Reconsider placing uploaded fonts within the uploads directory #59417
Comments
priethor
added
[Priority] High
|
I believe the fonts location should be outside uploads for the above reasons, which outweigh the cons. Furthermore, I would argue that users don't upload the fonts; they are downloaded from external directories just like themes and plugins. Since the primary reasons for using the |
|
For historical context, during 6.4's merge consideration, this concern was raised. But the discussion didn't continue forward and IMO was unresolved. Why? The primary focus was on the REST API's architecture as it was the biggest blocker and highest priority at that time. I suspect it consumed the focus and times, leaving less for deeper reviews and follow-ups. |
I agree. I think from an organisational perspective,
If we were introducing the |
I'm not sure I understand @priethor. Can you share more? Media (images, videos, audio, PDFs, etc.) can also be first downloaded from somewhere (a camera, recording device, external media providers, etc.). It's the same for fonts as a user can upload a font file that they have stored on their computer. |
|
Initial response from asking in the #hosting channel: Both Pantheon and WordPress.com VIP change the default location to If they have to add workarounds to make the feature work for them, that's an indicator that the default location is maybe not the best. |
I agree that it's perhaps an indicator, though I'd like to know about the roadblocks to them and others making the new |
|
This is because the uploads directory is mounted on a completely separate filesystem to facilitate horizontal scaling, replication, CDN etc. It's not just about making other directories writable. Most WordPress hosts that provide scalable architecture work in the same way, and it's nothing new. Some docs here for Altis Cloud as an example: https://docs.altis-dxp.com/cloud/s3-storage/. |
|
I think that any uploadable should go to Introducing uploaded files outside of
|
This argument is marked as in |
This one is independent of this discussion so we should remove it from the arguments in favor of one or the other. |
Themes, plugins are also things users can upload. |
|
if we go for the philisophical choice of
|
That's not exactly what I'm saying. I'm saying that we should overcome the technical challenges to make the philosophical choices work. (specially since they seem like fixable issues for what I've seen so far) |
I've moved this into the Notes section 👍
I've removed this 👍 |
Is this actually an established expectation that is documented anywhere? That does not really square with what I generally see in the
If the uploads folder is only supposed to be for things you add to posts, then that ship sailed a long time ago.
I don't think this is a strong argument since it could be an issue with literally anything inside the |
I was trying to express the fact that WP products(plugins/themes) presumed that uploadables go in
Probably everything I wrote can be solved from the technical point of view(with some complexity costs) but this doesn't strive for simplicity. |
the crux of the problem seem to be that there's no documented expectation for either case:
Which means, the decision comes down to what we think is right mostly rather than history/consistency. |
|
It's quite unfortunate that this issue was opened now, few days before WP 6.5 RC1, many months after the code in question was added and the original decision was made. This makes it very hard to test any new theories and/or ideas. I'll try to answer and/or clarify some of the above points. Additional arguments in favour of wp-content/fonts
Individual points
Frankly I'm a bit unsure what "immutable file systems" means here (no files are ever updated?). Not sure how common this setup may be but seems it prevents the WP (security related) auto-updates from being applied. Seems this is a pretty bad idea unless there is enough personnel to apply updates "manually" or to create and maintain an auto-updates system outside of WP. Seems that when there is enough personnel for manual auto-updates or to maintain a proprietary auto-updates system, it won't be such a big burden to adjust the server settings to allow use of
Same as above. As far as I understand
That's not exactly the case afaik. Generally plugins and themes can also be uploaded (zipped) by the users. That seems very rare for the plugins and themes hosted on wp.org but somewhat common for "commercial" plugins and themes afaik. To me it seems the main points here are whether WP should "add a Seems the only thing missing from the current implementation (#59294) is a way to enable uploading of fonts when |
Import/Export/Backup plugins also tend to offer plugin/theme backups, which would require access to
Indeed, and while they could be called an "uploadable", as they are uploadable, their relationship to the site is much different to media or an export, and they are organised into their own
While this is obviously a crucial aspect of the WordPress philosophy and one I very much agree with, "battle" is a rather subjective term. For example, I don't consider using a filter to be a battle. While the ideal is that no configuration is necessary to use new functionality, it's sometimes needed because we have multiple factors to consider. Whether a filter is sufficient for scalable architecture to handle it, is another matter. I know VIP filters it, as does Pantheon. Altis, for example, filter |
|
Elsewhere I've been using Altis, WP VIP and Pantheon as examples for this issue. Part of the reason I feel comfortable using these hosts as an example is because I know these companies follow WP developments and will work to handle it. It's the long tail of hosts that don't follow development that this issue needs to be decided for. The Font Library makes use of assets from two locations:
It's unlikely the It's only files that are uploaded that will end up in the fonts directory, be that
The big issue I see here is that the burden for overcoming these technical challenges is been moved from something managed by a few dozen contributors to WordPress to the entire plugin, hosting and site owner communities. WordPress makes allowances for the practical over the technically pure frequently. A good example being privacy exports as discussed elsewhere in both issues and Slack. Accepting for a moment that WordPress needs a directory structure for uploaded content that isn't an attachment, then design decision to call that folder I think we (those of us riding these various tickets) need to switch font uploads to the
Whether the destination is |
|
If tomorrow, we are to introduce a way for users a way to upload "patterns" or "blocks", "an ai model" or something else, I don't think it would make sense to put these in So we need to ensure that we can make the right decisions for WordPress in general. I think a small amount of adaptation is required for any big feature, especially for environments that are very specific. It was the case for the REST API addition, for the customizer, for the block editor, and it will be the case for fonts regardless of the chosen folder. Yes, it's our job to make the adaptation very minimal (and inexistent for regular users just downloading the zip). I believe that regardless of the chosen folder, we need:
I think that's a good point, but maybe it's only temporary. I don't see why we can't follow-up with an enhancement to show these fonts as inactive if people think it's useful. Now, I'm not yet convinced that we need to change the font directory to uploads. So I still think we need to answer this question: How do we decide which part of |
|
I've been sitting on this for the better part of today, going back and forth on my position. Conceptually, I'm certain the right place is Riad's last comment resonates with me: don't we have the means to get the word out, put some conservative heuristics in place (e.g. to fall back to |
|
As the author of one of the workarounds @swissspidy referenced earlier for Pantheon, I will start by saying that I don't have a strong opinion about where, as long as where is configurable, which it is today (it wasn't when we had this discussion for 6.4 and I'm happy that we've taken the time to resolve that). Pantheon, as mentioned above, is one of the hosts that uses an immutable file system.
Yes, precisely. The entirety of a sites files are an immutable artifact -- they cannot be modified or changed -- with the exception of specific, named and excluded paths (that point to specific container mounts). This ensures that malicious code can't simply be installed (or executed via the admin and bad actors) that writes changes to the file system.
This is true. Pantheon maintains a mirror of WordPress core that is automatically updated when new releases are published and pushed to customer sites. Customers update WordPress via their Pantheon dashboard using our internal git version control system. Automatic updates are disabled. Plugin and theme updates are committed to version control. Customers need to apply these updates and push them through our development and test environments before finally pushing those updates live. On the one hand, this means that customers may be behind on their updates. On the other hand, the immutable file system saves them from many security vulnerabilities that would otherwise use privilege escallation and the like to write to the filesystem.
Changing the infrastructure to allow an additional writeable path is far more burdensome than simply writing a function in a mu-plugin and adding it to our maintained version of WordPress. Carving out that exclusion specifically for site frameworks of this CMS type and not that CMS type also adds overhead. There are fewer components (namely one) involved in making the change in the WordPress application than in making the change at the infrastructure level. Everything @johnbillion and @peterwilsoncc noted in this regard is true for us as well.
This was also noted above, but, today, this is not possible either. Or rather, you could version control your fonts, but it's not going to do anything for you. As noted in #59102 if I have fonts in the I agree that the distinction between If a WordPress site has no theme, it would not display. If a WordPress site has no plugins, it would lack some functionality. If a WordPress site has no media files, nothing happens. Similarly, if a WordPress site has no installed fonts, it has no functional effect on the site. |
|
@jazzsequence makes a very good point here. I'm curious how challenging it would be to have fonts uploaded along with some sort of .json manifest that WP can use to load the files? This could work similarly to block patterns, where WP can also store this data in a post type, but themes can just include the files and WP will pick them up, without a need for the info to be in the DB. |
@mtias could you perhaps clarify what you mean by "distinct nature", and how fonts more closely resemble plugins, themes, languages, etc versus those currently in Of the several non-"convenience" arguments made above, the one that changed my mind over to camp It's a solid through-line to guide future architecture and abstraction decisions (ai models vs uploadable patterns , generated caches or static assets vs backups, data liberation exports, etc) that clears up the |
Apologies if I'm wrong because I haven't followed this feature closely; but I believe I read that fonts can't be dropped into the folder and automatically recognized, they must be uploaded because they live in the database. This is counter to plugins, themes, etc so the insinuation that they should be treated as this sort of this new property or like those doesn't hold merit. If you can put fonts into the folder like the other things I'd be more open to having /wp-content/fonts. As the feature is written now (or as I understand it) and the fact that these are really more like frontend assets that themes and plugins I am against making a new special folder outside of uploads. For every CDN that moves things from the uploads folder or that offloads it from there this wouldn't work without extra work. I understand you want to introduce a new concept but I respectfully disagree that it's better for the project, ecosystem or users. In fact there are many voices above who insist this is not better. |
Good question. Thinking it would be good to try to help "bring everybody on the same page" about how fonts are being considered and the (current) logic around installing and managing them. Please correct me if something seems wrong :) Fonts are:
Font management: Fonts are managed from the Font Library. It is available at: Site editor->Design->Styles->Edit Styles(the small pencil icon next to the "Styles" label)->Typography->Manage Fonts(the small "settings" icon next to the "Fonts" label). The expectation (afaik) is that fonts will generally be installed by using the "Install Fonts" tab. This works pretty much the same as installing WP plugins and themes: the users select which fonts they want and WP (the server) downloads and installs them. The only difference is that font files are (currently) downloaded from the Google CDN, not from wordpress.org (for privacy reasons there is a confirmation dialog where the user has to give permission to their server to actually connect to the Google CDN and download the fonts). As an alternative install method there is also an "Upload" tab (like for plugins and themes) where the users can upload font files they have purchased from a type foundry (for example), or if they prefer to download the font files themselves from other sources, for example Fontsource. To answer the question directly: Font files resemble plugins, themes, and language files because:
Thinking @mtias said it really well above:
|
|
Thanks for the additional context and summary @azaozz that was very helpful. A few initial reactions:
|
|
@Zealth57 Sure, lets talk a bit more about this :)
Don't think
Sorry but I'm unsure what "pushed up" means here. Assuming it refers to the files being able to be under version control. If that's the case I don't think all WP plugins and themes can be under version control. Afaik some (many?) "commercial" themes and plugins do not have publicly accessible repositories and are available as .zip downloads only. Updates are also applied by downloading the zip file and then uploading it to WP.
Sorry but don't see big difference here. Some metadata is stored for themes and plugins in the DB. Some more metadata is stored for images and fonts, and probably will be stored for other distinct components like for example AI models. True, the plugins and themes directories are also "traversed" as backwards compatibility with how themes and plugins were installed 15 years ago: by uploading them with FTP. Frankly I'd really like to remove that if possible, just slows WP down pointlessly :)
Perhaps. But that still makes (the requirements for) handling of font files quite different than images for example.
Not quite imho. The most important part is how users would perceive, manage, and interact with fonts. Filesystem and metadata in the DB are by far secondary. I.e any UI and UX solution can be "coded" and made to work. The important part is to be "logical", to "make sense" to the users, to be "easy to understand and use", etc.
No "real data" afaik. The assumption is based on how themes and plugins (that are hosted on wordpress.org) are installed and managed. It seems very rare for modern WP sites to have plugins and themes (that are in the WP repositories) installed by not using WP (the UI or wp-cli). Seems these are only higher-end sites that have support personnel, etc. The expectation is afaik that fonts will also be installed by using the WP UI, as that is a lot easier and straightforward than the more elaborate method of selecting form external sources, downloading and then uploading the file(s).
As mentioned |
This isn't quite right. Taking a step back, themes and plugins are generally code and assets packaged together in a way that can be executed by WordPress. Plugins can include assets within them—these assets are defined by the plugin author and are meant to be utilized only when the plugin is activated on the site. If a plugin is not active, it cannot be used by the site. (Barring edge cases, of course.) Themes, including block themes, can include assets within them—these assets are defined by the theme author and are connected to the given theme. If a person modifies the visual display of a theme using the Site Editor or other built-in tools within the dashboard (excluding the code editor), these modifications are stored at the "site" level—the code and associated assets for the theme are not modified within the theme directory itself, on the filesystem. When a user deactivates a theme (by switching to another), any assets including with the theme files are immediately unavailable to the site, including icons, fonts, images, and (naturally) code. This is an important point, because, historically, there are assets that are not stored within an active theme, which may be used by themes, in support of the visual display of the site. A solid example here is the site logo and icon, which are not stored alongside the theme—these are available site-wide. If a user modifies their site logo or icon, those assets remain in use, even when the theme is changed. The site logo and icon are stored in... More recently, block themes can be modified within the Site Editor. These modification are stored in the database and do not modify the code of the theme file itself. Except... if a user adds (e.g.) an image to a template within the Site Editor (perhaps a header or background graphic, to be used atop all templates), the image is uploaded to Going back to your statement:
I would counter that Circling back to an earlier, related comment:
I agree with virtually all of these points, but there's a nuance to the second bullet point. Images can also be part of the website's visual design, and not per-post. As described above, that is not only a common behaviour with block themes (a relatively new behaviour of WordPress), but also a legacy behaviour of WordPress since the introduction of site icons in WordPress 4.3.
Fonts files resemble other, optional visual website design assets used on sites, like site logos and icons, and images used in templates. Just like those other visual website design assets, there may not be a large number of them, but it's important that they are treated like the assets that they are—e.g. if all assets of the site are offloaded to a CDN, font files should also be offloaded to the CDN. How they get installed, and what that interface looks like, isn't relevant to how these assets should be treated and used within a WordPress installation.
A very, very common behaviour with enterprise WordPress sites is that commercial plugins (and private ones) are downloaded from their respective locations (as a ZIP, if need be), and committed to version control. On enterprise WordPress environments, the file system is locked, with the exception of the uploads directory, which is usually offloaded (e.g. to a CDN). While I'm certain there are a few WordPress plugins which are behaving badly (writing to their plugin directory), virtually every WordPress plugin and theme can be committed to and managed within version control.
To be clear, this is not how plugin updates work within enterprise WordPress environments (including WPVIP). Updates are committed to version control and deployed to the production environments. |
|
I think what comments that the ecosystem will adapt are missing a fundamental point. The ecosystem IS adapting and is generally doing so by reversing the architectural decision to place font uploads outside the uploads directory. The ecosystem is respecting the argument that fonts are slightly different to other attachments by using a font directory in uploads rather than simply removing the filter on the uploads hook, ie: add_filter( 'upload_dir', function ( $ul ) {
remove_filter( 'upload_dir', 'wp_get_font_dir' );
return $ul;
}, 5 );Note: The above is broken following df5dc24 but I'm working on restoring it WordPress/wordpress-develop#6211 Generally this reversal of the decision is being made by some of the most influential players in the ecosystem so will become the default: very large hosts, large agencies, even official WordPress sites in WordPress/wordcamp.org#1075. The very folks who shared case studies to promote the use of the block-editor when it was only available in the plugin prior to WordPress 5.0. There is talk of including a workaround in the dev note announcing the library. If it's accepted that the dev note requires documenting a fix, then the fix should be unnecessary and implemented at a Core level. |
The dev note is not about documenting a fix, it's about documenting a filter that may or may not be used. |
|
Thanks for the extensive discussion, everybody. At this point, a decision needs to be made. Since there isn't an agreement on the best path forward, project leadership should make the call. For transparency, in the last few hours, I've been filling @josephahaden in on this topic so that an informed decision can be made in the next few days and before RC2. |
|
Sorry for the late response, just wanted to clear couple of things.
You mean the I agree, seems these have been some assumptions over the years:
The first is more of a coincidence as far as I see. There are several files and sub-directories that WP may create or use in Unfortunately the docs for The second seems to be a result from the first. As |
I don't think that's a coincidence—that was the intended behaviour when I think that ship has sailed. This has been core behaviour for almost 14 years, and companies, hosts, and vendors rely on this behaviour. "Breaking" compatibility now does not feel like the correct path for WordPress-as-a-CMS, even if it may feel like the correct path for WordPress-as-a-consumer-product. Unfortunately, we have to balance both, and there is no harm to using |
|
This talk about Whatever that assumption is, we can adapt the behavior if necessary (as @azaozz noted earlier), but there's something to be said for having our code checks and directory tree follow the same logical structure. (alternatively, allowing fonts to be autodiscoverable if they're added directly to the |
You mean like this one? 😁 #59102 |
Hmm, doesn't seem to be the case? Several of the "other" files and/or dirs in
In any case, as far as I see it this is more of a "future proof" architecture decision, coincidence or not. |
|
Josepha has published a post on make/core about the location of the fonts directory (and synced pattern overrides). |
|
I've closed this issue as unplanned. As a reminder, discussion can continue on a closed issue and participants will continue to be notified. #59699 has been opened for considering the architectural decisions that are required for the fallback. |
|
After learning a little more about including a fallback within Core by default, its' been decided not to include the feature in 6.5. An announcement post has posted on the Make Core blog. The original feature announcement dev note has been updated to reflect this change. |
Wasn't Josepha's decision for 6.5 based on the ability to make this compromise? |
|
Reopening per https://make.wordpress.org/core/2024/03/25/wordpress-6-5-release-delayed-1-week/ and for the backport of https://core.trac.wordpress.org/changeset/57878 to Gutenberg. |
github-actions
bot
added
the
[Status] In Progress
|
I created a PR to bring WP changes from https://core.trac.wordpress.org/changeset/57878 to Gutenberg: #60354 |
and others
In #53965 the decision was made to use the
wp-content/fontsdirectory for uploaded fonts rather thanwp-content/uploads/fonts.Following this discussion in Slack about the Font Library, this decision should be reassessed. There are pros and cons for using
wp-content/fontsversus using afontsdirectory within the uploads directory, some of which are technical.Notes
wp-content/uploads/fontsis referred to in this issue but technically this means thefontssubdirectory within the configured uploads directory.fontsdirectory could be namedwp-fontsor something else to minimise the chance of a conflict with a directory used by an existing font management plugin, that's not a concern for this issue.wp-content/fontsseem to be more philosophical, whereas the "cons" seem to be more technical.Arguments in favour of
wp-content/fontswp-content/fontswas an explicit design decision to treat the font library as a distinct resource, not coupled with media as a representation.Arguments in favour of
wp-content/uploads/fontswp-content/uploadsmay not be writable, either as a security measure or due to offloading uploaded media to a CDNDISALLOW_FILE_MODSPlease comment with any further arguments in favour or against either location.
The text was updated successfully, but these errors were encountered: