Merge branch 'trunk' into fix/adv-templates-twentytwentyfive

Author: AKSHAT2802

src/wp-admin/includes/class-wp-site-health.php

@@ -1882,6 +1882,42 @@ public function get_test_available_updates_disk_space() {
 		return $result;
 	}
 
+	/**
+	 * Tests if registration is open to everyone and the default role is privileged.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @return array The test results.
+	 */
+	public function get_test_insecure_registration() {
+		$users_can_register = get_option( 'users_can_register' );
+		$default_role       = get_option( 'default_role' );
+
+		$result = array(
+			'label'       => __( 'Open Registration with privileged default role' ),
+			'status'      => 'good',
+			'badge'       => array(
+				'label' => __( 'Security' ),
+				'color' => 'blue',
+			),
+			'description' => '<p>' . __( 'The combination of open registration setting and the default user role may lead to security issues.' ) . '</p>',
+			'actions'     => '',
+			'test'        => 'insecure_registration',
+		);
+
+		if ( $users_can_register && in_array( $default_role, array( 'editor', 'administrator' ), true ) ) {
+			$result['description'] = __( 'Registration is open to anyone, and the default role is set to a privileged role.' );
+			$result['status']      = 'critical';
+			$result['actions']     = sprintf(
+				'<p><a href="%s">%s</a></p>',
+				esc_url( admin_url( 'options-general.php' ) ),
+				__( 'Change these settings' )
+			);
+		}
+
+		return $result;
+	}
+
 	/**
 	 * Tests if plugin and theme temporary backup directories are writable or can be created.
 	 *
@@ -2889,6 +2925,10 @@ public static function get_tests() {
 					'label' => __( 'Autoloaded options' ),
 					'test'  => 'autoloaded_options',
 				),
+				'insecure_registration'        => array(
+					'label' => __( 'Open Registration with privileged default role' ),
+					'test'  => 'insecure_registration',
+				),
 				'search_engine_visibility'     => array(
 					'label' => __( 'Search Engine Visibility' ),
 					'test'  => 'search_engine_visibility',

src/wp-admin/includes/schema.php

@@ -563,6 +563,9 @@ function populate_options( array $options = array() ) {
 
 		// 6.9.0
 		'wp_notes_notify'                 => 1,
+
+		// 7.0.0
+		'enable_real_time_collaboration'  => 1,
 	);
 
 	// 3.3.0

src/wp-admin/includes/template.php

@@ -967,13 +967,18 @@ function parent_dropdown( $default_page = 0, $parent_page = 0, $level = 0, $post
  * Prints out option HTML elements for role selectors.
  *
  * @since 2.1.0
+ * @since 7.0.0 Added $editable_roles parameter.
  *
- * @param string $selected Slug for the role that should be already selected.
+ * @param string $selected       Slug for the role that should be already selected.
+ * @param array  $editable_roles Array of roles to include in the dropdown. Defaults to all
+ *                               roles the current user is allowed to edit.
  */
-function wp_dropdown_roles( $selected = '' ) {
+function wp_dropdown_roles( $selected = '', $editable_roles = null ) {
 	$r = '';
 
-	$editable_roles = array_reverse( get_editable_roles() );
+	if ( null === $editable_roles ) {
+		$editable_roles = array_reverse( get_editable_roles() );
+	}
 
 	foreach ( $editable_roles as $role => $details ) {
 		$name = translate_user_role( $details['name'] );

src/wp-admin/options-general.php

@@ -304,7 +304,28 @@ class="<?php echo esc_attr( $classes_for_button ); ?>"
 <tr>
 <th scope="row"><label for="default_role"><?php _e( 'New User Default Role' ); ?></label></th>
 <td>
-<select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option( 'default_role' ) ); ?></select>
+	<?php
+	/**
+	 * Filters the roles to be excluded from the default_role option.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @param string[] $roles_to_exclude Array of roles to exclude from the dropdown.
+	 *                                   Defaults to administrator and editor.
+	 */
+	$excluded_roles = (array) apply_filters( 'default_role_dropdown_excluded_roles', array( 'administrator', 'editor' ) );
+
+	$editable_roles = array_reverse( get_editable_roles() );
+
+	$selected = get_option( 'default_role' );
+
+	foreach ( $editable_roles as $role => $details ) {
+		if ( in_array( $role, $excluded_roles, true ) && $role !== $selected ) {
+			unset( $editable_roles[ $role ] );
+		}
+	}
+	?>
+	<select name="default_role" id="default_role"><?php wp_dropdown_roles( $selected, $editable_roles ); ?></select>
 </td>
 </tr>
 

src/wp-admin/options-writing.php

@@ -109,6 +109,13 @@
 	</select>
 </td>
 </tr>
+<tr>
+<th scope="row"><label for="enable_real_time_collaboration"><?php _e( 'Collaboration' ); ?></label></th>
+<td>
+	<input name="enable_real_time_collaboration" type="checkbox" id="enable_real_time_collaboration" value="1" <?php checked( '1', get_option( 'enable_real_time_collaboration' ) ); ?> />
+	<label for="enable_real_time_collaboration"><?php _e( 'Enable real-time collaboration' ); ?></label>
+</td>
+</tr>
 <?php
 if ( get_option( 'link_manager_enabled' ) ) :
 	?>

src/wp-admin/options.php

@@ -153,6 +153,7 @@
 		'default_email_category',
 		'default_link_category',
 		'default_post_format',
+		'enable_real_time_collaboration',
 	),
 );
 $allowed_options['misc']    = array();

src/wp-includes/abilities.php

@@ -9,8 +9,6 @@
 
 declare( strict_types = 1 );
 
-require_once __DIR__ . '/abilities/class-wp-settings-abilities.php';
-
 /**
  * Registers the core ability categories.
  *
@@ -259,6 +257,4 @@ function wp_register_core_abilities(): void {
 			),
 		)
 	);
-
-	WP_Settings_Abilities::register();
 }