (bug) new needs-unit-tests 2016-07-31T14:28:49Z 2020-01-07T20:25:04Z "1) is_front_page() is based on the SQL query, so it always gives back false when you try to use it eg at pre_get_posts. If it has no way to figure it out if it's the front page or not, it should return null instead 2) is_front_page() in themes gives the wrong result false back when you set an static page for the front page and then modify the main query on start page to posts or any other custom post type except page. This forces you to make an additionally SQL query instead of using the main query to build a custom front page. Both is because of this: https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-includes/query.php#L4458 . This does not really make sense to get the front page." TheInfinity Has Patch / Needs Testing 37522 reset password and lost password form functions voldemortensen Login and Registration normal normal Future Release feature request assigned has-patch 2016-07-30T09:07:07Z 2019-02-21T09:36:45Z "Wordpress provides the {{{wp_login_form}}} function that can be placed anywhere on our wordpress site through shortcodes, etc. But I couldn't find a function for the ''reset password'' and ''lost password'' form. Would it be possible to create those functions as part of Wordpress itself? I'd like to avoid copying code from the wp core files (wp-login) into my own code. I prefer to use Wordpress built-in functions as much as possible. " mireillesan Needs Patch 37521 Introduce a procedure for deprecating code used in Unit Tests Build/Test Tools 4.6 normal normal Awaiting Review enhancement new 2016-07-30T08:22:16Z 2019-02-25T01:47:03Z "WordPress has different utility functions to mark functions, methods, hooks, etc. in the core codebase as deprecated, and a dedicated file (`deprecated.php`) to move obsolete code to. I consider that it would be useful to introduce the approach of deprecating code to the unit tests as well. An example for obsolete code would be the `_unregister_post_type()` and `_unregister_taxonomy()` functions in the unit test utils. Since [36316], these test framework functions are only wrappers for core functions. As such, it would be appropriate to use the core functions in the tests, and deprecate the test framework functions. Let's explore how we could handle this in the unit test framework." Frank Klein Needs Patch 37518 New term.php is showing warning for rearranged columns using manage_{$screen->id}_columns filter Taxonomy 4.5 normal normal defect (bug) new 2016-07-29T19:41:29Z 2019-06-04T21:25:15Z "== Main Issue: == Declared custom column and sorted them using `unset()` for my Custom Taxonomy for CPT: {{{#!php result instance should be checked `mysqli_num_fields` in `load_col_info()` Database 3.9 normal normal defect (bug) new needs-unit-tests 2016-07-29T07:33:53Z 2019-06-04T19:40:32Z "In `wpdb::load_col_info()` the function `mysqli_num_fields()` is called passing `$this->result` without any check on this property value. The problem is that function has a type hint to `mysqli_result` (see http://php.net/manual/en/mysqli-result.field-count.php), but `$this->result` may be `false`. Just like in other places in the same class, the function should check that `$this->result instanceof mysqli_result` before calling `mysqli_num_fields()`." giuseppe.mazzapica Needs Patch 37505 Filtering pagination when the pagenumber doesn't exist. Canonical 4.5.3 normal normal defect (bug) new 2016-07-29T05:10:50Z 2019-06-04T19:40:25Z "Hello :). `WP_Query::page` or `$GLOBALS['page']` or `get_query_var( 'page' );` will return whatever value is set by the visitor on a non-paginated page or post. On a paginated page/post, it will 301 redirect the visitor to the first page, this is OK. '''An example, on a post or page without pagination:''' The output of the page will be incorrect, specifically on these two parts (both Title and Canonical URL show pagination). URL: `http://example.com/2016/07/29/hello-world/123/` {{{ Hello world! – Page 123 – Example.com ... ... }}} This is a major concern for SEO, as it will output duplicated pages. Abusers could mark otherwise good pages as duplicated by simply linking to a non-existing non-paginated page. '''My suggestion:''' Check against `$GLOBALS['multipage']` (or `$GLOBALS['numpages']`) prior to creating the above output. " Cybr Needs Patch 37491 Improve Iranian functionality in WordPress johnbillion I18N normal normal Future Release feature request assigned 2016-07-27T18:33:49Z 2020-01-07T20:22:06Z "I'm currently one of [https://wordpress.org/plugins/wp-parsidate/ Parsi Date] core developers. Parsi Date, enables Shamsi calendar, aka Iranian calendar, for WordPress. WordPress is really popular in Iran, many people use it as an accelerator in their own business, so I thought that enabling Iranian calendar, might be a good idea to step the progress of internationalizing WordPress. Can it be enabled in WordPress? Where to start?" iEhsan.ir Has Patch / Needs Testing 37489 If Posts have the same datetime, the order of the post is indefinite. Query normal normal defect (bug) new has-patch 2016-07-27T16:52:11Z 2019-06-04T21:02:16Z "Posts has same datetime, the order is different, when logged in or otherwise. " Toro_Unit Has Patch / Needs Testing 37486 Make emojis accessible Emoji 4.2 normal normal Future Release task (blessed) new has-patch 2016-07-27T15:01:59Z 2021-01-05T08:08:42Z "Splitting this out from #37432. Currently, the WordPress Emojis are not accessible. The alt text contains the emoji character (vs a HTML encoded entity, or the emoji description) and that's a deliberate implementation choice, see [ticket:37433#comment:3] intended to allow copy and pasting the emojis. We've discussed a bit this issue in the accessibility weekly meeting and agreed there's room for improvements. At least, starting a discussion about emojis accessibility would be very welcome. Quickly checking how screen readers announce the WordPress emojis, there's no accessible name or description they can use: [[Image(https://cldup.com/oioYLgdQ86.png)]] Note: VoiceOver reads out ""group"" because the image is a `svg` file. Just adding an `aria-label` attribute (I've quickly edited in the browser console) gives screen readers an accessible name to announce: [[Image(https://cldup.com/xP0gzKlsnK.png)]] Comparing with what others do, for example Twitter because they usually have great solutions for accessibility, they use `png` images and both an `aria-label` and a `title` attribute, so VoiceOVer in this example reads out both. I guess the title attribute is used just to show the browser's ""tooltip"" with the emoji name: [[Image(https://cldup.com/MwMY0nHtoQ.png)]] {{{ }}} The aria-label solution is mentioned also on a related issue on the twemoji GitHub: https://github.com/twitter/twemoji/issues/41" afercia Needs Patch 37484 Make form in request_filesystem_credentials() in line with WP admin form styling / HTML structure / security Upgrade/Install normal normal Future Release enhancement new 2016-07-27T12:57:10Z 2020-06-29T17:18:41Z "Currently, the `Connection Information` form output by `request_filesystem_credentials()` looks very sad and doesn't reflect the admin form HTML structure and style. This is how it looks: [attachment:""Screen Shot 2016-07-27 at 13.41.52.png""] It would be great if it can be standardised to look like WP admin settings UI, i.e. [attachment:""Screen Shot 2016-07-27 at 13.41.23.png""] While at it, it would be great to secure the form code with escape family functions (esc_attr, esc_html and so on)." dashaluna Has Patch / Needs Testing 37470 Shiny Updates: Erroneous Plugin Deactivation Plugins 4.2.4 normal normal Future Release defect (bug) reopened has-patch 2016-07-26T15:53:12Z 2017-08-08T21:40:31Z "I recently noticed with a plugin of mine, that if you change the name of the main file in a version update, i.e.: `plugin-name/plugin-name.php` => `plugin-name/different-name.php` the plugin becomes inactive after the update. This was not the case prior to Shiny Updates and is still an issue in trunk. I installed 4.1.x just to be sure. Steps to reproduce: 1. Put plugin on .org repo 2. Install/activate plugin on a site. 3. Change the name of the main file in svn and commit it with a version bump. 4. Update the plugin with Shiny Updates. " voldemortensen Has Patch / Needs Testing 37463 Abstract Query Class Query normal normal Awaiting Review enhancement new has-patch 2016-07-25T20:50:02Z 2023-04-20T13:32:38Z All of the query classes WP_Comment_Query, WP_Network_Query, WP_Site_Query, WP_Term_Query and WP_User_Query are based on WP_Query class. For that reason they have a lot of similar methods and variables. As all the classes basically do the same thing, we can use an abstract class, so all related methods and variables are on the abstract class. If all query classes extend this abstract class, we can keep structure and consistency. It would also mean, for example, we could just add filters and actions in the abstract class and these would filter down. spacedmonkey Has Patch / Needs Testing 37462 Introduce is_private() conditional Posts, Post Types normal normal enhancement new has-patch 2016-07-25T17:20:10Z 2019-08-07T09:20:38Z Add a quick conditional tag to check whether the post is private. sillybean Needs Patch 37461 Introduce get_the_title_attribute() to wrap the_title_attribute( 'echo=0' ) Themes 4.6 normal normal enhancement new 2016-07-25T17:10:06Z 2019-06-04T21:25:02Z "the_title_attribute( 'echo=0' ) is ugly and annoying given that all the other the_* template tags have corresponding get_* functions. Patch adds get_title_attribute() as a simple wrapper function." sillybean Has Patch / Needs Testing 37459 Add additional layer in WP_Http to support parallel requests without requiring use of Requests directly HTTP API normal normal Future Release enhancement new has-patch 2016-07-25T12:46:20Z 2022-07-25T21:01:59Z "Follow-up to #33055. Requests supports parallel requests but we should provide this support through the existing WP_Http API. Some initial work was done by @wonderboymusic in [attachment:ticket:33055:33055.diff]." ocean90 Needs Docs or Unit Tests 37454 get_avatar_data() delivers different url for scheme=https and is_ssl() Users 4.3 normal normal Awaiting Review defect (bug) new needs-unit-tests 2016-07-25T08:09:46Z 2017-02-15T07:56:44Z "get_avatar_data() has an option to set the scheme. If https is used, an image URL is returned which is different to the one which is returned in case delivery is conducted via https without the scheme parameter. I think it would be better to serve the same gravatar url for https pages and explicit https-scheme requests. Regarding performance and depending on the infrastructure, it could also be benefical to drop https://%d.gravatar.com completely and serve all requests to gravatar independent of the page's protocol via https://secure.gravatar.com/ to benefit from HTTP/2 (http and https://%d.gravatar.com requests are served via HTTP/1.1 whereas https://secure.gravatar.com/ allows multiplexing via HTTP/2)." neoxx Has Patch / Needs Testing 37445 Allow to adjust the `$in_admin` property of `WP_Screen` Administration 3.5 normal normal Awaiting Review enhancement new has-patch 2016-07-23T13:57:18Z 2022-07-07T17:32:55Z "The `$in_admin` property of the `WP_Screen` class is impossible to be changed by a developer at the moment, which makes sense in how WordPress uses it. However, I'm currently building a plugin that creates an additional administration panel (like network and user admin) and I would need to adjust the `$in_admin` property to reflect when this panel is active. Otherwise a function like `is_blog_admin()` returns true although we actually aren't in the regular admin panel (since the value of `$in_admin` defaults to 'site'). So I'm proposing to either make the property public so that a developer can override it (for example on the `current_screen` action) or to add a new filter for the property specifically in `WP_Screen::get()`. I would prefer the second approach since having the property being protected makes sense in general. The use-case I have is a very rare one, so I think a very specific filter for it should do." flixos90 Needs Patch 37441 get_default_post_to_edit() function is broken Posts, Post Types normal normal defect (bug) new 2016-07-22T08:32:09Z 2019-06-04T21:02:04Z "The [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/post.php?rev=38118#L591 get_default_post_to_edit()] function contains the following code (formatted for the sake of better readability) in case a new post should be inserted to the database: {{{#!php __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft', ) ); $post = get_post( $post_id ); }}} Later in the function, we just ''work'' with the `$post` object. The problem is, there are [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L2919 se]-[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L2966 ve]-[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L3038 ral] [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L3205 rea]-[https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L3220 sons] under which [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L2873 wp_insert_post()] returns `0`. In such a case, [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/post.php?rev=38125#L451 get_post()], in turn, will return `null`, which is neither a `WP_Post` object nor an `object` at all. Then, [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/post.php?rev=38118#L639 setting a property on this null post] will automatically create a new `stdClass`, resulting in the `$post` object only having the three explicitly set properties `post_content`, `post_title` and `post_excerpt`. If you want to see how this affects WordPress, just put `$post = null;` before [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/post.php?rev=38118#L631 wp-admin/includes/post.php:L631]." tfrommen Needs Patch 37435 Conflicting permalinks with attachment and category of same name Permalinks 4.5.3 normal normal defect (bug) new 2016-07-21T18:58:56Z 2019-06-04T21:01:58Z "On my company site, I created a category called '''Announcements''' and uploaded an image called '''Announcements.png''' Both had permalinks of http://MYDOMAIN/announcements When I tried to navigate to http://MYDOMAIN/announcements I was expecting to see a listing of all the posts in that category, but instead the site was showing the image. I tried with different themes, deactivated all plugins but the issue remained. At the time I didn't realize there was an attachment with the same name as my category. Once I figured that out, I simply changed the attachment name and updated the permalink and everything worked properly. I have a custom permalink structure: '''/%category%/%postname%''' Category Base '''.''' and Tag base of '''keyword'''" Spidergirl1979 Has Patch / Needs Testing 37417 Customize Nav Menus: more visible way to navigate the preview to a menu item object Customize 4.3 normal normal Future Release enhancement new has-patch 2016-07-20T02:22:43Z 2022-05-17T10:31:57Z "Nav menus in the customizer have the benefit of live preview. One of the more hidden aspects of this experience is the ability to view a menu item's object in the preview with the ""original"" link in the menu item options. Unfortunately, being hidden in the item properties dropdown, this feature is little-known. Can we add a link for this to the menu item handle somehow? I've create a preliminary (fully-functional) patch for this, and while I like the UX I think the UI could use work (feels cluttered). This helps to reinforce the connection between menus and content, as well as making it easier to see what an item is linking to when the current menu isn't shown in the preview. It also helps users that may not know that you can navigate links within the preview." celloexpressions Needs Patch 37409 Broken & illogic conditional check in wp_get_document_title() General 4.5.3 normal normal defect (bug) new 2016-07-19T11:53:24Z 2019-06-04T20:00:19Z " {{{ /* * If we're on the blog page that is not the homepage or * a single post of any post type, use the post title. */ } elseif( is_home() || is_singular() ) { $title = the_title_attribute('echo=0'); }}} should be changed to: {{{ /* * If we're on the blog page that is not the homepage or * a single post of any post type, use the post title. */ } elseif( !is_home() || is_singular() ) { $title = the_title_attribute('echo=0'); }}} For now it does not lead to wrong title because the previous condition is_front_page() is catching this before it throws out a wrong title but it should be fixed before it leads to issues when someone decided to do some changes on wp_get_document_title(). You can reproduce a possible error with commenting the condition is_front_page() in wp_get_document_title(). Than visit a frontpage with multiple blog posts. You will see that the wp_get_document_title() will return than the title of the first blog post and not the site title as expected. " ReneHermi Needs Patch 37395 Transients should be replaced with options, e.g. plugin delete notification Plugins normal normal defect (bug) new 2016-07-18T12:04:04Z 2019-06-04T21:01:46Z "Transient data is not guaranteed. Even in the shortest possible duration, on a page redirect! In `wp-admin/plugins.php` : {{{ set_transient('plugins_delete_result_' . $user_ID, $delete_result); //Store the result in a cache rather than a URL param due to object type & length wp_redirect( self_admin_url(""plugins.php?deleted=$plugins_to_delete&plugin_status=$status&paged=$page&s=$s"") ); }}} Now a delete notification is not critical, but it would be just as easy to do this with `set/get/delete_option()`, and set a good example for plugin authors. The retrieval step does an immediate delete: {{{ $delete_result = get_transient( 'plugins_delete_result_' . $user_ID ); delete_transient( 'plugins_delete_result_' . $user_ID ); }}} So it looks easy to write a patch substituting `set/get/delete_option()`, modulo multi-site perhaps. I expected to see more of these in the WP codebase related to notifications, but it's mainly other stuff. About half the use of transients in WP is wrong. I'll list them here for future bugs, but I leave this bug for the Plugins component. * GOOD: wp-admin/includes/dashboard.php ( $cache_key, 'plugin_slugs' ) * BAD: wp-admin/includes/template.php ( 'settings_errors' ) * GOOD: wp-admin/includes/theme-install.php ( 'wporg_theme_feature_list' ) * BAD: wp-admin/plugins.php ( see above: 'plugins_delete_result_' . $user_ID ) * ALL GOOD: wp-content/themes/* * PROB. BAD: wp-trunk/wp-cron.php AND wp-includes/cron.php ( 'doing_cron' ). Using it as a file lock is either egregious or just confusing, depending on whether it is doubling as a global store for the same run. Why not use `*_option()` instead? * GOOD: wp-includes/author-template.php ( 'is_multi_author' ) * PROB. BAD: wp-includes/class-feed.php ( $this->name, $this->mod_name ) * PROB. BAD: wp-includes/media.php ( $regeneration_lock ). Bad if it's to protect successive ajax calls, confusing if it's a global store for the same run. * GOOD: wp-includes/ms-functions.php ( 'dirsize_cache' ) * BAD: wp-includes/pluggable.php ( 'random_seed' ) * GOOD: wp-includes/rss.php ( $cache_option ) * BAD: wp-mail.php ( 'mailserver_last_checked' ) You were expecting a Clint Eastwood reference? Should all be easy fixes. " kitchin Needs Reporter Feedback / Steps To Reproduce 37391 memory issue action Menus normal normal defect (bug) new reporter-feedback 2016-07-17T22:14:37Z 2019-04-18T20:14:42Z "( i have seen this issue on many sites) the problem is that, while saving any custom-menu, it gives frequently error: `PHP Fatal error: Out of memory (allocated xxxx) .... on `wp-includes/functions.php, line 3350` it is `wp_list_filter` function. in the start of that function, i have included this script: echo '
            ';print_r(debug_backtrace()); 
            and i have counted how many times `wp_list_filter` executes and how heavy data it processes on each loop.. look this file, i have included only first 5 ""debug_backtrace: results (because after 20nd loop php crashed, because of out of memory):
            https://drive.google.com/open?id=0Bz7qe_olclTwVXEzeDk2eXdkZVk
            
            please help.
            
            i cant save menus, i cant do anything like that, it crashed with ""out of memory"". i know that i should increase memory limit, but evidently , WP has issue.
            
            "	tazotodua
            Needs Patch	37388	Resource hinting: only dns-prefetch resources in HTML footer.		Script Loader	4.6	normal	normal		enhancement	new		2016-07-17T11:20:27Z	2019-06-04T21:24:57Z	"In #34292 @superpoincare raised some concerns about hinting items in the HTML header, arguing it was of use to hint items in the footer only as the browser will connect to resources enqueued in the HTML header quickly regardless.
            
            @swissspidy pointed out ""Even when enqueued in the head of the document, the resource hints will be delivered to the browser much earlier because their higher up in the source and therefore likely in another HTTP packet. Already being able to perform all necessary handshakes only benefits the actual retrieval of the assets later on.""
            
            @peterwilsoncc thought there was some validitaty to skipping hinting on items in the HTML header but it's something that can be decided later. Oh, that's me.
            
            Related #37387
            
            Milestoning for discussion."	peterwilsoncc
            Needs Docs or Unit Tests	37376	Make it possible for custom post type to have an archive but no single		Posts, Post Types	4.6	normal	normal	Awaiting Review	feature request	new	needs-unit-tests	2016-07-15T17:55:34Z	2021-08-24T05:07:13Z	"Very commonly we'll have testimonials, faqs, and such custom post types, which warrant an archive, but don't make sense to have a single. It's possible to have a post type with no archive and a single, but not the other way around. Funnily enough, I find that we far more often could use what isn't available versus what is.
            
            There are workarounds. One option is to make it a non-publicly-queryable post type and use a page template or something to display the results. Another option I've seen around is to hook into template_redirect on the single and redirect the user. Chances are there's no links on the front-end, so this really only occurs when users click on the link from edit-post admin-side.
            
            Another thing to consider here is SEO plugins and the like which look to the definition of the CPT to build the sitemap. The redirect method ends up putting useless links in the sitemap. The page template method works fine, but obviously means the CPT has to be queried separately.
            
            Would there be a downside to adding a sibling `has_single` option? If it's true by default then it's backwards compatible, and the single rewrites simply reflect the option."	jason_the_adams
            Needs Patch	37372	"missing ""edit permalink button"" below the title"		Posts, Post Types	4.5.3	normal	normal		defect (bug)	new		2016-07-14T22:14:25Z	2019-06-04T21:01:40Z	"With posts and pages there is an ""edit permalink button"" below the title. Also, permalinks change when the title is changed.
            
            For custom posts that does not seem to work in the same way:
            
            For the function register_post_type() there is a 'public' argument which is merely a way of defining 4 other arguments in 1. If you set that to false and then set 'show_ui' to true to get the user interface back you get the complete user interface except the ""edit permalink button"" below the title. Also, permalinks do not change when the title is changed.
            
            That seems like a bug and not like intended functionality."	realblueorange
            Needs Patch	37362	@font-face errors with dashicons in Microsoft Edge		Script Loader		normal	normal	Awaiting Review	defect (bug)	new		2016-07-14T12:08:36Z	2017-12-11T23:04:04Z	"I encountered the following errors in Microsoft Edge console when enter admin dashboard:
            CSS3113:@font-face font format not recognized
            dashicons.eot
            CSS3120: No fonts available for @font-face rule
            load-styles.php (0,37)
            
            This is the following explanation of error code https://msdn.microsoft.com/query/dev12.query?appId=Dev12IDEF1&l=EN-US&k=k%28VS.WebClient.Help.CSS3113%29#cssCodes
            "	jevuska
            Has Patch / Needs Testing	37355	remove_settings_section() counterpart to add_settings_section()		Options, Meta APIs	4.6	normal	normal		enhancement	new	has-patch	2016-07-13T13:52:18Z	2019-06-04T21:01:29Z	"The settings API allows for settings sections to be added, but not removed.
            
            To remove section you have to do the following 
            
            {{{#!php
            before .= rand(0,9);
            	return $args;
            }
            add_filter( 'nav_menu_item_args', 'format_menu_item_args', 10, 3);
            }}}
            
            What you should see before every menu item is a random integer between 0-9. What happens instead is the integer from the previous menu item is passed into the next. So by the time the 'nth' menu item is processed you get 'n' integers outputted whereas only one integer per menu item should be outputted.
            
            I have added a patch to solve this by casting the $args object to an array early in start_el(). If left as an array this would break code already using the 'nav_menu_item_args' filter as an '''$args object''' is passed into the filter. Also code further down start_el() would need updating to use array rather than object notation. So, to get around this I've casted $args to an object again.
            
            This is a new object and so there won't be any issues with referencing the original nav menu args object. Plus, existing code using the 'nav_menu_item_args' filter will still work fine.
            
            See attached screenshots for views of a nav menus before and after the patch is applied.
            
            ''Note: The default type for $args in start_el() is already specified as an empty array but it's actually an object that's being passed in.''"	dgwyer
            Needs Patch	37338	add filter in get_data_by		Users	4.5.3	normal	normal		enhancement	new		2016-07-12T10:45:06Z	2019-06-05T06:44:40Z	"Basically I need to encrypt user_email field in the database,
            I can enrypt them using following filters:
            
            `email_change_email`
            `pre_user_email`
            
            now what i need is to decrypt them when getting retrieved from database,
            as far as I say in the core, this may be done by applying a new filter in `wp-includes\class-wp-user.php#get_data_by( $field, $value )` method, right before this line 
            
            `update_user_caches( $user );` (LN:239)
            
            for this to work, `$value` needs to be filtered based on `$field` as well (cause this is the value that sits in the query in `Line# 235`, so I think three filters in `Line# 207` switch branches should do the trick.
            
            "	muhammadn
            Needs Docs or Unit Tests	37336	Pre-existing page with slug /embed/ does not work as described		Embeds	4.5	normal	normal	Awaiting Review	defect (bug)	new	needs-unit-tests	2016-07-12T02:22:56Z	2020-09-28T09:56:19Z	"In #34971, embeds were added to static frontpages, and there was a discussion of how this would affect an existing page with a slug of /embed/.
            
            The solution was:
            
            - an existing page with slug /embed/ will work as is and disable the pretty embed URL
            - new pages can't be created with a slug of /embed/.
            
            However, this did not work properly. On a site of mine, there is a page with URL /embed/ that was working fine prior to this upgrade. Now:
            
            - if you visit /embed/, you are redirected to the homepage.
            - if you attempt to edit the page, the slug previews as /embed-2/, meaning editing the page content and saving has the unwanted side effect of forcing the URL to change and all links to the page to break without warning.
            
            Suggested changes:
            
            - fix whatever is incorrectly redirecting the URL
            - allow a slug of /embed/ to continue to save as-is if it already exists."	smerriman
            Has Patch / Needs Testing	37332	Enhancement: Add a wrong password message on password protected posts		Posts, Post Types	4.5.3	normal	normal		enhancement	new	has-patch	2016-07-11T22:15:07Z	2024-02-15T14:11:33Z	"If a post is password protected, the user is shown a form where they can enter a password to gain access. If a wrong password is given, there's no helpful message shown to the user. The page is simply reloaded.
            
            Something like ""Wrong password. Please try again."" would be helpful here."	henry.wright
            Needs Patch	37330	Attachment pages do not always provide a link to the original article.		Media	4.5.3	normal	normal		enhancement	new		2016-07-11T21:56:27Z	2019-06-04T20:26:17Z	"I wasn't sure where to post this issue, as it seems to be a limitation in the WordPress code itself rather than a bug. But perhaps someone knows what's going on?
            
            Individual attachment pages (which are created when inserting an image or gallery on a page or post) sometimes provide a link to the main article, BUT NOT ALWAYS.
            
            This is noticeable in themes which take advantage of this capability, such as Twenty Thirteen and Twenty Fourteen, (for other themes that don't include a link back to the original article anyway this doesn't matter.)
            
            For example, in Twenty Thirteen's image.php the following code checks to see if the article URL is available. If it is, the attachment page displays a ""published in"" link, but if not it just displays the date:
            
            
            {{{
            
            Published on in %5$s', 'twentythirteen' ); if ( empty( $post_title ) || 0 == $post->post_parent ) $published_text = ''; }}} Obviously, WordPress expects that the article URL will not always be known, and this is observable. Some attachment pages link back to the article and some do not. But why is this? It seems kind of random- I can't figure out which scenarios generate an attachment page without the link? And in any case, why should WordPress not be able to figure out the article URL and always make it available for themes to use? " webtechmailbag Needs Patch 37311 Site icon thumbnails are lost if wp_generate_attachment_metadata called again later Media 4.5 normal normal Awaiting Review defect (bug) reopened 2016-07-07T22:36:48Z 2021-04-14T16:36:05Z "If image sizes are regenerated with the Regenerate Thumbnails plugin, the custom Site Icon sizes (and possibly other images in the customiser?) are lost. The question is whether this is something that needs changing in the plugin, or whether the logic for how these sizes work should change in core. (Virtually all core documentation tells people to use this plugin when changing image sizes, so it should be fixed in one of the other). I'm of the opinion it should be changed in core, where custom sizes like the ones created by Site Icons should be somehow marked as special sizes, with wp_generate_attachment_metadata checking for any existing custom sizes and including them in the output." smerriman Needs Patch 37310 To get Term Metadata in $term->meta_key Taxonomy normal normal Future Release enhancement new 2016-07-07T16:13:41Z 2020-01-07T22:15:29Z "Like postmeta and usermeta, I'd like to get Term Metadata as a property of a term object. Would you confirm the attached patch file? Thank you." minkapi Needs Patch 37307 Indicate non-GPL plugins and themes for users General 4.4.3 normal normal Awaiting Review enhancement new 2016-07-07T14:57:55Z 2017-05-03T10:41:46Z "There are a lot of WordPress plugins in circulation that ship with a non-GPL compatible license. The wordpress.org plugin repository, of course, only contains plugins that ship with the GPL license, and we are all well aware that all WordPress plugins are considered derivatives and should thusly be licensed under the GPL. This does not remove the fact that not everyone agrees with this, and still vendors insist on shipping with proprietary software licenses. For the regular WordPress user installing plugins from outside of the wordpress.org plugin repository, there is practically no way to differentiate a plugin that ships with the GPL license, and a plugin vendor that chooses to ship with a proprietary license. The readme.txt already always contains the license field, but currently the licenses aren't shown anywhere in the plugins.php UI. I propose we add a license indicator in the plugins.php UI. This would help the user make better choices by choosing to use plugins that ship with a free software license. It would also be useful to somehow also explain (e.g. in a tooltip perhaps) what it means that a plugin author has decided to ship their plugin with a non-GPL license. I would love discussion on how the license field could be indicated in plugins.php. Ideas: - Part of the Shiny Updates feature? - Should clearly indicate when a plugin is NOT using a GPL compatible license - Colour coding different licenses - A tooltip that would explain the use of GPL vs. proprietary licenses Related: #29820" Zuige Needs Dev / Bug Wrangler Feedback 37301 A way to test plugin/theme installs and updates before applying Plugins 4.4.3 normal normal Awaiting Review feature request new dev-feedback 2016-07-07T09:13:20Z 2020-04-15T20:41:18Z "The # 1 reason for WordPress sites going completely down or becoming partially broken is the bad install or an update of a plugin or a theme. The worst case scenario being a complete white screen of death from which the only way to recover is to manually remove the culprit plugin files, which unfortunately requires remote access to the server filesystem. The current plugin upgrader checks if the upgrade causes errors and can in some cases recover from the most obvious cases syntax errors in the critical plugin code. This however fails to mitigate the slightly more subtle issues like incompatibilities between plugins/themes and javascript errors that may still completely wreck the site. Furthermore, the more seasoned WordPress users are known to avoid updating plugins and themes on their site due to the volatility of running an update in production. This of course leaves their sites vulnerable to possible security issues. The best practice of running staging environments to test plugins before updating requires a significant amount of technical knowledge and labour, and is not widely practiced among regular users. I suggest we give the option for users to test plugin / theme installs and updates prior to applying them. This requires a sort of sandbox environment for the user where they can freely install and test plugins without worrying about breaking anything. I've created an example implementation of these plugin update sandboxes in (slightly hacky) plugin form. The plugin adds a ""test update"" button to the update.php admin screen, which creates a sandbox where the user can test the updated plugin without affecting the live site. Both the plugin directory and the database are separated from the live ones. https://github.com/anttiviljami/wp-safe-updates Screenshots: The ""test update"" button in update.php [[Image(https://github.com/anttiviljami/wp-safe-updates/raw/master/assets/screenshot-1.png)]] Updating the plugin in an alternate heap (sandbox) [[Image(https://github.com/anttiviljami/wp-safe-updates/raw/master/assets/screenshot-2.png)]] Testing the plugin inside the sandbox [[Image(https://github.com/anttiviljami/wp-safe-updates/raw/master/assets/screenshot-3.png)]] -- I would love more discussion about this. I feel the safety of theme / plugin updates is definitely among the most important issues to solve for the future of WordPress security. Love, @anttiviljami" Zuige Needs Patch 37297 Deprecate get_blogaddress_by_id function spacedmonkey Networks and Sites 3.0 normal normal Future Release enhancement reviewing 2016-07-06T21:06:18Z 2023-03-06T14:30:02Z The get_blogaddress_by_id function is pretty old and should be replaced with get_home_url, as this is filtered. spacedmonkey Has Patch / Needs Testing 37296 Bulk edit category labels are slightly misleading Quick/Bulk Edit normal normal enhancement new has-patch 2016-07-06T19:51:46Z 2019-06-04T21:24:45Z "Related to this ticket #35548, the bulk edit taxonomy tool labels can be a little misleading, as the feature does not allow for bulk editing, but rather bulk assignment. This patch simply prepends ""Assign"" to the labels to make it more clear.." wpnook Needs Patch 37287 wp_print_admin_notice_templates() does not use _n*() for plural forms swissspidy I18N 4.6 normal normal 6.6 defect (bug) assigned 2016-07-05T12:23:24Z 2024-02-28T14:25:48Z "Function wp_print_admin_notice_templates() (https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/update.php#L615) does not properly use _n() and related functions for plural forms of its strings. It just makes a simple if (count ===1) check and uses two different strings - one for singular, one for plural form. This presents a problem when translating into languages that have more than one plural form, or more complicated rules for singular form usage. For example, in Lithuanian we also use singular form for 21, 1241 and any other number that ends with 1 (except for 11). And we have two plural forms - one for numbers ending with a zero, another for everything else. In current situation we can not have a proper translation here. " ideag Has Patch / Needs Testing 37284 Add indication for required next to Confirm Password Users 4.6 normal normal Awaiting Review enhancement new has-patch 2016-07-05T10:12:50Z 2017-05-04T16:35:52Z "In new user and edit user screens, if you choose to manually add a password and this password is not strong enough, a ""Confirm Password"" checkbox appears. ""Add New User"" or ""Update Profile"" (depending on which of the 2 screens you currently are) button is disabled, until you check this ""Confirm Password"" checkbox. But, as there is no indication that you have to check this checkbox in order the submit button to be enabled, I suggest to add a ""(required)"" indication next to it, so the user knows what is missing to enable the button. I attach a screen on how I suggest the screen to look like. I also attach a patch that adds this indication in both add and edit user screens." kouratoras Needs Patch 37281 Allow non-error notifications to be set for Customizer settings from PHP Customize normal normal Future Release enhancement new 2016-07-04T22:46:29Z 2019-04-19T21:05:35Z "An API adding notifications to Customizer settings was added in #34893. In JS a notification can be added of type `error`, `warning`, `info`, and custom. In PHP, however, only `error` notifications can be added to a setting, and this is done by returning `WP_Error` from a validation routing (or sanitization routine). It may be useful to allow other kinds of notifications to be added via PHP as well. This would likely require adding a `WP_Customize_Setting::$notifications` collection with a `WP_Customize_Setting::add_notification()` and `WP_Customize_Setting::remove_notification()` to provide a similar API in PHP for the general notifications API in JS. It seems clear that non-error notifications shouldn't be added by returning `WP_Error` instances from validation routines, but that the notifications could be added inside of such routines, for example: {{{#!php 20 ) { $this->add_notification( array( 'type' => 'warning', 'code' => 'long_value', 'message' => __( 'This is a long value!' ), ) ); } } } }}} The non-error notifications could be sent back as part of full refresh and selective refresh responses in a similar way that error notifications are sent back and updated into the JS models." westonruter Has Patch / Needs Testing 37280 Remove boldness from update notices Presskopp General normal normal Future Release enhancement assigned has-patch 2016-07-04T22:08:13Z 2021-11-14T10:49:16Z "Previously: https://wordpress.slack.com/archives/design/p1466093104000007 The notices are currently inconsistent, some are bold, some are not, and some use bold only to highlight words. OH: ''Bold text is just wasted bandwidth.''" ocean90 Needs Patch 37275 Facilitate creating controls that manipulate settings with object values Customize 3.4 low normal Future Release enhancement new 2016-07-04T20:39:26Z 2019-04-19T21:05:06Z "While #37274 addresses the difficulty to manipulate updating settings that have object values, the Customizer JS API also does not facilitate creating controls that have fields which manage a setting that has a object value. The `MenuNameControl` provides a good example of a control that has a text field for managing a nav menu setting's `name` property: {{{#!js control.nameElement = new api.Element( control.container.find( '.menu-name-field' ) ); control.nameElement.bind(function( value ) { var settingValue = control.setting(); if ( settingValue && settingValue.name !== value ) { settingValue = _.clone( settingValue ); settingValue.name = value; control.setting.set( settingValue ); } }); control.setting.bind(function( object ) { control.nameElement.set( object.name ); }); }}} This works but it is tedious when scaling and makes it difficult to extend, as can be seen in the `MenuItemControl`. There should be a more declarative way to link a field to ''a property'' of a setting value object. One implementation of this can be seen in the [https://github.com/xwp/wp-customize-posts/blob/0.6.1/js/customize-dynamic-control.js Dynamic control] as seen in the Customize Posts plugin. While Core supports a `data-customize-setting-link` attribute in a control template to declaratively link an input field to a setting value, the Dynamic control Dynamic adds support for a `data-customize-setting-property-link` attribute which will link the input field to the a ''property'' of the (default) setting. This eliminates the need for custom JS logic to link the input elements. See an example control which has fields which manipulate a setting value containing a street address: https://github.com/xwp/standalone-customizer-controls/blob/master/class-customize-address-control.php This will facilitate extending nav menu items in the Customizer: #18584." westonruter Needs Patch 37274 Facilitate updating/extending Customizer setting values that are objects Customize 3.4 normal normal Future Release enhancement new 2016-07-04T20:22:46Z 2019-04-19T21:04:47Z "There is bit of a dance to work with setting values that are objects. Consider a `mailing_address` setting that represents a street address: {{{#!json { ""street"": ""123 Fictional St."", ""city"": ""Portland"", ""state"": ""OR"", ""zip"": ""97201"" } }}} Getting the value is as simple as `wp.customize( 'mailing_address' ).get()`, but updating the value is not so simple. To change the `street` part of this setting, the following is required: {{{#!js var value = wp.customize( 'mailing_address' ).get(); value = _.clone( value ); value.street = '123 Imaginary Ave'; wp.customize( 'mailing_address' ).set( value ); }}} The clone is required because objects are passed by reference, and if the `value` were to set directly, the subsequent `set` would not trigger a `change` event. Widgets and nav menus use objects as values in Core. Widgets aren't manipulated directly in JS (until #33507) but nav menus and nav menu items are. Here's the code for managing how a nav menu's name gets changed when the nav menu's name field is updated: {{{#!js control.nameElement.bind(function( value ) { var settingValue = control.setting(); if ( settingValue && settingValue.name !== value ) { settingValue = _.clone( settingValue ); settingValue.name = value; control.setting.set( settingValue ); } }); }}} To make it easier to work with setting values as objects, we could introduce a `wp.customize.Value#setExtend` method that allows an object value to be extended in the same way that `setState` works in React, take an object of key/value pairs that are merged on top of the existing value. Here is an example implementation: {{{#!js wp.customize.Value.prototype.setExtend = function( props ) { var value = _.clone( this.get() ); _.extend( value, props ); this.set( value ); }; }}} With this, to update the `mailing_address` setting value property in the above example could be changed to simply: {{{#!js wp.customize( 'mailing_address' ).setExtend( { street: '123 Imaginary Ave' } ) }}} See #26061. Related #37275." westonruter Has Patch / Needs Testing 37264 Please do not chmod 666 the wp-config.php file on installation. Security 1.0 normal normal Awaiting Review defect (bug) new has-patch 2016-07-03T22:27:47Z 2019-03-22T13:20:31Z "On installation, WordPress invariantly does a {{{chmod 666}}} of the {{{wp-config.php}}} file: https://github.com/WordPress/WordPress/blob/4.5.3/wp-admin/setup-config.php#L393 This file is very sensitive; it contains the database password and authentication keys, among other things. 666 grants read, write, and execute permissions to every single user on the system. Even read permissions are too much; not only can you dump the database, but you can easily escalate to code execution via template changes (which are stored in the database and {{{eval}}}'d). There are virtually no situations where 666 is the appropriate level of permission for this file. It should be something like 600 instead. * On shared web hosts, other users may be able to read (or even edit!) the file, depending on what isolation the host provides. Most large shared hosting providers do it by making the home directory ~600 so that only the user can traverse it, then run the webserver as that user (and so there's no point making it 666 anyway, it might as well be 600). Other shared web hosts use suexec or suphp to achieve the same, but in these setups, 666 is incredibly dangerous and allows others to modify it (and it should be 600). * Even on dedicated hosts with no other users or websites, these permissions mean that pretty much any compromise on the system can be elevated to full control of your site. And 600 will still work here. If there is too much concern about this not working across diverse hosting environments, then the installer could incrementally try wider permissions until the file can be read by the PHP code (I would still argue it should never silently make files world-writable, or even world-readable, though). Please consider changing the default to 600." chriskuehl Needs Patch 37261 Consider removing the `$start` argument from `WP_UnitTest_Generator_Sequence` Build/Test Tools 4.4 normal normal Awaiting Review enhancement new 2016-07-03T12:46:17Z 2019-02-25T01:46:45Z "As a follow up to [35244] and [37299], I wonder whether the `$start` argument in `WP_UnitTest_Generator_Sequence` still makes sense. Currently the class handles two things: - Global increments (via the static incrementor variable). - Local increments (via the `$start` argument). So I'd propose to remove the `$start` argument. A different, simpler class could be used for local increments instead." Frank Klein Needs Dev / Bug Wrangler Feedback 37255 Update attachment functions to accept a post object in addition to ID johnbillion* Media 4.6 normal normal Future Release enhancement accepted close 2016-07-02T09:26:02Z 2023-04-26T21:37:20Z "Some WordPress functions accept the $post object as parameter instead only the $post_id. Since most of the time we write our code within the loop or we use the $post object, could be an improvement to standardize the functions that require a post id even support the $post object? For the wp_get_attachment_caption for example, could be like this: {{{ /** * Retrieves the caption for an attachment. * * @since 4.6.0 * * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post. * @return string|false False on failure. Attachment caption on success. */ function wp_get_attachment_caption( $post = null ) { if ( ! $post instanceof WP_Post ) { if ( ! $post = get_post( $post ) ) { return false; } } if ( 'attachment' !== $post->post_type ) { return false; } $caption = $post->post_excerpt; /** * Filters the attachment caption. * * @since 4.6.0 * * @param string $caption Caption for the given attachment. * @param WP_Post $post Attachment object. */ return apply_filters( 'wp_get_attachment_caption', $caption, $post ); } }}} The get_the_post_thumbnail_caption that use the wp_get_attachment_caption accept the $post object. Also, instead of passing the $post->ID to the wp_get_attachment_caption, use the $post object, so we can work directly with the object instead of calling again the get_post function to retrieve it." wido Has Patch / Needs Testing 37253 "Add several missing ""_deprecated_function()"" calls" General low normal Future Release defect (bug) new has-patch 2016-07-02T07:21:54Z 2019-04-19T20:51:49Z "I found 13 deprecated functions that don't use `_deprecated_function()`. We have to use the deprecated functions call to trigger an error when `WP_DEBUG` is `true`. It helps developers to catch and fix their code. See the attached patch." ramiy Needs Patch 37251 Not return 404 on front-page with option page and url `/page/2` Query 4.5.3 normal normal Awaiting Review defect (bug) new 2016-07-01T15:31:11Z 2023-05-28T15:33:44Z "If i setup page on front-page(Go `Settings`->`Reading`->`Set show on front static page and choose own page`->`Save`). Then go to front page on my site (example http://my-domain/) i see page, which setted before. But if i try open `http://my-domain/page/2`, `http://my-domain/page/3` and etc, i get always front-page, except i am wait 404 error. After debug i found solution (line 1777 in `query.php`): {{{#!php is_home && 'page' == get_option('show_on_front') && get_option('page_on_front') && !$this->is_paged) { $_query = wp_parse_args($this->query); // pagename can be set and empty depending on matched rewrite rules. Ignore an empty pagename. if ( isset($_query['pagename']) && '' == $_query['pagename'] ) unset($_query['pagename']); unset( $_query['embed'] ); if ( empty($_query) || !array_diff( array_keys($_query), array('preview', 'page', 'paged', 'cpage') ) ) { $this->is_page = true; $this->is_home = false; $qv['page_id'] = get_option('page_on_front'); // Correct for page_on_front if ( !empty($qv['paged']) ) { $qv['page'] = $qv['paged']; unset($qv['paged']); } } } }}} Add `&& !$this->is_paged` check." sheo13666q Has Patch / Needs Testing 37249 Missing url escapes and 'author' link relation in wp_list_authors() General normal normal Awaiting Review defect (bug) new has-patch 2016-07-01T12:34:23Z 2019-04-20T10:11:59Z " Since WordPress 4.4 the function {{{get_the_author_posts_link()}}} is available: https://github.com/WordPress/WordPress/blob/4.4-branch/wp-includes/author-template.php#L236-268 It was introduced in #30355. It escapes the {{{get_author_posts_url()}}} as expected and uses {{{rel=""author""}}} for the author link. This is not the case with {{{wp_list_authors()}}} were e.g. both {{{get_author_posts_url()}}} and {{{get_author_feed_link()}}} are un-escaped. ps: My first thought was to have two separate tickets for the escape + relation, but I decided to combine it here as it corresponds to the same code. It would have been handy to use {{{get_author_posts_url()}}} within {{{wp_list_authors()}}} but there's a slight difference there. If we had e.g. the input parameters {{{get_author_posts_url( $author, $name )}}} then such a replacement could work ;-) " birgire Needs Patch 37238 Right-aligned captions with embedded iframes get removed in Visual mode Shortcodes 4.5.3 normal normal defect (bug) new 2016-06-29T20:43:13Z 2019-04-19T21:12:30Z "This has affected a client site a couple of times now so I thought I'd better share it and see if this is a bug or if there is something we are doing fundamentally wrong. If you are working in Text mode and you end up creating a caption, right-aligning it and embedding an iframe within the caption shortcode, as follows... {{{ [caption width=""350"" class=""alignright"" caption=""Ria Ritchie's latest video on YouTube""][/caption] }}} ...if anyone comes along in Visual mode they can see the embedded iframe right-aligned and with the caption below it. If they make a change to any part of the post and hit 'Update', the caption and iframe get removed, but the caption text remains (without any surrounding markup)." ChrisBAshton Needs Patch 37228 Consider to rethink and improve the list tables pagination links Administration normal normal Future Release enhancement new 2016-06-29T14:04:15Z 2019-04-19T20:13:48Z "Splitting this out from #33962. See also #32558. Quickly discussed at WCEU 2016 Vienna's Contributor Day with @karmatosed and @hugobaeta and noticed the pagination links offer room for design improvements. Looks like there are no apparent reasons (other than historical ones) why the top and bottom pagination links should differ and maybe the editable input field should be displayed only when there are more than 3 pages. As @helen pointed out, also the interactions could benefit from some rethink. This would probably be a very nice ticket for designers willing to contribute :) Current state on 4.6 trunk: [[Image(https://cldup.com/jPRxp_462C.png)]] with longer translated strings: [[Image(https://cldup.com/lkdtPkEn0P.png)]]" afercia Has Patch / Needs Testing 37219 Admin menu with admin_url function Administration normal normal enhancement new has-patch 2016-06-29T06:13:05Z 2019-06-04T19:39:25Z I think that options in menu should have admin_url function. For example I want add custom param (?lang=de). I can use admin_url filter but this not work in menu items sebastian.pisula Needs Patch 37207 Multiple unit tests for add_rewrite_endpoint lose custom endpoints Build/Test Tools 4.5.3 normal normal Future Release defect (bug) new 2016-06-28T02:47:28Z 2019-02-25T01:46:38Z "When registering multiple endpoints through `add_rewrite_endpoint()`, tests for the existence of each endpoint in `$GLOBALS['wp']->public_query_vars` fails. I have attached a simple plugin that illustrates the problem. Steps to reproduce: 1. Download the plugin. 2. Run `phpunit` inside of it. 3. Test #1 succeeds while test #2 fails. The relevant excerpts from the plugin are included below. Endpoint registration: {{{ add_action( 'init', function() { add_rewrite_endpoint( 'custom-endpoint', EP_ROOT ); add_rewrite_endpoint( 'custom-endpoint-2', EP_ROOT ); }); }}} Tests: {{{ class TestRewriteEndpoint extends WP_UnitTestCase { public function setUp() { parent::setUp(); $this->set_permalink_structure( '/%year%/%monthnum%/%day%/%postname%/' ); $this->qvs = $GLOBALS['wp']->public_query_vars; // print_r( $this->qvs ); } public function tearDown() { $GLOBALS['wp']->public_query_vars = $this->qvs; parent::tearDown(); } public function test_is_custom_endpoint_added() { $this->assertContains( 'custom-endpoint', $GLOBALS['wp']->public_query_vars ); } public function test_is_custom_endpoint_2_added() { $this->assertContains( 'custom-endpoint-2', $GLOBALS['wp']->public_query_vars ); } } }}} This may possibly be related to #34346, though in this case I am not using `go_to()`." ericdaams Has Patch / Needs Testing 37206 Unit test functions for functions.php's xmlrpc_removepostdata function XML-RPC 4.6 low minor Future Release enhancement reviewing has-patch 2016-06-28T00:56:34Z 2020-02-21T17:56:03Z Wrote some unit tests that covers functions.php's xmlrpc_removepostdata function. tloureiro Has Patch / Needs Testing 37202 the_archive_title() doesn't output the author's display name if that author hasn't posted Users 4.5.3 normal normal defect (bug) new has-patch 2016-06-27T18:25:38Z 2021-11-19T18:10:30Z "In my archive.php template, if I do this: {{{ get_header(); the_archive_title( '

            ', '

            ' ); // Rest of code... }}} and then take a look at example.com/author/joebloggs, I expect to see: = Author: Joe Bloggs = The problem is if joebloggs hasn't posted yet, I see this: = Author: =" henry.wright Needs Patch 37200 Add wrappers with IDs to user-edit.php Users 4.6 normal normal enhancement new 2016-06-27T17:51:33Z 2019-06-05T06:44:27Z "The HTML markup of the user edit screen has been missing some classes and IDs that would make it easier to hide different sections. An earlier patch #29348 introduced ids for the `` elements but there is still more to do. The different sections have all `

            ` headings and `` tables. It's hard to select these sections with CSS or JS because there is no identifiers. To take the initiative from #29348 to a bit further, I would add wrapper `
            ` elements to these sections. I used following naming: Section title: `Additional Capabilities` Section wrapper id: `user-additional-capabilities-section` This way, the naming is simalar to the `
            ` wrappers (like ""user-capabilities-wrap"") but has it's own logic that separates these two. This patch makes it easy to hide the title of a section or hide the whole table of chosen section." TeemuSuoranta Needs Reporter Feedback / Steps To Reproduce 37190 Split out function declarations and code executions. Build/Test Tools normal normal Awaiting Review enhancement new reporter-feedback 2016-06-26T14:59:16Z 2020-09-14T19:03:30Z Quite a few php files in the root directory contain function definitions and code executions. This makes it impossible to unit-test those functions. Should we move those function definitions to `includes/.php` and then include them at the top of the root file? stephenharris Needs Docs or Unit Tests 37185 "wp_print_styles() doesn't call ""wp_print_styles"" action when ""$handles"" argument passed" Script Loader 3.3.1 normal normal defect (bug) assigned needs-unit-tests 2016-06-26T13:53:32Z 2019-06-04T21:24:27Z "In {{{wp_print_styles()}}}, there is ""wp_print_styles"" action calls when function is used with optional ""$handles"" argument. {{{if ()}}} statement should be deleted ( like {{{wp_print_scripts()}}} ). Unit tests are passed." evgenniy Needs Dev / Bug Wrangler Feedback 37183 Nested shortcodes in new-style [caption] Shortcodes 3.4 normal normal defect (bug) new dev-feedback 2016-06-26T13:05:25Z 2021-05-08T23:34:46Z "Splitting this of from #24990 after discussions on WCEU contributor day: Having something like `[caption][shortcode][/shortcode] Caption Text[/caption]` does not work. The opening shortcode get's thrown out completely because `caption` only begins to parse at `]+>\s*)?]+>(?:\s*)?)(.*)#is', $content, $matches ) ) { }}} that throws out any shortcode enclosing the image and/or link tag in the `$content`. Currently, the only workaround is to replace {{{wp_caption}}} and {{{caption}}} entirely, like this: {{{ function media_credit_caption_shortcode($attr, $content = null) { // New-style shortcode with the caption inside the shortcode with the link and image tags. if ( ! isset( $attr['caption'] ) ) { if ( preg_match( '#((?:\[media-credit[^\]]+\]\s*)(?:]+>\s*)?]+>(?:\s*)?(?:\s*\[/media-credit\])?)(.*)#is', $content, $matches ) ) { $content = $matches[1]; $attr['caption'] = trim( $matches[2] ); } } return img_caption_shortcode($attr, $content); } add_shortcode('wp_caption', 'media_credit_caption_shortcode'); add_shortcode('caption', 'media_credit_caption_shortcode'); }}} The regex can't be removed entirely because it converts the new-style caption syntax introduced in WordPress 3.4 to the older one used internally. Following a suggestion from @tychay, I've come with the attached patch filtering the `$matches` instead of the regex itself. The proposed filter would also enable new-style captions for media elements other than `` (which currently are only supported if you use the old-style attribute syntax). The default behavior is not changed, though. Currently existing unit tests are not affected." pputzer Needs Patch 37181 Use metadata api in *_network_options spacedmonkey Networks and Sites 4.4 normal normal Future Release enhancement reopened 2016-06-26T12:44:04Z 2022-12-07T16:46:35Z "The network (site) options are stored in the database as sitemeta. The table is formatted as a meta table. However the CRUD of this data in get_network_option, update_network_option, add_network_option and delete_network_option doesn't use the metadata api. Using the metadata api has many advantages, such as filters and a more consistent caching api. " spacedmonkey Needs Dev / Bug Wrangler Feedback 37178 Add $cache_only parameter to get_option Options, Meta APIs normal normal Awaiting Review enhancement new needs-unit-tests 2016-06-26T11:21:08Z 2023-04-24T13:03:34Z "When you do `get_option()` and the option doesn't exist in the option cache, WordPress does a query to check whether that option exists and loads it. This is great as default behavior, but when you ''know'' that an option would have been autoloaded, you might not want that to happen. I propose adding a parameter `$cache_only`, which defaults to false, which, when set to true, returns false when there is no option set in the cache. The ""workaround"" currently would be to set an empty option, but that means adding unnecessary data to the database." joostdevalk Needs Patch 37162 wp_style_add_data and wp_script_add_data should accept SRI information Script Loader 4.5.3 normal normal Awaiting Review enhancement new 2016-06-24T01:34:38Z 2018-11-14T15:27:09Z "Subresource Integrity Hashes (SRI) is now recommended for many CDN sourced CSS and JavaScript as provided for in http://www.w3.org/TR/SRI/ . WordPress does not allow SRI code (or anything other than a set list) to be added via wp_*_add_data. The same applies to javascript loading in addition to stylesheet loading. wp_*_add_data should support these tags instead of currently silently ignoring them. The two tag keys are crossorigin and integrity. Example of recommended link tags that should be generated: {{{ }}} Expected (currently non-working usage) {{{ wp_enqueue_style('bootstrap', ""https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.2/css/bootstrap.min.css"", array(), null, 'all'); wp_style_add_data('bootstrap', 'crossorigin', 'anonymous'); wp_style_add_data('bootstrap', 'integrity', 'sha384-y3tfxAZXuh4HwSYylfB+J125MxIs6mR5FOHamPBG064zB+AFeWH94NdvaCBm8qnd'); }}} " michaelkrieger Needs Patch 37160 Pingbacks fail on multi-page posts Pings/Trackbacks normal normal defect (bug) new 2016-06-23T18:48:37Z 2019-06-04T21:00:55Z "Repro: 1. Publish a post to pingback in a subsequent post and assure that the site/post will allow pings. 2. Create a second post that has multiple pages with a reference to the post created in step 1 in one of the later pages (sample content below). 3. Publish the second post. Expected: The pingback will register. Actual: The pingback doesn't register. If you repeat steps 2 and 3 but move the link to the post created in 1 to the first page, the pingback works. Here's some sample content to demonstrate the issue: {{{ Page One Page Two Page Three with pingback: http://pleasetest.me/2016/06/23/page-to-ping/ }}} This fails because the pingback code checks the pinging post to confirm that the pung link exists in the content. Since the pung link displays on a subsequent page, it's not displayed on the un-paginated permalink. Thus when the pingback code fetches the pinging link, it doesn't find a link to itself in the content and it discards the pingback. But this is a valid use case and not an instance of spoofing (which I take it is what this check is designed to prevent). I'm not sure if there's some parameter we could append to the url when we fetch to validate the link in context that might skip the pagination. If so, that might be the simplest fix. I suppose another fix might be to look for `verifying pingback` in the user agent (which is included in this validation request's UA) and skip pagination if found. That feels kind of brittle, though." dllh Needs Patch 37157 Photo galleries are displaying EVERY photo in library (and related issues). Gallery 4.5.2 normal normal defect (bug) new 2016-06-23T03:21:21Z 2019-06-04T19:59:42Z " '''ISSUE 1.)''' * With WordPress Permalinks set to ""Post Name"", any photo gallery that has been added to a page displays EVERY photo in the media library. For example if you've added a gallery of 3 photos, 3 thumbnails are displayed on the page, but entering the gallery will allow you to click ""next"" to view every photo that has been uploaded to the WordPress site. This has been tested in a fresh install of WordPress (version 4.5.3) and with the themes Twenty Thirteen through Twenty Sixteen. In this case WordPress Permalink settings have been set to ""Post Name"". If Permalinks are instead set to ""Plain"" (the default) this does not seem to be a problem. I have not tested out other Permalink settings to see if they work. An internet search brings up two discussions related to this issue which do not appear to have been properly resolved: * https://wordpress.org/support/topic/gallery-showing-all-images-in-media-library?replies=12 * https://wordpress.org/support/topic/gallery-showing-all-images-in-media-library-1?replies=4 '''ISSUE 2.)''' * Single photos added to a page are no longer viewable within a gallery. If you've added a single photo (not a gallery) to a page that also contains a gallery, and if that single photo is also part of the gallery's thumbnail group, it is longer a part of the actually gallery. You can no longer view that image by entering the gallery even though it is shown in the gallery's thumbnails. In this case the single photo is set to ""link to attachment page"". Permalinks are set to ""Post Name"". '''ISSUE 3.)''' * Single photos added to a page have incorrect attachment link by default. In this case Permalinks are set to ""Post Name"". If you add a single photo to a page and leave the default ""link to attachment page"" set, the link is incorrect; it is missing the page name in it's path. If you then go back to edit the page again and look at the details of the photo, you can see that it has changed to ""link to custom URL"" but is still showing the same incorrect link. Changing this back again to ""link to attachment page"" corrects the link by adding the page name to the path. I have not tested this with other Permalink settings. '''ISSUE 4.)''' There seems to be a problem with galleries not displaying all photos when certain other pages are in the ""trash"". For example, after deleting a page titled ""try"" which contained the image ""cake"", another page would not display ""cake"" within a photo gallery. Clicking on the ""cake"" thumbnail in the photo galley opened the attachment page ""try__trashed/cake/"" and would not slide to the next photo. Clicking on any of the other thumbnails in the gallery would work, but would never slide to ""cake"". " webtechmailbag Needs Reporter Feedback / Steps To Reproduce 37156 Multisite: WP-generated permalink for title-less post does not work (Or: numeric post slug that matches existing post ID number generates 404 error) Posts, Post Types 4.4.3 normal normal defect (bug) new reporter-feedback 2016-06-23T00:51:59Z 2019-06-04T21:00:50Z "On a Multisite installation, a permalink with a post-name structure results in a 404 error when its slug is a number and that number matches an existing post ID number. Example: http://myblog.com/blog/7 where a post (any post) has an ID of 7. When WordPress generates a slug for a title-less post, it forms the slug using the post ID. Since the post ID is (now) in use, the default permalink for the title-less post is broken. It appears ticket #5305 resolved the issue for regular installs by automatically appending -2 to the slug (http://myblog.com/blog/7-2). Can this be done for Multisite? Or better yet, use some other more elegant designation that doesn't imply that this is the second of two posts using 7 for the slug? To replicate: Use a Multisite installation. Set permalinks to Post name structure. Create a post without a title. Note that the generated slug is the ID number of the post. Save and then click on the Permalink slug below the title text field. Arrive at 404 page. In admin, change the slug to include a character. Try again. Arrive at correct page. You can also see the same behavior by choosing any titled post in admin and changing its slug to a number that matches its own or any other existing ID. " raskull Needs Patch 37148 Links in notification emails appearing as https Administration normal normal Awaiting Review defect (bug) new 2016-06-22T08:38:31Z 2017-03-01T14:03:39Z "I have received several notification emails as an Administrator instructing me that Wordpress has been updated to the latest version. However, all of the links contained within all of the emails output the URL as https://, and not whatever is stated within the Wordpress Site URL setting in General. This leads to any link that is visited displaying a 'Connection not secure' message, as there is no SSL certificate for that domain name." leec87 Needs Dev / Bug Wrangler Feedback 37145 Admin submenu opens underneeth editor link tool Administration 4.5.2 low minor Future Release defect (bug) assigned dev-feedback 2016-06-22T07:00:54Z 2020-08-05T14:22:04Z "Sub menus of the admin menu opens underneath the editor's link tool. Possibly a z-index problem. [[Image(http://i.imgur.com/7PMPxb6.png)]]" Stoffe1 Needs Patch 37143 Missing Screen options tab in Add New plugin screen Plugins normal normal enhancement new 2016-06-21T22:29:07Z 2019-06-04T21:00:36Z "Hey It would be great to have Screen Options tab for Add New Plugin screen. With the option to select amount of plugins to view on each page. Having one very long add new plugin screen is preferable then to having 5-6 pages to have to jump through. Adding the Screen Options tab would really help." paaljoachim Needs Patch 37130 Auto-download language packs when installing manually Upgrade/Install normal normal Future Release enhancement new 2016-06-20T09:08:17Z 2020-09-23T20:45:03Z "Themes and plugins can be downloaded from Rosetta sites (locale.wordpress.org). When they're downloaded, they are only available in English and whatever locale packages a theme/plugin author has decided to ship. They do not include language packs made available from translate.wordpress.org. As a result, if I download a plugin from the German plugin directory and manually install it, even if it's fully translated into German and a language pack is available, I won't see the interface in German. Thus, this ticket. On manual install, we should check for an available language pack and auto-download the language pack." samuelsidler Needs Dev / Bug Wrangler Feedback 37115 recent canonical change is giving an infinite 301 redirect loop Canonical 4.4.2 normal normal defect (bug) new dev-feedback 2016-06-16T16:26:39Z 2019-06-04T19:39:05Z "Hello, For 4.5.2 in canonical.php line 175, in prior versions there was an elseif condition which was removed. Can you please add it back? && isset($wp_query->queried_object) && For example, when we have akamai injecting GET parameters to our home page, it just goes in an infinite 301 loop due to line 175 now evaluating TRUE when in the past it would evaluate as FALSE, and we'd like that back. Please and thank you awesome wordpress team!" solomon123br Has Patch / Needs Testing 37103 get_comments_number_text() should not replace '%' in post title Comments 4.2 normal normal defect (bug) new has-patch 2016-06-14T20:06:02Z 2019-06-04T19:38:56Z "Background: #13651 1. Create a post titled ""Hello % world"". 2. Add a couple of comments. 3. `comments_popup_link()` will produce the following output: {{{ 2 Comments on Hello 2 world! }}} Note ""Hello 2 world!"" instead of ""Hello % world!"", due to `get_comments_number_text()` treating `%` as a comments number. Reproduced with 4.5.2 and Twenty Sixteen. Technically introduced in [31388]." SergeyBiryukov Needs Dev / Bug Wrangler Feedback 37096 Unit tests for xmlrpc_getposttitle() and xmlrpc_getpostcategory() along with patch to trim and unique returned values SergeyBiryukov XML-RPC 0.71 low minor Future Release enhancement reviewing dev-feedback 2016-06-14T00:24:25Z 2022-01-20T13:01:43Z In tonight's Contrib 2 core we created this unit test for xmlrpc_getposttitle() function pbearne Has Patch / Needs Testing 37079 Add new filter pre_wp_get_nav_menu_items Menus normal normal Awaiting Review enhancement new has-patch 2016-06-11T23:58:25Z 2017-08-17T18:32:01Z Add a filter into wp_get_nav_menu_items function. This allows you to short-circuit the function and stop the get_objects_in_term (which is uncached) function from running. spacedmonkey Has Patch / Needs Testing 37077 Replacing one variable handler for another to ensure proper conditional check occurs 100%. Formatting 4.5.2 normal trivial defect (bug) reopened has-patch 2016-06-11T23:18:57Z 2019-06-04T19:59:27Z "I have a likely non-reproduceable problem that, nonetheless, still indicates a failure of a conditional check in wp-class.php. I'd been receiving log file non-critical php errors/warnings for months referencing the rawurlencode() on line 528 getting an array variable. Which is not allowed for that function, hence the error. When I changed line 526's conditional check from {{{ if ( !is_scalar($this->query_vars[$wpvar]) ) }}} to {{{ if ( ( !is_scalar($this->query_vars[$wpvar]) || is_array($this->query_vars[$wpvar]) ) ) }}} the errors went away. Bad plugin/theme code, notwithstanding, the fact that the conditional check fails at all indicates a need for ""refinement"". That's the whole point of these checks, to ensure bad code doesn't take down a website. I'm even wondering if a more streamlined code change for line 526 to {{{ if ( !is_string($this->query_vars[$wpvar]) ) }}} is more appropriate as string variables are all that rawurlencode() allows. I hated changing any core file. But, I was able to quickly address a small issue that shouldn't have been allowed by the core. I don't think this change would impact anyone, the function build_query_string() this code falls within has been depreciated, anyway. BTW, I'm not sure why is_scalar() is failing. However, I came across a few instances across the web with similar quirks. Everyone of those problems was addressed in a similar fashion (i.e. using is_array() or !is_string() instead of !is_scalar()). Source code from wp-class.php: {{{ 521 public function build_query_string() { 522 $this->query_string = ''; 523 foreach ( (array) array_keys($this->query_vars) as $wpvar) { 524 if ( '' != $this->query_vars[$wpvar] ) { 525 $this->query_string .= (strlen($this->query_string) < 1) ? '' : '&'; 526 if ( !is_scalar($this->query_vars[$wpvar]) ) // Discard non-scalars. 527 continue; 528 $this->query_string .= $wpvar . '=' . rawurlencode($this->query_vars[$wpvar]); 529 } 530 } }}}" chadschulz Has Patch / Needs Testing 37068 wp_unique_post_slug() should accept `$post` parameter rather than post properties Posts, Post Types normal normal enhancement new has-patch 2016-06-10T03:30:31Z 2022-01-18T13:48:49Z "Breaking this ticket off from #20419. The function signature for `wp_unique_post_slug()`' is currently: {{{ function wp_unique_post_slug( $slug, $post_ID, $post_status, $post_type, $post_parent ) }}} This is a departure from `wp_unique_term_slug()`, which accepts two parameters: `$slug` and `$term` (where `$term` is a term object). For greater consistency, we should prefer a post object in `wp_unique_post_slug()`. There are also some cases where the current function signature requires weird hacks, such as when generating sample permalinks. See #20419. Another argument for standardizing the signature. Latest patch is at https://core.trac.wordpress.org/attachment/ticket/20419/20419.5.diff" boonebgorges Needs Patch 37064 No checkbox in Posts list table for bulk action Posts, Post Types normal normal defect (bug) new 2016-06-09T15:25:20Z 2019-06-04T21:00:24Z In posts list table it checks that user has edit_post capability or not and output checkbox depend on that. WP_Posts_List_Table also output table for any CPT. But user may not have edit_post capability but have delete_post capability or may be any other capability which need bulk select. In my case i created a CPT and which i restricted users from editing published post using 'edit_published_posts' but i did not restrict users from delete published post. But when i saw post table for that CPT i saw that no checkbox after post being published. But have Trash link individually when i mouse over that post. shamim51 Needs Patch 37057 Creation of an esc_html functions for _n(), _nx(), _ex(), and number_format_i18n() I18N normal normal Awaiting Review enhancement new 2016-06-09T00:32:50Z 2022-03-25T18:43:48Z "Using a lot of the translation functions generates an error using the WordPress Coding Standards under PHPCS such as: Expected next thing to be an escaping function (see Codex for 'Data Validation'), not '_nx' Certain functions like `_x()`, `_e()`, `__()` all have equivalent esc_html functions. But there are no esc_html equivalent for these other functions. Granted one could simply wrap the statements in `esc_html()`, for the sake of consistency and standardization for theme developers, I feel that esc_html versions of these functions should be created. " zakkath Needs Patch 37056 paginate_links should be a method on WP_Query Query 4.6 normal normal enhancement new 2016-06-08T22:21:09Z 2019-06-04T21:00:17Z "How do we paginate custom or subqueries when `paginate_links` relies upon the global `$wp_query` variable? It's easy. We make `paginate_links` a method on the `WP_Query` object. Then the function `paginate_links` can rely upon the method. Likewise with `get_the_posts_pagination`, with a way to pass query context. I'll get around to a patch when I can." jfarthing84 Has Patch / Needs Testing 37051 New filter `wp_page_path_sql` Posts, Post Types normal normal Awaiting Review enhancement new has-patch 2016-06-08T06:24:28Z 2017-10-24T19:13:32Z "Make plugin for translations I found next missing filter. WordPress use get_page_by_path in WP->parse_request(); In post meta I save info about language version. Example: ""Contact"" in German and Polish is ""Kontakt"" so slug will be 'kontakt'. Function get_page_by_path fiund by slug in all languages. But in filter `wp_page_path_sql` I can add LEFT JOIN and set current language. I know that exists `parse_query` action and I can change query via this action but before in `wp_page_path_sql` will be generate unnecessary sql. This sql filter will be usefull very much. " sebastian.pisula Has Patch / Needs Testing 37043 New filter `pre_unique_post_slug` boonebgorges Posts, Post Types normal normal enhancement reviewing has-patch 2016-06-07T07:42:35Z 2019-06-04T21:00:08Z "This filter will be for multilanguages plugins helpful. For example I have page: News in English with url http://example.com/en/news/ and News in Polish with url http://example.com/pl/news/ For Polish version this will be have slug news-2 but should be have news. If new filter will be added then we can generate slug for my pages. I know that I can use wp_unique_post_slug filter but more optimally will be add pre_unique_post_slug filter because will be less SQL Queries because this code: {{{#!php posts WHERE post_name = %s AND post_type IN ( %s, 'attachment' ) AND ID != %d AND post_parent = %d LIMIT 1""; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $slug, $post_type, $post_ID, $post_parent ) ); /** * Filters whether the post slug would make a bad hierarchical post slug. * * @since 3.1.0 * * @param bool $bad_slug Whether the post slug would be bad in a hierarchical post context. * @param string $slug The post slug. * @param string $post_type Post type. * @param int $post_parent Post parent ID. */ if ( $post_name_check || in_array( $slug, $feeds ) || 'embed' === $slug || preg_match( ""@^($wp_rewrite->pagination_base)?\d+$@"", $slug ) || apply_filters( 'wp_unique_post_slug_is_bad_hierarchical_slug', false, $slug, $post_type, $post_parent ) ) { $suffix = 2; do { $alt_post_name = _truncate_post_slug( $slug, 200 - ( strlen( $suffix ) + 1 ) ) . ""-$suffix""; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $alt_post_name, $post_type, $post_ID, $post_parent ) ); $suffix++; } while ( $post_name_check ); $slug = $alt_post_name; } } else { // Post slugs must be unique across all posts. $check_sql = ""SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d LIMIT 1""; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $slug, $post_type, $post_ID ) ); // Prevent new post slugs that could result in URLs that conflict with date archives. $post = get_post( $post_ID ); $conflicts_with_date_archive = false; if ( 'post' === $post_type && ( ! $post || $post->post_name !== $slug ) && preg_match( '/^[0-9]+$/', $slug ) && $slug_num = intval( $slug ) ) { $permastructs = array_values( array_filter( explode( '/', get_option( 'permalink_structure' ) ) ) ); $postname_index = array_search( '%postname%', $permastructs ); /* * Potential date clashes are as follows: * * - Any integer in the first permastruct position could be a year. * - An integer between 1 and 12 that follows 'year' conflicts with 'monthnum'. * - An integer between 1 and 31 that follows 'monthnum' conflicts with 'day'. */ if ( 0 === $postname_index || ( $postname_index && '%year%' === $permastructs[ $postname_index - 1 ] && 13 > $slug_num ) || ( $postname_index && '%monthnum%' === $permastructs[ $postname_index - 1 ] && 32 > $slug_num ) ) { $conflicts_with_date_archive = true; } } /** * Filters whether the post slug would be bad as a flat slug. * * @since 3.1.0 * * @param bool $bad_slug Whether the post slug would be bad as a flat slug. * @param string $slug The post slug. * @param string $post_type Post type. */ if ( $post_name_check || in_array( $slug, $feeds ) || 'embed' === $slug || $conflicts_with_date_archive || apply_filters( 'wp_unique_post_slug_is_bad_flat_slug', false, $slug, $post_type ) ) { $suffix = 2; do { $alt_post_name = _truncate_post_slug( $slug, 200 - ( strlen( $suffix ) + 1 ) ) . ""-$suffix""; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $alt_post_name, $post_type, $post_ID ) ); $suffix++; } while ( $post_name_check ); $slug = $alt_post_name; } } }}} Will useless for my plugin and unnecessary SQL Queries will be generate" sebastian.pisula Needs Reporter Feedback / Steps To Reproduce 37042 Additional filter for has_category function Taxonomy 4.5.2 normal normal feature request new reporter-feedback 2016-06-07T07:27:25Z 2019-06-04T21:24:00Z "Our plugin translates categories and posts. Let's assume we have two languages: - original: English - second: French We defined category ""test"" and its translation ""test-fr"". The category is assigned to the post in such way that English post has English category and vice versa. Currently, when we call has_category(""test"") in single.php file, it returns true only for the English post ( because French one does not have ""test"" category but ""test-fr"" ). We expect that result will be true in both cases. ---- For this reason, we need some filter inside ''is_object_in_term'' function, similar to ""get_object_terms"" inside ""wp_get_object_terms"" function. It will give as opportunity to adjust ""has_category"" behaviour to out requirements. " jakubbis Has Patch / Needs Testing 37041 Allow arbitrary return redirects when activating plugins Plugins normal normal enhancement new has-patch 2016-06-07T03:15:30Z 2019-06-04T21:00:02Z "After activating a plugin, the return redirect is set to either `import.php` or `plugins.php` depending on the `from` query parameter. It'd be nice to have the ability to specify an arbitrary `redirect_to` similar to the login process. This should probably be locked down using `wp_safe_redirect`." rmccue Has Patch / Needs Testing 37040 Enhancement: new function to validate a transient exists, and isn't expired without extra query Options, Meta APIs 4.6 normal normal enhancement new has-patch 2016-06-06T23:34:51Z 2019-06-04T20:59:56Z "Currently calling get_transient makes 2 queries, the first to validate if the transient exists & is not expired, the second to get the transient value. I propose creating a new function that does the job of the first query only. It should validate that the transient exists and hasn't expired returning a boolean. The get_transient should then be modified to call that function rather than get_option. The purpose here is to allow plugin / theme developers to minimize queries even further. Example: If all I need to do is check for a valid transient that only requires 1 query, I don't always need the value, just need to know whether it should be refreshed. In that case I could call valid_transient( 'transient' ). Since that value can be cached if I later need the full value then only one additional query would be needed. " danieliser Has Patch / Needs Testing 37026 PHP Notice: Trying to get property of non-object in wp-admin\nav-menus.php on line 836 Menus 4.5.2 normal normal defect (bug) new has-patch 2016-06-04T07:56:36Z 2019-06-04T20:26:04Z "I'm using WordPress 4.5.2 and get this PHP Notice: {{{ PHP Notice: Trying to get property of non-object in wp-admin\nav-menus.php on line 836 }}} When I export and import database for using on localhost (one database content for two sites), two sites using different theme and have different menu location. My first site has menu location Mobile, when I use this database on new site with Twenty Sixteen theme, it doesn't have this location, so the notice message appeared. The menu location on Menu Settings section looks like this: {{{ Mobile (Currently set to: ) }}} Plese add a conditional function to check if is a nav menu object before get its name. {{{ wp_get_nav_menu_object( $menu_locations[ $location ] )->name }}} It's not an error, but I don't want to see this notice message when coding theme. Thank you." skylarkcob Needs Patch 37009 When two different tags generate the same slug, the second tag is rejected boonebgorges Taxonomy 4.5.2 normal normal defect (bug) assigned 2016-06-03T00:59:03Z 2022-01-18T13:48:44Z "When two different tags result in the same slug, instead of the slugs being made unique the second tag is discarded and treated as if it were the first. Here's an example: 1) Add the tag ""$4 gas"" to a post, via the post edit screen. 2) Update the post. 3) Verify that the term ""$4 gas"" is added to the wp_terms table with ""4-gas"" as its slug and that the tag is displayed with the post on the edit screen. 4) Add the tag ""#4 gas"" (or ""#4-gas or similar) to the post, via the post edit screen. 5) Update the post. 6) Note that the term ""#4 gas"" has not been added to the wp_terms table and the tag is not displayed with the post. Also, if you try to add ""#4 gas"" to any post, you'll get ""$4 gas"" instead. (I realize this example sounds silly, but with the many tags based on words in different languages or brands, unique tags can result in the same slug.) It seems that what should happen in this case is that if the original tags are actually unique, the second one should get a unique slug (with something like '-2' appended). I'm using WordPress 4.5.2 with all plug-ins deactivated." michael.costanza Has Patch / Needs Testing 37005 Unit test for the wp_check_filetype method Media normal normal Awaiting Review enhancement new has-patch 2016-06-02T18:43:14Z 2020-04-09T05:51:19Z "Improving the code coverage for the functions.php, to be more precise the `wp_check_filetype` method, this one hadn't any tests written, decreasing the overall code coverage. Now, the test covers the entire logic " borgesbruno Needs Dev / Bug Wrangler Feedback 37000 Support for the SameSite cookie attribute Security normal normal Future Release enhancement new dev-feedback 2016-06-02T13:31:13Z 2022-11-11T10:45:05Z "IETF's [https://tools.ietf.org/html/draft-west-first-party-cookies Same-site Cookies draft] was [https://www.chromestatus.com/feature/4672634709082112 shipped in Chrome 51 and Opera 39]. The SameSite cookie attribute instructs a browser not to send that cookie with cross-origin third-party requests (such as iframes, embedded images, and Ajax requests). This effectively mitigates CSRF attacks as, for example, the user will not be authenticated for a given third party URL that's being used in a CSRF attack. More information on the SameSite attribute can be found here: http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ We should investigate whether setting the `SameSite=lax` attribute is of benefit to the `auth` and/or `logged_in` cookies in WordPress, and if so consider implementing it once the draft becomes an RFC. PHP uses the `setcookie()` wrapper for setting cookies, which means that setting the SameSite attribute is not possible using that function, until such point that support for the attribute gets added. If WordPress were to implement the SameSite attribute, we'd need our own cookie handling function which constructs and sets the `Set-Cookie` header itself, and use it in place of `setcookie()` (side note: this may also be beneficial to unit testing)." johnbillion Needs Patch 36996 get_the_post_thumbnail and the usage of class attribute Post Thumbnails 2.9 normal normal defect (bug) new 2016-06-02T05:08:46Z 2019-06-04T20:59:46Z "Hi, I noticed that if I use class attribute, it overrides some of the standard classes. So in my example I use header image of custom size: {{{#!php ID, 'custom-header-image-large', array( 'id' => 'featured-image', 'itemprop' => 'image', ) ); }}} In this case WP generates these classes for the header image: attachment-custom-header-image-large size-custom-header-image-large wp-post-image If I add attribute `'class' => 'photo u-photo',` {{{#!php ID, 'custom-header-image-large', array( 'class' => 'photo u-photo' 'id' => 'featured-image', 'itemprop' => 'image', ) ); }}} WP skips some classes and final class list produces only: photo u-photo wp-post-image Is it by design, or a possible bug? Thank you!" TomasM Needs Patch 36995 Support for Service Workers westonruter* General 5.1 normal normal Future Release feature request accepted 2016-06-02T00:18:09Z 2022-05-03T22:21:12Z "It might make sense into looking to offer a basic service worker for WordPress. It can start with something simple like caching files for `wp-admin`. Beyond that there are many ways it could be expanded: * Cache all scripts and styles for themes/plugins, possibly offering offline mode for sites * Possibly Notifications * etc Useful links: * https://developers.google.com/web/fundamentals/getting-started/push-notifications/step-03?hl=en * https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API/Using_Service_Workers * https://justmarkup.com/log/2016/01/add-service-worker-for-wordpress/" bhubbard Needs Dev / Bug Wrangler Feedback 36982 Add image attributes and additional context to the wp_calculate_image_srcset and wp_calculate_image_sizes filters adamsilverstein Media 4.6 normal normal Future Release enhancement assigned dev-feedback 2016-05-31T17:39:55Z 2021-11-18T15:46:55Z "Because the srcset and sizes attributes try to give the browser guidance on how CSS is going to handle images, we should be able to take into account image class attributes (and other attributes that could be used as CSS selectors) when using the {{{wp_calculate_image_srcset}}} and {{{wp_calculate_image_sizes}}} filters to set the appropriate srcset and sizes. It would also be helpful to be able to supply a context to functions like {{{wp_image_add_srcset_and_sizes}}} and {{{wp_make_content_images_responsive}}} so we can calculate different srcset and sizes attributes if a medium sized image is in the main content section vs. in an aside or other section." kylereicks Needs Docs or Unit Tests 36978 Add pre filter to get_term_by Taxonomy normal normal enhancement new needs-unit-tests 2016-05-30T22:25:13Z 2019-06-04T21:23:44Z Like other get get_*_by functions the get_term_by should have a pre filter. This filter should specially be useful to short-circuit the default logic, perhaps to add caching. spacedmonkey Needs Patch 36973 Update FTP credentials form design Upgrade/Install normal normal Future Release defect (bug) new 2016-05-30T09:27:42Z 2018-03-12T16:16:03Z "As reported by @melchoyce in https://github.com/obenland/shiny-updates/issues/100, the filesystem credentials dialog needs some love to improve accessibility and the overall design. Here's how it could look like: https://cloudup.com/cnvj5NqMefR Her notes: 1. Update modal style to bring more in-line with other wp-admin modals — like including an ""x"" for closing (even though there's also a cancel button) 2. Make ""Proceed"" primary 3. Also consider changing ""proceed"" to something more descriptive — maybe connect? Proceed might be okay, it's just such a weird-sounding word. Maybe switch the ""proceed"" in both the description and the button to ""continue."" 4. ""This password will not be..."" could stand to be decreased in size just a little and made a lighter grey, to match descriptions on the settings pages. At the very least, the line-height should decrease. 5. ""Authentication Keys"" is at the same level of hierarchy as the field labels. It should probably be bigger, since it's a header above the labels. 6. Additionally: the modal is really tall for mockup purposes, but would ideally be whatever height we normally max modals out at. Any content not visible because of height would be scrollable in the modal, like we do in others. See also: #34376" swissspidy Needs Patch 36971 Show readme.txt from Themes SergeyBiryukov* Themes normal normal Future Release enhancement accepted 2016-05-29T23:53:20Z 2022-11-09T19:39:32Z "The readme.txt should be used to document any dependencies of a theme. But if we install the theme from inside WordPress there is no way to see the readme.txt for an unexperienced user. For example the Sela theme needs Jetpack to show Testimonials. See readme.txt: https://themes.svn.wordpress.org/sela/1.0.9/readme.txt But the theme page is not mentioning that (https://wordpress.org/themes/sela/) and there is no direct link or presentation of the readme.txt with this essential information on the theme page or inside WordPress. I suggest showing the readme.txt somewhere or use a system like https://github.com/TGMPA/TGM-Plugin-Activation to give this information to the user." zodiac1978 Needs Patch 36966 Search is not working with soft hyphen symbols Query 4.5.2 normal normal defect (bug) new 2016-05-28T21:36:29Z 2019-06-04T20:59:30Z "Site search doesn't work if a word contains soft hyphen symbols. When a word is pretty long and it should fit within a limited space, the best solution seems to be to stuff it with soft hyphens (­), so there will be no hanging lines. It looks like this: Pseu­do­pseu­do­hy­po­pa­ra­thy­roi­dism But in this case the word can't be found." mvasin Needs Patch 36958 extending has_shortcode to allow searching in custom fields Shortcodes normal normal enhancement new 2016-05-27T08:05:59Z 2019-06-04T21:23:39Z "Seeing as has_shortcode is mainly used by plugin developers to search a shortcode in post_content, I'd like to open a discussion about what would be the best way to extend the has_shortcode functionality to also allow searching in custom post fields. Problem: - if one uses a post_meta field to store additional content for a post ( content that may contain shortcodes and is processed when displaying the post ) - there is no way for another plugin to check if a shortcode exists in that post_meta field (without knowing the meta field, of course) - example: a plugin needs to enqueue a script only if the current post contains a shortcode. The way it's being handled right now is: {{{#!php if ( has_shortcode( $post->post_content, $tag ) ) { //enqueue script } }}} This of course will only work for the main post_content. If another plugin uses a post_meta field to add content to the frontend, there is no way to check if that meta field contains the shortcode. I think one possible solution for this would be to introduce a new function, something like: {{{#!php function post_has_shortcode( $tag, $post_id = null ) { $post = get_post( $post_id ); if ( empty( $post ) ) { return false; } if ( has_shortcode( $post->post_content, $tag ) ) { return true; } return apply_filters( 'post_has_shortcode', false, $tag, $post_id ); } }}} A filter implementation for this would look like: {{{#!php function custom_plugin_has_shortcode( $has_shortcode, $tag, $post_id ) { if ( $has_shortcode ) { return true; } $custom_content = get_post_meta( $post_id, 'custom_plugin_custom_content', true ); return has_shortcode( $custom_content, $tag ); } add_filter( 'post_has_shortcode', 'custom_plugin_has_shortcode', 10, 3 ); }}} Another option (which is better in terms of performance) is to gather all the content before checking for shortcodes - but it's not that ""clean"": {{{#!php function post_has_shortcode( $tag, $post_id = null ) { $post = get_post( $post_id ); if ( empty( $post ) ) { return false; } $content_to_check = apply_filters( 'get_content_for_shortcode_check', $post->post_content, $post_id ); return has_shortcode( $content_to_check, $tag ); } }}} Would there be any other approaches for this? Is this something that can go into the core? Thanks" radugroza Needs Dev / Bug Wrangler Feedback 36956 Trigger event when taxonomy term is added with ajax Taxonomy normal normal enhancement new dev-feedback 2016-05-26T22:33:28Z 2019-06-04T21:23:34Z "When adding a taxonomy term via ajax, it would be nice if some JavaScript event was triggered, maybe on `.wp-list-table.tags` or the newly added row itself. This would give taxonomy term plugins some event to listen for and take action on. Something akin to: {{{ this.trigger( 'term-added' ); }}} Maybe `tag-added` is more appropriate, since all of those form elements seem to use `tag` for everything, regardless of the taxonomy." johnjamesjacoby Needs Patch 36946 Provide `id` properties on core objects General normal normal defect (bug) new 2016-05-26T00:22:39Z 2019-06-04T19:58:44Z "In #36717, `WP_Site` and `WP_Network` will get magic getters/setters so that `id` and other more properly named properties can be used. We should standardize on `id` rather than `ID` for core objects where it makes sense. Current primary IDs for objects are: * `WP_Comment` -> `comment_ID` * `WP_Post` -> `ID` * `WP_Term` -> `term_id` * `WP_User` -> `ID` * `WP_Widget` -> `id` * `WP_Screen` -> `id` `WP_User` is somewhat unique because the property was `id` and then deprecated in [18504] in favor of `ID`. We should be able to un-deprecate this." jeremyfelt Needs Patch 36940 Break `manage_sites` capability up into more targeted caps johnjamesjacoby Networks and Sites 3.0 normal normal Future Release enhancement assigned 2016-05-25T12:56:16Z 2017-07-17T20:36:26Z "The `manage_sites` capability is currently used as a blanket, to cover all needs when it comes to editing a site in a multisite installation. Started in #15800 (and having chatted with @jeremyfelt at length) we'd like to break `manage_sites` up into new capabilities that more acutely convey what part of a site someone is allowed to edit. The goal is to allow users with `/network` admin access to have more fine-grained control over what parts of a site they can edit. For example: `manage_site_settings = false` so a user can modify site themes & users, but not have access to the raw option data. We are imagining they would look something like: * `manage_site_info` (`site-info.php`) * `manage_site_settings` (`site-settings.php`) * `manage_site_themes` (`site-themes.php`) * `manage_site_users` (`site-users.php`) In addition: * We would pass the site ID through `current_user_can()` to provide additional context * Switch to using `create_sites` in `site-new.php` (vs. `manage_sites` which was likely a copy-paste assumption that the capabilities across these similar files should match) ---- More paraphrasing of our past 4 months of chat in #core-multisite: * Because only WordPress Super Admins can access any of these by default, renaming these capabilities should be considered a backwards compatible change * We /could/ go as far as mapping all of these new caps to `manage_sites` to maintain compatibility, but for plugin authors wishing to take advantage of this, it would require an additional `map_meta_cap` override that we would like to try and avoid * This should not result in much code churn, and will only change multisite files, and a handful of functions that special-case multisite using the `manage_sites` capability check * We would still keep `manage_sites` in a few higher-level places (as a site equivalent to `edit_posts`) to ensure that a user has access to certain UI elements that allow them entry to more detailed site editing" johnjamesjacoby Needs Dev / Bug Wrangler Feedback 36939 Role groups Role/Capability normal normal enhancement new dev-feedback 2016-05-25T02:17:46Z 2019-06-04T21:23:29Z "WordPress's roles & capabilities API has support for allowing users to have multiple roles, and recent improvements to the Users list table have helped improve the administrator experience a bit by showing all roles rather than just the first one for each user. I think what makes multiple user-roles confusing (or maybe less valuable) is that WordPress by itself does not directly benefit from allowing users to have multiple roles, because the existing roles are designed to blanket all of WordPress's bundled functionality. I'd like to propose the introduction of Role Groups, as a layer that lives one layer above the main `WP_Roles` object to allow for groups of roles to be registered, enabling for users to have at least 1 role from each role group. ---- For example: * You install bbPress, and Bob cannot publish posts but can moderate the forums * You install WooCommerce, and Jane can contribute posts to the blog, and can also buy items from the store * You install BuddyPress, and while Chris can administrate posts, pages, and media, he cannot moderate the community In the above scenarios, each of these plugins would register their own role groups, and any user could easily have 1 role for each ""section"" of the same 1 WordPress site. ---- How could WordPress core use this? * Create a role group for Posts, Pages, Media, Comments, and Users * Ones ability to Edit posts should not assume they can moderate comments * Ones ability to moderate comments should not assume they can publish posts * Ones ability to upload media & attachments should not assume they can publish pages * Ones ability to edit an existing user should not assume they can upload media ---- How does this complicate things? Depending on how deeply this is implemented, potentially greatly, or not at all for vanilla WordPress installations. * If we keep WordPress's built-in roles identical to how they are today, they become 1 role group that grants access to Posts, Pages, Media, Comments, and Users; then plugins can define their own role groups, and we make sure WordPress has an adequate interface for assigning multiple roles for each user. * If we separate WordPress's roles into groups for each object type, backwards compatibility is a huge issue, as well as how confusing does it make granting access and assigning default roles for each group. * We may be able to remove the ""Default Role"" setting UI entirely, and leave it to plugins to reopen this functionality for improved support for multiple roles. ---- What do we do now? Let's talk this through, decide if it's worthwhile, and maybe work towards something viable. Much of this can happen without much (if any) modification to WordPress core. Worst case, we uncover more areas of WordPress that can be improved to support multiple roles per user, and address those in separate tickets. Best case, we make the existing roles & capabilities API more plugin-friendly." johnjamesjacoby Needs Patch 36936 Plugin update does not works via web with proper filesystem permissions. Filesystem API 4.5.2 normal normal defect (bug) new 2016-05-24T21:09:30Z 2019-06-04T19:58:39Z "Hello all, I run Wordpress 4.5.2 on Ext4 file system with POSIX ACL. Web server is Nginx, PHP runs as FPM daemon. Both under www-data user and group (for now). When I try to update some plugin, Wordpress ask me to enter FTP credentials instead of doing update. All output below was gathered under '''www-data''' account (PHP-FPM runs under it). Here is my file system permissions: '''Document root:''' {{{ $ getfacl /var/www/html/ getfacl: Removing leading '/' from absolute path names # file: var/www/html/ # owner: root # group: root user::rwx user:www-data:r-x group::--- group:SA:rwx group:webdesigner:rwx mask::rwx other::--- default:user::rwx default:user:www-data:r-x default:group::--- default:group:SA:rwx default:group:webdesigner:rwx default:mask::rwx default:other::--- }}} '''wp-content''' {{{ $ getfacl /var/www/html/wp-content/ getfacl: Removing leading '/' from absolute path names # file: var/www/html/wp-content/ # owner: root # group: root user::rwx user:www-data:rwx group::--- group:SA:rwx group:webdesigner:rwx mask::rwx other::--- default:user::rwx default:user:www-data:rwx default:group::--- default:group:SA:rwx default:group:webdesigner:rwx default:mask::rwx default:other::--- }}} '''Plugins''' {{{ $ getfacl /var/www/html/wp-content/plugins/ getfacl: Removing leading '/' from absolute path names # file: var/www/html/wp-content/plugins/ # owner: root # group: root user::rwx user:www-data:rwx group::--- group:SA:rwx group:webdesigner:rwx mask::rwx other::--- default:user::rwx default:user:www-data:rwx default:group::--- default:group:SA:rwx default:group:webdesigner:rwx default:mask::rwx default:other::--- }}} '''Plugin to be updated:''' {{{ $ getfacl /var/www/html/wp-content/plugins/postmatic/ getfacl: Removing leading '/' from absolute path names # file: var/www/html/wp-content/plugins/postmatic/ # owner: root # group: root user::rwx user:www-data:rwx group::--- group:SA:rwx group:webdesigner:rwx mask::rwx other::--- default:user::rwx default:user:www-data:rwx default:group::--- default:group:SA:rwx default:group:webdesigner:rwx default:mask::rwx default:other::--- }}} Despite user www-data is explicitly granted to have write permissions to all required directories, Wordpress fails to start upgrade from web and asks for FTP credentials. I believe PHP works well enough with POSIX ACL, here is simply proof script: {{{ $ php -r 'if (posix_access( ""/var/www/html/wp-content/"", POSIX_R_OK | POSIX_W_OK)) { echo ""The file is readable and writable!\n""; } else { $error = posix_get_last_error(); echo ""Error $error: "" . posix_strerror($error); }' The file is readable and writable! }}} If there are some reason to keep current filesystem permission check method intact - please, issue spcecial technical note regarding required permissions and how does Wordpress checking it. System information: {{{ $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.4 LTS Release: 14.04 Codename: trusty $ php -v PHP 5.5.9-1ubuntu4.16 (cli) (built: Apr 20 2016 14:31:27) }}} There are no SuPHP, Suhosin or any suspicious extensions. This issue could be related to [https://core.trac.wordpress.org/ticket/34327] Thank you. " brudas Needs Patch 36933 TinyMCE failing when using ModPagespeed Administration 4.5.2 normal normal defect (bug) new 2016-05-24T15:07:41Z 2019-06-04T19:38:18Z "TinyMCE Stops working correctly When using ModPagespeed module. TypeError: wp.svgPainter is undefined I needed to edit this file to fix the issue: /wp-admin/js/svg-painter.js " franmaWp Has Patch / Needs Testing 36931 wp_upload_dir caches calls with default arguments separately from their explicit equivalent Media 4.5 normal normal defect (bug) new has-patch 2016-05-24T09:55:05Z 2019-06-04T20:25:34Z "This a fairly minor bug. Prior to [36565] the following were equivalent {{{#!php $upload = wp_upload_dir(); $upload2 = wp_upload_dir( gmstrftime('%Y/%m') ); }}} (In deed, even `$upload3 = wp_upload_dir( gmstrftime('%Y/%m yabadabadoo') );` is equivalent, but that behaviour is undocumented.) Since caching has been introduced the first call to `wp_upload_dir()` is stored separately in the cache to the second call, despite the fact that they are otherwise interpreted the same. This causes a disparity in behaviour when one of the caches is cleared after a setting has been changed: {{{#!php $upload = wp_upload_dir(); $upload2 = wp_upload_dir( gmstrftime('%Y/%m') ); // $upload == $upload2 //Disable year/month folders and clear the cache add_filter( 'pre_option_uploads_use_yearmonth_folders', '__return_null' ); wp_upload_dir( null, false, true ); $upload = wp_upload_dir( null ); $upload2 = wp_upload_dir( gmstrftime('%Y/%m') ); //$upload != $upload2 remove_filter( 'pre_option_uploads_use_yearmonth_folders', '__return_null' ); }}} " stephenharris Needs Patch 36924 dbDelta(): Support more than one whitespace between field name and its type definition Database 4.5.2 normal normal Awaiting Review defect (bug) new 2016-05-23T22:42:46Z 2018-08-10T00:39:26Z "dbDelta() fails to remove multiple spaces between field name and field type definition in ALTER / CREATE statements. In result some table definitions may lead to constant ALTER statements to be executed which may easily crash MySQL server. Compare: == Correct {{{#!php $sql = ""CREATE TABLE some_table ( id bigint(20) NOT NULL KEY AUTO_INCREMENT, test varchar(100) NOT NULL, );""; require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); dbDelta($sql); }}} vs == Wrong, due to multiple spaces between 'test' and 'varchar' ALTER query is executed {{{#!php $sql = ""CREATE TABLE some_table ( id bigint(20) NOT NULL KEY AUTO_INCREMENT, test varchar(100) NOT NULL, );""; require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); dbDelta($sql); }}} == Possible fix: - in dbDelta() call trim() on $tablefield->Type, - or remove extra spaces during preg_match: replace: {{{#!php preg_match(""|"".$tablefield->Field."" ([^ ]*( unsigned)?)|i"", $cfields[strtolower($tablefield->Field)], $matches); }}} with: {{{#!php preg_match(""|"".$tablefield->Field.""\s+([^ ]*( unsigned)?)|i"", $cfields[strtolower($tablefield->Field)], $matches); }}}" matt_fw Has Patch / Needs Testing 36916 Refactor EditAttachments frame to work outside Media Library admin page Media 4.5.2 normal normal enhancement new has-patch 2016-05-23T02:26:26Z 2019-06-04T20:25:21Z "The EditAttachments frame/modal is used on the Media Library page to display and edit meta data of attachments. This modal could be useful for plugin/theme developers but a few things tightly couple it to the Media Library: 1. The frame requires a router. This is easily remedied by feeding it a dummy object with two functions it seems to need but I can see this easily refactored using event listeners 2. When opened, the code in the modal deletes all mediaelement.js instances on a page. Not a problem in the media library but if you want to use it on a page with video and audio elements (which I do) it deletes them all from the DOM" Funkatronic Needs Patch 36915 Permalinks broken after 4.5 Rewrite rules Rewrite Rules 4.5 normal normal defect (bug) new 2016-05-22T20:08:04Z 2019-06-04T21:23:21Z "Hi guys, Some of my websites had the permalinks broken after upgrading to 4.5. My webserver is NginX and the theme is iMedica. How I fixed: ============ This file: /wp-includes/class-wp-rewrite.php Line: 1813: ""update_option( 'rewrite_rules', '' );"" Before 4.5 that line was ""delete_option('rewrite_rules');"" But I think when WP team changed to update_option function they missed a parameter, it should be: ""update_option('rewrite_rules', $this->rules);"" After fixing this the permalink started working again. " fatorbinario Has Patch / Needs Testing 36911 Customizer and Theme Installer spinners should have different z-index Customize 4.5 normal normal Future Release defect (bug) new has-patch 2016-05-22T17:25:39Z 2021-05-23T20:07:43Z "My bad, I think this has to do with some previous changes I've made on these spinners. Looks like after [36518] the ""loading"" spinner in the Customizer is hidden, at least in some browsers. While the spinners used in the Customizer and in the Theme installer are basically the same and so the CSS rule for them was grouped in just one rule in [36518], I think the only CSS property that has to be different is `z-index`. As far as I see, the Theme installer needs a value of `-1` but this will hide the spinner in the Customizer so it has to be `0` here. The fix would be trivial but I'd greatly appreciate some testing to confirm the issue, in different browsers." afercia Needs Patch 36898 Have `grunt precommit` fail if the test DB is unreachable. Build/Test Tools normal normal Awaiting Review defect (bug) new 2016-05-21T06:18:15Z 2019-02-25T01:46:28Z "`grunt precommit` passes if the test DB is unreachable, preventing phpunit from running. To recreate: 1. Disable your local database 2. Add a test guaranteed to fail 3. Run `grunt precommit` 4. The result will be `Done, without errors.` This could happen in the hypothetical event someone forgets to start their virtual machine." peterwilsoncc Needs Patch 36897 """You do not have sufficient permissions to access this page."" should have relevant links to go back to dashboard." Plugins 4.6 normal normal enhancement new 2016-05-21T03:45:54Z 2019-06-04T20:59:15Z "The ""You do not have sufficient permissions to access this page."" screen has no information where to go after seeing this error on screen. It would be better if there is a link to go back to the dashboard or maybe even better if the admin bar is visible on the screen with this error message." Nikschavan Needs Patch 36893 Columns filter from taxonomy edit screen (edit-tags.php) gets applied in term edit screen (term.php) Taxonomy 4.5 normal normal defect (bug) new 2016-05-20T06:00:43Z 2019-06-04T21:23:17Z "I've did a simple test: {{{#!php }}} so this filter is working in term.php. Another thing is that, adding custom columns in edit-terms.php screen forces Screen options to show in term.php. edit-tags.php [[Image(http://s32.postimg.org/igwy86u2t/image.jpg)]] term.php [[Image(http://s32.postimg.org/7ddc2l8sl/image.jpg)]]" szaqal21 Needs Patch 36891 Saving large menus is super slow Menus normal normal enhancement new 2016-05-20T01:37:54Z 2019-06-04T20:25:09Z "When saving menus, `wp-admin/includes/nav-menu.php` calls `wp_update_nav_menu_item()` for every menu item. This function call can take 0.1-0.4s, when multiplied by 50 (or more!) menu items, is a less than pleasant experience. Because of the length of time this takes, it's also quite likely that an interrupted connection could cause the menu to be saved in a weird state." pento Needs Patch 36887 Database upgrades should fail gracefully Upgrade/Install low normal Future Release defect (bug) new 2016-05-19T03:48:30Z 2022-07-07T14:19:10Z "Currently, `wp-admin/upgrade.php` and `wp_upgrade()` don't check that the database has actually upgraded properly, before returning a success message. Making them fail gracefully would be nice." pento Needs Reporter Feedback / Steps To Reproduce 36885 "When one uses custom callback function for comment list, ""Reply"" link would not show" Comments normal normal defect (bug) new reporter-feedback 2016-05-19T00:59:34Z 2019-06-04T19:37:59Z "It took too much time, but found the issue here in wp-includes/comments-template.php in get_comment_reply_link function. The OR conditions are likely to be true I imagine in many combination of situations although I am not too sure what combination causes bad things to happen. {{{ if ( 0 == $args['depth'] || $args['max_depth'] <= $args['depth'] ) { return; } }}} Well and good to check this, but why would the reply as well as login link disappear if any of it is true? Sorry if I am not getting this as I should. " remedy17 Needs Patch 36882 Add a reusable admin CSS class for destructive actions joedolson* Administration normal normal Future Release enhancement accepted 2016-05-18T22:54:26Z 2023-09-27T03:27:23Z "As generally recommended, plugin authors should not use regular buttons for destructive actions, like removing something. However, while there are standardized classes for buttons in WordPress admin (`button`, `button-primary`, `button-secondary`), a similar standardized class is missing for the destructive link. There are several locations in the admin where such links are displayed, but these are all styled using their individual selectors. Therefore plugin authors who want to use this style must either use one of these selectors (that probably do not fit the use-case at all) or recreate the style manually. Therefore I propose to standardize these style rules for a specific class, for example something like `delete-button` or `delete-link`." flixos90 Needs Docs or Unit Tests 36881 Improved hot-wiring of set_found_posts Query normal normal enhancement new needs-unit-tests 2016-05-18T22:45:22Z 2019-06-04T20:59:10Z Currently you can filter posts_request and posts_result to hot wiring the query object add caching. However, this means that in many cases the set found posts method then never gets called. This means that found posts is un-filterable. The set found posts needs to be called after the post results filter. spacedmonkey Needs Patch 36873 Canonical redirect code does opposite of comment, breaks script when home_url starts with https Canonical 4.5.2 normal normal defect (bug) new 2016-05-18T03:43:01Z 2019-06-04T19:37:46Z "The comment on line 444 in wp-includes/canonical.php says that it only changes the host if it's adding or removing ""www."". It changes the host to lowercase if capitalization is the only difference or if the change is NOT adding or removing ""www."". Either the comment or the code should be changed. This is causing a problem when I try to run the script below. If the home url (used on line 176) is ""https://www.example.com/"", then the host is removed and redirect url changes to ""https:///"". This makes the parse_url call on line 69 return false and end processing. I believe this is why the script fails. There's a lot of code here. Apologies if I have it wrong. Here's the script: define('WP_USE_THEMES', true); require_once('/var/www/html/wp-blog-header.php'); I can workaround the bug by explicitly setting some server variables before calling that code: $_SERVER = array ( 'REQUEST_URI' => '/', 'HTTPS' => 'on', 'HTTP_HOST' => 'www.example.com', );" thasmin Needs Patch 36851 Widgets don't remove hooks after being unregistered Widgets 2.8 normal normal Future Release defect (bug) new 2016-05-16T15:28:57Z 2017-06-28T16:29:44Z "In `WP_Widget_Recent_Comments::__construct()`, there is this bit of code: {{{#!php id_base ) || is_customize_preview() ) { add_action( 'wp_head', array( $this, 'recent_comments_style' ) ); } }}} If `unregister_widget( 'WP_Widget_Recent_Comments' )` is called, this added `wp_head` action is still going to persist unexpectedly. At the moment, I believe the only way to remedy this inside such widgets themselves would be to check to see if the widget is still among `$wp_widget_factory->widgets` when the action callback is called (here the `recent_comments_style` method). From outside the widget, the alternative is would be to do: {{{#!php widgets['WP_Widget_Recent_Comments']; unregister_widget( get_class( $widget ) ); remove_action( 'wp_head', array( $widget, 'recent_comments_style' ) ); }}} Neither of these options are great. Perhaps there should be new `widget_registered` and `widget_unregistered` actions that widgets could listen to to do this cleanup? Or there could be a new `unregister` method on `WP_Widget` that a subclass could have this logic inside of. (We wouldn't be able to use the PHP destructor since it would never be called since the reference to the class would be still captured among the registered hooks.) Likewise, instead of adding the hooks inside of the constructor, perhaps there should also be a `WP_Widget::register()` method that gets called inside of the faux-private `WP_Widget::_register()` (and `_register` should be `final`, no?)" westonruter Needs Patch 36849 Filter to limit length of post slug (filter for _truncate_post_slug) Posts, Post Types 4.5.2 normal normal enhancement new 2016-05-16T14:38:16Z 2019-06-04T20:59:05Z "There are circumstances where you need to limit the lenght of the post slug. Unfortunately there is no filter in _truncate_post_slug to do so. It will be a great enhancement, if there would be a filter in this function. Related function: -wp_unique_post_slug - calling _truncate_post_slug Additionally it would be very usefull, if there could be a filter right at the start of wp_unique_post_slug for filtering the slug. " wp-entwickler.at Needs Patch 36842 "More global event hooks using the media.events, like ""modal:open"", ""modal:close"", etc" Media 4.6 normal normal feature request new 2016-05-15T00:30:04Z 2019-06-04T20:25:03Z "There seem to be plentiful hooks in the media backbone system, but most require listening to the frame/controller/etc vs having global hooks/events to listen to. This, obviously, would be much like WP's `do_action`. Each event should pass contextual info including the frame/controller/etc object. Select2 (as well as most JS modal libs) provides an example of prior art: [https://select2.github.io/examples.html#events] Using that implementation as an example, we could do something like: `wp:media:open` is fired whenever the modal is opened. `wp:media:opening` is fired before this and can be prevented. `wp:media:close` is fired whenever the modal is closed. `wp:media:closing` is fired before this and can be prevented. `wp:media:highlight` is fired whenever a result is highlighted (clicked). `wp:media:unhighlight` is fired whenever a result is unhighlighted. `wp:media:select` is fired when a result is chosen and modal is closed. `wp:media:selecting` is fired before this and can be prevented. `wp:media:change` is fired whenever the modal changes state. `wp:media:changing` is fired before this and can be prevented. " jtsternberg Has Patch / Needs Testing 36823 """TypeError: wp.updates is undefined"" when installing a plugin" Upgrade/Install 4.9.2 normal normal Future Release defect (bug) reopened has-patch 2016-05-12T10:15:11Z 2018-01-22T14:04:40Z "When I install a new plugin that has a translation pack for my current language (which is not `en_US`), I get the following error: > TypeError: wp.updates is undefined > `if ( wp && wp.updates.decrementCount ) {` Patch will follow soonish." tfrommen Needs Dev / Bug Wrangler Feedback 36818 Export filter for post meta Export normal normal enhancement new dev-feedback 2016-05-11T20:00:14Z 2019-06-04T19:58:11Z "It would be handy if we had a filter for modifying post meta before it is written to an export file. Our plugin stores serialized arrays in post meta that get corrupted from time to time during the export/import process. The attached patch/filter would allow us to store the data differently in an export file to prevent that from happening. " justinbusa Needs Patch 36812 WP_Rewrite removes regex groups, should replace with non-capturing Rewrite Rules 4.5.2 normal normal defect (bug) new 2016-05-11T05:23:43Z 2019-06-04T21:22:59Z "I have got that plugin which adds a rewrite tag like so: {{{ add_rewrite_tag('%lang%', '(en|fr)', 'lang='); }}} One can then customize the permalinks and add the post's language anywhere in the url. The problem is that, at one point, the WP_Rewrite class adds rules for attachment and on line 1112 of class-wp-rewrite.php it simply gets rid of all the parenthesis in the regex. So, if I configure the permalink to be `/%postname%/lang/%lang%/` the resulting regex for the rewrite rule is: {{{ [^/]+/lang/en|fr|zh/attachment/([^/]+)/?$ }}} which is a totally different rule than expected, where `anything/lang/en` is matched as an attachment page when it really shouldn't be. Instead the regex should be: {{{ [^/]+/lang/(?:en|fr|zh)/attachment/([^/]+)/?$ }}} The code on line 1112 of class-wp-rewrite.php should be replaced with: {{{ $submatchbase = str_replace( '(', '(?:', $match); }}} " cvedovini Needs Patch 36803 ms-files.php: inconsistent behaviour for upload visibility on archived sites Media 4.5.2 normal normal defect (bug) new 2016-05-10T15:14:11Z 2019-06-04T20:24:50Z "Hey, i just ran into an odd issue on one of our clients Multisites. I archived the said site and – as you know – it remains accessible for network admins. The matching files however don't. I followed this down to ms-files.php::21ff. {{{#!php archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1' ) { status_header( 404 ); die( '404 — File not found.' ); } }}} You see that ms-files.php checks, if the blog is archived (or spam or deleted) and than throws out a 404. Shouldn't this include a check for network admin users to see the files? Or, if that's not desirable, couldn't we make this check accessible for filters? Thanks for the good work! Christian " antwortzeit Has Patch / Needs Testing 36791 Set load order when enqueuing scripts and styles Script Loader 4.6 normal normal enhancement new has-patch 2016-05-09T18:42:31Z 2019-06-04T21:22:48Z I've implemented a patch and associated unit tests to add the ability to set the offset within the style or script queue when enqueuing styles or scripts. This will allow a developer to prioritize or set a strict order in which the stylesheets and/or scripts should load. This new functionality is optional and so all current code will continue to function as it always has. logistiker Needs Reporter Feedback / Steps To Reproduce 36789 Upload Folder Bug Media 4.5 normal normal defect (bug) new reporter-feedback 2016-05-09T10:46:03Z 2019-06-04T20:24:40Z "Affected Version 4.5.x If changing the upload folder path in wp-config.php (define( 'UPLOADS', 'media' );) - no image will work after update to 4.5.x, because the url path structure changes in the sourcecode. for example: " netzilicious Has Patch / Needs Testing 36786 Can't pass filter names to `MockAction::get_call_count()` Build/Test Tools normal normal Future Release defect (bug) new has-patch 2016-05-09T04:20:03Z 2021-09-03T08:15:40Z "The first of these tests works as expected, but the second generates an ""Undefined index"" notice. {{{#!php assertSame( 1, $ma->get_call_count( 'action' ) ); } function test_get_call_count_filter() { $filter = rand_str(); $ma = new MockAction(); add_filter( $filter, array( $ma, 'filter' ) ); apply_filters( $filter, rand_str() ); $this->assertSame( 1, $ma->get_call_count( 'filter' ) ); } }}} The attached patch attempts to fix the notice and allow passing filter names to `get_call_count()`. " dlh Needs Patch 36779 Move /wp-admin/load-scripts.php and /wp-admin/load-styles.php to /wp-includes Script Loader 4.4.2 normal normal defect (bug) new 2016-05-06T18:26:45Z 2019-06-04T21:22:41Z "Basically these files are inside /wp-admin directory, but you can hit them and get an output without being authenticated, examples: http://somedomain.usingwp.com/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,svg-painter,heartbeat,wp-auth-check&ver=4.4.2 http://somedomain.usingwp.com/wp-admin/load-styles.php?c=0&dir=ltr&load=dashicons,admin-bar,wp-admin,buttons,wp-auth-check&ver=4.4.2 If these scripts are for use inside admin, why authentication isn't required?, if these scripts are for general use on the admin, themes, etc, why these aren't on wp-includes? This was pointed to me on a security scan, and apart from that if the idea is general use for this, I think hosting these on /wp-admin is misleading. " SaulNunez Needs Patch 36778 Parent theme editor-style.css cannot be disabled Editor normal normal Future Release enhancement reopened 2016-05-06T16:58:34Z 2020-11-23T04:48:13Z "While it is possible to override the CSS in a parent theme's editor-style.css, it is not currently possible to completely disable or dequeue a parent theme's editor-style.css file. This is a problem for a few reasons: - Theme authors may not keep their editor-style.css files up to date with the HTML the editor produces, leading to formatting oddities. - You may not just want the editor styles customized from the WP defaults at all." matthewmcvickar Needs Patch 36775 Shortcode stripping on frontend Formatting 4.5.1 normal normal defect (bug) new 2016-05-06T12:27:39Z 2019-06-04T19:58:01Z "WordPress, since 3.6, introduced the [https://codex.wordpress.org/Audio_Shortcode audio tag]. It should be used like it: {{{ [audio src=""file.mp3""] }}} My old & wrong code used into my blog was formatted like the following. {{{ [audio:file.mp3] }}} This was generating an issue on Jetpack (which I consider [https://wordpress.org/support/topic/stats-module-of-jetpack-causing-core-dump-file/ solved] now). Analyizing the issue we discovered that Wordpress is stripping out from front end this bad formatted shortcode. I then tried to use this non-existent shortcode: {{{ [unuseful:file.mp3] }}} And the existent video one (badly implemented): {{{ [video:file.mp3] }}} Both are rendered as plain text on the front end. So, only the bad formatted audio tag is being stripped. The funny thing is that I can't actually type sentences like ''[audio is very loud]'' because are being stripped off. I am not sure which one should be the default Wordpress behavior. For sure it's strange that's acting differently on audio/video or non-existing shortcodes." pixel8383 Has Patch / Needs Testing 36766 Improve Source Verification in Pingbacks and Add Filter Pings/Trackbacks normal normal enhancement new has-patch 2016-05-05T15:26:57Z 2019-06-04T20:58:56Z "Like the do_pings code, the source verification should make a HEAD request to the site, retrieving the content type and rejecting images, video, or audio from being downloaded at all, removing a possible attack vector. The content-type check, which is not currently done by the code, is in the specification. ""''It then requests the content of http://alice.example.org/#p123 and checks the Content-Type of the entity returned to make sure it is text of some sort.''"" For display purposes, the content-type should also be passed into the $commentdata for use in preprocessing. The current code goes through the remote source replacing possible links to content to generate an except. However, while the specification only notes retrieving an 'extract of the page content surrounding the link' as an example of content that might be retrieved, and says nothing about display and most people agree the [...] excerpt display isn't exactly attractive. The code should verify the source on a plaintext level before anything else and fail immediately, then pass the result of that, along with the source and the retrieved content-type to a filter for more complicated checks if needed. For example, checking to see if it is in proper HTML format(link in a href or some other proper link type). We treat pingbacks as a comment type, but pingbacks are generated based on the source provided. Related: #34419 " dshanske Needs Dev / Bug Wrangler Feedback 36765 Remove Legacy Code from pingback_ping Pings/Trackbacks 4.1 normal normal defect (bug) new needs-unit-tests 2016-05-05T14:59:53Z 2019-06-04T20:58:45Z "Proposing we remove the legacy conditional url_to_postid and //$way debugging line leftover from [30139]. {{{ / let's find which post is linked to // FIXME: does url_to_postid() cover all these cases already? // if so, then let's use it and drop the old code. }}} Related: #34419 " dshanske Needs Patch 36760 Intermittent empty returns from get_post_meta function after 4.5 upgrade Options, Meta APIs 4.5 normal normal defect (bug) new 2016-05-05T02:45:08Z 2019-06-04T20:58:39Z "I've seen this reported several times, but the reporters failed to properly explain the issue and the tickets were closed. Since the 4.5 upgrade I am seeing intermittent issues in my custom plugin (which has worked for years and hasn't changed) where the get_post_meta function is used if the request is made via ajax or by calling a custom endpoint. Rolling back the 4.5 upgrade has resolved these issues. The same function called with exactly the same arguments will return the meta data value one minute and return an empty string the next (with single on). The data in the database is unchanged. Logging shows the post id and meta key are the same, only the return value is different. It always seems to work as part of a regular page request (not ajax, not custom endpoint). Sometimes the function works correctly for 24 hours, then fails several times. I can't identify any pattern but suspect the meta cache / session. I tried doing a meta cache update for the object before calling get_post_meta, but the problem still occurred. In Googling I've found several people reporting issues related to get_post_meta after the 4.5 update. Please take a look!" amberau Needs Patch 36746 WP v4.5.1 broke something in the Permalinks settings Permalinks 4.5.1 normal normal defect (bug) new 2016-05-04T00:41:24Z 2019-06-04T20:58:32Z "WP v4.5.1 broke something in the Permalinks settings. The Plain Permalink settings do work, though: http://domain/?p=123 One weird thing I saw just now while I was trying different Permalink settings is that several times the word ""blog"" appeared in all the Common Settings example URLs when it never had before. For instance: http://domain/blog/2016/05/04/sample-post/ But it is no longer there now. Now that Day and name common setting shows as: http://domain/2016/05/04/sample-post/ " voidPortal Has Patch / Needs Testing 36738 No validation for $post_date_gmt parameter Posts, Post Types 4.5.1 normal normal defect (bug) new has-patch 2016-05-03T11:52:59Z 2019-06-04T20:58:26Z "1) When publishing a post via `wp_insert_post()`and the `$post_date_gmt` parameter has a wrong format it's silently set to `0000-00-00 00:00:00`. 2) If `$post_date` is omitted in the parameter array WP tries to determine it from `$post_date_gmt`. A wrong formatted `$post_date_gmt` leads to a `post_date` of `1970-01-01 00:00:00`. Just like `$post_date`it should throw an error to give a programmer the right hint for his malfunctioning code. " Latz Needs Reporter Feedback / Steps To Reproduce 36737 Single site reachable on multiple subdomains always redirected to site_url Canonical 4.5 normal normal Awaiting Review defect (bug) new close 2016-05-03T07:21:29Z 2021-01-14T22:11:33Z "We run a site which is reachable by multiple subdomains (nb. not multisite) For example customer1.site.nl, customer2.site.nl. A plugin uses the subdomain to display different data for each customer. The site url is set to www.site.nl. Since a recent update this stopped working. The visitor is always redirect to the site url www.site.nl. I tracked down the problem to canonical.php. When I replace this file with the version from 4.4.2 the old behaviour is back, ie. the subdomains are not redirected. There are no rewrite rules for these sub domains. " jsoft Needs Patch 36722 "No way to access media ""Attachment Display Settings"" using wp.media" Media 4.5.1 normal normal defect (bug) new 2016-04-29T15:55:47Z 2020-03-12T05:51:47Z "I am using custom wp.media request to get WP Media uploader iframe on front end. Added scripts, styles and media: {{{ wp_enqueue_script('jquery'); wp_enqueue_media(); wp_enqueue_style( 'wp-admin' ); }}} then I am using JS to open the Media iframe: {{{ var custom_uploader; jQuery(document).ready(function($){ if (custom_uploader) {custom_uploader.open();return;} var parent_container = parent.document.body; custom_uploader = wp.media.frames.file_frame = wp.media({ frame: 'post', state: 'insert', title: 'Choose Image', library : {type:'image'}, button: {text: 'Choose Image'}, multiple: false }); custom_uploader.on('insert',function(){ var attachment = custom_uploader.state().get('selection').first().toJSON(); console.log( attachment ); }); custom_uploader.open(); }); }}} after selecting needed image, link and size I get the result: {{{ {""id"":2182,""title"":""WordPress"",""filename"":""WordPress.jpg"",""url"":""http://localhost:8080/mgwebthemes.com/uploads/2015/05/WordPress.jpg"",""link"":""http://localhost:8080/mgwebthemes.com/wordpress/"",""alt"":"""",""author"":""1"",""description"":"""",""caption"":"""",""name"":""WordPress"",""status"":""inherit"",""uploadedTo"":2166,""date"":""2015-05-13T09:09:47.000Z"",""modified"":""2015-05-13T09:09:47.000Z"",""menuOrder"":0,""mime"":""image/jpeg"",""type"":""image"",""subtype"":""jpeg"",""icon"":""http://localhost:8080/mgwebthemes.com/wp-includes/images/media/default.png"",""dateFormatted"":""13/05/2015"",""nonces"":{""update"":""2d7619f512"",""delete"":""725c6d8639"",""edit"":""709844b592""},""editLink"":""http://localhost:8080/mgwebthemes.com/wp-admin/post.php?post=2182&action=edit"",""meta"":false,""authorName"":""admin"",""uploadedToLink"":""http://localhost:8080/mgwebthemes.com/wp-admin/post.php?post=2166&action=edit"",""uploadedToTitle"":""Test"",""filesizeInBytes"":8990,""filesizeHumanReadable"":""9 kB"",""sizes"":{""thumbnail"":{""height"":150,""width"":150,""url"":""http://localhost:8080/mgwebthemes.com/uploads/2015/05/WordPress-150x150.jpg"",""orientation"":""landscape""},""full"":{""url"":""http://localhost:8080/mgwebthemes.com/uploads/2015/05/WordPress.jpg"",""height"":249,""width"":201,""orientation"":""portrait""}},""height"":249,""width"":201,""orientation"":""portrait"",...} }}} it does not contain any Attachment Display Settings options." chattyboy Needs Patch 36715 Contextual help to describe what roles are Users normal normal enhancement new 2016-04-29T02:32:32Z 2019-06-05T06:44:20Z "Roles are not exactly self-explaining ""What's the difference between a contributor and an author?"" is probably a confusing question for new users. We have help text to describe what roles are in the Help dropdown on the Add New User page, but it's rather out of the way. I'd like to suggest moving this help text closer to its context, in the form of a tooltip next to the Role dropdown in the Add New User form." ericlewis Needs Patch 36712 Paragraph tags removed from div elements if script tag is present Formatting 4.5.1 normal normal defect (bug) new 2016-04-28T23:51:32Z 2019-06-04T19:57:41Z "I honestly have no idea how to summarize this bug (therefore my lousy title), so I'll best skip right to how to reproduce it. - Get 10 paragraphs of text from Lorem Ipsum, and paste it to your visual editor. - Switch to the text editor and wrap the first 5 paragraphs in a div, and wrap the last 5 in a second div. - After the first paragraph in each div, simply write - Switch between Visual and Text editor, and watch the paragraphs in the second div disappear. For you convenience, you can copy the template from here, instead of typing it manually: http://pastebin.com/PFYj885M If the paragraphs don't disappear after the first switch from text to visual, do it a couple of more times. I tried it on a fresh new install using the Twenty Sixteen theme. I encountered this bug while having a couple of Instagram embeds on the same page, all of which loaded a script. " dankop Has Patch / Needs Testing 36710 Symlinked directories should not be deleted recursively Filesystem API normal major Future Release defect (bug) new has-patch 2016-04-28T21:51:47Z 2023-06-20T03:06:48Z "When deleting a symlinked plugin, the current behavior is to recursively delete everything in the plugin's real directory and then fail to unlink the symlink because rmdir won't work on a symlink. This is probably not what the site admin intended when they installed the plugin via a symlink. The desired behavior is to unlink only the symlink, leaving the external directory intact so that other symlinks remain intact. My patch fixes this in WP_Filesystem rather than in the plugin deletion logic because it seems generally applicable to the use cases for symlinks. What makes this hard is that trailing slashes are significant when dealing with symlinked directories. The trailing slash causes the link to be followed: {{{ is_link('/link/') => false is_link('/link') => true }}} The patch fixes deletion of symlinked plugins: it unlinks the symlink and leaves the real files intact. It should be carefully checked against other uses of delete because they might not include the trailing slash. In such cases, adding a trailing slash to the new `is_dir()` check might help. Could be a minefield, could be fine. Related to #29408 but not a duplicate." andy Needs Patch 36705 Read-only plugins are uninstalled before deletion fails Plugins 4.5.1 normal normal defect (bug) new 2016-04-28T20:06:04Z 2019-06-04T20:58:14Z "Plugin uninstall happens before deletion is attempted. If the plugin's files are read-only, the plugins list action says ""Delete"" but all that happens is uninstall and an error. Plugins that cannot be deleted because they are read-only in the filesystem should not have Delete buttons. `is_writable()` should be checked while constructing the actions. If read-only, either remove the button or replace it with an action which deletes the plugin's data and leaves the files. I prefer the latter." andy Needs Patch 36704 Delete Plugin not compatible with Bulk Actions Plugins 4.5.1 normal normal defect (bug) new 2016-04-28T19:56:38Z 2019-06-04T20:58:09Z "`delete_plugins()` has a `foreach` loop which calls `uninstall_plugin()` which defines a constant: {{{ define('WP_UNINSTALL_PLUGIN', $file); }}} A constant cannot be defined twice. If several plugins are selected for bulk deletion and two of these have uninstall.php, only the first one will see the expected constant value. For example, Jetpack's uninstall.php dies immediately when the constant contains an unexpected value. This prevents the code at the end of `delete_plugins()` finishing the job for the plugins that were uninstalled and deleted. (Jetpack's uninstall.php isn't exactly doing it right, but it's a very real example.) The obvious fix is to remove Delete from bulk actions on the Plugins page. This leaves the working parts in working order and buys time to rewrite the delete/uninstall API to work with a bulk delete function if this is desirable. Part of the rework would involve rewriting `uninstall_plugin()` and the uninstall.php pattern so that it can return a `WP_Error` instead of dying. This way, `delete_plugins()` could continue without leaving the work of `delete_plugins()` incomplete for the plugins that were uninstalled. I propose removing Delete from bulk plugin actions until the uninstall API is made compatible with bulk deletion." andy Needs Patch 36696 WP_Meta_Query can give wrong results when comparing large numbers Query 3.8.1 normal normal defect (bug) new 2016-04-28T02:23:43Z 2019-06-04T20:58:03Z "This is a follow on from #27272. Using quoted numbers can trigger MySQL to do floating-point type conversion (last two points in the first bullet list in http://dev.mysql.com/doc/refman/5.7/en/type-conversion.html): > * If one of the arguments is a decimal value, comparison depends on the other argument. The arguments are compared as decimal values if the other argument is a decimal or integer value, or as floating-point values if the other argument is a floating-point value. > * In all other cases, the arguments are compared as floating-point (real) numbers. Currently number literals are quoted in `WP_Meta_Query`, whereas the LONGTEXT `meta_value` column is cast to the passed-in meta `type`. Thus when a number literal (quoted string) is compared to the `meta_value` column (cast to SIGNED/UNSIGNED meta `type`), floating-point type conversion is evoked. If the numbers involved are larger than the floating-point precision (53 bits), then incorrect comparisons can occur. You can see this happening in the `mysql` client by using the 54 bit numbers 9007199254740992 (`0x20 0000 0000 0000`) and 9007199254740993 (`0x20 0000 0000 0001`): {{{ select '9007199254740992'+0.0, '9007199254740993'+0.0, '9007199254740992'+0.0 < '9007199254740993'+0.0; }}} which will return: {{{ +------------------------+------------------------+-------------------------------------------------+ | '9007199254740992'+0.0 | '9007199254740993'+0.0 | '9007199254740992'+0.0 < '9007199254740993'+0.0 | +------------------------+------------------------+-------------------------------------------------+ | 9.007199254740992e15 | 9.007199254740992e15 | 0 | +------------------------+------------------------+-------------------------------------------------+ }}} (Note the results are system dependent.) A way around this is to not quote number literals, as in the proposed patch, based on @wonderboymusic's [https://core.trac.wordpress.org/ticket/27272#comment:5 ""27272.2.diff""]. It's been switched (ahem) to an if-elseif-else statement to easily allow cases like `DECIMAL(10,2)` etc to be added. (Note the patch attached here also fixes a regression I introduced in previous proposed patches on the #27272 ticket re casting on `LIKE`/`NOT LIKE`.) This issue relates to #36652 (using the PHP type of the meta `value` to determine cast), and the proposed patch should facilitate it. This issue also relates to #36625 (don't bother `CHAR` casting `meta_value` column), and the proposed patch shouldn't impact on a fix for that. " gitlost Needs Reporter Feedback / Steps To Reproduce 36694 [Pages] [Edit Page] Changing the Permalink URL updates the displayed anchor text, but not the HREF (URL) property Permalinks 4.5.1 normal normal defect (bug) new reporter-feedback 2016-04-27T23:25:56Z 2019-06-04T20:57:57Z "Steps to reproduce: 1. Create a page or post 2. Edit said page or post 3. Change the Permalink URL using ""Edit"" button next to displayed permalink 4. Click OK button after updating Permalink URL Observe. Expected: the anchor link text is updated and the anchor link HREF property is updated to the new value input in the field Actual: the anchor link text is updated but the anchor link HREF property remains the same." setsailmedia Needs Patch 36691 "Ability to disable ""Password Protected"" post option" Role/Capability normal normal Awaiting Review enhancement new 2016-04-27T19:19:02Z 2018-03-10T17:59:50Z "We don't want any of our posts accidentally being published as ""password protected."" It would be helpful to have a filter to disable that part of the UI." paulschreiber Needs Patch 36686 plugin_row_meta hook for specific plugin Plugins 4.5.1 normal normal enhancement new 2016-04-27T13:39:15Z 2019-06-04T20:57:51Z "Hello WordPressers, It is my first post here. So please forgive me if something is wrong. What I see here https://core.trac.wordpress.org/browser/tags/4.5.1/src/wp-admin/includes/class-wp-plugins-list-table.php#L773 plugin_row_meta is a filter hook available but It is not available for specific plugin like we have ""plugin_action_links_{$plugin_file}"" available here https://core.trac.wordpress.org/browser/tags/4.5.1/src/wp-admin/includes/class-wp-plugins-list-table.php#L682 Shouldn't there be a ""plugin_row_meta_{$plugin_file}"" filter to call on specific plugins ?? " hiddenpearls Needs Patch 36680 "Audio player with preload=""metadata"" shows incorrect duration for audio files 1 hour or longer" Media 4.5.1 normal normal Awaiting Review defect (bug) new 2016-04-27T04:29:12Z 2017-09-20T21:29:57Z "For an audio file that's longer than one hour, using the audio player shortcode with preload=""metadata"" shows an incorrect duration for the audio when the page loads. The hours are chopped off. So an audio that is 1:07:45 in duration will erroneously display 07:45 upon loading. Then when the audio file is played, the correct duration pops in, but this causes the volume control to disappear, so the volume can no longer be adjusted while the clip is playing. Many podcasts are longer than an hour in duration. For a demonstration of the bug, see audio 16 on this page, which is 1:07:45 in duration: http://www.stevepavlina.com/audio/" Dexterity Needs Patch 36670 Move CAST to right-hand side of comparison in meta query Query 3.1 normal normal enhancement new 2016-04-26T04:40:41Z 2019-06-04T20:57:40Z "The SQL clause created by a meta query [https://github.com/WordPress/WordPress/blob/4.5/wp-includes/class-wp-meta-query.php#L634 CASTs the column value] `postmeta.meta_value` and compares it to the value provided in the meta query, a la `CAST(postmeta.meta_value AS CHAR) = 'some-value'`. Casting a column value instead of a constant means that MySQL will ignore an index for that column if one exists. Although core does not define an index for the `meta_value` column, a user could create one for perf reasons. Switching the side of the CAST would result in the same two types, just on different sides `postmeta.meta_value = CAST('some-value' AS CHAR)` That means [http://dev.mysql.com/doc/refman/5.7/en/type-conversion.html MySQL's type conversion] will work the same as it did previously. #36649 would need to be completed before this. Related: #27272, #36625" ericlewis Needs Dev / Bug Wrangler Feedback 36666 Enhance `remove_theme_support()` so that it can take additional arguments Themes 3.0 normal normal Awaiting Review enhancement new dev-feedback 2016-04-25T18:21:45Z 2018-05-15T17:08:21Z "Sometimes we might need to use the function `remove_theme_support()` to only support specific details of a specific theme feature, in particular it would be useful to be able to remove support for specific post formats or remove post thumbnail support for specific post types (related to #22080 for example). These checks would need to happen in a `switch` statement, similar to the other theme support functions, and we would need to handle additional arguments. For example, it should be possible to do `remove_theme_support( 'post-formats', 'video' )` to remove support for the video post format." flixos90 Needs Reporter Feedback / Steps To Reproduce 36663 "Wordpress 4.5 Query Strings Replacing ""."" with ""_""" Administration 4.5 normal normal defect (bug) new reporter-feedback 2016-04-25T17:07:37Z 2019-06-04T19:37:19Z "As of Wordpress 4.5, any query strings using a ""."" will get converted to a ""_"". While i understand that PHP doesn't support a period in a query string value, there are instances where query strings with periods are used by JavaScript and need to be retained. For example, the Webtrends analytics platform uses periods in most of their analytics query string values. For example, they use ""wt.mc_id"", ""wt.z_mce"", and ""wt.dl"". It appears that changes to 'wp-includes/canonical.php' in 4.5 cause these periods to be visually and functionally converted to underscores when the pages loads. Interestingly, this only happens on pages and not posts. Can we get the functionality put back the way it was so that the periods are retained, as this update will break Webtrends functionality, as well as any site using JavaScript that expects a period in a query string value?" michael.bucklin Patch Needs Refresh 36656 Improve UX on Add New User screen joedolson* Users normal normal Future Release enhancement accepted 2016-04-24T17:03:48Z 2023-10-20T01:25:26Z "While working with Multisite recently, I noticed that the Add New User screen can be quite cumbersome to work with. The screen currently serves two purposes: 1. Add existing user to site 2. Create a new user and add them to the site It may make sense to have two different forms for that, but these are currently nearly identical, leading to user confusion. Here's an example: [[Image(https://cldup.com/FSMdB2Gtdp.png)]] I'd love to improve the UX on this screen, ideally by combining these forms and then use some JavaScript to conditionally display/hide the email field only needed when creating a new user. Alternatively, tabs could be leveraged to have each form on a separate page. Thoughts? Note: I also wrote a simple proof-of-concept plugin called [https://wordpress.org/plugins/simple-user-adding/ Simple User Adding] that could be used as a playground for this enhancement." swissspidy Needs Dev / Bug Wrangler Feedback 36655 Enhancement: Add datetime column to options table. Options, Meta APIs normal normal enhancement new needs-unit-tests 2016-04-24T15:04:51Z 2019-06-04T20:57:35Z "== Proposal == The options table in WordPress is a great key/value storage option for a wide variety of different data used by core and plugins. One improvement that would increase its utility for faster time based queries on data stored there is to add a DATETIME column. == Some examples where this benefit could be realized: == === Example 1: Transient storage. === Currently, when there is no object-cache in use, transients are stored to the wp_options table. However, for each transient there are two records. One for the actual key/value pair and then one for any timestamp set as the transient expiry. Having a datetime column would allow the transient to always only consist of one record and thus make any queries interacting with transients much simpler. === Example 2: Arbitrary plugin data using the options table for its own scheduled tasks. === A lot of plugins are using the transient system wrong because it's not intended for indicating minimum age. Having a datetime column would provide the database schema in WordPress core that allows for plugins to implement their own ""minimum/maximum age"" apis. === Example 3: Tracking creation/modification times. === Having a datetime column would allow for indicating when a key/value pair was created and/or modified which could be useful for plugins that have need to do so. === Example 4: Scheduled settings/options. === Having a datetime column could allow for scheduled changes with a sites configuration and thus more advanced previews/site preparation, (think adding scheduled changes to site title, or site description via the customizer). Having a datetime column makes such schedules simpler to implement. == Implementation == === Schema === {{{ option_date datetime NOT NULL default '0000-00-00 00:00:00' }}} === Iterations: === 1. Add the column and modify options api to expose the new column to queries (get_option, update_option, site option functions etc). 2. Convert transient API to implement new option_date column for setting expiries when object-cache is not in use. == Who and When == I'd be willing to spearhead putting some patches together and getting the initial code going but before I invest some time in this I'm just testing the waters to see if this is even something that would be considered/welcomed for core. I'm not aware of any potential conflicts this may pose with the purpose for the option table but if there are any I'm sure I'll find out! I definitely don't see this as going in 4.6 but it might have potential for 4.7 if work begins fairly soon. " nerrad Needs Dev / Bug Wrangler Feedback 36652 Use meta_value in a meta query to decide type format in SQL clause ericlewis Query normal normal enhancement reviewing dev-feedback 2016-04-23T19:27:08Z 2019-06-04T20:57:29Z "The SQL clause generated for a meta query [https://github.com/WordPress/WordPress/blob/4.5/wp-includes/class-wp-meta-query.php#L628 quotes the `meta_value` in a string]. This means that if there's a post with a postmeta field for likes set to 2 and you run the query looking for posts with 10 or more likes {{{ #!php array( array( 'key' => 'likes', 'value' => 10, 'compare' => '>=' ) ) ) ); }}} the query will return the post with 2 likes. This is because the SQL is doing a string comparison, as both the column value and the compared-to value are strings. The fix for the developer is to supply a `type` parameter like `NUMERIC` in the meta query clause which coerces a numeric MySQL comparison. We could use the meta_value's type to decide the type format the value takes in the SQL clause, so that a query like this works as expected without the `type` parameter. This was [https://core.trac.wordpress.org/ticket/27272#comment:13 suggested] by @boone in #27272." ericlewis Needs Patch 36642 Add function to generate `image-set` attribute Media 4.6 normal normal enhancement new 2016-04-22T22:40:33Z 2019-06-04T20:24:09Z "This is a follow-up to #33641. It would be great to have a function that we can use to generate a `image-set` attribute, to support responsive images as background's on elements. See: https://drafts.csswg.org/css-images-3/#image-set-notation See: http://caniuse.com/#search=image-set Or this too early for such a request? It would be great to get it on the radar for the future." dbaker Needs Docs or Unit Tests 36641 WP_Term method __toString Taxonomy normal normal Awaiting Review enhancement new needs-unit-tests 2016-04-22T20:59:58Z 2017-02-05T14:18:20Z "I think that this is good idea. For example: {{{#!php '; var_dump(implode(', ', get_the_terms( get_the_ID(), 'category' ))); echo ''; ?> }}} I have ```string(**) ""Cat 1, Cat 2""``` " sebastian.pisula Has Patch / Needs Testing 36634 `register_post_status()` default causes notices in post list table Posts, Post Types normal normal defect (bug) new has-patch 2016-04-22T15:14:08Z 2019-06-04T20:57:24Z "The default value for the `$label_count` parameter in `register_post_status()` is an ""array of `$label`, twice."" As far as I can see, `$label_count` is used only once in core: in `WP_Posts_List_Table::get_views()`, where it's passed to `translate_nooped_plural()`. However, `translate_nooped_plural()` assumes the array it receives was generated through `_n_noop()` or similar. So the default `$label_count` value leads to undefined-index notices for each of the expected array keys when viewing the list table. To replicate, register a post status with these args, assign a post the 'test' status, and view the post list table: {{{ add_action( 'init', function () { register_post_status( 'test', array( 'label' => 'Test', 'show_in_admin_status_list' => true ) ); } ); }}} The attached patch would fix the notices by checking the `$nooped_plural` keys in `translate_nooped_plural()` and attempting to return a fallback value. Also, even though `$label_count` is an optional argument, it looks to me like developers are expected to register it as the list table expects. So, the patch would add a `_doing_it_wrong()` call to `register_post_status()` when no `$label_count` is included. This does, however, also flag the `auto-draft` and `inherit` statuses." dlh Needs Patch 36610 Loss of multibyte category and tag names Taxonomy normal normal defect (bug) new 2016-04-20T22:40:40Z 2019-06-04T21:22:20Z "Some multibyte category and tag names can be lost during creation. Example: create a category with the name `テテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテAAA`. It is 201 bytes long and will be truncated by `$wpdb->strip_invalid_text_for_column()` to 200 bytes (`テテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテAA`) before the category is created. However, the category name `AAAテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテテ` is also 201 bytes, but when it is truncated to 200 bytes, it splits a multibyte character, so when `wp_check_invalid_utf8()` gets called, it will truncate the string to zero bytes out of an abundance of caution, since the string ends with something that is not valid utf8. It's clear that the category creator was not submitting invalid utf8, and the true goal of `$wpdb->strip_invalid_text_for_column()` was to ensure that the text would fit in the DB column without auto-truncation by the DB engine, so the ideal behavior should be that the string is truncated to the longest possible length that remains valid and fits within the column. One way to get around this data loss would be a wrapper around `wp_check_invalid_utf8()`. If `wp_check_invalid_utf8()` fails, chop a single byte off the end of the string and check it again, up to the point where you have checked the string without the last five bytes (as I believe that the longest a single character can be is six bytes, although I'm not positive about that and I think anything longer than four bytes is mostly theoretical). Or, fix `$wpdb->strip_invalid_text_for_column()` so that it doesn't truncate in the middle of a multibyte character. There might be a solution lurking in mb_strlen(). If `wp_check_invalid_utf8()` returns an empty string, take bytes off of the original string (up to 5 bytes) until `mb_strlen()` returns a smaller number and then try `wp_check_invalid_utf8()`. Configuration details: Tested in WordPress trunk (4.5-RC1-37153) and PHP 5.2.17 Here's my `wp_terms` structure: {{{ CREATE TABLE `wp_terms` ( `term_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) NOT NULL DEFAULT '', `slug` varchar(200) NOT NULL DEFAULT '', `term_group` bigint(10) NOT NULL DEFAULT '0', PRIMARY KEY (`term_id`), KEY `slug` (`slug`(191)), KEY `name` (`name`(191)) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; }}} See #36393 for discussion of a similar (but now-fixed) bug." cfinke Has Patch / Needs Testing 36603 wp_publish_post() does not fire post_updated action Posts, Post Types 4.6 normal normal enhancement new has-patch 2016-04-20T13:25:14Z 2019-06-04T20:57:19Z "{{{ do_action( 'post_updated', $post_ID, $post_after, $post_before); }}} Gives convenient access to before/after state of the post for actions that are conditional on exact changes performed. `wp_publish_post()` inconsistently doesn't fire this hook, even though it does fire `edit_post` and `save_*` hooks that come before and after it. This makes it impossible to rely on `post_updated` hook since it will never fire for any update performed by `wp_publish_post()`." Rarst Needs Dev / Bug Wrangler Feedback 36595 can't set post_modified in wp_insert_post, becomes post_date Posts, Post Types 1.0 normal normal defect (bug) new dev-feedback 2016-04-19T15:34:29Z 2020-04-01T19:46:50Z "When manually instering a post, post_modified isn't working, it becomes the post_date {{{#!php 'test', 'post_content' => 'test', 'post_status' => 'publish', 'post_type' => 'test', 'post_author' => 1, 'post_date' => '2015-01-22 22:00:12', 'post_modified' => '2016-04-18 12:12:12', 'comment_status' => 'closed' ); wp_insert_post( $wp_test ); }}} outcome: post_modified = '2015-01-22 22:00:12'" gijsgg Needs Patch 36582 Export main query from Customizer preview Customize 4.0 low normal Future Release enhancement assigned 2016-04-18T20:45:09Z 2021-05-23T19:56:36Z "Controls, sections, and panels in the Customizer support the concept of an active state (#27993) which controls whether or not the control is contextual to the current query. Controls may want more information than whether to hide/show, but to show contextual information based on which kind of query is loaded in the Customizer preview, such as if it `is_singular` or which post specifically was queried. This information should be exposed from the Customizer preview to the pane as well. An initial implementation of this has been implemented in the Customize Posts feature plugin: https://github.com/xwp/wp-customize-posts When the preview syncs the `WP_Query` data from the preview to the pane, the data should get sent along with the `ready` message along with the `activeControls`, `activeSections`, and `activePanels` data. When the data is received by the pane, it should get populated into a model which can have events attached to it. For example, a `wp.customize.Values` instance could be used as a collection to represent the query_vars. Or there could be one single `wp.customize.Value` that stores the exported `WP_Query` data in like `wp.customize.previewedQuery` which plugins could then listen to changes on. For example: {{{#!js wp.customize.previewedQuery.bind( function( newQuery, oldQuery ) { if ( newQuery.is_singular !== oldQuery.is_singular ) { if ( newQuery.is_singular ) { // We switched to a singular template! } else { // We switched to a non-singular template! } } } ); }}} Some thought will need to be given to how a JavaScript object is used to represent `WP_Query`. See Slack: https://wordpress.slack.com/archives/core-customize/p1461011732000103" westonruter Needs Patch 36581 Customizer Header Image Control should extend the cropped image control Customize 3.9 normal normal Future Release enhancement new 2016-04-18T19:55:06Z 2019-05-29T17:36:05Z "`WP_Customize_Header_Image_Control` was written (in 3.9) before all of the other customizer media controls were refactored to use the media library (in 4.1) and additional controls were introduced (in 4.2 and 4.3). It uses an almost entirely separate codebase right now, and by merging it back in to use the newer functions, future enhancements can be made in fewer places to apply to more controls, and the cropped-image control will likely benefit with some new reusable features as well. Additionally, this cleanup will simplify the codebase and make it much easier to contribute to and understand the way the headers UI works, and why. Ideally, we would be able to use `WP_Customize_Cropped_Image_Control` directly for header images by bringing more features that are currently specific to headers to all media controls. However, in practice we may end up needing it to remain a distinct control for various reasons. Regardless, it should extend WP_Customize_Cropped_Image_Control directly and make use of its functions in both PHP and JS where possible. Additionally, it should leverage the core API for JS-templated contols introduced in 4.1. See #29211, and #32861, which would likely be fixed in the process of implementing this ticket." celloexpressions Needs Patch 36579 global $wp_rewrite not set when create_initial_post_types() first run Posts, Post Types 4.4 normal normal enhancement new 2016-04-18T17:59:18Z 2019-06-04T20:57:05Z "The global $wp_rewrite is set in wp-settings.php, after create_initial_post_types(). If you want to hook into the 'register_post_type_args' filter, to set `$args->rewrite` then you currently have to jump through hoops to avoid an `Uncaught error Call to a member function add_rewrite_tag() on null` Could the call to set `$GLOBALS['wp_rewrite']` be moved to before `create_initial_post_types()`? Or perhaps some defensive programming in `rewrite.php` to test if $wp_rewrite is set. Functions `add_rewrite_tag` and `add_permastruct` are candidates for that change. " bobbingwide Needs Dev / Bug Wrangler Feedback 36564 Last Modified for Comments Comments 4.4 normal trivial Future Release enhancement new needs-unit-tests 2016-04-17T20:44:59Z 2017-02-12T10:37:16Z "Related #28463, #19495. Posts have a last modified and last modified gmt, but comments have no such thing. There are several proposals indicating a need for comment revision, or tracking when the comment is first created. Wanted to explore the idea of having last modified and last modified gmt stored as comment meta triggered by update_comment as a simple, low impact way of adding this feature that could be used by a variety of plugins. This could be implemented by plugin hooking to edit_comment, but if such a feature is to be useful, it needs a standard storage format." dshanske Needs Patch 36559 "Using ""widget"" as part of setting title breaks the customizer since 4.5" Customize 4.5 normal normal Awaiting Review defect (bug) new close 2016-04-17T10:02:56Z 2021-05-23T19:49:48Z "Hi, My theme ""'''Indie'''"" had several customizer options that have the word ""Widget"" as part of the '''add_setting''' and '''add_control''' title: {{{ 'widget_bg' 'widget_txt' 'widget_txt_highlight' 'widget_txt_highlight_hover' }}} This broke the customizer completely showing no options other than the widget panel. I've replaced these names and the customizer works again. This problem was reported to me since 4.5 release. Thanks Steven" steven_gardner Needs Patch 36557 WordPress Version 4.5 Upgrade Failure Upgrade/Install 4.5 normal normal Awaiting Review defect (bug) reopened 2016-04-17T04:27:36Z 2017-07-05T20:12:57Z "Upgrade to Version 4.5 failing in one of my site. The wp-admin/update-core.php?action=do-core-upgrade page comes blank with normal admin menu and sidebar. Upon further investigation I found those in source {{{ }}} And at the end of the page {{{

            Are you sure you want to do this?

            Please try again.

            }}} I cleaned cache, re-logined, still same. Any plugin updates works perfectly, not just the core. Server NGINX 1.9.10, PHP 7.0.5, from WordPress 4.4.2 " Asif2BD Needs Patch 36556 has_cap was called with an argument Users 4.4.2 normal normal defect (bug) new 2016-04-17T04:14:45Z 2019-06-05T06:44:17Z "I am seeing this error message in one of the site Notice: has_cap was called with an argument that is deprecated since version 2.0! Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead. in ~/wp-includes/functions.php on line 3737 I understand it's probably because of one of the plugin or theme probably called a numeric user level instead of a capability name. But maybe we could create a backfill kind of approach here. " Asif2BD Needs Patch 36532 Allow Reordering of Available Widgets Widgets normal normal enhancement new 2016-04-14T21:12:22Z 2019-06-05T06:44:15Z "It's common to see sites with 20 or even 30 widgets, even when the site user only needs a few of them: - Example 1: Core still ships with Tag Cloud and Meta widgets that I'd guess are barely ever used. - Example 2: It's always a bummer that the Text widget starts with ""T""... - Example 3: Jetpack adds a bunch of widgets, but I often only need one. Yesterday, I observed a client trying to drag-and-drop reorder the list of Available Widgets. I thought that was a perfectly reasonable thing to try, and realized I would love to do that on every site. This seems even more reasonable considering that a user can already reorder Inactive Widgets. I considered requesting that each widget be togglable via Screen Options, but I realize this wouldn't quite make sense given that a user could then hide an existing widget type. So among the options I can think of, I think the ability to reorder Available Widgets would be a relatively minor UI change with a potentially large UX improvement!" mrwweb Needs Patch 36527 Add a 'wp-' prefix to ALL admin classes to prevent CSS conflicts Administration normal normal enhancement new 2016-04-14T12:37:34Z 2019-06-04T19:36:44Z Long story short, in any front end editors, which WP itself seems to be moving towards with the Customizer, there are lots of admin elements that are not prefixed and can quickly begin to conflict. Some examples are .button, .textarea, etc. I'd love to see all admin classes add a prefix of `.wp-` mrpritchett Needs Reporter Feedback / Steps To Reproduce 36512 Color picker has disappeared from input in custom post type. Administration 4.5 normal normal defect (bug) new reporter-feedback 2016-04-13T14:55:37Z 2022-07-07T17:30:40Z "In a custom plugin I've created some metaboxes with color picker fields. Here how I call the color picker style : {{{ add_action( 'admin_enqueue_scripts', 'le_chiffre_add_color_picker' ); function le_chiffre_add_color_picker( $hook ) { // $hook to apply a check for admin page. wp_enqueue_style( 'wp-color-picker' ); wp_enqueue_script( 'custom-script-handle', plugins_url( 'custom-script.js', __FILE__ ), array( 'wp-color-picker' ), false, true ); } }}} the HTML input (created dynamically): {{{ }}} and the js for my input fields, loading the color picker: {{{ (function( $ ) { // Add Color Picker to all inputs that have 'color-field' class $(function() { $('.color-field').each(function(){ $(this).wpColorPicker(); }); }); })( jQuery ); }}} With WordPress 4.4.2 everything worked like a charm (I even did a reverse from 4.5 to 4.4.2 to be sure of it) and now with the 4.5 version, the color picker doesn't show up on my fields... I didn't found anybody having the same issue. Have a nice day David THOMAS " anou Needs Dev / Bug Wrangler Feedback 36507 Invalid URLs in network admin when WP Core is in custom subdirectory Networks and Sites normal normal Awaiting Review defect (bug) reopened dev-feedback 2016-04-13T09:47:36Z 2022-11-16T23:54:54Z "In my setup, I have WordPress Core in a custom subdirectory, so my home URL for a site is like `http://example.com` while my site URL is like `http://example.com/core`. In the network admin area, this results in invalid links since the `network_site_url()` function does not check whether WordPress is installed in a custom subdirectory. The links have a path like `/wp-admin/network/...` although they should have a path like `/core/wp-admin/network/...`." flixos90 Needs Reporter Feedback / Steps To Reproduce 36499 featured image, image upload General 4.5 normal normal defect (bug) new reporter-feedback 2016-04-13T01:35:59Z 2019-06-04T19:57:19Z "Using Avada theme with WP4.5, many elements have broken since WP4.5 update. Including: Slidedeck Slider shows ini_set errors and load.php errors Fusion Slider - stuck at spinning wheel trying to load slides Featured Images for blog posts not showing Add Media into post or page (images wont load to select from) Surprised this update has affected just about all my sites (about 200) which updated automatically. Now I am trying to revert them all to 4.4x How did you guys drop the ball this time?" diskmandotnet Needs Dev / Bug Wrangler Feedback 36492 Add `WP_Post_Status` class Posts, Post Types 3.0 normal normal enhancement reviewing dev-feedback 2016-04-12T10:30:14Z 2019-06-04T20:56:46Z "Similar to #36217 and #36224, a dedicated class for post statuses would make it easier to work with those as they are currently represented through raw objects. The global variable `$wp_post_statuses` would then hold objects of `WP_Post_Status` which would provide the benefits of autocompletion in IDEs, and we could possibly add methods to the class in the future to make post status management easier." flixos90 Has Patch / Needs Testing 36486 is_apache in vars.php does not always work Rewrite Rules 4.4.2 normal normal Awaiting Review defect (bug) new has-patch 2016-04-11T22:42:10Z 2019-05-12T17:30:01Z "The $is_apache variable does not always work when using an Apache module like security2_module with the SecServerSignature option. By removing the word ""Apache"" from the name of the server vars.php will no longer detect that the server is Apache. A simple solution is to add an addition check: || function_exists('apache_get_version')!== false Any Apache only function will work. See attached patch from WP 4.4.2 I discovered this caused issues with the RewriteRules, randomly WordPress would add index.php/ within the permalinks when editing the permalink options in the wp-admin. Not sure if this should be called a bug or an enhancement, leave it up to core team to decide that. I would not remove the first 2 checks though, it is possible that the apache_get_version is disabled in the php.ini. I would recommend adding the option to the current checks just to be 100% sure." amandato Needs Patch 36479 Improve autosave in the browser Autosave normal normal defect (bug) new 2016-04-11T14:55:10Z 2019-06-04T19:36:24Z "Several improvements that can make this quite better: - Try to better detect when a restore may be needed. - Make in-browser autosaves a ""higher priority"" than remote/server autosaves. The in-browser content is fresher. If both are available, prefer/emphasis the in-browser data. - Add some subtle, always present UI for restoring a post from in-browser autosave. This should (probably) be only available before the users start typing. - Consider adding the in-browser data to the revisions or display a preview/diff with the current data in some other way. " azaozz Needs Dev / Bug Wrangler Feedback 36477 Responsive images (srcset) can include images larger than the full size Media 4.4.2 normal normal Future Release defect (bug) assigned needs-unit-tests 2016-04-11T13:27:58Z 2023-09-01T15:35:00Z "In many cases, I saw the resized and smaller images are much larger than the origin image, especially for the optimized images, it will make no sense to do that resize in this case, the worst case I've seen is about 13x larger than the origin and bigger image. If an example can help to explain the problem, please take this picture: https://cdn2.peterdavehello.org/wp-content/uploads/2016/04/status.png Many thanks!" peterdavehello Needs Patch 36475 Responsive images in TinyMCE Editor normal normal Future Release enhancement new 2016-04-11T12:49:07Z 2019-07-02T14:57:57Z Decide if we should be adding the `srcset` and `sizes` attributes to the images in the editor, and if they should be saved to the database or added with the display filter. iseulde Needs Dev / Bug Wrangler Feedback 36462 Updating or publishing a (custom) post that hasn't loaded completely closes comments Posts, Post Types 4.4.2 normal normal Future Release defect (bug) new dev-feedback 2016-04-10T14:44:28Z 2017-02-20T22:19:57Z "I am using a custom post type, but I assume this happens to the default post type as well. On the edit post screen (post.php?post=1&action=edit) I have several custom meta boxes. Some of these have content that is quite slow to load. You can reproduce this behavior by adding a sleep(5) statement somewhere in the code that loads the content for a custom meta box. Now in the document's DOM, the sidebar is loaded before the custom meta boxes. This introduces a situation where it is possible to update or publish a post before all the meta boxes have completely loaded. In most cases this isn't a huge problem - I myself check to see if the $_POST fields are there and if they are not then I don't act upon them. Unfortunately this does not happen for the included ""Discussion"" meta box. This box has a checkbox named ""Allow Comments"" which gets switched off when you update the post before this meta box has loaded into the DOM. The culprit is the code in wp-admin/includes/post.php on line 133 in the _wp_translate_postdata() function: {{{#!php if (!isset( $post_data['comment_status'] )) $post_data['comment_status'] = 'closed'; }}} Since the comment_status field is not in the post data, it is automatically assumed it needs to be closed. Of course there are two ""workarounds"" I can think of that would improve my current situation. One is for me to optimize the meta boxes so the page loads quicker, the other is to move the Discussion metabox to the top of the page, so it loads first. Is this expected behavior? I would much rather see the current comment_status be preserved - don't touch it if I didn't intend to modify it. Of course there might be a reason for this implementation that I don't know about. This post data is then finally presented to wp_insert_post in wp-includes/post.php which actually updates the post's comment_status to become closed, which finally answers my boss' question why comments kept getting disabled automatically." SeBsZ Needs Patch 36449 When concatenating styles in script-loader dependencies may not be honoured. Script Loader 4.4.2 normal normal defect (bug) new 2016-04-08T09:43:07Z 2019-06-04T21:21:41Z "This is the (not-really) evil twin of the scripts issue [https://core.trac.wordpress.org/ticket/36448 36448]. When concatenating styles, dependencies may not be honoured for styles that trigger the use of `$print_html` (ie those outside the default directories or having conditionals or alts). For instance this test where `three` depends on `one` and `one` has a conditional: {{{#!php do_concat = true; $wp_styles->default_dirs = array( '/directory/' ); $wp_styles->default_version = 1; wp_enqueue_style( 'one', '/directory/one.js', array(), 1 ); wp_enqueue_style( 'two', '/directory/two.js', array(), 1 ); wp_enqueue_style( 'three', '/directory/three.js', array( 'one' ), 1 ); wp_style_add_data( 'one', 'conditional', 'blah' ); $wp_print_styles = get_echo( 'wp_print_styles' ); $print_styles = get_echo( '_print_styles' ); $expected = ""\n""; $expected .= ""\n""; $this->assertEquals( $expected, $print_styles ); $this->assertEquals( '', $wp_print_styles ); } }}} will fail, as the conditional stuff will always be outputted after the concatenated styles, resulting in `one` appearing after `three`: {{{ }}} " gitlost Needs Patch 36448 When concatenating scripts in script-loader dependencies may not be honoured. Script Loader 4.4.2 normal normal defect (bug) new 2016-04-08T09:33:59Z 2019-06-04T21:21:36Z "This is a follow on from [https://core.trac.wordpress.org/ticket/36392#comment:13 36392#comment:13]. Ticket #15833 looks to be related. When concatenating scripts, dependencies may not be honoured for scripts that trigger the use of `$print_html` (ie those outside the default directories or having conditionals or (if available!) inline scripts). For instance this test where `three` depends on `one` and `one` has a conditional: {{{#!php do_concat = true; $wp_scripts->default_dirs = array( '/directory/' ); $wp_scripts->default_version = 1; wp_enqueue_script( 'one', '/directory/one.js', array(), 1 ); wp_enqueue_script( 'two', '/directory/two.js', array(), 1 ); wp_enqueue_script( 'three', '/directory/three.js', array( 'one' ), 1 ); wp_script_add_data( 'one', 'conditional', 'blah' ); $wp_print_scripts = get_echo( 'wp_print_scripts' ); $print_scripts = get_echo( '_print_scripts' ); $expected = ""\n""; $expected .= ""\n""; $this->assertEquals( $expected, $print_scripts ); $this->assertEquals( '', $wp_print_scripts ); } }}} will fail, as the conditional stuff will always be outputted after the concatenated scripts, resulting in `one` appearing after `three`: {{{ }}} The same is also true, ''mutatis mutandis'' (ahem), for styles, but I'll open a separate ticket for that." gitlost Needs Dev / Bug Wrangler Feedback 36447 Responsive preview icons in Customizer need tooltips iamjolly Customize 4.6 normal normal Future Release enhancement assigned dev-feedback 2016-04-08T02:44:59Z 2021-11-09T15:43:27Z "The new icons at the bottom of the Customizer for toggling the preview window of your site really need tooltips to indicate what they're for. Just like the tooltips on the Visual Editor icons, other icons in the Dashboard should have tooltips as well. As leading usability expert Jakob Nielsen explains; >A user’s understanding of an icon is based on previous experience. Due to the absence of a standard usage for most icons, text labels are necessary to communicate the meaning and reduce ambiguity. https://www.nngroup.com/articles/icon-usability/ Even the Google Design Guidelines recommend tooltips for icons https://www.google.com/design/spec/components/tooltips.html# I originally raised this as a post on the [https://wordpress.org/support/topic/responsive-preview-icons-in-customizer-need-tooltips Beta forum] but it was suggested that since it's getting late in the 4.5 release cycle it would be best to raise it as a Trac ticket." ahortin Needs Patch 36442 Customizer: when setting header image and site logo, also create a 2x image if possible Customize 3.9 normal normal Future Release defect (bug) new 2016-04-07T15:46:44Z 2017-01-24T18:49:45Z Currently after cropping an image for a header image or site logo, we make only smaller sizes images with the same ratio. These sizes are used (automatically) in srcset. We also need to make a 2x size for use on high density displays, if the original image is large enough. azaozz Needs Patch 36441 Customizer: when setting header image, site icon and logo, do not force the user to crop the image if cropping is not required Customize 4.3 high normal Future Release defect (bug) new 2016-04-07T15:33:28Z 2022-07-20T21:18:04Z "This is a long time standing UX ""weirdness"". When using ""the Cropper"" in the Customizer, it forces the user to crop the selected image even when it only requires scaling. To reproduce: - Open the Customizer and go to setting a site icon. - Upload an image that is square, I tested with 800 x 800px. We require 512 x 512px image for site icon, so the uploaded image only needs to be scaled. However on the next screen there is no ""Skip cropping"" button. If the users wants to use the whole image, they will have to ""crop"" it at 100% x 100% to get to the next step. " azaozz Needs Patch 36440 get_results break in wp-admin/options.php if thetable is huge Options, Meta APIs 4.4.2 normal minor defect (bug) new 2016-04-07T14:17:47Z 2019-06-04T20:56:39Z "If we try to check all values from wp_options table thanks to the admin page wp-admin/options.php, the page will be broken if the table is huge (on my case more than 100 000 rows). A simple pagination feature should fix the issue instead of trying to get all results. Currently on wp-admin/options.php line 253: {{{#!php get_results( ""SELECT * FROM $wpdb->options ORDER BY option_name"" ); }}} " aoculi Has Patch / Needs Testing 36439 Wrong language when resetting password johnbillion Login and Registration normal normal Future Release defect (bug) reviewing has-patch 2016-04-07T09:29:24Z 2021-10-20T15:16:27Z "When using WPML (or other multilanguage plugin) along with multisite, the reset password email comes in wrong language, as the reset password form is sent to network_site_url() instead of site_url(). I think a proper way should be:
            "" method=""post"">" vasikgreif Needs Docs or Unit Tests 36437 wp_delete_attachment causes warning Media 2.0 normal normal Awaiting Review defect (bug) new needs-unit-tests 2016-04-07T06:24:34Z 2017-07-27T16:26:17Z wp_delete_attachment assumes that attachments uses category and post_tag taxonomies. This causes a warning in wp_delete_object_term_relationships when post type attachment is not using category or post_tag taxonomies. thorbrink Needs Dev / Bug Wrangler Feedback 36432 Show Site ID and Theme in My Sites Networks and Sites 4.4.2 normal normal Awaiting Review enhancement new dev-feedback 2016-04-06T21:27:31Z 2019-11-05T13:49:25Z It could be useful to show in My Sites menu, for each site, the Theme/Child Theme applied and the site ID jusox Needs Docs or Unit Tests 36428 Weird default value of option 'default_link_category' Upgrade/Install 3.5 normal normal defect (bug) new needs-unit-tests 2016-04-06T15:15:19Z 2020-06-05T06:22:07Z "The option `default_link_category` has value `2` after installing WordPress. It makes no sense since 3.5. Generally, it's not a big problem, but we check referential integrity in our plugin and this fails because there's no `term_taxonomy` with ID `2`. " JanVoracek Has Patch / Needs Testing 36426 WP Admin memory limit not increasing to base limit by default Administration 4.6 normal normal enhancement new has-patch 2016-04-06T12:54:54Z 2019-06-04T19:35:53Z "We have 2 constants that can be set in wp-config.php (and by using filters, afaik), for example: {{{#!php define( 'WP_MEMORY_LIMIT', '512M' ); // increases WP base (front-end) limit define( 'WP_MAX_MEMORY_LIMIT', '512M'); // increases WP admin (back-end) limit }}} The former isn't really known, which you can Google to find out. People usually only use the first constant. If the 2nd constant (WP_MAX_MEMORY_LIMIT) is not set, it defaults to 256M. WP_MEMORY_LIMIT can be higher than that though, so we could safely increase WP_MAX_MEMORY_LIMIT to match WP_MEMORY_LIMIT if WP_MEMORY_LIMIT is higher and WP_MAX_MEMORY_LIMIT is not set manually to a lower (than WP_MEMORY_LIMIT) value. What I mean in coding terms: {{{ if(!isset(WP_MAX_MEMORY_LIMIT) && isset(WP_MEMORY_LIMIT)){ if(WP_MEMORY_LIMIT>DEFAULT_WP_MAX_MEMORY_LIMIT){ //NOTE to the line above: this requires parsing the actual value in these constants as the strings can be like: 512M, 1G etc.; the DEFAULT_WP_MAX_MEMORY_LIMIT is a thing I came up with, currently the default admin memory limit is 256M define( 'WP_MAX_MEMORY_LIMIT', WP_MEMORY_LIMIT); } } }}} All these values can be checked with the Bulletproof Security plugin, under BPS Security -> System Info. Side note: imho WP_MAX_MEMORY_LIMIT should be renamed to something like WP_ADMIN_MEMORY_LIMIT, but that's another issue. " eclare Has Patch / Needs Testing 36424 graphically visualize if comments are closed (in wp-admin/edit.php) Comments normal normal Future Release enhancement new has-patch 2016-04-06T08:08:36Z 2018-03-12T17:02:29Z "it would be nice if the pages or posts list would not only show the number of comments per page but if it also could show a symbol if comments for this particlar page or post are closed. proposal: - the lock symbol https://developer.wordpress.org/resource/dashicons/#lock - or https://developer.wordpress.org/resource/dashicons/#edit combined with a kind of ""forbidden"" sign/strike, similar to https://developer.wordpress.org/resource/dashicons/#hidden " pixelverbieger Needs Patch 36423 Constant in wp-config.php to disable uploads Upload normal normal Awaiting Review feature request new 2016-04-05T21:35:13Z 2017-02-02T12:59:42Z "During a conversation with @ jasondewitt10up today, he asked if there was a wp-config.php constant he could define to disable uploads within WordPress (his specific use-case was in case the containerized filesystem went away, but I could also see uses during migration/content freezes, while performing some upgrades, etc. I'd be interested to hear the core team's thoughts on a constant like `DISABLE_FILE_UPLOAD`, which would function in a similar fashion to `DISALLOW_FILE_EDIT` and `DISALLOW_FILE_MODS`. Is there a stance for or against more wp-config.php constants, or is it a ""only if they ''really'' make sense and would be applicable for a large % of the install base"" decision?" stevegrunwell Needs Dev / Bug Wrangler Feedback 36420 A more forgiving redirect guesser Canonical normal normal Awaiting Review enhancement new dev-feedback 2016-04-05T14:13:37Z 2017-08-16T19:53:17Z " I would like the redirect guesser to be more forgiving using SOUNDS LIKE . Here's a small suggestion: {{{#!php function redirect_guess_404_permalink() { global $wpdb; if ( get_query_var('name') ) { $where = $wpdb->prepare(""(post_name SOUNDS LIKE %s"", $wpdb->esc_like( get_query_var('name') ) ); $where .= $wpdb->prepare("" OR post_name LIKE %s)"", $wpdb->esc_like( get_query_var('name') ) . '%'); .... }}} It would be even better if it could be implemented using levenstein distance if that is not too heavy on resources. https://github.com/fza/mysql-doctrine-levenshtein-function " gorillum Needs Dev / Bug Wrangler Feedback 36418 Custom MIME type icons lost in WP Media List view Media normal normal Awaiting Review defect (bug) new dev-feedback 2016-04-05T01:18:11Z 2021-10-23T13:22:48Z "The ability to define custom MIME icons has been possible since at least v2.5, by hooking into several filters, one of which is `icons_dir`. `icons_dir` allows you to specify additional directory/uri pairs for the `wp_mime_type_icon` routine to search, ideally adding icon support for additional MIME types. However, going through SVN history, it seems that almost from the beginning of the availability of that hook, there has been a loophole where the additional icon directories are ignored! Specifically: `wp_get_attachment_image_src` calls `wp_mime_type_icon`, which in theory could select a custom icon directory added by the `icon_dirs` hook. It then attempts to fetch width and height information from the selected icon file, but only checks the default wp-includes/images/media directory. Of course, this prevents the custom icons from displaying when fetched through `wp_get_attachment_image_src`." jhorowitz Needs Patch 36417 Unit tests for functions.php's maybe_unserialize General 2.0 normal normal enhancement new 2016-04-05T00:36:50Z 2019-06-04T19:56:56Z Unit tests for maybe_unseriaze tloureiro Needs Patch 36411 Missing admin menu for custom taxonomy Menus normal normal defect (bug) new 2016-04-04T16:38:00Z 2019-06-04T20:23:47Z "I found an edge case that can cause that a user with the right capabilities becomes unable to manage terms on a custom taxonomy. The scenario includes: * A user with an editor role. * A custom post type with a set of custom capabilities that the current editor can not match. * A custom taxonomy assigned to that custom post types with default capabilities, so editors can manage it. Under those premises, the admin menu for the taxonomy is not generated. Note that you can access the admin page to manage terms on that custom taxonomy if you access the URL manually. If you then register a second custom taxonomy, also assigned to the same custom post type and with default capabilities (so an editor can manage it), then a custom admin menu is generated, wit the custom post type label, and granting access to admin pages to manage both taxonomies terms. I am attaching a minimum test case that does register the three objects, and includes comments as to how to test it." jadpm Needs Docs or Unit Tests 36409 Comments number is wrong Comments normal normal defect (bug) new needs-unit-tests 2016-04-04T14:21:26Z 2019-06-04T19:35:47Z "Hi, the comment number return the number of approved comments, this means all approved comments even those are replies to unapproved comments, for example if a user post comment and people replied to it, then the admin decide to hide this parent comment by disapproving it, the comment number will decrease only by one and keeping counting the hidden replies So there are two option to fix that : 1. Hold/Disapprove all children when disapproving the parent. 2. Recalculate the comment number and excluding comments has an unapproved parent. Regards, Sidati" sidati Needs Docs or Unit Tests 36406 $network_wide is unreliable Plugins 3.0 normal critical Future Release defect (bug) reviewing needs-unit-tests 2016-04-03T09:20:33Z 2019-07-09T10:20:39Z "This issue may be related to ticket #31104 Scenario: In a WordPress network an admin decides a plugin must not be network activated. Only a per site or even a site specific activation shall be allowed. Idea: Conditional check during plugin activation and die with an error message if $network_wide is true. Result: Plugin does not get activated but the custom error message is not displayed Assume the following function run during activation (it is simplified and the real activation sequence does not have echos!) {{{ function test_activation_hook( $network_wide ) { echo '1 | '; // exit( 1 ); if ( is_multisite() ) { echo '2: | '; // exit( 2 ); if ( $network_wide ) { echo '3: | '; // exit( 3 ); } else { echo '4: | '; // exit( 4 ); } } else { echo '5: | '; // exit( 5 ); } echo '6: | '; exit( 6 ); } }}} If you exit after if(is_multisite) the message displayed will be '1 | 2 |' If you exit after if($network_wide) during a networkwide activation the message displayed is '1 | 2 | 4 | 6' instead of '1 | 2| 3|' Exiting at 4, 5, or 6 will display '1 | 2| 4|', '1 | 2| 5|' and '1 | 2| 6|' as expected. After many hours of debuging I realized the function (the action filter 'activate_' . $plugin) gets executed 3 times if you exit it early. And only the first call has the argument $network_wide set to true if it is an network_wide activation. If you like to exit at 3, that is you do not want a network activation, the flow is therefore as follows: - The first run (click on network activate) has $network_wide set to true and will exit at 3 - the second run (no idea why) has $network_wide set to false and will pass 1 | 2 | 4 | 6 - the third run (no idea why) has $network_wide set to false and will pass 1 | 2 | 4 | 6 Imho calling the activation function (or the code) three times in case you exit it (better say terminate because you cant end a plugin installiton clean) is wrong at all. However if this is by design then $network_wide must be reliably set to true if it originally was. " mensmaximus Needs Patch 36405 User creation fails for users with long names. Users normal normal defect (bug) new 2016-04-03T05:49:00Z 2023-05-28T11:52:50Z "Summary: When creating a user with a long first or last name, the query that inserts the user into the DB is assumed to have succeeded, but that fact is never verified. Sign in as an admin and create a new user, giving it the first name `ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQ` (or any 251-byte string). After submitting the form, you'll see a handful of error messages (line numbers are from trunk just now, but I can reproduce the bug as far back as 4.2.1): {{{ Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1716 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1717 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1730 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1738 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1740 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1742 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1746 Warning: Cannot modify header information - headers already sent by (output started at wp-includes/pluggable.php:1716) in wp-includes/pluggable.php on line 1171 }}} What happens is that the `$wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) );` call in `wp_insert_user()` fails, but there's no check to ensure that it succeeded, so the code proceeds to try and create a new `WP_User` with ID `0`. This results in unexpected behavior, like sending a ""New User Registration"" email to the admin with blank ""Username"" and ""Email"" values. The failure is due to `$wpdb->process_fields()` calling `$wpdb->strip_invalid_text()`, which truncates the `display_name` field (because the `display_name` field only allows 250 bytes), and because it then doesn't match the value passed into `$wpdb->process_fields()`, it returns `false`. So this isn't so much a bug about a text string that's too long, it's really a bug about not checking the return value of `$wpdb->insert()`. I think the resolution of #10377 is probably the same kind of approach that could be taken here, since the problems seem similar." cfinke Needs Patch 36402 front-page.php behavior for child themes Themes normal minor Awaiting Review enhancement new 2016-04-02T08:18:59Z 2018-04-17T22:08:56Z "Currently, if a parent theme has a `front-page.php` template, child theme inherits this too. I think this should not happen. On this specific case, I think that a child theme should behave like a parent one. The attached patch checks: {{{ if * A child theme is NOT used or * A child theme is being used and includes 'front-page.php' then * Load 'front-page.php' }}} This allows a child theme to include its own `front-page.php` template or setting the ''front-page'' to a page from the 'Reading' setting." cristovaov Needs Dev / Bug Wrangler Feedback 36397 add_query_arg doesn't work with numbered html entities Formatting 2.8 normal normal defect (bug) new dev-feedback 2016-04-01T13:36:24Z 2019-06-04T19:56:44Z "In #20771 we'd like to use `esc_url` instead of `esc_html` to escape the url that is generated by `wp_nonce_url`. Unfortunately this is currently not possible because `add_query_arg` has some buggy behavior with regard to its dealing with hashes in urls. I am creating this ticket to deal with that issue separately. `add_query_arg` searches for the first hash in a url and cuts everything that comes after it from the url as the hashfragment and appends it back at the end of the operation. There are two problems with this: 1. No hash found in the url necessarily indicates a hashfragment. It could also indicate a numbered html entity. 2. If there are multiple hashes in the url, we should probably only look at the last hash present to find a possible hashfragment. This can for instance become a problem when we use`esc_url` on a url with more than one parameter. `esc_url` escapes ampersands by replacing them with their numbered html entity equivalents; `#038;` When I now want to use `add_query_arg` on such a url, the parameters get moved to the end of the url because it thinks everything after the second parameter is a hashfragment. I am adding a patch with a some passing and some failing testcases that cover this issue. I am also adding a patch that takes care of the issue of multiple hashes in the url and fixes the issue for ampersands, which should unblock #20771 if it were committed." omarreiss Needs Patch 36391 Create a hook to handle dynamic CSS? Script Loader normal normal Awaiting Review feature request new close 2016-04-01T00:12:25Z 2022-07-15T15:08:32Z "I'm not sure if this has been suggested before, but it would be really cool if there was a hook for plugins that would allow them to add their css to a css file that is generated and enqueued automatically when that hook is not empty. This would be done to prevent plugins such as Visual Composer, from loading all of their custom css in the of the page which can be bad for caching. Instead they would hook in, add their css, and then the css would be added to a single file along with all of the other css that has been hooked to it. {{{ add_filter( 'options_css', 'add_my_plugin_css' ); function add_my_plugin_css( $hooked_css ) { $bg_color = get_option( 'header_background_color' ); $hooked_css .= '#header{background-color:'.$bg_color.';}'; return $hooked_css; } }}} This code would then be hooked, sanitized, and minified, and then enqueued where it needs to be. I'd even suggest that the name of the css file could be wp-options.css or options.css " CarlosRios Needs Dev / Bug Wrangler Feedback 36376 current_user_can/has_cap fails when user has multiple roles dd32* Role/Capability normal normal Future Release defect (bug) accepted needs-unit-tests 2016-03-30T17:16:45Z 2019-01-14T04:46:21Z "To replicate the issue, install a role editor. Setup a user with primary role 'author' and secondary role 'customer' (this is a WooCommerce role which has ONLY 'read' access, nothing else). https://dl.dropboxusercontent.com/s/xgucqvvh6no3skm/2016-03-30%20at%2017.49.png?dl=0 You can add a role with only: {{{#!php 'read' => true }}} permissions if you don't have WooCommerce installed. Dump: {{{#!php current_user_can( 'edit_posts' ) }}} It will be false. During get_role_caps() in class-wp-user.php, each role is retrieved and merged. The merge itself doesn't look at values, so if multiple roles have the same 'cap' but different value, these overwrite each other. In my case, edit_posts was true for the author role, but false for customer role. Customer role false overwrote author role true. Since caps only allow access to things if 'true', I think we can safely discard all 'false' caps when getting roles. If false caps are discarded, only true caps are left which works around the issue and fixes user capabilities if they have multiple roles at once. Fix to follow (added array_filter to discard all 'false' caps, allowing us to merge only 'true' caps). Had this reported to us in https://github.com/woothemes/woocommerce/issues/10612#issuecomment-203518038 but wasn't a WooCommerce issue. " mikejolley Needs Patch 36372 Show Plugins Active at the Site Level Networks and Sites 4.4.2 normal normal enhancement new 2016-03-29T23:04:31Z 2019-06-04T20:56:33Z "[35151] added a new feature to multisite installs to show the Network Active plugins at the subsite level (#20104). Although this fixed one problem, it has created an issue where the Network Admin has no simple way to discern which plugins -- in addition to the Network Active list -- are activated at the site level. Previously the active plugins filter at a sub-site level could be used to show the sub-site activated plugins. In order to find out which plugins are subsite activated now, the Network Admin has to scan through all the plugins available on the Network, looking for the small ""deactivate"" link, amidst the Network Active and Inactive plugins. [[Image(https://cldup.com/EM7DN3pStf.png)]] On the subsite level, it would be helpful to be able to toggle a filter to view the ""Site Active"" plugins, in addition to the ""Network Active"" plugins, particularly in busy multisites where a large number of plugins are being used in specific ways on small sub-sections of the network. This would mimic the additional filters available at the network level, where plugins can be filtered by Must-Use, Drop-ins, Recently Active etc, [[Image(https://cldup.com/Lq7ubQ5PDx.png)]] expanding on the existing Sub-site filters: All, Active, Inactive [[Image(https://cldup.com/zP5v9BqxRc.png)]] I recognize there is a filter to regress to the the previous behaviour, but I'm looking for the best of both worlds." mrjarbenne Needs Dev / Bug Wrangler Feedback 36368 Add `access_admin` capability Users normal normal feature request new dev-feedback 2016-03-29T13:55:09Z 2019-06-05T06:44:00Z "Many, many plugins do various types of checking of capabilities the determine if a user should ''really'' have the ability to view the WordPress admin. It's very common to prevent that from happening. Within WordPress's roles and capabilities, there are many checks that have something to do with the admin, like `edit_posts` and myriad others, but there isn't one that's an explicit `admin_access` check. Even a Subscriber role sees the toolbar by default, only to be able to edit their profile and see WordPress news, the activity widget (and Akismet stats btw) once they log in. I can't imagine many scenarious where this is truly wanted by site administrators -- for lower level users to even know what CMS the site uses, much less view the admin. I'd love to see `admin_access` or a similar capability enabled in core. I think for backward compatibility reasons, it may have to be set to `true` for all roles by default, but at least plugins would have a standard capability to flag for disabling it. It'd also be nice as a ""Reading"" option for the site owner to choose roles that should have access to the admin and would trigger this capability -- but that's probably wishing too much from a core standpoint. @drewapicture has a plugin called [https://wordpress.org/plugins/remove-dashboard-access-for-non-admins/ Remove Dashboard Access] that has a [https://cloudup.com/cn67XAgAIop pretty thorough UI], if folks were interested in taking this the next step, but I'd rather focus on the capability itself as the primary mission of this ticket. To me this is a new user experience issue and would make for a very helpful flag for plugin authors, at a minimum." krogsgard Needs Patch 36355 Article URL redirects no longer working Canonical 4.0 normal normal defect (bug) new 2016-03-28T15:20:39Z 2019-06-04T19:35:41Z "On multiple sites, we have started using article URLs with the post ID in them. Historically, this has allowed WordPress to find the post and do a 301 redirect when the slug, date, or other parts of the URL path changed. For example, Permalink - %year%/%vertical%/%category%/%postname%-%post_id%/ All of these URLs should redirect us to this article: http://variety.com/2016/tv/news/the-loud-house-premiere-date-video-nickelodeon-1201740128/ http://variety.com/2015/tv-news/news/the-loud-house-premiere-date-video-nickelodeon-1201740128/ http://variety.com/2015/tv-news/news/test-url-slug-1201740128/ http://variety.com/the-loud-house-premiere-date-video-nickelodeon-1201740128/ http://variety.com/2016/the-loud-house-premiere-date-video-nickelodeon-1201740128/ While the first 2 examples work correctly, the last 2 URLs land on 404 page inspite of correct %pagename%-%post_id% combination. If we have Permalink - %year%/%vertical%/%category%/%postname%/ The last 2 structure work correctly and reach correct article page. For example - http://hollywoodlife.com/2016/03/28/lip-sync-battle-the-walking-dead-sasha-vs-maggie-video/ http://hollywoodlife.com/lip-sync-battle-the-walking-dead-sasha-vs-maggie-video/ http://hollywoodlife.com/2013/lip-sync-battle-the-walking-dead-sasha-vs-maggie-video/ Since we have a correct %postname%-%post_id% combination in the first Permalink structure URL, we should be able to reach the correct article page in the last 2 examples there too. " archanamandhare Has Patch / Needs Testing 36341 Add a note about the 'init' hook to the DocBlock for get_current_user_id() Users normal normal Future Release defect (bug) assigned has-patch 2016-03-25T22:47:15Z 2018-02-09T16:44:54Z DrewAPicture Needs Patch 36340 Other options ignored when using a custom post type with export_wp() Export normal normal Future Release enhancement new 2016-03-25T22:17:35Z 2020-07-06T14:09:01Z "While writing the improved docblock for `export_wp()`, I noticed something that may be an issue when a custom post type is supplied. For the built-in post types you can filter the exported content by start date, end date and/or author. But not with a custom post type: with them it's everything. Is this by design? The fix could be to modify line 113 to include the custom post type option because by that point we know that it's both valid and `can_export` is true thanks to the stuff starting on line 88. I don't use this code myself but it did jump out at me. Thoughts?" theMikeD Needs Docs or Unit Tests 36339 Possible issue with export_wp() and undefined custom post types Export normal normal Future Release defect (bug) new needs-unit-tests 2016-03-25T22:03:59Z 2020-07-06T14:20:09Z "While writing the improved docblock for `export_wp()`, I noticed something that may be an issue if an invalid custom post type is supplied. Here is the code: {{{#!php can_export ) $args['content'] = 'post'; $where = $wpdb->prepare( ""{$wpdb->posts}.post_type = %s"", $args['content'] ); } else { $post_types = get_post_types( array( 'can_export' => true ) ); $esses = array_fill( 0, count($post_types), '%s' ); $where = $wpdb->prepare( ""{$wpdb->posts}.post_type IN ("" . implode( ',', $esses ) . ')', $post_types ); } }}} The two things that occurred me are 1. If a valid custom post type is supplied but its `can_export` property is `false`, `posts` will be used instead. This is unexpected behaviour. I think it should stop and not export anything. 1. if an invalid custom post type is supplied, every post type that has `can_export` set to `true` is used. This is also unexpected behaviour. I think it should stop and not export anything. Am I reading this wrong? Is there a reason why it works this way?" theMikeD Has Patch / Needs Testing 36335 Next generation: core autoloader proposal General normal normal Awaiting Review feature request new has-patch 2016-03-25T19:21:43Z 2024-02-14T20:30:44Z "Hello WordPress community. With this ticket I would like to get the debate of the last days about how to attract WordPress to developers (or the other way around?) to a concrete discussion on how a class autoloader could look like in WordPress core. So when we start to think about some major improvements like in #36292, we should also take some time and talking about autoloading. == Abstract == A class autoloader is a basic tool to separate code writing form code organization. It takes care about providing class declaration at the point they are needed. The fact that WordPress lacks of a core autoloader was one point mentioned in the debate on what developers [https://www.alainschlesser.com/attracting-developers-wordpress/ missing most with WordPress]. == Why we need an autoloader == Plugin authors using autoloaders these days. They even use composer for dependency management and ship their plugins with this dependencies. This practice [https://github.com/composer/composer/issues/3852 leads to trouble right now]. I'm convinced that in a long-range plan we even have to talk about how to deal with proper dependency management to overcome collisions. Having an autoloader in core is a precondition for this. == How an implementation could look like == The following proposal follows a concept of separating the file locating and file loading process to avoid a violation of the single responsibility principle and to gain flexibility. All classes and interfaces are prefixed with `WP_Autoload_` to apply a pseudo namespace. The main instance of this concept is the interface `WP_Autoload_Rule`. An autoload rule is against the client responsible for locating and loading a given class. The class is provided by its full qualified name. This leads to this interface signature: {{{#!php base_directory = (string) $base_directory; $this->base_namespace = (string) $base_namespace; $this->file_loader = $file_loader && is_a( $file_loader, 'WP_Autoload_Fileloader' ) ? $file_loader : new WP_Autoload_IsReadableFileLoader; } /** * @param string $class (A full qualified class name) * * @return bool */ public function load_class( $class ) { // performing the psr4 mapping here to get a $file $file = '/whatever'; return $this->file_loader->load_file( $file ); } } }}} Autoloading rules should depend on a file loader. The file loader receives a file name and loads it, if it is present. {{{#!php rules, TRUE ) ) $this->rules[] = $autoload_rule; } /** * @param string $fqcn (full qualified class name) */ public function load_class( $fqcn ) { foreach ( $this->rules as $rule ) { if ( $rule->load_class( $fqcn ) ) break; } } } }}} == Instantiate and propagate the autoloader == {{{#!php addRule( new WP_Autoload_Psr4Rule( 'MyPlugin\\' __DIR__ . '/src' ) ); } ); }}} == Things to discuss == * The proposal uses [http://verraes.net/2013/09/sensible-interfaces/ sensible interface names] which I prefer over naming interfaces like `WhateverInterfaces`. As WordPress does not provide interfaces right now, this is just a suggestion. * PHP class identifiers are case insensitive. That means `new MySql` and `new MySQL` will both work, if a class `mysql` is declared. The autoloader should respect this. Now, Psr4 is very wide-spread and encourage developers to use case sensitive autoloaders and [https://r.je/php-autoloaders-should-not-be-case-sensitive.html this is a problem]. How can we deal with this in a performant way? * How should the WordPress core files be organized to work with the autoloader? Is it realistic to rearrange them, if not how could a corresponding `WP_Autoload_Rule` look like? * What about compatibility with PHP 5.2.? The proposal uses `spl_autoload_register`. But before PHP 5.3.0 it is theoretically possible to deactivate the spl extension. In this case another implementation of `WP_Autolad_Autoload` would be necessary and maybe some adaptions to the other interfaces. But is this really the intention? == Finally == Thanks for reading. Feel free to add your concerns, your opinions or even if I'm on a completely wrong train. In fact I'm really interested in critic. To be clear, I don't want to push this proposal but I would like to see a proper autoloader in core some day :)" dnaber-de Needs Docs or Unit Tests 36334 Custom RSS feed has wrong MIME type and forces download in browser Feeds 2.1 normal normal Future Release defect (bug) reopened needs-docs 2016-03-25T18:37:42Z 2020-03-25T15:58:17Z "When adding a custom RSS feed using add_feed(), the resulting feed is transferred to the document with the wrong MIME type and forces a download. Built in feeds behave properly. {{{ }}} Navigating to http://wordpress.dev/feed/feedname/ results in forced download and console message: {{{ Resource interpreted as Document but transferred with MIME type application/octet-stream: ""http://wordpress.dev/feed/feedname/"". }}} This occurs on a fresh install of WordPress 4.4.2 with no added plugins. The above code is the only contents of functions.php in a child theme of Twenty Sixteen. Browser/OS is Google Chrome 48.0.2564.116 (64-bit) on Mac OSX 10.11.3. Test website is running on a local Vagrant/VirtualBox server." Missilesilo Needs Dev / Bug Wrangler Feedback 36324 Post status labels use inconsistent grammar Posts, Post Types normal normal enhancement new dev-feedback 2016-03-25T05:57:25Z 2019-06-04T20:56:27Z "Our post status labels switch back and forth between being verbs, adjectives, or potentially past-participles: * All * Mine * Published * Scheduled * Drafts * Trash I'd like to suggest we tidy these up. Maybe something like: * All * Authored (I don't love this, but you get the idea) * Published * Scheduled * Drafted * Trashed " johnjamesjacoby Needs Dev / Bug Wrangler Feedback 36323 home_url returns url with wrong scheme Permalinks 4.4.2 normal normal defect (bug) new dev-feedback 2016-03-25T02:40:21Z 2019-06-04T20:56:21Z "Hello, I have a multisite with HTTPS on all subsites. When using {{{ home_url( '/' ); }}} , on a subsite page, logged in user got a https url, when anonymous got just http. In the track, it seems that the error comes from those lines... {{{#!php 2963 if ( ! in_array( $scheme, array( 'http', 'https', 'relative' ) ) ) { 2964 if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $pagenow ) 2965 $scheme = 'https'; 2966 else 2967 $scheme = parse_url( $url, PHP_URL_SCHEME ); 2968 } }}} ... Thank you for your time." Gerkin Needs Dev / Bug Wrangler Feedback 36317 Introduce a cookie prefix default constant Login and Registration normal normal enhancement new dev-feedback 2016-03-24T01:41:57Z 2019-06-04T20:23:42Z "Right now, all of WordPress's cookies are prefixed with the same `wordpress` namespace. A problem arises with `advanced-cache.php` caching solutions that load before `wp_cookie_constants()` is called, where the cookie prefix cannot be guessed. The current work around is to stab at each cookie individually: {{{ // Auth cookie if ( defined( 'AUTH_COOKIE' ) && ( $this->cookie === AUTH_COOKIE ) ) { return true; } // User cookie if ( defined( 'USER_COOKIE' ) && ( $this->cookie === USER_COOKIE ) ) { return true; } // Logged-in cookie if ( defined( 'LOGGED_IN_COOKIE' ) && ( $this->cookie === LOGGED_IN_COOKIE ) ) { return true; } }}} And to special case the test cookie, like: {{{ // Generic 'wordpress' cookies (that are not test cookies) if ( ( substr( $this->cookie, 0, 9 ) === 'wordpress' ) && ( $this->cookie !== 'wordpress_test_cookie' ) ) { return true; } }}} But without a known and trusted cookie prefix, it's still an unpredictable environment. ----- I'd like to re-propose an 8 year old issue (#6413) to introduce a new default constant to define a cookie prefix. This could turn the above snippet into something at least slightly more sane, like: {{{ // Generic 'wordpress' cookies (that are not test cookies) if ( defined( 'COOKIEPREFIX' ) ) { $len = strlen( COOKIEPREFIX ); if ( substr( $this->cookie, 0, $len ) === COOKIEPREFIX ) && ( false !== strpos( $this->cookie, 'test_cookie', $len ) ) { return true; } } }}} A `COOKIEPREFIX` constant would also allow plugins an easy way to drop themselves inside of WordPress's cookie namespace, which will help them play more nicely in environments where WordPress is not the only application within the domain." johnjamesjacoby Needs Docs or Unit Tests 36314 If orderby undefined, alter get_posts to defer to WP_Query's default Posts, Post Types normal normal enhancement new needs-unit-tests 2016-03-23T22:22:46Z 2019-06-04T20:56:15Z "If the argument is undefined, defer `get_posts` orderby & order to that of WP_Query's. For search strings, this will order posts by relevance. In other cases it will have no effect." peterwilsoncc Needs Patch 36313 get_pages() child_of argument does not work in combination with meta_key/value query Posts, Post Types 4.4.2 normal normal defect (bug) new 2016-03-23T21:38:48Z 2023-07-06T12:21:02Z "If you pass both `child_of` and `meta_key/value` parameters to the `get_pages()` function, there are problems. To reproduce: Create a page structure like so: Grandparent (id=1) -Parent (id=2) --Child (id=3) Add a custom field to the Child page. Say `meta_key='bark'` and `meta_val='woof'`. Call {{{ get_pages(array( 'child_of'=>1, 'meta_key'=>'bark', 'meta_value'=>'woof' )); }}} And it will return an empty array. The reason this is happening is because in the `get_pages` function (`wp-includes/post.php`) on line 4562, the `$pages` array only contains Child because it's been filtered by the `meta_key`, but `get_page_children()`, which is being used to determine which pages are `child_of`, requires the complete hierarchy of connected pages to determine which are children, and so it returns nothing. I hope this is helpful. Obviously there are workarounds using loops and get_posts() and people are always suggesting you don't use get_pages() but anyhow, there it is, a bug report. :)" MarcGuay Needs Patch 36312 Inline link toolbar: add advanced panel Editor normal normal enhancement new 2016-03-23T20:36:56Z 2019-06-04T19:35:35Z Attempt to move advanced fields in the link modal to the inline link toolbar (under the gear icon) and make it easily extendible. Thoughts are welcome. :) iseulde Needs Patch 36309 Timezone issue in WP_Date_Query->build_mysql_datetime Query 4.4.2 normal normal enhancement new 2016-03-23T15:57:00Z 2019-06-04T20:56:04Z "Currently build_mysql_datetime function in WP_Date_Query using gmdate to generate SQL datetime. {{{#!php ID, $file );'' on platforms like Windows can be really bad if ''$file'' was normalized/validated using PHP's ''realpath()'' function: {{{#!php ID ); // Well, in real world you could have created the path manually... // The only important thing to know is, that we call ""realpath()"" which will // convert any directory separator into the native directory separator: // Linux will end with /dir/subdir/basename.jpg // Windows will end with C:\Dir\Subdir\basename.jpg $file = realpath( $file ); // Again, this is just a demo, for real world cases see plugins like ""Force Regenerate Thumbnails"" // But this is a valid API call: update_attached_file( $image->ID, $file ); // On Windows this will result in an update statement like // UPDATE `postmeta` SET `meta_value` = 'C:WWWSitesdemohtdocswordpresswp-contentuploads201603example.jpg' WHERE `post_id` = 123 AND `meta_key` = '_wp_attached_file' // when $file was set to ""C:\WWW\Sites\demo\htdocs\wordpress\wp-content\uploads\2016\03\example.jpg"" // Now imagine a plugin which is re-generating thumbnails :] // The problem is // $meta_value = wp_unslash($meta_value); // in wp-includes/meta.php update_metadata(). }}} When using ''update_attached_file()'' we should make sure that ''update_metadata()'' don't update the path value to an invalid value... PS: After you updated all image paths to an invalid value, the media library won't work anymore: {{{ [18-Mar-2016 07:31:10 UTC] PHP Warning: file_exists() expects parameter 1 to be a valid path, string given in C:\WWW\Sites\demo\htdocs\wordpress\wp-includes\media.php on line 3063 }}} " Whissi Needs Patch 36270 Allow filtering of the final HTML output of media related shortcodes Media 4.7.2 normal normal Awaiting Review enhancement new 2016-03-18T02:33:02Z 2020-04-09T09:00:28Z "Sometimes it is required to further process the final HTML output of the media related shortcodes, eg {{{caption}}} or {{{gallery}}}, so as to add extra HTML code such as enclosing div or span elements or just modify the existing HTML code during run time. For instance the final output of {{{img_caption_shortcode}}} could be filtered: https://core.trac.wordpress.org/browser/tags/4.4.2/src/wp-includes/media.php#L1537 Passing all relevant image attachment data, like ID and size, would also be very useful. I hope that I am not missing anything but right now the only way to insert code inside the {{{
            }}} or {{{
            }}} block seems to be the complete override of the {{{img_caption_shortcode}}} function. " gnotaras Needs Reporter Feedback / Steps To Reproduce 36269 WordPress 4.4.2 Gallery Ordering Gallery 4.4.2 normal normal defect (bug) new reporter-feedback 2016-03-17T16:01:00Z 2019-06-04T19:56:16Z There seems to be an issue with the ordering functionality in the latest version of WordPress. Wordpress seems to ignore/misunderstand gallery image order. aj@… Needs Docs or Unit Tests 36259 Switching language should update date and time formats vagios I18N normal normal Future Release defect (bug) assigned needs-unit-tests 2016-03-16T07:43:07Z 2023-11-16T16:49:08Z "Previously: #11226 1. Install WordPress in English. 2. Switch language to Russian. 3. Date and time formats in General Settings are still `F j, Y` and `g:i a`, which doesn't make sense for Russian and doesn't match the locale defaults (`d.m.Y` and `H:i`, respectively)." SergeyBiryukov Needs Patch 36257 REST API: It's difficult to impossible to determine the endpoint matched to a request rmccue REST API normal normal enhancement assigned 2016-03-15T23:14:18Z 2022-01-18T13:48:37Z "Originally raised in Slack - https://wordpress.slack.com/archives/core-restapi/p1457730713002298 It is really difficult (and sometimes impossible) to get good information about the route/endpoint that was matched to a request. You can inspect `$handler['callback']` in `'rest_dispatch_request'`, which gives the function that will handle the endpoint. In `'rest_post_dispatch'` you can get the URL regex that was matched. BUT none of that works if an error occurred in `'rest_authentication_errors'`, because the request is never dispatched. A couple of cases where we need to match up requests to endpoints on WordPress.com: 1. Restricting access to certain endpoints. As far as I can tell, this is only possible by inspecting `$handler['callback']` during e.g. `'rest_dispatch_request'` and looking at the class and method name of the callback. (This also has the drawback that you can't prevent the endpoint's `permission_callback` from being called. To get around this, we use the filters added in #35590.) 2. Monitoring of endpoint calls, response times, etc. Getting the matched route regex, like `/wp/v2/posts/(?P[\d]+)`, is possible by listening on the `'rest_post_dispatch'` filter, but as mentioned above, this doesn't work if an error occurs in `'rest_authentication_errors'`, so we've had to move all of our auth logic out of `'rest_authentication_errors'` because we want to know which endpoints have failing auth. Suggested improvements: 1. Make it possible to consistently and easily get info about the route that was matched up to a request, including the various URL pieces. 2. Still dispatch a request, or at least match it up to what the route would have been, if an error happens in `'rest_authentication_errors'`." jnylen0 Needs Docs or Unit Tests 36244 added a filter to allow the separator in the week date range to be changed pbearne Themes normal normal Future Release enhancement assigned needs-docs 2016-03-15T00:13:17Z 2020-06-23T19:37:09Z added a new filter 'getarchives_week_separator' in wp_get_archives() to allow the separator used in the weekly archive text to changed pbearne Needs Patch 36242 wpdb set_sql_mode add param Database 3.9 normal normal enhancement new 2016-03-14T23:43:46Z 2019-06-04T19:35:29Z When making a creating a db drop-in that supports multiple databases, I had to override the whole {{{set_sql_mode}}} method. If {{{set_sql_mode}}} accepted a {{{$dbh}}} param, the method could easily be reused. spacedmonkey Needs Dev / Bug Wrangler Feedback 36239 wp-embed image size is using the smallest image or it sometimes uses the one for featured images Embeds 4.4.2 normal normal Awaiting Review defect (bug) new dev-feedback 2016-03-14T19:48:48Z 2020-09-25T19:44:53Z When using the wp-embed in my custom post types the image size is correct, a bit big, but it's not blurry. In regular posts, the image size is the thumbnail size created for the media library thumbnail (not the one in the media settings) because that happens to be the smallest one. I noticed that for posts, whatever is the smallest image is being used, whether set in the functions file or by WordPress. carasmo Has Patch / Needs Testing 36237 Add filter for post statuses in quickedit Posts, Post Types 4.4.2 normal normal enhancement new has-patch 2016-03-14T16:53:31Z 2019-06-04T20:55:48Z "To make changes to the quick edit status list, one has to use JS or action ''quick_edit_custom_box'' to add extra fields. In instances where some of the statuses need to be removed, JS is required. [[BR]] I propose that the statuses in ''wp-admin/includes/class-wp-posts-list-table.php (line 1284-1300)'' be stored in an array then filtered using ''quick_edit_statuses'' before the array is iterated through to create the select options.[[BR]] I'm available to submit a patch that does this " kakomap Needs Patch 36228 "Uncheck ""uncategorized"" when you select a category" Taxonomy normal normal Future Release enhancement reopened 2016-03-13T17:44:50Z 2018-10-03T15:16:23Z "One of my assorted WordPress pet peeves is when I select a category for my post, and still have to uncheck ""uncategorized."" If you haven't changed your default category from Uncategorized, you probably don't want to continue using it once you assign a new category to your post. We should automatically uncheck ""uncategorized"" when you pick an actual category." melchoyce Needs Patch 36216 Keyboard shortcut for displaying contextual help Editor normal normal enhancement new 2016-03-12T10:22:18Z 2019-06-04T19:35:23Z "Some websites have help panels that pop up when a user types a keyboard shortcut. Press `command+/` on a Mac or `control+/` on Windows in Slack and a pane of keyboard shortcuts pops up. I wonder if it would be helpful to use a keybinding like this to open the ""Keyboard Shortcuts"" modal when a user is within TinyMCE. " ericlewis Has Patch / Needs Testing 36212 Empty menu items are deleted without warning audrasjb* Menus normal normal Future Release defect (bug) accepted has-patch 2016-03-12T01:21:43Z 2022-09-28T22:47:01Z I recently discovered that menu items with with an empty label are deleted from the menu upon save without any warning or notice. The particular situation was that I was adding a menu with an icon font for the items, so the labels were empty but had classes. Obviously a HTML comment can be used in this instance, but there should be some way to either communicate with the user that items with an empty label will be removed, disable saving of a menu with empty labels, or some way to handle empty labels without deleting the item. cameronjonesweb Has Patch / Needs Testing 36208 Comment queries should ignore comments associated with non-active custom post types Comments 4.4 normal normal Future Release defect (bug) new has-patch 2016-03-11T13:50:28Z 2023-10-17T13:16:37Z "As of 4.4 we introduced the `_doing_it_wrong()` (r34091) when checking meta capabilities on custom post types that aren't registered. This also spread and affected comments, primarily on the dashboard where we show comments and try to add links for these and check the users capability against them, they will produce this wonderful output: > PHP Notice: map_meta_cap was called incorrectly. The post type shop_order is not registered, so it may not be reliable to check the capability ""edit_post"" against a post of that type. Please see Debugging in WordPress for more information. (This message was added in version 4.4.0.) in /wordpress/wp-includes/functions.php on line 3827 Ideally, `WP_Comment_Query` should bypass comments associated to non-existing post types as well. In the attached patch I've introduced both `post_type__in` and `post_type__not_in` which accepts an array of post type string names. I've also added the default value for `post_type__in` to `get_post_types()`, as by default you'd never want to query for non-existing data any way, but this allows the query to be overwritten via filters, or directly with a new construct for those who have the need. I am wondering if the use of `post_type = 'any'` would need to short-circuit the new arguments to avoid breaking BC (current tests all pass with the patch applied though) ? Related #16956 What this looks like (from #34918): [[Image(http://crosseyedeveloper.com/wp-content/uploads/2015/12/commentcap.jpg)]] It also shows up on the Dashboard in the comments widget: [[Image(http://crosseyedeveloper.com/wp-content/uploads/2015/12/commentcap21.jpg)]]" Clorith Has Patch / Needs Testing 36202 Menus screen: fix persistence of toggles for displayed nav menu item properties ryankienstra Menus 4.4 normal normal Future Release defect (bug) assigned has-patch 2016-03-10T21:33:41Z 2018-01-03T08:13:36Z "Splitting this out from #35273. The Screen Options in nav-menus.php would need a similar treatment as the one used for the options in the Customizer. When quickly clicking on the checkboxes, multiple separate AJAX requests fire and there's no guarantee about the order they will be processed. This could lead to a non-synchronized state of the options in the Menus Screen and in the Customizer. To consider: maybe do this for all the screen options in all the admin screens? For details, see #35273 and the solution implemented in [36908]. " afercia Needs Dev / Bug Wrangler Feedback 36201 Admin Pagination URLs Use Wrong Hostname Administration normal normal Future Release defect (bug) reopened dev-feedback 2016-03-10T21:18:06Z 2024-02-01T00:58:46Z "The pagination links on the posts/pages screen uses the wrong host in some cases. Particularly for my case I have a Wordpress blog installed on a separate server from my main website, but it's hosted as a subdirectory `/blog` on the main site using the `mod_proxy` Apache module. So the pagination links are coming through using the wrong host like this: http://1647760595.us-east-1.elb.amazonaws.com/wp-admin/edit.php?paged=2 It seems like these pagination links are the only ones with this issue, and I believe it's because of how they are being constructed. I've attached a patch that solves the issue for me. -Garrett" grimmdude Has Patch / Needs Testing 36194 Media Settings page description is unclear Media normal normal enhancement new has-patch 2016-03-10T15:30:36Z 2020-02-06T19:45:54Z "The media settings reads the following: ""The sizes listed below determine the maximum dimensions in pixels to use when adding an image to the Media Library."" I saw a Facebook in Advanced WordPress where someone expected images uploaded to be converted to these dimensions in ALL cases. But the full picture will still remain in the uploaded dimensions, of course. ''(link: https://www.facebook.com/groups/advancedwp/permalink/1107356659326547/)'' New WordPress / non-developers will probably understand this differently so I'd think a description like this would be better: ""The sizes listed below determine the maximum dimensions in pixels to use for displaying cropped images."" Or something in that direction? The description is changed earlier in reply to this ticket: https://core.trac.wordpress.org/ticket/15732" mklasen Needs Patch 36191 Support responsive images in WP_Customize_Media_Control joemcgill Customize 4.1 normal normal Future Release defect (bug) assigned 2016-03-10T02:14:17Z 2021-05-23T19:01:25Z "When you add a custom logo, the preview in the Customizer sidebar isn't retina, even if the image file you uploaded is big enough. Discovered in https://core.trac.wordpress.org/ticket/35942#comment:13. Some additional comments there. Related: * #21455: HiDPI (retina) theme custom backgrounds * #36442: Customizer: when setting header image and site logo, also create a 2x image if possible" melchoyce Needs Dev / Bug Wrangler Feedback 36188 After WordPress installation, the default category archive page is showing a 404 page Rewrite Rules 4.2 normal normal Future Release defect (bug) new dev-feedback 2016-03-09T19:17:14Z 2017-12-06T22:20:49Z "Steps to reproduce the issue: 1. Install WordPress 2. Log to the back-end 3. Go to Post -> Categories and click on the ""view"" link of the default category. => You get a 404 page Now, if you visit Settings -> Permalinks, the default category archive page is showing correctly. This issue might be related to #20171" strategio Needs Dev / Bug Wrangler Feedback 36179 Password protected post with force_ssl_admin() and domain mapping not working Login and Registration 4.3.1 normal normal defect (bug) new dev-feedback 2016-03-09T13:48:42Z 2019-06-04T20:23:26Z "Hi, I'm running a WordPress multisite with ""define(FORCE_SSL_ADMIN, true)"" and domain mapping. Our network site is using ssl (where users login to administrate their site). But a domain mapped site is not using ssl, which is working fine. So, I have a post that is password protected. When I'm on the mapped domain and submit the password protect form, I then get redirected to ""wp-login.php?action=postpass"" over https and get a security warning. It should not redirect me to https when I'm on a non-ssl mapped domain. Thanks" tcdeskwolf Needs Patch 36177 default htaccess should include security measures Security normal normal Awaiting Review enhancement new 2016-03-09T08:43:09Z 2021-11-09T18:45:43Z "Wordpress has some code that automatically creates a .htaccess file for users. This file however includes no security measures whatsoever, meaning that users who do not tighten security by themselves are left with an install that lets upload files that contain random php code and then execute them. The real problem is that most wordpress users don't do any security tightening by themselves, either because they didn't see it in the install procedure or (more likely) because they don't have the knowledge necessary to know what measres are appropriate or not. This is a bane to all shared hosting providers who will either need to figure out ways to tighten security for the users, while not knowing what they are or will be hosting. This lack of basic security was already pointed out in ticket #9185 seven years ago but was discarded for reasons that I believe are not valid: blocking php evaluation for all files in wp-content would only affect direct php file access through a URL, not inclusion of code by other php files. This means that only direct access to files would get blocked for some plugins, but plugins should not require users to load plugin-specific php files directly in the first place: those files should get included through wordpress itself. finally, since wordpress has php code that generates these .htaccess files, there is no good reason to avoid addding some security measures in there. Some measures for htaccess are even suggested in https://codex.wordpress.org/Hardening_WordPress . It doesn't make sense to not include them by default Drupal does include a good host of default security measures to help users have a good security level by default. More can be done by users of course depending on the requirements, but default drupal installs will not get hacked as badly as default wordpress installs frequently do. see: https://github.com/drupal/drupal/blob/8.1.x/.htaccess What I'm suggesting is the following. Have wordpress include the following blocks in generated .htaccess files: {{{ RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] order allow,deny deny from all order allow,deny deny from all php_flag engine off order allow,deny deny from all ` blocks (see drupal 8.1 default .htaccess file linked above for examples)" lelutin Needs Docs or Unit Tests 36171 Proposed clean up of get_the_category_list() and link filter Taxonomy 4.4.2 normal normal enhancement new needs-unit-tests 2016-03-08T17:09:25Z 2019-06-04T21:20:57Z "The current source code of the {{{get_the_category_list()}}} function is quite messy and there is also a lot of duplicate code which we can avoid. Also, on a micro optimization level, in stead of passing the category ID to {{{get_category_link()}}}, we can pass the whole category object. Doing this will avoid the extra overhead of having to get the complete category object from the term cache. There is also no filter to filter each category link on category level, we only have the {{{the_category}}} filter which filters the string of links. We have being receiving a couple of questions on wordpress.stackexchange.com regarding filtering these category links according to category. [http://wordpress.stackexchange.com/q/219554/31545 Here] is such one question. My proposal is included in my code, a filter called {{{the_category_list_links}}} which we can use to filter each category link individually according to the category. One such use-case of the filter can look something like {{{ add_filter( 'the_category_list_links', function ( $the_link_list, $category, $cat_parents ) { $category_color = get_field( 'category_color', $category ); if ( !$category_color ) return $the_link_list; $the_link_list = str_replace( 'using_permalinks() ) ? 'rel=""category tag""' : 'rel=""category""'; $links = array(); foreach ( $categories as $category ) { /** * Break the link for better link building */ $start_link = 'term_id ) ) . '"" ' . $rel . '>'; $end_link = $category->name . ''; /** * Build the category links */ $the_link_list = ''; switch ( strtolower( $parents ) ) { case 'multiple': $cat_parents = $category->parent ? get_category_parents( $category->parent, true, $separator ) : ''; $the_link_list = $cat_parents . ' ' . $start_link . $end_link; break; case 'single': $cat_parents = $category->parent ? get_category_parents( $category->parent, false, $separator ) : ''; $the_link_list = $start_link . $cat_parents . $end_link; break; case '': default: $the_link_list = $start_link . $end_link; } /** * Filter the category links on category level. * * @since X.X.X * * @param string $the_link_list Post category link. * @param object $category The current category object * @param $cat_parents Link list of parents of the current category */ $links[] = apply_filters( 'the_category_list_links', $the_link_list, $category, $cat_parents ); } $thelist = ''; if( '' === $separator ) { $thelist .= '
              '; $thelist .= ""\n\t
            • ""; $thelist .= implode( ""
            • \n\t
            • "", $links ); $thelist .= '
            • '; $thelist .= '
            '; } else { $thelist .= implode( $separator, $links ); } /** * Filter the category or list of categories. * * @since 1.2.0 * * @param array $thelist List of categories for the current post. * @param string $separator Separator used between the categories. * @param string $parents How to display the category parents. Accepts 'multiple', * 'single', or empty. */ return apply_filters( 'the_category', $thelist, $separator, $parents ); } }}}" pietergoosen Needs Patch 36159 Inserting Image on iOS Doesn't Respect Cursor Position Editor 4.2 normal normal Future Release defect (bug) new 2016-03-07T16:18:59Z 2019-06-05T07:07:40Z "When using Press This as a launch pad to edit a longer blog post, additional images added are inserted at the top of the post, rather than in the space in which the cursor has been placed. Here's a quick video displaying the issue. http://www.screencast.com/t/NtdCWRoJsWI " mrjarbenne Needs Docs or Unit Tests 36157 Permalink UI shown without typing a title Permalinks 2.5 normal normal defect (bug) new needs-unit-tests 2016-03-07T15:11:15Z 2019-06-04T20:55:42Z "When creating a new post and jumping straight to the content to write a post the permalink UI will still be shown. '''Steps to reproduce:''' * 'Add New' post in the admin * Type content inside the post content field. * Wait until an autosave triggers and finishes. This step can also be achieved by putting `wp.autosave.server.triggerSave();` inside the console. '''Expected behaviour:''' The permalink UI isn't shown because no title has been set yet. '''Actual behaviour:''' The permalink UI is shown with a post ID as the slug." atimmer Needs Patch 36124 Format: Aside next to an embedded video, removes player and only displays URL Formatting 4.4.2 normal normal defect (bug) new 2016-03-06T03:47:09Z 2019-06-04T19:55:54Z If you add a URL of a Vimeo or YouTube video into a page, it displays correctly. But if you then try to add an aside block of text next to the video, it no longer displays the embedded video player, but only displays the URL to the video. I even switched over to the Twenty Sixteen theme and this was an issue on that theme as well as the theme I'm currently using. mynamedotcom Needs Dev / Bug Wrangler Feedback 36120 Move wp_*_link() functions into wp-includes General normal normal enhancement new dev-feedback 2016-03-05T14:51:04Z 2019-06-04T19:55:44Z "The following link functions live in `wp-admin/includes/bookmark.php`: * `wp_insert_link()` * `wp_delete_link()` * `wp_update_link()` I would like to propose that these three functions be moved into `wp-includes/bookmark.php` so that they are available on any request, and not just requests inside `wp-admin`. It would also be necessary to move the `wp_set_link_cats()` so that it is available inside the `wp_insert_link()` function. Other similar functions live in `wp-includes` already, such as `wp_insert_post()`, `wp_insert_commet()`, etc. This change would allow links to work in the same way as those other content types." JPry Has Patch / Needs Testing 36098 "Install: ""Repeat Password"" is not required when browser js is disabled" Login and Registration normal normal defect (bug) new close 2016-03-05T00:57:39Z 2020-02-16T21:35:57Z "Recreate: 1. Turn off browser JS. 2. Install WordPress. 3. Go to step 2. The ""'''Repeat Password'''"" field is marked as '''required'''. It's not. ---- Recreate this step by step: Leave all fields empty and press the install button. You will see an error saying: `Please provide a valid username.` Enter invalid username (use spaces). You will see an error saying: `The username you provided has invalid characters.` Enter valid username. You will see an error saying: `You must provide an email address.` Enter some text (not an email). You will see this error message: `Sorry, that isn’t a valid email address. Email addresses look like username@example.com.` If you provide a valid email, it will install WordPress. ''' Password is not required! '''" ramiy Needs Patch 36087 Migration plan from insecure RNG fallback Security normal normal Future Release enhancement reopened 2016-03-04T00:08:44Z 2020-09-30T18:16:11Z "== Where we are today== WordPress uses paragonie/random_compat to polyfill PHP 7's new CSPRNG functions in PHP 5 projects, (on PHP 7 it just used the new functions directly). However, it currently catches the `Exception` that is thrown when used on an environment in which PHP cannot access the kernel's CSPRNG (usually `/dev/urandom`). If an exception is caught, it then proceeds with the old way of doing things: #28633 After nearly one year into random_compat, we've only just recently received our first complaint about an `Exception` being thrown: https://github.com/paragonie/random_compat/issues/91 (If you note, the resolution was: ""Our host made `/dev/urandom` available to us"".) == Scott's Proposal == Let's transition away from this insecure RNG fallback. Not all at once, of course. 1. Implement a telemetry feature. How many systems will trigger the fallback code in the first place? Is it negligible (i.e. less than 0.0001% of WordPress installs)? Let's call this a 4.5.0 or 4.5.1 feature. 2. If the telemetry identifies *any* systems that cause random_compat to throw an `Exception`, let's identify common points of failure. Are they all from the same webhost? Same operating system? 3. Get in touch with as many of the hosting providers as possible and help them remedy these issues. 4. Finally, once we've done everything we can, remove the fallback code entirely. Let's call this a 4.6.0 or 5.0.0 feature, for the sake of argument. (Tagging @dd32 since he's my usual point of contact for these discussions.)" sarciszewski Needs Patch 36082 Schedule post, not added to cron, shown as 'scheduled' in admin. Doesn't publish. Cron API 4.4.1 normal normal Awaiting Review defect (bug) new 2016-03-03T14:08:09Z 2019-06-04T18:13:40Z "Hello, We have an intermittent problem on a high traffic site. The issue is that occasionally, a post will be scheduled but not picked up in cron (we log whats in the cron). In the admin, it shows as being scheduled but obviously never posts because it's not actually present in the cron. What could make this happen? The site has about 20 users in the admin, with around 30 pageviews/second on frontend. (4 webservers etc)" dencreativeltd Needs Dev / Bug Wrangler Feedback 36081 Activity dashboard widget is not using word-wrap: break-word mrahmadawais Administration 4.4.2 normal normal Future Release defect (bug) assigned dev-feedback 2016-03-03T07:40:11Z 2019-03-20T18:05:43Z "Long word's without spaces goes out of the container. I think that this class `#dashboard-widgets a` needs `word-wrap: break-word`; Screenshot: http://www.awesomescreenshot.com/image/1048253/7b7bc297dd3c3bd1f3c9532dd9f1138e" Prelc Needs Patch 36058 "PHP notices and invalid ""View Post"" link on edit-comments.php when post type does not exist" Comments normal normal Future Release defect (bug) reviewing 2016-03-03T05:48:30Z 2017-05-06T17:13:37Z "Steps to reproduce: 1. Register a custom post type 2. Create a post 3. Create a comment on that post 4. Stop registering the post type 5. Visit wp-admin/edit-comments.php The markup built in `WP_Comments_List_Table::column_response()` for the ""In Response To"" column requires a valid post permalink, as well as the post type label corresponding to ""View Post"". Since permalinks to non-existent CPT objects cannot be valid, and since non-existent CPTs don't have any post type labels, it seems to me that we can probably bail out of this method early if the post type doesn't exist. Similarly, `column_date()` probably shouldn't attempt to link to the post if the post type doesn't exist." boonebgorges Needs Patch 36056 When saving a post for an other author, the current_user_can() check is not passing the post ID with the edit_others_posts capability Role/Capability 4.4.2 normal normal defect (bug) new 2016-03-03T01:48:29Z 2019-06-04T21:20:50Z "The scenario: we're using a custom role that is locked down to only being able to edit a single page titled 'About Us'. We've added an 'edit_about' capability to the role, and use the map_meta_cap filter to return 'edit_about' if that's the page being edited for the role. {{{ if ( in_array( $cap, $cap_needed ) && user_can( $user_id, 'edit_about' ) && ! empty( $args ) ) { $post_id = $args[0]; $page = get_post( $post_id ); $parent = get_post( $page->post_parent ); $caps = array(); if ( 'page' === $page->post_type && ( 'about us' === strtolower( $page->post_title ) || ( null !== $parent && 'about us' === strtolower( $parent->post_title ) ) ) ) { $caps[] = 'edit_about'; } else { $caps[] = 'do_not_allow'; } } }}} WP_Posts_List_Table and wp-admin/post.php is doing a simple check just on edit_post. {{{ current_user_can( 'edit_post', $post->ID ); }}} Because we're getting the post ID, we can allow any user with that role to see the Edit link and get to the edit page, and it's turned off for every other page. When trying to save the post, wp-admin/includes/post.php checks to see if the author is different than the current user, but is not passing the post ID in the check: {{{ if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] ) && ! current_user_can( $ptype->cap->edit_others_posts ) ) { if ( $update ) { if ( 'page' == $post_data['post_type'] ) { return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); } }}} Because we don't have the post ID, we don't have any context of the post being saved and are not able to tell WordPress that saving this others post is allowed. Changing the code in core above to: {{{ current_user_can( $ptype->cap->edit_others_posts, $post_data['ID'] ) }}} fixes the issue and allows the page to be saved. Giving the role the edit_others_pages capability also fixes the issue. I'm not 100% sure this is a bug or by design, and may be related to #30452, but would like some input from the core team. " GunGeekATX Has Patch / Needs Testing 36036 Multiple CDATA regressions in wp-includes SergeyBiryukov General 3.4 normal normal Future Release defect (bug) assigned has-patch 2016-03-01T23:45:26Z 2020-11-25T19:40:06Z "There is invalid XHTML at lines 2084-2097 of wp-includes/theme.php ( https://github.com/WordPress/WordPress/blob/3f3fe5a7ed6473e995f9b96ee4bcf36fe4c71a35/wp-includes/theme.php#L2084-L2097 ) This script block needs to be escaped with /**/ Otherwise it will cause rendering errors for people serving XHTML as application/xhtml+xml This was not always like this, as 5 years ago when I made my strict XHTMl theme there were no errors. I recently re-enabled serving as application/xhtml+xml and to my surprise find this regression in the WP codebase." sephr Needs Patch 36034 Change post name permalinks to use ID when inserting links General normal normal Awaiting Review enhancement new 2016-03-01T21:34:02Z 2017-06-28T14:31:41Z "When using the visual editor, and your permalink setting is postname, the default behavior when adding an internal link is that the href attribute points to the slug. For example, if I add a link to a page with the permalink/slug of ""my-page"" the HTML link will be created as `my page`. This is fine until the slug of the target page (`my-page`) changes. Since WordPress doesn't do any checking when a slug is changed to see if there are any links pointing to it, the link is now dead. I propose that when adding links in the visual editor, that they be added based on the ID of the target, not the slug. This would prevent links from breaking whenever a slug was changed, and not affect the use of the post name in the URL. Even following ID-based links return the prettier post name version in the URL. The code change is already available as a plugin or addition to functions.php from http://wordpress.stackexchange.com/questions/156032/how-can-i-store-page-id-in-a-post-instead-of-other-selected-permalink: {{{ function wp_link_query_mod ( $results ){ if( count( $results ) ){ for( $i=0; $iobject_type[] = 'attachment:image'; }}} On the querying side of the equation, support seems much better. The only area that's iffy is if you register a taxonomy to the `'attachment'` post type, but pass the mime type (e.g. `'attachment:image'`) to `get_object_taxonomies()`, you won't get the registered taxonomy. Since `attachment:image` is a subset of attachment, I would expect to get all the ""attachment"" taxonomies as well. Breaking this all down, the main bug here is that '''it doesn't seem to be possible to register a taxonomy to an attachment mime type, despite there being support for this feature otherwise.''' Side note, since the unit test `test_tax_query_taxonomy_with_attachments()` fails in registering a taxonomy to an attachment mime type, the rest of this unit test probably should have failed (for a couple of reasons)." mboynes Needs Dev / Bug Wrangler Feedback 35993 Unit tests: XML-RPC Request routines XML-RPC 0.71 normal normal Future Release enhancement new dev-feedback 2016-02-29T01:07:36Z 2022-01-20T13:01:43Z "I wrote unit tests for the 3 methods regards to XML-RPC request in functions.php, the aim is improve de code coverage, theses methods are: * xmlrpc_getposttitle() * xmlrpc_getpostcategory() * xmlrpc_removepostdata() This patch cover 100% of coverage related to theses methods above. Only one thing to consider, I didn't found any XML-RPC format on the WordPress doc with title and category, so I've created a simple XML format with both, following the methods the behaviour is the same." borgesbruno Has Patch / Needs Testing 35983 "Better support for ""singular"" endpoints" Rewrite Rules normal normal enhancement new has-patch 2016-02-28T04:47:11Z 2019-06-04T21:20:37Z "WP_Rewrite endpoints are currently geared towards endpoints that capture content after it, for example, `/feed/FEED_TYPE/`. Quite often we instead want to create an endpoint which is instead `/embed/` or `/faq/` we don't need to capture an optional bit of data after it. Currently endpoints can operate in either mode, if you specify and endpoint of `test-endpoint` then both `/endpoint-name/` and `/endpoint-name/data-passed/` will work. The problem comes when testing for the existence of that endpoint in the query. An endpoint which passes data is easy to check `if ( get_query_var('endpoint-name') )`, an endpoint which doesn't - not so easy `global $wp_query; if ( isset( $wp_query->query_var['single-endpoint'] ) )`. Something that would be easier, and nicer for developers using the rewrite endpoint is to instead match the endpoint name itself: Currently the rewrite rule would look like this: {{{ ([^/]+)/endpoint-name(/(.*))?/?$ => index.php?name=$1&endpoint-name=$3 }}} What would be great, is if we can do instead: {{{ add_endpoint( 'single-endpoint', ... ); ([^/]+)/(single-endpoint)/?$ => index.php?name=$1&single-endpoint=$2 }}} Which if used in conjunction with `add_endpoint()`'s 3rd parameter allowing us to specify a custom query_var: {{{ add_endpoint( 'endpoint-name', ..., 'special_query' ); add_endpoint( 'another-endpoint-name', ..., 'special_query' ); Rules: ([^/]+)/(endpoint-name)/?$ => index.php?name=$1&special_query=$2 ([^/]+)/(another-endpoint-name)/?$ => index.php?name=$1&special_query=$2 }}} this would then allow us to use `if ( get_query_var( 'special_query' ) )` or `if ( get_query_var( 'single-endpoint' ) ) ` in the case of the first example. Attached is an implementation which upgrades the 3rd parameter (`$query_var`) to an array to support this. It's a super-rough patch, but appears to work. Does anyone else feel that this is worthwhile supporting?" dd32 Needs Docs or Unit Tests 35963 Only remove item from WP_Dependencies::to_do if it was successfully processed Script Loader normal normal defect (bug) new needs-unit-tests 2016-02-26T12:37:32Z 2019-06-04T21:20:31Z "If WP_Dependencies::do_item returns false, the item is removed from being processed again. Due to this, if an item gets switched to the footer, it is never actually outputted. A common scenario is depending on jquery which depends on jquery-core and jquery-migrate. jquery is processed right, but jquery-core and jquery-migrate are moved to the bottom but still removed from the list. The following example demonstrates: {{{#!php registered['jquery']; wp_dequeue_script('jquery'); wp_deregister_script('jquery'); wp_register_script('jquery', $jquery->src, $jquery->deps, $jquery->ver, true); } }, 0); }}} Attached is a very simple patch to resolve this" pcfreak30 Has Patch / Needs Testing 35959 Functon 'wp_generate_attachment_metadata(...)' silently swallowing errors from 'wp_get_image_editor(...)'. Media 3.5 normal normal Awaiting Review defect (bug) new has-patch 2016-02-26T05:11:54Z 2017-11-12T19:47:33Z "So the function {{{wp_generate_attachment_metadata(...)}}} in {{{wp-admin/includes/image.php}}} is silently ignoring / swallowing errors from the function {{{wp_get_image_editor(...)}}}. The logic is here: https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/image.php?rev=36429#L123 This ignoring of these particular errors prevents user notification in the UI when image thumbnails could not be regenerated due to error ""{{{No editor could be selected}}}"" that is returned from the function {{{wp_get_image_editor(...)}}} when the PHP environment on the server is lacking graphics support. So the thumbnails are not getting regenerated, and because of this bug, there is notification to the user as to that fact or as to why. I looked this up in the history, and noticed that this bug is present since this revision: https://core.trac.wordpress.org/changeset/22192 What's odd is that this revision does add logic to relay these errors in its 1st change (to the function {{{wp_crop_image(...)}}}) in {{{trunk/wp-admin/includes/image.php}}}, but not in the 3rd change in that file (to the function {{{wp_generate_attachment_metadata(...)}}}). Not sure why the error is not being relayed there as well. " maratbn Needs Reporter Feedback / Steps To Reproduce 35955 Improvements for Menus Menus 4.4.2 normal normal enhancement new reporter-feedback 2016-02-25T21:33:35Z 2019-06-04T20:23:06Z "I'd like to propose some improvements for Menus. - When adding a set of pages with children, I think it would be useful if the menu structure would also follow the relationship between parent and children elements. Currently, when adding pages and their children, all of them go into first level so children and their children must be rearranged manually. - If replacing a parent menu item (does not necessarily need to be a parent page), all the children are sent to level below, so they have to be rearranged manually again. I think it would be useful if we could replace any element that has children with another element without losing the structure (something like ""replace this menu item"") " Mckilem Needs Patch 35937 "Visual improvements for the comment ""pending status""" Comments normal normal Future Release defect (bug) new 2016-02-24T16:25:05Z 2019-01-13T16:55:31Z "Splitting this out from #35392. While working on #35392, noticed and agreed there's room for some visual (and further accessibility) improvements. Specifically, the comment ""pending status"" relies on a small ""flag"" icon, followed by a `[Pending]` text. From a design perspective, this could use some love. Whether it would be some additional, descriptive, text or a new icon etc. it would be possible to expand the new text or icon with some `screen-reader-text` in order to provide a reasonably understandable feedback for assistive technologies users. Worth noting this applies to the Dashboard ""Recent Comments"" widget and the list of comments in the Comments screen and Edit post screen as well, where the pending status information is conveyed using just color. cc @melchoyce [[Image(https://cldup.com/IWyv7rKuEE.png)]] " afercia Needs Patch 35932 Square brackets for shortcodes can't be entered with default Czech, Slovak and maybe other keyboards Editor normal normal defect (bug) reopened 2016-02-24T11:16:12Z 2019-06-04T19:35:00Z "In Czech, Slovak, and probably some other languages, we have dedicated right alt click for writing some lesser used characters. E.g. for writing [ you need to press Right Alt plus F And that's the problem, as this combination is in wysiwyg editor shortcut for opening wysiwig in full screen window. So it is not possible for us to write any shortcode, unless we switch keyboard or write it elsewhere and copy to editor or remember the numeric value of the symbol and writing it on numlock. I am not sure, and i doubt, that this can be solved via language .pot file (so that every language could define the keys for every shortcut), and i have not found, where it is defined. I know that tinymce got addShortcut method, bot no delete or edit shortcut.... it is wrong in both trunk and latest" thomask Needs Dev / Bug Wrangler Feedback 35927 _wp_attachment_metadata meta_value wrong type in export Export 4.4.2 normal normal defect (bug) new dev-feedback 2016-02-23T20:50:59Z 2019-10-24T06:06:09Z "this if from an export using wp 4.4.2, the particular post is from Dec 2010. {{{ }}} every width and height value is a string but should be an int! {{{ s:5:""width"";s:3:""150"";s:6:""height"";s:3:""150""; }}} should be {{{ s:5:""width"";i:150;s:6:""height"";i:150; }}} if i edit it manually, the import works. could you provide database migration or something in the next update to fix the values? this don't happen with newer articles." davidak Needs Docs or Unit Tests 35916 WP_Rewrite::generate_rewrite_rules() ignores boolean $endpoints / $feed parameters for CPT Rewrite Rules normal normal defect (bug) new needs-unit-tests 2016-02-23T08:34:12Z 2019-06-04T21:20:24Z "Hello, I'm trying to declare custom rewrite rules for a custom post type without endpoints and feeds. As result, WP ignore the endpoint flag in the WP_Rewrite::generate_rewrite_rules(). What I did is as following. I created a custom post type called 'event' with the following arguments for register_post_type() : {{{#!php array( // Array of WP post type args 'labels' => array( 'name' => 'Events', 'singular_name' => 'Event', ), 'public' => true, 'publicly_queryable' => true, 'show_ui' => true, 'show_in_menu' => true, 'query_var' => false, 'rewrite' => false, 'capability_type' => 'post', 'hierarchical' => false, 'menu_position' => 5, 'menu_icon' => 'dashicons-tickets-alt', 'supports' => array( 'title', 'editor', 'thumbnail', ), 'taxonomies' => array( 'post_tag', 'my_category', ), ); }}} Then I called {{{#!php $args_post_type = array( 'feed' => false, 'paged' => false, 'ep_mask' => EP_NONE, 'endpoints' => false, ); add_permastruct('events', 'events/%event%', $args_post_type); }}} The resultings rewrite rules are : {{{ 'events/[^/]+/attachment/([^/]+)/?$' => string 'index.php?attachment=$matches[1]' (length=32) 'events/[^/]+/attachment/([^/]+)/trackback/?$' => string 'index.php?attachment=$matches[1]&tb=1' (length=37) 'events/[^/]+/attachment/([^/]+)/feed/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/attachment/([^/]+)/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/attachment/([^/]+)/comment-page-([0-9]{1,})/?$' => string 'index.php?attachment=$matches[1]&cpage=$matches[2]' (length=50) 'events/[^/]+/attachment/([^/]+)/embed/?$' => string 'index.php?attachment=$matches[1]&embed=true' (length=43) 'events/([^/]+)/embed/?$' => string 'index.php?event=$matches[1]&embed=true' (length=38) 'events/([^/]+)/trackback/?$' => string 'index.php?event=$matches[1]&tb=1' (length=32) 'events/([^/]+)(?:/([0-9]+))?/?$' => string 'index.php?event=$matches[1]&page=$matches[2]' (length=44) 'events/[^/]+/([^/]+)/?$' => string 'index.php?attachment=$matches[1]' (length=32) 'events/[^/]+/([^/]+)/trackback/?$' => string 'index.php?attachment=$matches[1]&tb=1' (length=37) 'events/[^/]+/([^/]+)/feed/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/([^/]+)/(feed|rdf|rss|rss2|atom)/?$' => string 'index.php?attachment=$matches[1]&feed=$matches[2]' (length=49) 'events/[^/]+/([^/]+)/comment-page-([0-9]{1,})/?$' => string 'index.php?attachment=$matches[1]&cpage=$matches[2]' (length=50) 'events/[^/]+/([^/]+)/embed/?$' => string 'index.php?attachment=$matches[1]&embed=true' (length=43) }}} Looking at class-wp-rewrite.php, I noticed in generate_rewrite_rules() that piece of code that forces the $post flag for CTP {{{#!php if ( ! $post ) { // For custom post types, we need to add on endpoints as well. foreach ( get_post_types( array('_builtin' => false ) ) as $ptype ) { if ( strpos($struct, ""%$ptype%"") !== false ) { $post = true; // This is for page style attachment URLs. $page = is_post_type_hierarchical( $ptype ); break; } } } }}} and that piece of code that unconditionnaly add extra endpoints / feeds... for post {{{#!php // If we're matching a permalink, add those extras (attachments etc) on. if ( $post ) { // Add trackback. $rewrite = array_merge(array($trackbackmatch => $trackbackquery), $rewrite); }}} Could confirm that problem? Thanks" solo14000 Needs Dev / Bug Wrangler Feedback 35913 `is_()` conditional methods should share their logic Query normal normal Future Release defect (bug) new dev-feedback 2016-02-23T02:54:55Z 2017-02-06T08:52:07Z "Many of the `is_()` methods in `WP_Query` share the nearly the exact same logic. As such, they share the exact same bugs, and fixing those bugs requires many parallel changes and huge numbers of tests. See #35902 and #24674 for some recent examples. It's possible to move all the shared logic to a single `protected` utility method. It's a bit more abstract, but is much easier to maintain and test." boonebgorges Needs Dev / Bug Wrangler Feedback 35912 Allow changing network URL scheme Networks and Sites normal normal enhancement new dev-feedback 2016-02-23T02:37:42Z 2019-06-04T20:55:37Z "Right now, it's not possible to convert a network from HTTP to HTTPS. The normal way to enforce HTTPS on a site is to change the URLs for the site, but with multisite, this has to be done via the Network Admin. However, the URL isn't editable at all for the main site on the network, so it's not possible to edit it. Attached patch allows setting only the scheme for the main site. However, this does have a big question attached: should updating the scheme for the network update it across all sites? If so, should it only update from HTTP -> HTTPS, or vice versa as well?" rmccue Needs Docs or Unit Tests 35907 Permit sticky posts to affect the query in REST_REQUEST rmccue Query normal normal Future Release enhancement reopened needs-unit-tests 2016-02-22T23:44:13Z 2017-04-23T22:19:55Z Needed for https://github.com/WP-API/WP-API/issues/2210 danielbachhuber Needs Patch 35887 Adding multiple media to post - selecting image size Media 4.4.2 normal normal Awaiting Review defect (bug) new 2016-02-20T12:03:10Z 2023-10-25T04:35:24Z "When clicking ""Add Media"" to add images to a post, you can select multiple images. With all images selected, logic follows that if you change the ""ATTACHMENT DISPLAY SETTINGS"" size from default ""Medium"" to ""Full Size"", that all selected images would have the same setting changed, but when you add them, only the one image that was highlighted is actually ""Full Size"" and the rest which were selected, but not highlighted, are still ""Medium"". I think when adding multiple media, all should be changed to size that is selected in ""ATTACHMENT DISPLAY SETTINGS""." myburgh.bernard@… Needs Patch 35879 Increase width of menu item classes field Menus normal normal enhancement new 2016-02-19T20:20:43Z 2019-06-04T20:23:00Z "Relatively self-explanatory patch attached. Let me know if more details needed." lkraav Needs Reporter Feedback / Steps To Reproduce 35871 before_delete_post incorrectly triggered from edit.php to post.php Posts, Post Types 4.4.2 normal normal defect (bug) new reporter-feedback 2016-02-19T10:44:18Z 2019-06-04T20:55:27Z "It seems there's a bug where {{{before_delete_post}}} triggers when clicking the post name (on edit.php) to go to the post.php admin edit screen. I have this code {{{#!php Menus on a mobile browser, dragging it to the desired position becomes an almost impossible task because the screen keeps scrolling to the bottom. Steps to reproduce: 1. Access wp-admin in a mobile browser 2. Go to Appearance > Menus 3. Create a menu and add four or more menu items 4. Tap and hold on a menu item and drag it to a desired position Expected: Screen remains in current position and I'm able to move menu items around smoothly Actual: Screen scrolls to the bottom and I'm unable to see where to position the menu item Issue happens on both mobile Safari and Chrome. However, this does not occur in the Menus section of the Customizer where I had a much better experience managing menus. " druesome Needs Patch 35865 Site Icon should be uploaded to a different directory or not able to be deleted from library Media 4.4 normal normal Awaiting Review enhancement new 2016-02-18T22:52:42Z 2023-08-14T21:50:57Z The new site icon feature is great. However I think if an image is set as the site icon, that image should not be able to be deleted from the media library, or it should be uploaded somewhere else and use that location as its link. DoodleDogCody Needs Patch 35862 Comments screen: audit all the background color animations Comments 3.8 normal normal defect (bug) new 2016-02-18T17:26:13Z 2019-06-04T19:34:53Z "Noticed some weird behavior, to reproduce: go in the Comments screen (in the ""All"" view), and mark as spam or move to the trash an '''approved''' comment. The comment row background will quickly ""flash"" to red and then the comment row will disappear. Do the same on an '''unapproved''' comment: no red flash. There are also other cases where this happens, seems all related to pending comments. By the way, the JavaScript animations still run and the background is animated behind the scenes. It just can't be seen because the pending comment row background color is now set on the `th` and `td` elements that hide the change on the `tr` background. Looks like this JavaScript part wasn't updated after the CSS changes in WordPress 3.8. There are also other old things that missed to be updated, for example at some point JavaScript still uses `#FFFFE0`. This was the background color used for unapproved comments in WordPress 3.7 but they use `#FEF7F1` since 3.8. I'd propose two options: 1. Fix the animations :) 2. Get rid of them. Apparently, not so many users have complained about the (partial) lack of color animations in the last 2 years I'd lean toward the second option. There are several lines of JavaScript in `edit-comments.js` and `wp-lists.js` that could be removed, they are hard to maintain and being a bit old code they also violate the separation of structure, presentation and behavior principle. Yes, the JS could be refactored and maybe use a more modern approach but for, I'd say, a very little benefit. So before any patch attempt, this would need a decision. Any thoughts more than welcome. In the screenshot below, the red flash on pending comments, how it used to be on WordPress 3.7 [[Image(https://cldup.com/Ml9laEw1jQ.png)]]" afercia Needs Dev / Bug Wrangler Feedback 35859 get_edit_user_link should always return the edit user link even if the given ID is that of the current user Users normal normal defect (bug) new dev-feedback 2016-02-18T11:18:13Z 2019-06-05T06:43:31Z "In my scenario a user action triggers an email that is sent to the site admin that contains a link to edit that users profile. When I'm using the function as follows {{{#!php set in pre_get_posts either by assigning the tax_query as an array or WP_Tax_Query object (which was a hail mary test) Any necessary information needed to debug this can be provided. But it ""appears"" to be some sort of regression or new bug associated with the new taxonomy features and that is limited to custom post types with custom taxonomies." vrazer Needs Patch 35847 Issue with blog roll pagination on static frontpage Canonical 4.4.2 normal major defect (bug) new 2016-02-17T02:00:09Z 2019-06-04T19:34:46Z "This is a follow-up to #35344. Still having this problem on 4.4.2 with or without [https://core.trac.wordpress.org/attachment/ticket/35344/35344.2.diff 35344.2.diff] applied. The query.php in 4.4.2 is way too different to apply [https://core.trac.wordpress.org/attachment/ticket/35344/35344.diff 35344.diff]. In my case this bug only affects the blog roll on a static front page, and instead of redirecting to the homepage it strips the page number from the URL and tries to load sitename.com/page/ which, in turn, returns a 404. The same page, unset from being the frontpage, works fine." finomeno Needs Dev / Bug Wrangler Feedback 35842 Register Post Type function label default Posts, Post Types normal normal enhancement new dev-feedback 2016-02-16T10:14:42Z 2019-06-04T20:55:17Z "When registering a Post type if the label or labels arguments are not set the label takes on a default of 'Posts' and not the Post type's name. It states in the documentation that the label takes on the name of the Post type passed in as the first argument. I believe the fix is as simple as updating the defaults variable in wp-includes/post.php on line 1017 with the label argument set to the post_type variable. {{{#!php $post_type, 'labels' => array(), 'description' => '', 'public' => false, 'hierarchical' => false, 'exclude_from_search' => null, 'publicly_queryable' => null, 'show_ui' => null, 'show_in_menu' => null, 'show_in_nav_menus' => null, 'show_in_admin_bar' => null, 'menu_position' => null, 'menu_icon' => null, 'capability_type' => 'post', 'capabilities' => array(), 'map_meta_cap' => null, 'supports' => array(), 'register_meta_box_cb' => null, 'taxonomies' => array(), 'has_archive' => false, 'rewrite' => true, 'query_var' => true, 'can_export' => true, 'delete_with_user' => null, '_builtin' => false, '_edit_link' => 'post.php?post=%d', ); }}}" moshiezz Needs Patch 35839 Escape backslashes upon export for better import Import 4.4.2 normal normal Awaiting Review defect (bug) new 2016-02-15T21:10:19Z 2017-03-30T01:05:40Z "Exporting a WordPress site and importing it again will lose backslashes in Post content. For example, if you had a post discussing c:\Windows\System32\calc.exe it would be imported as c:WindowsSystem32calc.exe" JasonH09 Needs Reporter Feedback / Steps To Reproduce 35837 The auto-update in media editor rewrites user inputs Media 4.4.2 normal normal defect (bug) new reporter-feedback 2016-02-15T13:04:34Z 2019-06-04T20:22:32Z "Hello while the media editor is opened in ""lightbox"" where the auto-upade is applied the input fields loose their focus on each autoupade making the editing really uncomfortable. see this video https://youtu.be/ULmiAf2N6kA all the fields that you can see in this video were hooked up like so: https://gist.github.com/twentyfortysix/d7dcdc931aed3f2529a9#file-register_media_field-php" o----o Changes Requested 35833 "Adding a table with the ""widefat"" class on post and taxonomy list table screens causes the quick edit UI and bulk edit to fail" Quick/Bulk Edit 4.4.2 normal normal 6.6 enhancement assigned changes-requested 2016-02-15T05:11:47Z 2024-02-12T09:19:40Z "This is a very strange issue. On a fresh WP install running twentysixteen with no plugins activated, including this code causes the quick edit UI to miscalculate its width and end up looking wacky: {{{ add_action( 'load-edit.php', 'xxx_test_table_in_help_tab' ); function xxx_test_table_in_help_tab() { $test_table_args = array( 'id' => 'test_help_table', 'title' => 'Something', 'content' => '
            Something
            ', ); get_current_screen()->add_help_tab( $test_table_args ); } }}} I'm attaching a screenshot of what the quick edit UI looks like with this code in place. Removing the class ""widefat"" restores the quick edit UI to normal. As strange as it sounds, I believe the presence of the widefat class is causing something in the quick edit JS to miscalculate. I haven't found the exact line where the issue is, but it seems to all come down to the presence of the ""widefat"" class." Braad Has Patch / Needs Testing 35829 Separate functions from wp-login.php Login and Registration normal normal enhancement new has-patch 2016-02-14T13:10:10Z 2019-06-04T20:22:28Z "There are some functions in `wp-login.php`. But it makes hard to customize login page. (e.g. [https://github.com/georgestephanis/two-factor/pull/62 2FA Feature plugin]) Related: #20279" extendwings Needs Patch 35827 Customizer: Create a dropzone for adding images Customize 4.1 high normal Future Release enhancement assigned 2016-02-13T22:27:11Z 2017-09-26T13:52:00Z "This is a follow-up to #35826. On panels that let you upload images (identity, header, background) we should make the ""no image set"" container a dropzone to drag & drop your images onto. Like the editor, when you drag and drop an image into those dropzones, it would open the media modal and start uploading the image." melchoyce Needs Patch 35823 "Implement ""FS_CHMOD_FORCE"" constant; if set - media uploads and image resizing do NOT ignore FS_CHMOD_FILE" Upload normal normal Awaiting Review enhancement new 2016-02-12T23:46:25Z 2018-01-25T20:22:36Z "Hello. I want to re-open https://core.trac.wordpress.org/ticket/21251 I think that it's very strange to not giving an ability to globally override file permissions. Even though WP lead developers thinks that it's ""not good"" to use FS_CHMOD_FILE on file uploads - there should be a way to do it. It will not be default. Default behaviour won't be changed. Filters or other ways are a madness for users with many websites on board or for hosting providers which want to set basic options forcefully. The problem: One may expect that after setting constant FS_CHMOD_FILE - all files created or modified (maybe) by WordPress will have FS_CHMOD_FILE permissions. But for some wierd reason it is not so. I can understand the explanation from 21251 ticket. So it can be solved by creating a new constant which control the behaviour. I've attached a patch which changes upload function's logic to understand FS_CHMOD_FORCE constant and honor it if it is defined. If it is not defined (default), behaviour will be the same as it was before. After applied patch it will be possible to set the following in wp-config.php or globally: {{{#!php 0)) will return posts Query 4.4.2 normal normal defect (bug) new 2016-02-12T21:28:16Z 2019-06-04T20:55:04Z "Long to short, I was presuming that if the $args were such that no rows exist then WP_Query would return nothing. Not so. If by chance, 'p' => 0, you do get results. Perhaps the 0 is interpreted as false? Even so, an ID == false should return no row, yes? Or one might argue ""well, that query doesn't make sense. it's not really valid."" again, all the more reason to return nothing. " ChiefAlchemist Needs Dev / Bug Wrangler Feedback 35817 Force users to set strong passwords Login and Registration normal normal Awaiting Review enhancement new close 2016-02-12T16:31:38Z 2024-02-08T15:55:49Z "WordPress 4.3 added [https://github.com/dropbox/zxcvbn zxcvbn] for better password strength testing. The UI was also modified to push users to set strong passwords in various ways. * When setting a password, a strong one is generated for the user. * A user must check off an ""Are You Sure?"" checkbox to set a weak password. This is great. However, an ""Are You Sure"" checkbox is what stands between an easily hackable WordPress site and an exponentially stronger WordPress site. I would like to force users to set strong passwords in the UI. " ericlewis Needs Patch 35806 Add filter to capability check when checking if user row is editable Users normal normal enhancement new 2016-02-12T01:12:54Z 2019-06-05T06:43:30Z "'''Suggestion''' Currently in `class-wp-users-list-table.php` the check for wether or not a displayed user is editable is done using `current_user_can( 'list_users' )` on line 398. This is inflexible and doesn't allow finer control over which users are editable by which other users. I suggest filtering this check or filtering the specific capability. '''Scenario''' I create WordPress sites for clients in an agency setting. Our sites are highly bespoke, and changing themes or disabling plugins will cause harm to their site. Must-use plugins have their limitations and removing other themes from wp-content/themes only goes so far. On these sites, I want the client to administrate all aspects of the site, except for changing the theme or disabling plugins. To this end, I've created a plugin defining a custom 'manager' role with. This role is highly permissive, save administrating themes or plugins. On the user side I want managers to be able to create users with manager or lower roles, but not create/edit/delete administrators. I can exclude administrators from the list using a `users_list_table_query_args` filter, but for transparency I want administrators to be listed, just not editable. If either the check or the capability in `if ( current_user_can( 'list_users' ) ) {` went through `apply_filters`, I could define a custom capability and filter this check, producing the desired result, or create some other logic. I feel as though this enhancement would be of great benefit, allowing finer grain user control." nathanshubert Needs Docs or Unit Tests 35805 Reverse page order in wp_list_comments() with newest comments first boonebgorges Comments 4.4.2 normal normal defect (bug) reviewing needs-unit-tests 2016-02-12T00:21:26Z 2019-06-04T19:34:45Z "Hey there, since wp 4.4 there were lots of bugs in the wp_list_comments()-function. Some of them are already fixed, now I found another one. If you change the comments order from default (oldest first) to newest first, the page order is wrong (reverse page order). == Example == You have 4 pages by sending following param you get these pages: {{{ page=1 -> 4 page=2 -> 3 page=3 -> 2 page=4 -> 1 }}} == How I call this function == Inside the post-loop I'm calling: {{{#!php
            }}} And comments-content.php has following part: {{{#!php $cpaged, // Variable defined before, default: 1 'per_page' => 2 ) ); ?> }}} PS: In ticketing system the version 4.4.2 is not available :-)" Ninos Ego Needs Patch 35802 Code being injected by toolbar into Visual Editor Editor normal normal defect (bug) new 2016-02-11T20:08:40Z 2019-06-04T19:34:40Z "Morning. I've come across an issue where if a user has Microsoft Lync installed on their machine, that if the browser has the 'link to call' and 'lync browser helper' tool bars enabled, their browser automatically inserts a telephone icon and related span tag into the visual editor that breaks the editor. Users are not able to save their changes after this code has been inserted and it happens automatically as a phone number is typed in. But you can publish articles with the injected code without saving to draft. " hexified Needs Dev / Bug Wrangler Feedback 35796 """Permalink Settings"" admin page is largely blog/post specific" Permalinks normal normal enhancement new dev-feedback 2016-02-10T17:44:29Z 2020-02-06T19:41:12Z "The current verbiage in `options-permalink.php` is a little cryptic, and in a world pull of custom post types (including Pages) it's actually a bit confusing: Here's the current verbiage: > '''Permalink Settings''' > > WordPress offers you the ability to create a custom URL structure for your permalinks and archives. Custom URL structures can improve the aesthetics, usability, and forward-compatibility of your links. A number of tags are available, and here are some examples to get you started. I'd like to see these changed to something more like: > '''Post Link Settings''' > > WordPress offers the ability to customize the URL structure of your post and post-archive permalinks, improving the aesthetics, usability, and forward-compatibility. Several tags are available, and we've included the most popular configurations below: In addition, I'd like to propose we include the permalink tags in the dropdown Help section, rather than link off to WordPress.org. All of this would offer several UX improvements: * Keep the user on the same page rather than link off and open a new browser tab for WordPress.org * It better expresses to the end-user that this settings page is largely dedicated to posts, implying that pages and custom post types get pretty URLs largely as a consequence * Now that `unregister_post_type()` is in trunk, we should start thinking about trimming the options down to ""Pretty"" and ""Unpretty"" if the ""Posts"" type isn't even registered anymore. (There are likely to be many other considerations in this circumstance, but it's relevant here.) * It's a friendly nod to developers to remind them that this page won't help them with their custom post types, taxonomies, or rewrite rules for other purposes." johnjamesjacoby Needs Patch 35794 redirect_canonical doesn't strip off custom feed endings Canonical 3.9 normal normal defect (bug) new 2016-02-10T13:54:41Z 2019-06-04T19:34:38Z "The pattern used for matching URL's with feed endings (e.g. /feed/atom/) isn't matching any custom defined feeds. For example, if you add 'json' as a new type of feed, the redirect_canonical function adds up the feed ending to the current request URL. This is caused by fixed regular expressions used to match such feed URL's. These regular expressions should be generated using the $wp_rewrite->feeds variable: {{{#!php $feedssubpattern = implode('|', array_map(function($val) { return preg_quote($val, '#'); }, $wp_rewrite->feeds)); $pattern = '#/(comments/?)?(' . $feedssubpattern . ')(/+)?$#'; }}}" huyby Needs Reporter Feedback / Steps To Reproduce 35793 Something Wrong with UI in Administration Administration normal normal defect (bug) new reporter-feedback 2016-02-10T02:26:04Z 2019-06-04T19:34:33Z "I'm using 4.4.2 now. And I think that there's something wrong with the UI in administration page. Look at the sidebar in the image. I have tried to remove the cache, it works. But it looks as the image shows working after viewing some pages. " zjhzxhz Needs Patch 35785 "Concatenating ""wp-post-new-reload=true"" with URL repeatedly" Administration normal normal defect (bug) new 2016-02-09T18:33:12Z 2019-06-04T19:34:27Z "Concatenating ""wp-post-new-reload=true"" with URL repeatedly when a meta box has required field and user click on ""Publish"" button without filling it properly: http://screencast-o-matic.com/watch/cDnQFFhRcR " codename065 Needs Patch 35780 New data-type: recordable video General normal normal Future Release feature request new 2016-02-09T00:16:41Z 2019-06-04T19:55:20Z "Hello there I am suggesting a new data-type 'recordable video' within WordPress core. Do not have a clear idea what data types you currently have and how they are implemented. Already have raised this on slack and were recommended to raise this as a ticket instead. My goal is to make WordPress accessible for Sign Language users! They are mostly Deaf people who express their messages, comments, posts in Sign Language. Currently it is a pain to record a video message with a separate software, to convert, to compress and to upload it back to WordPress. That's not fair compared to those hearing people who just can type in the Form and submit that. There is an open source npm library to record videos, asynchronous, in plain JavaScript and HTML, see https://github.com/binarykitchen/videomail-client. Here is an exact example how this could work: https://binarykitchen.com/contact/action/add/ With the videomail-client you can add a recordable