Flat, minimalist, responsive are just a few of the hot and continuing web design trends of 2016. Check out the rest... #webdesign #WordPress

via The WP Guy - WordPress Web Design https://www.facebook.com/thewordpressguy/photos/a.426758350847648.1073741828.425830527607097/499114436945372/?type=3

Introducing Facebook, Messenger and Instagram Windows Apps | Facebook Newsroom

Facebook has just released Facebook, Messenger and Instagram apps for Windows 10. http://newsroom.fb.com/news/2016/04/introducing-facebook-messenger-and-instagram-windows-apps/

We're excited to rollout Windows 10 Apps for Facebook and Messenger on desktop and Instagram on mobile

Originally posted at The WP Guy - WordPress Web Design

WordPress 4.5.1 Maintenance Release

After about six million downloads of WordPress 4.5, we are pleased to announce the immediate availability of WordPress 4.5.1, a maintenance release.

This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes or consult the list of changes.

Download WordPress 4.5.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.1.

Thanks to everyone who contributed to 4.5.1:

Aaron Jorbin, Andrea Fercia, Andrew Ozz, Boone Gorges, Dominik Schilling, Felix Arntz, Gary Pendergast, gblsm, Helen Hou-Sandi, Joe McGill, John Blackbourn, Nick Halsey, Pascal Birchler and Pieter.

WordPress 4.5.1 Maintenance Release was originally posted at https://wordpress.org/news/2016/04/wordpress-4-5-1-maintenance-release/

WordPress 4.6 to Update Theme Filter Tags in the Admin

The updated theme filter coming in WordPress 4.6 makes it easier to find the perfect theme for your website. http://wptavern.com/wordpress-4-6-to-update-theme-filter-tags-in-the-admin

The admin themes browser has been updated and modernized in recent years to make it easier to search through the 3,800+ themes available on WordPress.org. One aspect of the interface that has lagge…

Originally posted at The WP Guy - WordPress Web Design

Video: How to Add an Author Info Box in WordPress Posts

WPBeginner - WordPress Tutorials originally appeared at http://www.youtube.com/watch?v=gkDPCwpsF70

Bug Scrub for 4.5.1

We will be meeting today, Tuesday 19 April , 20:00 UTC (at the usual core dev chat time) in #core to scrub bugs milestoned for 4.5.1.

Although only a few bugs have been milestoned for 4.5.1, there are two bugs of particular concern that potentially effect many users and will likely result in a point release sooner rather than later:

• Twenty eleven page templates with widgets incorrectly styled (#36510) which affects sites using Twentyeleven or otherwise already using on the singular body class; the proposed fix is to revert the original change introduced in [36112].
• WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit)
  (#36545) which breaks TinyMCE in current beta (and soon stable) versions of Chrome. The fix is an update to TinyMCE  to version 4.3.10; changelog. Testing help in particular needed for this ticket.

Please join us to help fix these bugs and get some patches committed!

Bug Scrub for 4.5.1 by Adam Silverstein was originally posted at https://make.wordpress.org/core/2016/04/19/bug-scrub-for-4-5-1/

Multisite Kickoff for 4.6

Let’s have an official multisite kickoff chat this April 21 19:00 UTC in #core-multisite to discuss some of the things we’d like to cover in 4.6.

A few ideas to ponder…

• I’d like to reframe our weekly office hours as weekly bug scrubs for this cycle and see how that goes. We can keep tabs on the status of bigger initiatives throughout the week and use the weekly hour to walk through portions of the 217 open multisite tickets in Trac that need walking through.
• I’d also enjoy moving to a new time for these weekly bug scrubs starting April 26 16:00 UTC. Earlier and easier to schedule for me. How about you?
• The REST API team is looking for help from component maintainers to build up and maintain parts of the REST API related to those components. If this is something that interests you, let’s chat!

And the bigger initiatives already in progress:

• #35791 (previously #31148), in which we introduce WP_Site_Query and use it throughout.
• #15800, in which we DRY up a bunch of network admin code and enable the extension of the network admin interface.
• #34941 (and #36566) to further the testability of the multisite bootstrap process, which will in turn lead to fixing things like #17376 with greater confidence.

And now it’s your turn! Leave ideas in the comments for what we should spend time fixing or breaking in multisite for the 4.6 cycle.

 

Multisite Kickoff for 4.6 by Jeremy Felt was originally posted at https://make.wordpress.org/core/2016/04/19/multisite-kickoff-for-4-6/

New time for feature projects chat on Tuesday April 19

Time change

Per the comments on the introduction post, the next feature project chat will be held at April 20 01:00 UTC. This will alternate with the first meeting’s time of 15:00 UTC (1:00PM Eastern). Since there are a number of people in place where only one of the times is at a reasonable hour, as activity picks up we will likely move to weekly meetings that alternate times; for now, we will remain at biweekly (i.e. each time will occur every 4 weeks).

Meeting Agenda

• A look at feature project pages.
• Check-ins with existing feature projects.
• Call for feature projects and feature project ideas.
• Open floor.

To help keep us on track and prevent us from missing things, please comment below with any feature projects/ideas and a brief statement of purpose, as seen on the feature projects page. If you have items for the open floor, also add those in the comments.

New time for feature projects chat on Tuesday, April 19 by Helen Hou-Sandi was originally posted at https://make.wordpress.org/core/2016/04/19/new-time-for-feature-projects-chat-on-tuesday-april-19/

An Introduction to the 4 Essential Types of Content Every Marketing Strategy Needs - Copyblogger

Thinking about content for your website? Here's a great article, the first in a series, which talks about the 4 content types every growing business needs to publish on their websites. #smallbusiness #smb #marketing http://www.copyblogger.com/essential-content-types/

This week, we are walking you through four essential types of content every marketing strategy needs and showing you how to successfully use them yourself.

Originally posted at The WP Guy - WordPress Web Design

Video: How to Add Front End Login Page and Widgets in WordPress

WPBeginner - WordPress Tutorials originally appeared at http://www.youtube.com/watch?v=z3RW89P4l8U

Shiny Updates Chat

While 4.5 came a little too early for Shiny Updates v2, I think it would be worthwhile to try getting the plugin and theme management changes into WordPress 4.6. Regular chats have been dormant for a while, but I’d like to continue them starting Tuesday April 26 at 19:00 UTC in the #feature-shinyupdates Slack channel.

Topics for this first chat will include remaining work, the need for more user tests, how to proceed with update-core.php changes, and a schedule for 4.6 inclusion of shiny theme/plugin installs/updates/deletes.

There are still plenty of opportunities to get involved and help bring this iteration over the finish line. Please come join us next week and contribute to the abolishment of The Bleak Screen of Sadness™.

Shiny Updates Chat by Konstantin Obenland was originally posted at https://make.wordpress.org/core/2016/04/18/shiny-updates-chat/

Dev Chat Summary, April 13

This post summarizes the dev chat meeting from April 13.

WordPress 4.5

• WordPress 4.5 was released on schedule.
• @swissspidy and @adamsilverstein were proposed to lead the next minor release (4.5.1). Both accepted the nomination.
• Current status:
  • The jQuery update in 4.5 includes an intentional change which broke a few themes/plugins. Unquoted # in attribute selectors are now causing a syntax error (a[href*=#] vs a[href*="#"]). jQuery was updated in [36285] four months ago.
    Next steps: A make/core posts which explains the issue and to educate developers. It shouldn’t focus on end users. @georgestephanis and @jorbin are preparing the post.
  • #36501: Issue seems to be limited because it only affects an old version of ImageMagick.
  • #36510: Themes like Twenty Eleven don’t expect the new .singular body class. Needs a decision on how to fix the issue and if an update of Twenty Eleven is necessary.
  • #36506: A change to the rewrite rules for IIS installs is breaking sites because of duplicate rules. Patch is available, needs more testing.

WordPress 4.6

• Announcements:
  • Trunk is open for 4.6.
  • The official kick of meeting for WordPress 4.6 will be next Wednesday, April 20th.
  • There will be two posts over the next few days:
    • “WordPress 4.6: What’s on your wish list?”
    • “Call for Volunteers”
      • @swissspidy, @iseulde, @crowdedtent, @arush, and @voldemortensen showed interest for being a release deputy/backup.
• Pre-4.6 tasks:
  • Call for Component Maintainers
    • The release will heavily focus on work of each component, because we’ll try something different this cycle: Bug scrubs per component.
• Open discussions:
  • Question by @krogsgard whether I’ll look back through past idea posts and filter any candidates, or folks should bring ideas again from the beginning. I suggested to start from the beginning.

View the full logs on Slack.

Dev Chat Summary, April 13 by Dominik Schilling (ocean90) was originally posted at https://make.wordpress.org/core/2016/04/17/dev-chat-summary-april-13/

Please check your meeting times

Component maintainers and feature leads, please check your meeting times. Meeting times are currently listed in a few places:

• In the sidebar on this site
• In the description of your Slack channels
• On make.wordpress.org
• On make.wordpress.org/meetings

Only correct dates and times allow new contributors to attend your meetings. When you notice a meeting with a wrong date/time, a meeting which doesn’t exist anymore or a meeting which isn’t listed yet please leave a comment below with the correct data.

Reminder: Make sure that you’ve adjusted your times because of daylight saving time (if necessary).

Please check your meeting times by Dominik Schilling (ocean90) was originally posted at https://make.wordpress.org/core/2016/04/16/please-check-your-meeting-times/

Got WordPress? PHP C99 Webshell Attacks Increasing

C99 Webshell attacks on WordPress are increasing. What is a webshell and how can you prevent it? Read the article for more details. One recommendation is that you disable base64_decode functionality via your php.ini file: find the line: 'disable_functions =' and change it to 'disable_functions = eval, base64_decode, gzinflate'. It's also a good Idea to use the Wordfence plugin to scan your WP install on regular basis. https://securityintelligence.com/got-wordpress-php-c99-webshell-attacks-increasing/

IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.

Originally posted at The WP Guy - WordPress Web Design

Call for Component Maintainers

WordPress is organized into 60 components. Each component can have more than one maintainer. A maintainer triages new tickets, looks after existing ones, spearheads or mentors tasks, pitches new ideas, curates roadmaps, and provides feedback to other contributors.

Pings/Trackbacks, Date/Time, Autosave, Quick/Bulk Edit, Export, Import, Mail, Permalinks, Rewrite Rules, Post Thumbnails, Menus, and Role/Capability are currently without a maintainer. Are you familiar with one of the components and want to help to maintain this component? Please comment below or ping @jorbin or @ocean90 on Slack if you’re interested.

 

The list of component maintainers is a living document. If you are no longer actively maintaining a component, please remove yourself or let us know so that the list can be as accurate as possible

Call for Component Maintainers by Dominik Schilling (ocean90) was originally posted at https://make.wordpress.org/core/2016/04/15/call-for-component-maintainers/

What are you paying for when you buy GPL themes and plugins?

Now that TemplateMonster just announced it will be issuing WordPress templates under GPL licensing, here's a relevant post by Chris Lema about GPL themes, why they're so important, and why they might even have a price tag. https://chrislema.com/gpl-themes-plugins/

I've suggested themes may end up costing more. But if these are GPL themes, shouldn't they be free? Here's my take.

Originally posted at The WP Guy - WordPress Web Design

WordPress 4.6: What’s on your wish list?

In the spirit of the existing wish list posts, I’d like know what you have for WordPress 4.6.

• What are you most interested in seeing in WordPress 4.6 — big, or small?
• What are your or your users’ biggest pain points?
• What do you see as the most important UX to be solved?
• Which existing feature should get a “version 2”?

Look forward to hearing from you in the comments! Let’s make.wordpress.org/great-again!

 

The WordPress 4.6 kick-off chat will be next Wednesday, April 20, 2016 20:00 UTC.

WordPress 4.6: What’s on your wish list? by Dominik Schilling (ocean90) was originally posted at https://make.wordpress.org/core/2016/04/14/wordpress-4-6-whats-on-your-wish-list/

Media Chat

In the regular #core-images chat this Friday, 15 April, 19:00 UTC we are planning to discuss enhancements for 4.6. So far there are four items on the agenda:

• We are planning to add responsive images to the editor and discuss different implementation methods, e.g. saving srcset and sizes attributes to the database versus generating them on the front end. See #36475.
• The makers of TinyMCE recently released JavaScript image tools for editing images in the browser which could replace the current server based image editor. The new editor would be quite faster, allowing you to edit and resize images before uploading them, and it would be easier to include in other scripts. This may well be a feature project over a few releases.
• PDF preview images. See #31050.
• Continue to improve mixed content issues on HTTPS sites. See #34945.

If you have more ideas or tickets to discuss regarding media, please join us or leave a comment here.

Media Chat by Ella Iseulde Van Dorpe was originally posted at https://make.wordpress.org/core/2016/04/14/media-chat/

Syed Balkhi Acquires Google Analytics by Yoast, Renames to MonsterInsights

The Google Analytics by Yoast plugin has a new owner and a new name. Expect to see some changes in your Dashboard. http://wptavern.com/syed-balkhi-acquires-google-analytics-by-yoast-renames-to-monsterinsights

Users who are updating Google Analytics for WordPress by Yoast are discovering a new menu item with a green monster icon in their WordPress backend. That’s because Syed Balkhi, founder of WPB…

Originally posted at The WP Guy - WordPress Web Design

Customizer Kickoff for 4.6

This Monday, 18 April, 20:00 UTC we’ll have a Customizer chat in #core-customize to discuss the roadmap and ideas for 4.6.

Referring to the Customizer roadmap post (and component page), at a high level, two big features I personally am interested in are:

• #34923: Introduce basic content authorship in the Customizer
• #30937: Add Customizer transactions

A few other tickets that I’d love to see in this release, including some related tickets from the Widgets component:

• #34893: Improve Customizer setting validation model
• #34391: Harden panel/section UI code by removing contents from being logically nested (read: goodbye margin-top hacks)
• #29932: There is no error reporting in the Customizer
• #35210: Add notification area to Customizer
• #28216: Allow to register pre-instantiated widgets
• #33507: Allow widget controls to be JS-driven
• #35574: Add REST API JSON schema information to WP_Widget

See also the Trac report for issues assigned to the 4.6 release, and then the tickets under future release and awaiting review.

Please share in the comments below if there are any specific features and tickets that you want to contribute in this next release to push the Customizer forward. Otherwise, please also join us in #core-customize chat to discuss.

Customizer Kickoff for 4.6 by Weston Ruter was originally posted at https://make.wordpress.org/core/2016/04/14/customizer-kickoff-for-4-6/

Week in Core, Apr 5 – Apr 12 2016

Welcome back the latest issue of Week in Core, covering changes [37161-37190]. Here are the highlights:

• 4.5 “Coleman” was released on April 12
• 30 commits
• 54 contributors
• 82 tickets created
• 10 tickets reopened
• 36 tickets closed

Ticket numbers based on trac timeline for the period above.

Note: If you want to help write the next WordPress Core Weekly summary, check out the schedule over at make/docs and get in touch in the #core-weekly-update Slack channel.

Code Changes

Accessibility

• Remove redundant title attribute from wp_star_rating(). [36092] #35141
• Remove the revisions limit title attribute from the Publish box. [36053] #35029
• Remove title attributes from the updates links on the Plugin and Themes list tables. [36032] #35167
• Remove title attributes and improve accessibility on the “no-js” Menus screen. [36016] #35134
• Remove title attributes from the Theme browser. [36015] #35140
• Improvements for the Authentication Check modal dialog “Close X”. [36014] #35142

Bootstrap/Load

• In WP::handle_404(), make sure $wp_query->post is a WP_Post object before cloning it. Merges [35994] to the 4.4 branch. [36064] #35013

Canonical

• Output correct canonical links for paged posts when not using pretty permalinks. [36103] [36096] #34890

Comments

• Return early from wp_update_comment_count() if there is not a valid post. [36115] #34977
• Respect approval status when determining comment page count in comments_template().[36041] [36040] #8071, #35068
• When a comment is submitted, ensure the user_ID element in the array that’s passed to the preprocess_comment filter gets populated.[36039] [36038] #34997

Customize

• Ensure that “Change” button appears when there are only 2 themes. Merges [35943] to the 4.4 branch. Fixes #35081. [36065] #34549, #35081

Docs

• Hash notate properties and defaults for the benefit of $args parameter documentation for WP_Customize_Control::__construct(). [36114] #32246
• Correct a funky docblock in funky_javascript_fix(). [36111] #32246
• Improve documentation for wp_admin_css_color(). [36107] #34857
• Fix typo in a comment in wp_rand(). [36102] #35228
• Clarify that get_post_types() accepts 'not' as its $operator parameter. [36091] #35225
• Clarify that wp_filter_object_list() accepts 'not' as its $operator parameter. [36090] #35225
• Correct @return type for rest_parse_date(). [36086] #35224
• Correct @return type for count_user_posts(). [36085] #35222
• Miscellaneous docblock code quality tweaks. [36074] #32246
• @see != @since. [36073] #32246
• Properly mark the optional $redirect, $network_wide, and $silent parameters as such in the DocBlock for activate_plugin(). [36072] #32246
• Add missing @since and properly mark the optional $type parameter as such in the DocBlock for the deprecated get_others_unpublished_posts() function. Introduced in [5707]. [36071] #32246
• Properly mark the $exclude_zeros parameter in the DocBlock for get_editable_user_ids() as optional. Also [36070] #32246
• Miscellaneous docblock corrections. [36069] #32246
• Fix a typo in the 4.4.0 changlog entry in the intermediate_image_sizes_advanced hook doc. [36054] #35190
• Add missing notations for the optional $tab_index and $extended parameters in the DocBlock for the deprecated the_editor() function. [36033] #32246
• Add missing parameter and return notations to the DocBlock for the deprecated get_usernumposts() function. [36030] #32246
• Add documentation to wp-blog-header.php. [36029] #35161
• Add missing parameter and return notations in the DocBlock for get_profile(). [36028] #32246
• Properly mark the $classname parameter as optional. [36027] #32246
• Add missing parameter and return notations to the DocBlock for the deprecated wp_specialchars() function. [36026] #32246
• Add missing parameter notations and descriptions in the DocBlock for get_link(). [36025] #32246
• Add missing parameter and return notations in the DocBlock for the deprecated _nc() function. [36024] #32246
• Add a missing summary, parameter, and return descriptiosn to the DocBlock for the deprecated function, get_linkrating(). [36023] #32246
• Add a missing notation for the $gmt_time parameter in the DocBlock for spawn_cron(). [36022] #32246
• Add missing DocBlocks for hash_hmac() and _hash_hmac(). Introduced in [18111]. [36021] #32246
• Fix inline comment syntax in _mb_strlen(), an internal compat method for mb_strlen(). [36020] #32246
• Add missing DocBlocks for mb_strlen() and _mb_strlen(). Introduced in [32114]. [36019] #32246
• Fix inline comment syntax in _mb_substr(), an internal compat method for mb_substr(). [36018] #32246
• Add missing DocBlocks for mb_substr() and _mb_substr(). Introduced in [17621]. [36017] #32246
• Add missing parameter and return descriptions to the DocBlocks for _wp_object_name_sort_cb() and _wp_object_count_sort_cb(), both uasort() callbacks. [36013] #32246
• Add a missing notation for the $context parameter in the DocBlock for _nx_noop(). [36012] #32246
• Fix the syntax for the get_previous_post_link() DocBlock to ensure it’s read and parsed as such instead of as a multi-line comment. [36011] #32246
• Add a missing summary, description, and @since version to the DocBlock for wp_redirect_admin_locations(). Introduced in [19880]. [36010] #32246
• Add a missing notation for the $bookmark_id parameter in the DocBlock for clean_bookmark_cache(). [36009] #32246
• Fix copy/paste error in wp_remote_retrieve_cookies() description. [36002] #35157

Editor

• remove the format_for_editor filter from the_editor_content after it runs as the next editor instance on the same page may not need it. [36062] #28403

Embeds

• Remove RDIO from oEmbed providers RDIO is shutting down. ?https://www.rdio.com/farewell/ [36066] [36007] #35152
• Don’t show embed discovery link on a static front page. [36060] [36059] #35194

External Libraries

• Update random_compat to latest. Merges [35922] to the 4.4 branch. [36058] #34948

Formatting

• Allow map_deep() to work with object properties containing a reference.[36101]  [36100] #22300, #35058
• Transform & into & in tag attributes. [36037][36036] #35008

I18N

• In wp_maybe_decline_date(), bail early if translation functions are not available, e.g. in SHORTINIT mode. Merges [35880] to the 4.4 branch. [36063] #34967

Import

• Add a missing space to post_exists(). [36113] #35246

Login

• Revert [34213] and [35897].[36043] [36042] #34925, #35103

Mail

• Upgrade PHPMailer from 5.2.10 to 5.2.14. The full list of changes is available here: ?https://github.com/PHPMailer/PHPMailer/compare/v5.2.10…v5.2.14 [36083] #35212

Media

• When creating srcset do not exclude the image size which is in the src attribute even when it is larger than max_srcset_image_width. [36110] #35108
• Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the https scheme. [36061] #13941, #35120
• Fix calculations when determining whether to include particular image file in srcset. [36031] #34955

Menus

• Avoid a PHP Notice when a menu contains a now unregistered post type archive. [36095] #34449
• Bring back line break between menu items. Reverts [34321].[36082] [36081] #35107
• Avoid a PHP notice when trying to access the post_parent property of hierarchical post type nav menu items. Merges [35876] to the 4.4 branch. [36044] #34446

Permalinks

• get_page_uri() should return the URI at which the resource being accessed is available at. Reverts [34001] and Fixes #35084.[36105] [36094] #15963, #15963, #35084

Posts/Post Types

• Improve post-filter sanitization of excluded terms in get_adjacent_post(). [36079] #35211

Query

• Re-initialise any dynamically-added public query vars before running the public query vars test. [36051] [36048] #35115
• Introduce a unit test which will fail when new public query vars are introduced without also updating the test. [36046] [36045] #35115
• Remove title from the public query vars list. [36035] [36034] #35115

Shortcodes

• = is a reserved character in shortcode names, mark it as such.[36098] [36097] #34939

Taxonomy

• Force non-public taxonomies to have a query_var of false. [36109] [36108] #35089
• Pass object ids to delete_* actions. [36080] #35213
• Move excluded_terms filter in get_adjacent_post(). [36078] #9571, #35211
• Respect $_wp_suspend_cache_invalidation in clean_object_term_cache(). [36076] #35208
• Order terms by ‘name’ when populating object term cache. [36057] [36056] #28922, #35180
• Add current-cat-ancestor class to ancestor items in wp_list_categories(). Pairs nicely with current-cat-parent. [36008] #10676
• Ensure that wp_list_categories() supports comma-separated lists for ‘exclude’ and ‘exclude_tree’. [36006] [36005] #35156
• Ensure get_terms() results are unique when using ‘meta_query’. [36004] [36003] #35137

Tests

• After [36100] use an object style which is compatible with PHP5 get_object_vars(). [36118] [36117] #35058
• When testing the utf8mb4 charset, ensure that the current MySQL server has utf8mb4 support. [36116] #35249
• Help Tab Order should be based on the Priority Argument. [36104] [36089] #35215, #33941
• Tests: Use the correct URL in some shortcode tests. [36099] #
• Move get_adjacent_post() tests to their own file. [36077] #35211
• Use the default_storage_engine MySQL option on newer MySQL versions. [36055] #34692
• Correct the public query vars test for the 4.4 branch. [36052] #35115
• Prevent role capability pollution in Tests_Post_GetPostsByAuthorSql::test_user_has_access_only_to_private_posts_for_certain_post_types(). [36050] #
• Fix all the things. [36049] #30017, #32394
• Shave a second off the user capability tests by reusing its user fixtures. [36047] #30017, #32394

Themes

• Add singular to the list of body classes when viewing a single post object. Adds tests [36112] #35164
• Break $wp_file_descriptions array into sections and reorder for consistency and readability. [36088] #35223
• Add taxonomy.php, home.php, front-page.php, date.php, and singular.php to file descriptions. [36087] #35223

Toolbar

• In Comments link, replace title attribute containing the number of pending comments with a screen reader text. [36093] #34895

Twenty Fifteen

• Add left margin for lists inside blockquotes in editor-style.css. [36075] #33380

Users

• Don’t continue checking a password reset key, if the hash is empty. This [36084] #33926
• When determining whether to show the reassign content option during user delete, don’t rely upon WP_Query as it doesn’t return all forms of content wp_delete_user() operates on. [36106] [36068] #34993

Widgets

• Remove extra quotes from widget title in WP_Widget_RSS, accidentally added in [33814]. Merges [35978] to the 4.4 branch. [36067] #34978
• Add missing closing tag for spinner after [35317]. [36001] #35150

Props

Thanks to @jadpm, @aaroncampbell, @afercia, @ambrosey, @ardathksheyna, @azaozz, @barryceelen, @boluda, @boonebgorges, @danielpataki, @dd32, @diddledan, @DrewAPicture, @ericlewis, @gblsm, @hnle, @igmoweb, @jeff, @jeremyfelt, @joemcgill, @johnbillion, @jorbin, @JPry, @jrchamp, @juanfra, @kiranpotphode, @KrissieV, @kucrut, @marcochiesi, @mark8barnes, @meitar, @morganestes, @mwidmann, @nofearinc, @obenland, @pento, @peterwilsoncc, @rabmalin, @rachelbaker, @ramiy, @salcode, @SergeyBiryukov, @ShinichiN, @skithund, @slushman, @swisssipdy, @swissspidy, @tharsheblows, @TimothyBlynJacobs, @tyxla, @wonderboymusic, @wp-architect, and @yetAnotherDaniel for their contributions!

Week in Core, Apr 5 – Apr 12 2016 by Grant Palin was originally posted at https://make.wordpress.org/core/2016/04/13/week-in-core-apr-5-apr-12-2016/

The WP Guy - Google+

If you're into Google+, please Follow me at https://plus.google.com/+thewpguybiz1

The WP Guy - WordPress Design, Support, Hosting & Local SEO for Small Business - Your Personal WordPress Hero No time for WordPress? I’ll handle it so you can stay focused on your business. - No more frustration - Save time & money - Boost your sales Learn More...

Originally posted at The WP Guy - WordPress Web Design

Weekly Dev Chat Agenda for Apr 13 — After 4.5, before 4.6

Agenda for weekly dev meeting on April 13 at 20:00 UTC:

This meeting will be split into two parts. First part is about WordPress 4.5 and the second part about WordPress 4.6. It’s neither the post mortem chat nor the kickoff meeting.

• WordPress 4.5
  • Announcements
  • Release Lead for 4.5.1
  • What issues do we have? How are support forums looking? – “Do we need to ship a 4.5.1 this week?”
  • Open Discussion
• WordPress 4.6
  • Announcements
  • Call for Release Volunteers
  • Call for Component Maintainers
  • Open Discussion

 

If you have anything to propose to add to the agenda, please leave a comment below.

See you in the chat!

Weekly Dev Chat Agenda for Apr 13 — After 4.5, before 4.6 by Dominik Schilling (ocean90) was originally posted at https://make.wordpress.org/core/2016/04/13/weekly-dev-chat-agenda-for-apr-13-after-4-5-before-4-6/

WordPress 4.5 “Coleman”

WordPress 4.5 "Coleman" has been released. The new version features inline linking, formatting shortcuts, live responsive previews, and smart image resizing amongst other features. Ironically though, the official announcement uses a template that is not responsive/mobile-friendly. Go figure. https://wordpress.org/news/2016/04/coleman/ #WordPress #Coleman #webdesign

Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your wor…

Originally posted at The WP Guy - WordPress Web Design

Editor wish list for 4.6 and beyond – chat summary

This list builds on the previous wish list. You can read the full chat in the archive.

Features

• Allow suggestions and comments to be made, similar to what ICE does. This would make a good plugin and feature project first. @eric and @azaozz seem to be interested in working on something like this.

Enhancements

• (Publish) meta box revamp. See #36474. Feedback welcome! @michael-arestad, @melchoyce, @helen, @mapk, @hugobaeta?
  

  Proof of concept.

• More experimenting with inline toolbars (separate for formatting and inserting). We could first do this on small screens where the toolbar would be fixed at the top, later maybe on big screens. See also #29923.
• Could editor scrolling be improved (e.g. hide on scroll down)? See #36482, and also #31751.
• Caption placeholder. Focusing on an image would give you a placeholder for a caption. See #32175.
• Leaving dialog. Offer WordPress UI on leaving the page if we can with the option to save changes. See #28566.
• Advanced panel for the inline link toolbar, so plugins can add options. See #36312.
• More formatting shortcuts (code blocks, bold, italic…)? See #36433, and also #6331.
  Decide whether to add bold and italic shortcuts at all, how to do the triple back tick shortcut.
  Try to merge with TinyMCE’s own textpattern plugin.
  Any other things we could automatically format in the editor? Curly quotes? Thinking about wptexturize().
• Save and update without a page reload. For this we will need to look into nonce refreshing. See #7756.
• Autosave in the browser revamp and improvements. Add some subtle, always present UI for restoring a post from in-browser autosave. Try to better detect when a restore may be needed (and show the current notice). See #36479.
• Handling nested shortcodes. See #30094. I’m skeptical about this one, but please do let us know what your thoughts are if this interests you.

Under The Hood

• Consider the new non-editable TinyMCE plugin for our non-editable views. See #36434.
• Consider the TinyMCE API for inline toolbars, see #36480.
• Responsive images for TinyMCE. See #36475. Depends on whether we will be saving the srcset and sizes attributes in post content, @joemcgill?
• Handle inline image blobs in TinyMCE.

Call for Contributors

If you would like to see more of these features implemented sooner, join us. Everybody can contribute as designer, UX expert, developer, tester, the area you feel most comfortable with. Describing your workflow, how you use the editor, and what you find difficult or easy is also a very good way to contribute.

You can also leave feedback on the relevant tickets.

The next chat will be Wednesday, 13 April, 18:00 UTC in #core-editor.

Andrew and Ella

Editor wish list for 4.6 and beyond – chat summary by Ella Iseulde Van Dorpe was originally posted at https://make.wordpress.org/core/2016/04/12/editor-wish-list-4-6/

WordPress 4.5 is About to Launch: Here Are the Highlights

WordPress 4.5 is coming on April 12. Here's what you can expect to see in the new release. http://www.business2community.com/tech-gadgets/wordpress-4-5-launch-highlights-01509160

A new version of WordPress is scheduled for release on April 12. As is true of most development projects, WordPress releases “major” changes using a new whole number. (The next major update will…

Originally posted at The WP Guy - WordPress Web Design

Video: How to Fix WordPress Not Sending Email Issue

WPBeginner - WordPress Tutorials originally appeared at http://www.youtube.com/watch?v=GhKSg5-FskM

Release Dry Run and Window, RC2 and String Freeze

Hey everyone!

The WordPress 4.5 release proceedings will start at April 12, 2016 at 0900 PDT, with the expectation of release within 2-3 hours of that meeting time. This time allows a decent margin before 5pm EDT (April 12, 2016 at 1400 PDT), at which point a punt to the next day would be discussed.

To help hit that window, let’s meet the day before at April 11, 2016 at 0900 PDT for a dry run.

As a final note, WordPress 4.5 RC2 has been released, and with it, hard string freeze is upon us.

See you at the dry run, and thanks for your help in getting this far!

Release Dry Run and Window, RC2 and String Freeze by Mike Schroder was originally posted at https://make.wordpress.org/core/2016/04/10/release-dry-run-and-window-rc2-and-string-freeze/

Dev Chat chat notes for April 6/March 30

This post summarizes the last two dev chat meetings.

March 30 meeting:

Review the full logs on Slack.

Schedule notes

• Currently in RC, 4.5 release planned for April 12 according to the schedule.
• Work on the About page progressing.
• Report on remaining tickets for the 4.5 release looking good.
• @jorbin noted that the WordPress 4.5 Field Guide was published.

Ticket review

• Discussion of the new link dialog and the removed ‘list of recent posts/search’ section that previously existing in the advanced modal (a regression). It was replaced with the easier inline search, but some users miss it; plan is to restore and rework for the modal.

April 6 meeting:

Review the full logs on Slack.

Schedule notes

• Release of WordPress 4.5 is scheduled for April 12.
• About screen nearly complete.
• Full string freeze by Saturday.

Ticket review

• The core dev team went thru remaining tickets for the 4.5 release to decide what should get committed and what should get pushed to a later release.
• Extensive discussion over the cropper and how to treat options passed by themes when setting up a theme logo.
• A data inconsistency bug affecting the WP-API was considered significant enough that it needed fixing.
• As we approach release and changes have less time to be tested, committers feel reluctant to make any changes.

Dev Chat chat notes for April 6/March 30 by Adam Silverstein was originally posted at https://make.wordpress.org/core/2016/04/07/dev-chat-chat-notes-for-april-6march-30/

Week in Core, Mar 29 – Mar 5 2016

Welcome back the latest issue of Week in Core, covering changes [37092-37160]. Here are the highlights:

• 69 commits
• 16 contributors
• 62 tickets created
• 7 tickets reopened
• 32 tickets closed
• Target release date for 4.5 is April 12th

Ticket numbers based on trac timeline for the period above.

Note: If you want to help write the next WordPress Core Weekly summary, check out the schedule over at make/docs and get in touch in the #core-weekly-update Slack channel.

Accessibility

• Improvements for the Editor wpLink modal form fields. [37160] #33301

Build/Test Tools

• Adjust unit tests to account for change in [37145].
• Adjust unit tests to account for change in [37144] [37150]
• Remove Debugging code introduced in [37145] [37148]
• Remove Debugging code introduced in [37146] [37147]

• Wrap the formatted comment text on the comment moderation screen in comment_text() so paragraphs and texturisation are applied. [37158] #34133

Customize

• Fix toggle of title attribute field visibility on nav menus admin page. [37153] #35273, #36353
• Put focus on change button instead of remove button in media control. [37152] #36337
• Respect aspect ratio on cropped images. [37113] #36318

Docs

• Ignore _wp_upload_dir_baseurl() from parsing for the Code Reference. [37114] #36371

Editor

• Remove trailing space from a help text string. [37159] #36407
• Restore the bottom half of the modal. Make it always expanded and remove the toggle. It is used as advanced link options now, no need to have simple mode. [37154] #36359

Embeds

• Improve how iframes are loaded after being initially hidden. [37093] #35894

General

• Add deprecated notice and removal warning to _wp_upload_dir_baseurl(). [37112] #36371
• Snoopy: use escapeshellarg instead of escapeshellcmd [37102-37094]

HTTP API

• Improve detection of valid IP addresses. [37123-37115]

I18N

• Clarify translator comment for an a11y label added in [36618]. [37155] #35111, #36396

Javascript

• Add nonce to AJAX action for script compression setting. Merges [37143] to the 4.4 branch [37144] [37143]

Networks and Sites

• Improve escaping in network settings.  [37132-37124]
• Validate new email address confirmations. [37111-37103]

Plugins

• Use correct placeholder for the number of reviews. [37156] #35111, #36395

Role/Capability

• Add create_sites and delete_sites to the list of capabilities that are checked as part of the comporehensive roles and capabilities tests. [37157] #32394, #36413

Taxonomy

• Make sure taxonomy functions work correctly with taxonomy names with special characters [37142-37136], [37134], [37133]

Themes

• Remove $size reference from get_custom_logo().  [37135] #36327

Upgrade/Install

• Add Nonce to updating wporg_favorites user meta field Merges [37145] to the 4.4 branch [37146] [37145]

Thanks to @adamsilverstein, @afercia, @azaozz, @dimadin, @DrewAPicture, @iseulde, @jeremyfelt, @johnbillion, @jorbin, @nbachiyski, @obenland, @ocean90, @sidati, @swissspidy, @TacoVerdo, and @westonruter for their contributions!

Week in Core, Mar 29 – Mar 5 2016 by Andrew Rockwell was originally posted at https://make.wordpress.org/core/2016/04/07/week-in-core-mar-29-mar-5-2016/

Outdated and Vulnerable WordPress and Drupal Versions May Have Contributed to the Panama Papers...

Here's a lesson from the Panama Papers that every business owner should learn. Don't leave your client data vulnerable because your website code wasn't kept up-to-date. http://wptavern.com/outdated-and-vulnerable-wordpress-and-drupal-versions-may-have-contributed-to-the-panama-papers-breach

Authorities have not yet identified the hacker behind the Panama Papers breach, nor have they isolated the exact attack vector. It is clear that Mossack Fonseca, the Panamanian law firm that protec…

Originally posted at The WP Guy - WordPress Web Design

REST API: Slashed Data in WordPress 4.4 and 4.5

Hi everyone. The REST API team recently discovered a bug with parameter parsing in the API infrastructure, part of WordPress 4.4. For those of you using the API infrastructure, you need to be aware of a bug fix we’re making with the API.

The Problem

The REST API has several types of parameters that it mixes together. These come from several sources including the request body as either JSON or URL-encoded form data ($_POST), query parameters ($_GET), the API route, and internally-set defaults. Unfortunately, due to an oversight on our behalf, these parameters can be inconsistently formatted.

In WordPress, the superglobal request variables ($_POST and $_GET) are “slashed”; effectively, turning magic quotes on for everyone. This was originally built into PHP as a feature to help guard against SQL injection, but was later removed. Due to compatibility concerns, WP cannot change this behaviour for the superglobals. This only applies to the PHP superglobals, not to other sources of input like a JSON body or parameters in the URL. It additionally does not apply to form data on PUT or DELETE requests.

Internally, some low-level WordPress functions expect slashed data. These functions internally call wp_unslash() on the data you pass in. This means input data from the superglobals can be passed in directly, but other data needs to be wrapped with a call to wp_slash().

When the REST API gathers the data sources, it accidentally mixes slashed and unslashed sources. This results in inconsistent behaviour of parameters based on their source. For example, data passed as a JSON body is unslashed, whereas data passed via form data in the body is slashed (for POST requests).

For example, the following two pieces of data are equivalent in the REST API:

// JSON body:
{"title": "Foo"}

// Form-data ($_POST)
title=Foo

// Both result in:
$request->get_param('title') === 'Foo';

However, if the data contains slashes itself, this will be inconsistently passed to the callback:

// JSON body:
{"title": "Foo\Bar"}

// Results in:
$request->get_param('title') === 'Foo\Bar';

// Form-data ($_POST) (%3D = "\")
title=Foo%3DBar

// Results in:
$request->get_param('title') === 'Foo\\Bar';

This means that callbacks need to understand where parameters come from in order to consistently handle them internally. Specifically:

• Data passed in the query string ($_GET, $request->get_query_params()) is slashed
• Data passed in the body as form-encoded ($_POST, $request->get_body_params()) is slashed for POST requests, and unslashed for PUT and DELETE requests.
• Data passed in the body as JSON-encoded ($request->get_json_params()) is unslashed.
• Data passed in the URL ($request->get_url_params()) is unslashed.
• Data passed as a default ($request->get_default_params()) is unslashed.

In addition, parameters set internally via $request->set_param() are unslashed. Unit and integration tests for API endpoints typically use these directly, so the majority of tested code (such as the WP REST API plugin) assumes parameters are unslashed.

See the related Trac Ticket #36419 for more information.

The Solution for WordPress 4.4 and 4.5

We are regarding inconsistently-slashed data as a major bug, and are changing the API infrastructure to ensure unslashed data. This will ensure that data is consistent regardless of the source. Callbacks will now receive unslashed data only, and can rely on this regardless of the original data source or request method.

If you are using functions that expect slashed data in your callback, you will need to slash your data before passing into these functions. Commonly used functions that expect slashed data are wp_insert_post, wp_update_post, update_post_meta, wp_insert_term, wp_insert_user, along with others. Before passing data into these functions, you must call wp_slash() on your data.

The fix for this issue, will be included in the WordPress 4.5 release candidates and final release. Due to the severity of the bug, we are also backporting the fix to the next minor WordPress 4.4 update. This also ensures you can update your plugins can act consistently across all versions of the REST API.

We understand that this may inadvertently break some plugins that are expecting slashed data. Right now, it’s not possible to consistently ensure that callbacks receive slashed data, so it is likely that these plugins will already break in some conditions.

tl;dr: if you’re using wp_insert_* or *_post_meta in your REST API callback, you need to ensure you are calling wp_slash() on data you are passing in, regardless of source.

We apologize for this bug existing in the first place. Slashed data is a problem that has plagued WordPress for a long time, and we’re not immune to getting caught by the issue ourselves.

REST API: Slashed Data in WordPress 4.4 and 4.5 by Ryan McCue was originally posted at https://make.wordpress.org/core/2016/04/06/rest-api-slashed-data-in-wordpress-4-4-and-4-5/

Road to 4.5: All Hands on Deck

We’re almost there! Release day is April 12.

In order to get there, help is needed to resolve the remaining issues in the report.

The regular dev meeting will be at April 6, 2016 at 20:00 UTC, where we’ll go over status, but the report should really be clear before then.

There are currently 11 tickets in the milestone, which with few exceptions need to be resolved so that we can ship an RC 2 this week in preparation for release next week.

We need all hands on deck — especially if you are a component maintainer or committer, but all eyes appreciated. Please watch the milestone for tickets you can suggest remedies for or whose patches you can review.

In particular, the help of lead developers and permanent committers is requested, because without approval from two of you for each patch, we cannot move forward with committing fixes. Thanks to those of you who have been doing reviews!

Tickets with a patch and single sign-off in need of a second are:

• #34133 – Selective Refresh: Make sure refresh transport is used only when appropriate.
• #36389 – Moderate Comments: Pass through comment_text().
• #36407 – I18n: Remove an extra space.

Needs testing and double sign-off:

• #36380 – Moderate Comments: Show link URLs to avoid abuse.

Needs patch:

• #36412 – Custom Logo: Can’t skip crop for images smaller than specified in theme.
• #36392 – Script Loader: wp_add_inline_script() breaks script dependency order.
• #36173 – About Page: Needs commit with final strings by Wednesday. Draft design & strings attached for review.

Can ride:

• #36354 – Bump core themes versions prior to release.
• #36401 – Bump Akismet for 4.5.
• #36413 – Additional tests for roles/caps
• #35857 – Additional tests for customizer/selective refresh

Thanks for your help in getting us through the final stretch.

Road to 4.5: All Hands on Deck by Mike Schroder was originally posted at https://make.wordpress.org/core/2016/04/04/road-to-4-5-all-hands-on-deck/

Editor chat 4.6

This Wednesday, 6 April, 18:00 UTC we’ll have our weekly editor chat. This time we’d like to discuss the roadmap and ideas for 4.6, so please join us if you can and are interested in pushing the editor forward. If you can’t attend feel free to comment here, or on the summary of the chat that we will post on this blog afterwards.

Editor chat 4.6 by Ella Iseulde Van Dorpe was originally posted at https://make.wordpress.org/core/2016/04/04/editor-chat-4-6/

Video: How to Display Your WordPress Posts in a Grid Layout

WPBeginner - WordPress Tutorials originally appeared at http://www.youtube.com/watch?v=PDnt6mGZfpc

WP REST API: 2.0 Beta 13 & Roadmap

Hi folks! I’m here with another exciting update from the API team.

Beta 13

First off, we’re excited to announce 2.0 Beta 13 “yoink.adios\losers” is now available. Grab it from the plugins repo or GitHub while it’s hot. Here’s some of the key updates:

• BREAKING CHANGE: Fix Content-Disposition header parsing. This technically breaks backwards compatibility to correctly match the header specification. (#2239)

• BREAKING CHANGE: Use compact links for embedded responses if they are available. We now use CURIEs for sites on 4.5+, which look like wp:term (but canonicalise to the full URI relation). (#2412)

• Updated JS client to the latest version. (#2403)

There’s lots more changes in this release; check out the release notes or the commits for this release.

Roadmap

We’ve been thinking about how to tackle the API in the coming future. We want to do the most we can to ensure you can build sites with confidence.

Along these lines, we’re going to release a 2.0 final version in the coming months. This will be a completely stable release with guaranteed backwards compatibility for the foreseeable future. This backwards compatibility ensures that your sites can remain up-to-date with minimal maintenance or issues with upgrading.

We originally held the software in beta for a long period to ensure that breaking changes could be rolled in if deemed necessary to move the project forward. However, the majority of these breaks occurred at the start of the 2.0 lifecycle, and the API is mostly stable at this point. Keeping the ability to break compatibility benefits only us, whereas moving to a stable release benefits everyone.

Moving forward, version 2.0 of the WP REST API will follow a normal project release cycle. We will have minor releases in the 2.x series as new features are added, and bugfix releases in the 2.0.x series.

As for the core merge itself, we are not submitting a merge proposal of the core endpoints for WordPress 4.6. We believe endpoints for the main WordPress objects (posts, users, comments, terms, and taxonomies) are not enough to garner the support needed for the proposal to be accepted. Our hope is that with a stable version 2.0 release, we will attract our community members that have been waiting for the endpoints to be available in core, and submit a merge proposal for the WordPress 4.7 release cycle.

In addition to attracting more developers within our community, we are also looking to get more contributors involved with the project. As noted in previous discussions, the four of us on the API team can’t keep pace with WordPress itself without help. We’re looking to get WordPress core component maintainers involved in their relevant components, as well as new developers from outside the project. Moving forward, the API team sees our role as advisory over the API itself, with the API treated as an integral part of the component rather than maintained by a separate team. We’re also going to continue to work on our feature plugins (metadata, site/multisite, menus/widgets, and authentication) in parallel, and are looking for help on these as well. (There’s also more news regarding authentication coming very soon.)

If you’d like to get involved with the API, please let us know. You can comment here, ping us on Slack in the #core-restapi room, or via GitHub issues. We’re looking at spending significant time onboarding new users, so if you’d like to get involved, now’s the time! Our weekly meeting is at Monday 23:00 UTC

Thanks for catching up with us, and have a wonderful day.

With love,

Ryan, Rachel, Daniel, and Joe

WP REST API: 2.0 Beta 13 & Roadmap by Ryan McCue was originally posted at https://make.wordpress.org/core/2016/04/04/wp-rest-api-2-0-beta-13-roadmap/