On April 12, 2016, WordPress Version 4.5, named for jazz musician Coleman Hawkins, was released to the public. For more information on this enhancement and bug-fix release, read the WordPress Blog, and see the Changelog for 4.5.
For Version 4.5, the database version (db_version in wp_options) changed to 36686, and the Trac revision was 37181.
- View Closed Tickets
Contents
Highlights
The Finer Points
Customizer ImprovementDevice Previewer Buttons in the customizer controls footer shows how your site looks in mobile, tablet, and desktop contexts before making changes to its appearance. Theme installer previewer has the same function.
Customizer provides theme logo upload and adding feature. The latest WordPress official themes such as Twenty Sixteen utilize this feature.
Visual Editor Improvement
Inline Link Editing enables users to direct URL input without switching to modal dialog. Version 4.5 adds new shortcuts in Visual Editor.
- Use `your code` to transform <code>my code</code>
- Use — to transform <hr />
Comment Refinement
Refreshed Moderate Comment Screen has formatted comment content for display, navigation via a text link, updated message styles and so on. The comment form now enforce the maximum length of each field.
Optimization of Image Generation
Image sizes are generated more efficiently and remove unneeded meta, while still including color profiles in Imagick, for reduced sizes of up to 50% with near identical visual quality.
For Developers
- Selective Refresh – A comprehensive framework for rendering parts of the customizer preview in real time. The same framework is used in Theme Install Preview.
- Backbone and Underscore update – Backbone is upgraded from 1.1.2 to 1.2.3 and Underscore is upgraded from 1.6.0 to 1.8.3.
- Embed templates – Embed templates were split into parts and can now be directly overridden by themes via the template hierarchy.
- embed-{post-type}-{post_format}.php
- embed-{post-type}.php
- embed.php
- wp-includes/theme-compat/embed.php
- Term Edit Page changes – wp-admin/term.php was introduced.
What’s New
Security
In addition to the new features, enhancements, and bug-fixes, WordPress 4.5 solves a few security problems:
- SSRF Bypass using Octal & Hexedecimal IP addresses, reported by Yu Wang & Tong Shi from BAIDU XTeam
- Reflected XSS on the network settings page, reported by Emanuel Bronshtein (@e3amn2l)
- Script compression option CSRF, reported by Ronni Skansing
We thank them for disclosing the issues responsibly.
Posts
- Inline Link Editing (#33301) – Within the visual editor, edit links inline for a smoother workflow. When the users type in the URL field, it uses jQuery UI Autocomplete to search for local posts and pages.
- Additional Editor Shortcuts (#33300) – Includes a few new shortcuts, like `..` for code and — for horizontal bar. In the future release, we may include bold or italic shortcuts.
Comments
Version 4.5 includes several bug fixes and enhancements in the Comments component.
- Moderate Comment Screen Refresh (#34133) – Moderate Comment Screen is where you land when clicking one of the moderation actions from a comment notification email message.
- Comment content is formatted for display, instead of one massive block of escaped text
- Include navigation via a text link to the Edit Comment screen at the bottom of the comment
- Updated message styles that match other screens
- Only wrap the comment date in a link if the comment permalink exists to avoid confusion
- Appended #wpbody-content to the comment email message links for accessibility
- Max Lengths for Comment Form Fields (#10377) – The comment form will now enforce the maximum length of each field’s respective database column. The default length settings are as follows:
- Comment: 65525 characters
- Name : 245 characters
- Email: 100 characters
- Url: 200 characters
- Comment Error Page Navigation (#4332) – A simple back link has been added to the bottom of the error message page
Appearance
Customizer includes many new features:
- Responsive Preview of your site (#31195) – See how your site looks in mobile, tablet, and desktop contexts before making changes to its appearance. The device previewer is in the customizer controls footer, near the “Collapse” button.
- Theme Logo Support (#33755) – Native support for a theme logo within the Customizer.
- Selective Refresh – A comprehensive framework can render parts of the customizer preview such as site title and tagline in core themes in real time. No more entire preview screen reload happens.
- Easy of use – Shift-click on nav menu items in preview to open corresponding control in Customizer pane.
The device preview buttons of customizer were brought to the theme-install previewer so that themes can be easily previewed on various device sizes before being installed. (#36017)
Install Process
- Version 4.5 default to generating secret keys and salts locally instead of relying on the WordPress.org API. (#35290)
Under The Hood
General
- Selective Refresh (#27355) – A comprehensive framework for rendering parts of the customizer preview in real time. Theme and plugin authors should test their widgets specifically for compatibility with selective refresh.
- Backbone and Underscore updated to latest versions (#34350) – Backbone is upgraded from 1.1.2 to 1.2.3 and Underscore is upgraded from 1.6.0 to 1.8.3. See the this post for important changes.
- Embed templates (#34561) – Embed templates were split into parts and can now be directly overridden by themes via the template hierarchy.
- Script loader (#14853, #35873) – Introduces wp_add_inline_script() for including inline JavaScript just like wp_add_inline_style() works for CSS.
- Changes to the Term Edit Page (#34988) – wp-admin/term.php was introduced. The links to edit a single term now look like example.com/wp-admin/term.php?tag_ID=123. (previously: example.com/wp-admin/edit-tags.php?action=edit&taxonomy=post_tag&tag_ID=127).
- Allow rewrite rules to work in nested WordPress installations on IIS (#35558)
- For Emoji, upgraded twemoji.js to version 2 (#36059) and added extra IE11 compatibility (#35977)
Images
Version 4.5 includes some performance enhancements for images.
- Increased image compression for custom sizes
- Improved resizing settings for ImageMagick
- Introduction of wp_get_upload_dir() (#34359)
Also includes
- Imagick support in HHVM (#35973)
- Fixes for SSL with Responsive Images (#34945)
Embeds
After the introduction of the embeds feature in Version 4.4 there have been a few significant changes in Version 4.5 to make embeds more robust and easier to customize.
- Embed Code Adjustments (#35804, #35894)
- Discovery Improvements (#35979)
- Embedding Static Front Pages (#34971)
- Embed Template Changes (#35322, #35630, #34561)
- Embeds in the Template Hierarchy (#34278) – Themes can now implement embed templates for specific post types and post formats within the confines of the template hierarchy. The embeds template cascade looks like this:
- embed-{post-type}-{post_format}.php – First, WordPress looks for a template for the specific post. For example, if its post type is product and it has the audio format, WordPress would look for embed-product-audio.php.
- embed-{post-type}.php – If the post type is car, WordPress would look for embed-car.php.
- embed.php – WordPress then falls back to embed.php.
- Finally, WordPress ultimately falls back to wp-includes/theme-compat/embed.php
- Add oEmbed support for moments and timelines from Twitter (#36197)
Script Loader
Version 4.5 enhanced the script loader and script/style dependencies.
- Individual stylesheets instead of wp-admin.min.css (#35229)
- HTTP ETag header for load-scripts.php and load-styles.php (#28722)
- wp_add_inline_script() (#14853)
- Scripts/Styles with “alias” handles (#35643, #25247, #35229)
- Support for scripts with dependencies in different groups (#35873)
Bug Fixes
- Support Windows shares/DFS roots in wp_normalize_path() (#35996)
- OPTIONS request to REST API does not return correct Accept header (#35975])
Multisite
- New WP_Site class (#32450) – More object-oriented approach for managing sites in Multisite.
Classes
What’s New
- WP_Upgrader::create_lock()
- WP_Upgrader::release_lock()
- WP_Customize_Manager::get_nonces()
- WP_Customize_Manager::get_previewable_devices()
- WP_Customize_Manager::_render_custom_logo_partial()
- WP_Customize_Nav_Menus::filter_nonces()
- WP_Customize_Nav_Menus::customize_dynamic_partial_args()
- WP_Customize_Nav_Menus::export_partial_rendered_nav_menu_instances()
- WP_Customize_Widgets::get_selective_refreshable_widgets()
- WP_Customize_Widgets::is_widget_selective_refreshable()
- WP_Customize_Widgets::customize_dynamic_partial_args()
- WP_Customize_Widgets::selective_refresh_init()
- WP_Customize_Widgets::filter_wp_kses_allowed_data_attributes()
- WP_Customize_Widgets::start_dynamic_sidebar()
- WP_Customize_Widgets::end_dynamic_sidebar()
- WP_Customize_Widgets::filter_sidebars_widgets_for_rendering_widget()
- WP_Customize_Widgets::render_widget_partial()
- WP_Image_Editor_Imagick::thumbnail_image()
- WP_Image_Editor_Imagick::strip_meta()
- WP_Metadata_Lazyloader
- WP_Rewrite::remove_rewrite_tag()
- WP_Rewrite::remove_permastruct()
- WP_Site
- WP::remove_query_var()
- WP_Scripts::add_inline_script()
- WP_Scripts::print_inline_script()
- wpdb::close()
- WP_Customize_Partial
- WP_Customize_Selective_Refresh
- WP_Customize_Site_Icon_Control::content_template()
- WP_REST_Request::from_url()
- WP_REST_Response::get_curies()
- WP_REST_Server::get_compact_response_links()
Deprecated
- WP_Query::is_comments_popup()
- WP_Customize_Nav_Menus_Panel::wp_nav_menu_manage_columns()
Functions
What’s New
- wp_queue_comments_for_comment_meta_lazyload()
- wp_get_comment_fields_max_lengths()
- the_embed_site_title()
- wp_get_raw_referer()
- wp_get_upload_dir()
- wp_add_inline_script()
- has_custom_logo()
- get_custom_logo()
- the_custom_logo()
- wp_metadata_lazyloader()
- unregister_post_type()
- get_post_types_by_support()
- wp_queue_posts_for_term_meta_lazyload()
- wp_add_trashed_suffix_to_post_name_for_trashed_posts()
- wp_add_trashed_suffix_to_post_name_for_post()
- rest_get_server()
- _wp_post_revision_data()
- remove_rewrite_tag()
- remove_permastruct()
- unregister_taxonomy()
- get_embed_template()
- _custom_logo_header_styles()
- wp_authenticate_email_password()
- _wp_get_current_user()
Deprecated
- add_object_page()
- add_utility_page()
- get_comments_popup_template()
- is_comments_popup()
- comments_popup_script()
- popuplinks()
- _wp_upload_dir_baseurl()
- get_currentuserinfo()
Actions & Filters
New Actions
- {taxonomy}_term_edit_form_top
- pre_uninstall_plugin
- pre_network_site_new_created_user
- network_site_new_form
- network_user_new_form
- clean_comment_cache
- unregistered_post_type
- unregistered_taxonomy
New Filters
- press_this_save_post
- customize_previewable_devices
- customize_nav_menu_searched_items
- image_strip_meta
- network_allowed_themes
- site_allowed_themes
- pre_handle_404
- comments_template_query_args
- wp_get_comment_fields_max_lengths
- pre_wp_update_comment_count_now
- wp_unique_filename
- get_custom_logo
- rest_request_from_url