WordPress
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 2 deletions b/‎.gitignore‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎Gruntfile.js‎
Lines changed: 1 addition & 1 deletion b/‎Gruntfile.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/wp-admin/includes/plugin.php‎
Lines changed: 6 additions & 0 deletions b/‎src/wp-admin/includes/plugin.php‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/wp-admin/includes/update-core.php‎
Lines changed: 0 additions & 3 deletions b/‎src/wp-admin/includes/update-core.php‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎src/wp-admin/includes/upgrade.php‎
Lines changed: 0 additions & 29 deletions b/‎src/wp-admin/includes/upgrade.php‎
Lines changed: 0 additions & 29 deletions
diff --git a/‎…wp-content/plugins/hello-dolly/hello.php‎ ‎src/wp-content/plugins/hello.php‎src/wp-content/plugins/hello-dolly/hello.php renamed to src/wp-content/plugins/hello.php b/‎…wp-content/plugins/hello-dolly/hello.php‎ ‎src/wp-content/plugins/hello.php‎src/wp-content/plugins/hello-dolly/hello.php renamed to src/wp-content/plugins/hello.php
diff --git a/‎src/wp-includes/class-wp-plugin-dependencies.php‎
Lines changed: 3 additions & 0 deletions b/‎src/wp-includes/class-wp-plugin-dependencies.php‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/wp-includes/compat-utf8.php‎
Lines changed: 59 additions & 14 deletions b/‎src/wp-includes/compat-utf8.php‎
Lines changed: 59 additions & 14 deletions
diff --git a/‎src/wp-includes/default-filters.php‎
Lines changed: 1 addition & 0 deletions b/‎src/wp-includes/default-filters.php‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/wp-includes/html-api/class-wp-html-tag-processor.php‎
Lines changed: 20 additions & 29 deletions b/‎src/wp-includes/html-api/class-wp-html-tag-processor.php‎
Lines changed: 20 additions & 29 deletions
@@ -50,8 +50,7 @@ wp-tests-config.php
 /src/wp-content/fonts
 /src/wp-content/languages
 /src/wp-content/mu-plugins
-/src/wp-content/plugins/*
-!/src/wp-content/plugins/hello-dolly
+/src/wp-content/plugins
 /src/wp-content/themes/*
 !/src/wp-content/themes/twentyten
 !/src/wp-content/themes/twentyeleven
 
@@ -28,7 +28,7 @@ module.exports = function(grunt) {
 			'wp-content/themes/index.php',
 			'wp-content/themes/twenty*/**',
 			'wp-content/plugins/index.php',
-			'wp-content/plugins/hello-dolly/**',
+			'wp-content/plugins/hello.php',
 			'wp-content/plugins/akismet/**',
 			'!wp-content/themes/twenty*/node_modules/**',
 		],
 
@@ -153,6 +153,8 @@ function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup
 					load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) );
 				}
 			}
+		} elseif ( 'hello.php' === basename( $plugin_file ) ) {
+			$textdomain = 'default';
 		}
 		if ( $textdomain ) {
 			foreach ( array( 'Name', 'PluginURI', 'Description', 'Author', 'AuthorURI', 'Version' ) as $field ) {
@@ -1006,6 +1008,10 @@ function delete_plugins( $plugins, $deprecated = '' ) {
 
 		$plugin_slug = dirname( $plugin_file );
 
+		if ( 'hello.php' === $plugin_file ) {
+			$plugin_slug = 'hello-dolly';
+		}
+
 		// Remove language files, silently.
 		if ( '.' !== $plugin_slug && ! empty( $plugin_translations[ $plugin_slug ] ) ) {
 			$translations = $plugin_translations[ $plugin_slug ];
 
@@ -841,8 +841,6 @@
 	'wp-includes/js/dist/undo-manager.min.js',
 	'wp-includes/js/dist/fields.min.js',
 	'wp-includes/js/dist/fields.js',
-	// 6.9
-	'wp-content/plugins/hello.php',
 );
 
 /**
@@ -975,7 +973,6 @@
 	'themes/twentytwentythree/' => '6.1',
 	'themes/twentytwentyfour/'  => '6.4',
 	'themes/twentytwentyfive/'  => '6.7',
-	'plugins/hello-dolly/'      => '6.9',
 );
 
 /**
 
@@ -886,10 +886,6 @@ function upgrade_all() {
 		upgrade_682();
 	}
 
-	if ( $wp_current_db_version < 60717 ) {
-		upgrade_690();
-	}
-
 	maybe_disable_link_manager();
 
 	maybe_disable_automattic_widgets();
@@ -2485,31 +2481,6 @@ function ( $url ) {
 	}
 }
 
-/**
- * Executes changes made in WordPress 6.9.0.
- *
- * @ignore
- * @since 6.9.0
- *
- * @global int $wp_current_db_version The old (current) database version.
- */
-function upgrade_690() {
-	global $wp_current_db_version;
-
-	if ( $wp_current_db_version < 60717 ) {
-		// Switch Hello Dolly from file to directory format. See #53323
-		$active_plugins = (array) get_option( 'active_plugins', array() );
-		$old_plugin     = 'hello.php';
-		$new_plugin     = 'hello-dolly/hello.php';
-		$key            = array_search( $old_plugin, $active_plugins, true );
-
-		if ( $key ) {
-			$active_plugins[ $key ] = $new_plugin;
-			update_option( 'active_plugins', $active_plugins );
-		}
-	}
-}
-
 /**
  * Executes network-level upgrade routines.
  *
 
@@ -870,6 +870,9 @@ protected static function check_for_circular_dependencies( $dependents, $depende
 	 * @return string The plugin's slug.
 	 */
 	protected static function convert_to_slug( $plugin_file ) {
+		if ( 'hello.php' === $plugin_file ) {
+			return 'hello-dolly';
+		}
 		return str_contains( $plugin_file, '/' ) ? dirname( $plugin_file ) : str_replace( '.php', '', $plugin_file );
 	}
 }
@@ -28,26 +28,29 @@
  *     1 === _wp_scan_utf8( $pineapple, $at, $invalid_length );
  *     $at === 4; $invalid_length === 0;
  *
- * Note! This functions many arguments are passed without and “options”
- * array. This choice is based on the fact that this is a low-level function
- * and there’s no need to create an array of items on every invocation.
+ * Note! While passing an options array here might be convenient from a calling-code standpoint,
+ *       this function is intended to serve as a very low-level foundation upon which to build
+ *       higher level functionality. For the sake of keeping costs explicit all arguments are
+ *       passed directly.
  *
  * @since 6.9.0
  * @access private
  *
- * @param string   $bytes           UTF-8 encoded string which might include invalid spans of bytes.
- * @param int      $at              Where to start scanning.
- * @param int      $invalid_length  Will be set to how many bytes are to be ignored after `$at`.
- * @param int|null $max_bytes       Stop scanning after this many bytes have been seen.
- * @param int|null $max_code_points Stop scanning after this many code points have been seen.
+ * @param string    $bytes             UTF-8 encoded string which might include invalid spans of bytes.
+ * @param int       $at                Where to start scanning.
+ * @param int       $invalid_length    Will be set to how many bytes are to be ignored after `$at`.
+ * @param int|null  $max_bytes         Stop scanning after this many bytes have been seen.
+ * @param int|null  $max_code_points   Stop scanning after this many code points have been seen.
+ * @param bool|null $has_noncharacters Set to indicate if scanned string contained noncharacters.
  * @return int How many code points were successfully scanned.
  */
-function _wp_scan_utf8( string $bytes, int &$at, int &$invalid_length, ?int $max_bytes = null, ?int $max_code_points = null ): int {
-	$byte_length    = strlen( $bytes );
-	$end            = min( $byte_length, $at + ( $max_bytes ?? PHP_INT_MAX ) );
-	$invalid_length = 0;
-	$count          = 0;
-	$max_count      = $max_code_points ?? PHP_INT_MAX;
+function _wp_scan_utf8( string $bytes, int &$at, int &$invalid_length, ?int $max_bytes = null, ?int $max_code_points = null, ?bool &$has_noncharacters = null ): int {
+	$byte_length       = strlen( $bytes );
+	$end               = min( $byte_length, $at + ( $max_bytes ?? PHP_INT_MAX ) );
+	$invalid_length    = 0;
+	$count             = 0;
+	$max_count         = $max_code_points ?? PHP_INT_MAX;
+	$has_noncharacters = false;
 
 	for ( $i = $at; $i < $end && $count <= $max_count; $i++ ) {
 		/*
@@ -145,6 +148,15 @@ function _wp_scan_utf8( string $bytes, int &$at, int &$invalid_length, ?int $max
 		) {
 			++$count;
 			$i += 2;
+
+			// Covers the range U+FDD0–U+FDEF, U+FFFE, U+FFFF.
+			if ( 0xEF === $b1 ) {
+				$has_noncharacters |= (
+					( 0xB7 === $b2 && $b3 >= 0x90 && $b3 <= 0xAF ) ||
+					( 0xBF === $b2 && ( 0xBE === $b3 || 0xBF === $b3 ) )
+				);
+			}
+
 			continue;
 		}
 
@@ -162,6 +174,14 @@ function _wp_scan_utf8( string $bytes, int &$at, int &$invalid_length, ?int $max
 		) {
 			++$count;
 			$i += 3;
+
+			// Covers U+1FFFE, U+1FFFF, U+2FFFE, U+2FFFF, …, U+10FFFE, U+10FFFF.
+			$has_noncharacters |= (
+				( 0x0F === ( $b2 & 0x0F ) ) &&
+				0xBF === $b3 &&
+				( 0xBE === $b4 || 0xBF === $b4 )
+			);
+
 			continue;
 		}
 
@@ -380,6 +400,31 @@ function _wp_utf8_codepoint_span( string $text, int $byte_offset, int $max_code_
 	return $byte_offset - $was_at;
 }
 
+/**
+ * Fallback support for determining if a string contains Unicode noncharacters.
+ *
+ * @since 6.9.0
+ * @access private
+ *
+ * @see \wp_has_noncharacters()
+ *
+ * @param string $text Are there noncharacters in this string?
+ * @return bool Whether noncharacters were found in the string.
+ */
+function _wp_has_noncharacters_fallback( string $text ): bool {
+	$at                = 0;
+	$invalid_length    = 0;
+	$has_noncharacters = false;
+	$end               = strlen( $text );
+
+	while ( $at < $end && ! $has_noncharacters ) {
+		_wp_scan_utf8( $text, $at, $invalid_length, null, null, $has_noncharacters );
+		$at += $invalid_length;
+	}
+
+	return $has_noncharacters;
+}
+
 /**
  * Converts a string from ISO-8859-1 to UTF-8, maintaining backwards compatibility
  * with the deprecated function from the PHP standard library.
 
@@ -595,6 +595,7 @@
 add_action( 'enqueue_block_assets', 'wp_enqueue_classic_theme_styles' );
 add_action( 'enqueue_block_assets', 'wp_enqueue_registered_block_scripts_and_styles' );
 add_action( 'enqueue_block_assets', 'enqueue_block_styles_assets', 30 );
+add_action( 'init', 'wp_load_classic_theme_block_styles_on_demand', 8 ); // Must happen before register_core_block_style_handles() at priority 9.
 /*
  * `wp_enqueue_registered_block_scripts_and_styles` is bound to both
  * `enqueue_block_editor_assets` and `enqueue_block_assets` hooks
 
@@ -3930,41 +3930,32 @@ public function set_attribute( $name, $value ): bool {
 			return false;
 		}
 
-		/*
+		$name_length = strlen( $name );
+
+		/**
 		 * WordPress rejects more characters than are strictly forbidden
 		 * in HTML5. This is to prevent additional security risks deeper
-		 * in the WordPress and plugin stack. Specifically the
-		 * less-than (<) greater-than (>) and ampersand (&) aren't allowed.
+		 * in the WordPress and plugin stack. Specifically the following
+		 * are not allowed to be set as part of an HTML attribute name:
 		 *
-		 * The use of a PCRE match enables looking for specific Unicode
-		 * code points without writing a UTF-8 decoder. Whereas scanning
-		 * for one-byte characters is trivial (with `strcspn`), scanning
-		 * for the longer byte sequences would be more complicated. Given
-		 * that this shouldn't be in the hot path for execution, it's a
-		 * reasonable compromise in efficiency without introducing a
-		 * noticeable impact on the overall system.
+		 *  - greater-than “>”
+		 *  - ampersand “&”
 		 *
 		 * @see https://html.spec.whatwg.org/#attributes-2
-		 *
-		 * @todo As the only regex pattern maybe we should take it out?
-		 *       Are Unicode patterns available broadly in Core?
 		 */
-		if ( preg_match(
-			'~[' .
-				// Syntax-like characters.
-				'"\'>&</ =' .
-				// Control characters.
-				'\x{00}-\x{1F}' .
-				// HTML noncharacters.
-				'\x{FDD0}-\x{FDEF}' .
-				'\x{FFFE}\x{FFFF}\x{1FFFE}\x{1FFFF}\x{2FFFE}\x{2FFFF}\x{3FFFE}\x{3FFFF}' .
-				'\x{4FFFE}\x{4FFFF}\x{5FFFE}\x{5FFFF}\x{6FFFE}\x{6FFFF}\x{7FFFE}\x{7FFFF}' .
-				'\x{8FFFE}\x{8FFFF}\x{9FFFE}\x{9FFFF}\x{AFFFE}\x{AFFFF}\x{BFFFE}\x{BFFFF}' .
-				'\x{CFFFE}\x{CFFFF}\x{DFFFE}\x{DFFFF}\x{EFFFE}\x{EFFFF}\x{FFFFE}\x{FFFFF}' .
-				'\x{10FFFE}\x{10FFFF}' .
-			']~Ssu',
-			$name
-		) ) {
+		if (
+			0 === $name_length ||
+			// Syntax-like characters.
+			strcspn( $name, '"\'>&</ =' ) !== $name_length ||
+			// Control characters.
+			strcspn(
+				$name,
+				"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" .
+				"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"
+			) !== $name_length ||
+			// Unicode noncharacters.
+			wp_has_noncharacters( $name )
+		) {
 			_doing_it_wrong(
 				__METHOD__,
 				__( 'Invalid attribute name.' ),
Original file line number	Diff line number	Diff line change
`@@ -153,6 +153,8 @@ function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup`
`153`	`153`	`load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) );`
`154`	`154`	`}`
`155`	`155`	`}`
	`156`	`+ } elseif ( 'hello.php' === basename( $plugin_file ) ) {`
	`157`	`+ $textdomain = 'default';`
`156`	`158`	`}`
`157`	`159`	`if ( $textdomain ) {`
`158`	`160`	`foreach ( array( 'Name', 'PluginURI', 'Description', 'Author', 'AuthorURI', 'Version' ) as $field ) {`
`@@ -1006,6 +1008,10 @@ function delete_plugins( $plugins, $deprecated = '' ) {`
`1006`	`1008`
`1007`	`1009`	`$plugin_slug = dirname( $plugin_file );`
`1008`	`1010`
	`1011`	`+ if ( 'hello.php' === $plugin_file ) {`
	`1012`	`+ $plugin_slug = 'hello-dolly';`
	`1013`	`+ }`
	`1014`	`+`
`1009`	`1015`	`// Remove language files, silently.`
`1010`	`1016`	`if ( '.' !== $plugin_slug && ! empty( $plugin_translations[ $plugin_slug ] ) ) {`
`1011`	`1017`	`$translations = $plugin_translations[ $plugin_slug ];`
Original file line number	Diff line number	Diff line change
`@@ -870,6 +870,9 @@ protected static function check_for_circular_dependencies( $dependents, $depende`
`870`	`870`	`* @return string The plugin's slug.`
`871`	`871`	`*/`
`872`	`872`	`protected static function convert_to_slug( $plugin_file ) {`
	`873`	`+ if ( 'hello.php' === $plugin_file ) {`
	`874`	`+ return 'hello-dolly';`
	`875`	`+ }`
`873`	`876`	`return str_contains( $plugin_file, '/' ) ? dirname( $plugin_file ) : str_replace( '.php', '', $plugin_file );`
`874`	`877`	`}`
`875`	`878`	`}`