[54080] refactored the logic in `get_network_option()`, `update_network_option()` and `delete_network_option()` to use the metadata API. However, this change resulted in issues with large multisite installs that utilize memcached having network options > 1MB in size.
This change reverts [54080] and all related follow-up changes.
Reverts [54080], [54081], and [54082]. Partially reverts [54267] and [54402].
Props pavelschoffer, rebasaurus, johnbillion, spacedmonkey, desrosj, rinatkhaziev.
Fixes#56845.
See #37181.
Built from https://develop.svn.wordpress.org/trunk@54637
git-svn-id: http://core.svn.wordpress.org/trunk@54189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As the function can be used in a variety of contexts, the `_screen` suffix may not always be appropriate.
This commit aims to reduce confusion by renaming the newly added `is_login_screen()` function to `is_login()`, which better aligns with `is_admin()` and the related `is_*_admin()` function family.
While it does not save a lot of lines of code, this function aims to save developers some time that would otherwise be spent investigating the most reliable way to determine whether the current request is for the login screen.
Implementation details:
* By checking `wp_login_url()`, the function accounts for custom login locations set via the `login_url` filter.
* By checking `$_SERVER['SCRIPT_NAME']` directly, instead of `did_action( 'login_form_login' )` or `$pagenow` global, the function can work as early as possible, for example in a must-use plugin.
Follow-up to [53884].
Props azaozz.
Fixes#19898. See #56400.
Built from https://develop.svn.wordpress.org/trunk@54447
git-svn-id: http://core.svn.wordpress.org/trunk@54006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
After some further discussion, it is apparent that the added clarity was subjective, and the `_screen` suffix may not always be appropriate, e.g. in Ajax context. To address any confusion with the existing names, the documentation for these functions can be updated instead.
Additionally, the `is_super_admin_user()` alias for `is_super_admin()` is reverted as well, which may be reconsidered in the future.
Follow-up to [54259].
Props azaozz, jrf, johnbillion, manfcarlo, Clorith.
See #56400.
Built from https://develop.svn.wordpress.org/trunk@54332
git-svn-id: http://core.svn.wordpress.org/trunk@53891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following the introduction of `is_login_screen()` in [53884], it is time to reconsider the `is_*_admin()` functions:
* `is_admin()`: Determines whether the current request is for an administrative interface page.
* `is_blog_admin()`: Whether the current request is for a site's administrative interface, e.g. `/wp-admin/`.
* `is_network_admin()`: Whether the current request is for the network administrative interface, e.g. `/wp-admin/network/`.
* `is_user_admin()`: Whether the current request is for a user admin screen, e.g. `/wp-admin/user/`.
For someone new to WordPress, these names can be quite confusing, especially the last one. When using these functions, one always needs to remember that they don't actually check if the current user is a site administrator.
To complicate things further, there is one more similarly named function that does exactly the latter:
* `is_super_admin()`: Determines whether user is a site admin.
With the above in mind, this commit introduces aliases that better match the functionality and allow for more descriptive code:
* `is_admin()` → `is_admin_screen()`
* `is_blog_admin()` → `is_site_admin_screen()`
* `is_network_admin()` → `is_network_admin_screen()`
* `is_user_admin()` → `is_user_admin_screen()`
Additionally, `is_super_admin_user()` is introduced as an alias for `is_super_admin()`:
* `is_super_admin()` → `is_super_admin_user()`
Plugins and themes are encouraged to start using the newer function names to make code self-descriptive and bring more clarity. The older names are not deprecated at this time, though it may be up for discussion in the future.
Follow-up to [2481], [6412], [12393], [12732], [15558], [15481], [15746], [53884].
Props jrf, tobifjellner, SergeyBiryukov.
See #56400.
Built from https://develop.svn.wordpress.org/trunk@54259
git-svn-id: http://core.svn.wordpress.org/trunk@53818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Replace logic found in `get_network_option`, `update_network_option` and `delete_network_option` to use the metadata api. Using the metadata api has a number of benefits, such as consistency, default values and useful filters. This change also improves performance by priming the caches of all network options in a single database request.
Props spacedmonkey, swissspidy, sc0ttkclark, johnjamesjacoby, flixos90, jeremyfelt, pento, peterwilsoncc, mukesh27, desrosj.
Fixes#37181
Built from https://develop.svn.wordpress.org/trunk@54080
git-svn-id: http://core.svn.wordpress.org/trunk@53639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The function to check whether WordPress is not installed has evolved over time, ending up with duplicate conditionals.
This commit combines two conditionals into a single one and includes an early return.
Follow-up to [672], [676], [725], [1184], [1401], [1980], [2171], [2467], [2468], [2486], [2703], [3011], [3670], [12688], [12732], [12762], [13253], [29599], [30581], [34828].
See #55647.
Built from https://develop.svn.wordpress.org/trunk@53915
git-svn-id: http://core.svn.wordpress.org/trunk@53474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This should help determine whether the current request is for the login screen.
While it does not save a lot of lines of code, including this function in core aims to save developers some time that would otherwise be spent investigating the most reliable way to solve this problem.
Implementation details:
* By checking `wp_login_url()`, the function accounts for custom login locations set via the `login_url` filter.
* By checking `$_SERVER['SCRIPT_NAME']` directly, instead of `did_action( 'login_form_login' )` or `$pagenow` global, the function can work as early as possible, for example in a must-use plugin.
Follow-up to [2481], [6412], [12393], [12732], [15558], [15481], [15746].
Props dcowgill, scribu, donmhico, iandunn, wonderboymusic, nacin, robmiller, kitchin, chriscct7, tazotodua, davidbaumwald, SergeyBiryukov.
Fixes#19898.
Built from https://develop.svn.wordpress.org/trunk@53884
git-svn-id: http://core.svn.wordpress.org/trunk@53443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This renames the file containing the `wpdb` class to conform to the coding standards.
This commit also includes:
* A new `wp-db.php` that loads the new file, for anyone that may have been including the file directly.
* Replacing references to the old filename with the new filename.
Fixes#56268. See #55647.
Built from https://develop.svn.wordpress.org/trunk@53749
git-svn-id: http://core.svn.wordpress.org/trunk@53308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.
Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes#55680.
Built from https://develop.svn.wordpress.org/trunk@53426
git-svn-id: http://core.svn.wordpress.org/trunk@53015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `add_filter( 'wp_is_application_passwords_available', '__return_false' )` exists, HTTPS requirement message is shown even if HTTPS is enabled on the site. This happens because `wp_is_application_passwords_available_for_user()` first invokes `wp_is_application_passwords_available()` which is filterable. The situation could happen if the `'wp_is_application_passwords_available_for_user'` filter returns `false`.
To fix this, the check for HTTPS (or if in a 'local' environment) is moved to a new function called `wp_is_application_passwords_supported()`. Then the return from this function is used as an OR condition for the Application Passwords section and for displaying the HTTPS required message.
Tests are included for both `wp_is_application_passwords_supported()` and `wp_is_application_passwords_available()`.
Follow-up to [51980], [51988].
Props davidbinda, SergeyBiryukov, ocean90, felipeelia, costdev, hellofromTonya.
Fixes#53658.
Built from https://develop.svn.wordpress.org/trunk@52398
git-svn-id: http://core.svn.wordpress.org/trunk@51990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If `SCRIPT_NAME'` does not exist (which can happen in cron jobs), the following happens:
* PHP 8.1+:
* `Warning: Undefined array key "SCRIPT_NAME"`
* `Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated`
* PHP 8.0: `Warning: Undefined array key "SCRIPT_NAME"`
* PHP 5.6-7.4: No warning or notice
This commit checks if the key exists before passing it to `strpos()`. This resolves the warning, notice, and future error.
Follow-up to [3034], [3069], [12732].
Props audrasjb, costdev, hellofromTonya, karpstrucking, mcjambi, sergeybiryukov.
Fixes#54142.
Built from https://develop.svn.wordpress.org/trunk@52144
git-svn-id: http://core.svn.wordpress.org/trunk@51736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of November 2021, the `HTTP/3` protocol is still officially an Internet Draft, but is already supported by 74% of running web browsers and, according to W3Techs, 23% of the top 10 million websites. It has been supported by Google Chrome (including Chrome for Android, and Microsoft Edge, which is based on it) since April 2020 and by Mozilla Firefox since May 2021. Safari 14 (on macOS Big Sur and iOS 14) has also implemented the protocol but support is hidden behind a feature flag.
Based on the wide support, this change adds `HTTP/3` as a valid HTTP protocol.
Props malthert.
Fixes#54404.
Built from https://develop.svn.wordpress.org/trunk@52087
git-svn-id: http://core.svn.wordpress.org/trunk@51679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously errors were not displayed or logged, but the original intention was only to prevent them from being displayed. Hiding them from logs makes problems like #53492 much harder to debug.
This makes the handling of errors in `ms-files` consistent with the REST API, `admin-ajax`, and XML-RPC.
Props iandunn, johnjamesjacoby.
Fixes#53493.
Built from https://develop.svn.wordpress.org/trunk@51358
git-svn-id: http://core.svn.wordpress.org/trunk@50967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds timer_float which can be used to get the time elapsed so far during the PHP script. Should make it easier to display the page generation time in the footer of admin.
WordPress should expose timing data as a float in the most accurate manner possible. timer_stop() has two problems: it uses an initial timestamp generated later than it needs to be and its formatted return value can not reliably be used as a number (some locales swap commas and periods, for example).
Props andy, matt, jorbin.
Fixes#39163.
Built from https://develop.svn.wordpress.org/trunk@50786
git-svn-id: http://core.svn.wordpress.org/trunk@50395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, `wp_is_site_protected_by_basic_auth()`, which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a `WWW-Authenticate` header to make this detection more robust out of the box.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
Built from https://develop.svn.wordpress.org/trunk@50006
git-svn-id: http://core.svn.wordpress.org/trunk@49707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, we only supported `application/json` which prevented using subtypes like `application/activity+json`. This allows for the REST API to `json_decode` the body of requests using a JSON subtype `Content-Type`. Additionally, `wp_die()` now properly sends the error as JSON when a JSON subtype is specified in the `Accept` header.
Props pfefferle.
Fixes#49404.
Built from https://develop.svn.wordpress.org/trunk@49329
git-svn-id: http://core.svn.wordpress.org/trunk@49090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the `mysql` extention isn't loaded and a custom db dropin is not in place, we give folks a nice error. However, we can't assume that the `WP_CONTENT_DIR` constant is set yet since this runs before we define default constants.
This fixes a PHP 8 error.
Props jorbin.
Merges [49161] to trunk.
See #50913.
Built from https://develop.svn.wordpress.org/trunk@49163
git-svn-id: http://core.svn.wordpress.org/trunk@48925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These actions allow debugging tools to track `WP_Error` instances as they're created and subsequently passed between functions which check for error objects.
Props Shelob9, Mte90, TimothyBlynJacobs, johnbillion
Fixes#40568
Built from https://develop.svn.wordpress.org/trunk@49022
git-svn-id: http://core.svn.wordpress.org/trunk@48784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The intention of `wp_get_environment_type()` is to provide a consistent means of identifying the environment type, not of identifying a specific environment.
Actual environments should fit within one of the existing types: `local`, `development`, `staging`, or `production`. That should cover the types that plugins and themes might be concerned about when toggling functionality.
Props johnbillion, joostdevalk, TimothyBlynJacobs, jeremyfelt, batmoo, claytoncollie, Clorith, markjaquith, garrett-eclipse, GaryJ, elrae.
Fixes#50992.
Built from https://develop.svn.wordpress.org/trunk@48894
git-svn-id: http://core.svn.wordpress.org/trunk@48656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This gives developers a better control over their existing development workflow and ensures that `local` is not the exact same as `development` if it does not need to be.
Props claytoncollie, johnbillion, jeremyfelt, kreppar, dushakov, TimothyBlynJacobs, Ipstenu, khag7, knutsp, Clorith, markjaquith, joostdevalk, SergeyBiryukov.
Fixes#51064.
Built from https://develop.svn.wordpress.org/trunk@48856
git-svn-id: http://core.svn.wordpress.org/trunk@48618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since `wp_get_environment_type()` runs too early for plugins to hook these filters, and the result is then cached in a static variable and cannot be changed later, the filters are not that useful.
The `WP_ENVIRONMENT_TYPES` and `WP_ENVIRONMENT_TYPE` constants and environment variables should be enough for now.
Follow-up to [47919], [48188], [48372].
Props Clorith, SergeyBiryukov.
Fixes#33161.
Built from https://develop.svn.wordpress.org/trunk@48662
git-svn-id: http://core.svn.wordpress.org/trunk@48424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Rename the `wp_approved_environment_types` filter to `wp_environment_types`.
* Introduce `WP_ENVIRONMENT_TYPES` system variable and constant to complement the filter.
* Correct the argument type for the `wp_environment_types` filter.
* Cache the result in a static variable to ensure consistent return value.
* Rename the `stage` type to `staging`.
Follow-up to [47919].
Props dlh, dd32, TimothyBlynJacobs, johnbillion, pbiron.
See #33161.
Built from https://develop.svn.wordpress.org/trunk@48188
git-svn-id: http://core.svn.wordpress.org/trunk@47957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.
Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.
Props alishanvr, jrf.
Fixes#50426.
Built from https://develop.svn.wordpress.org/trunk@48109
git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Many caching backend have support for multiple gets in a single request. This brings that support to core, with a compatability fallback that will loop over requests if needed.
Fixes: #20875.
Props: nacin, tollmanz, wonderboymusic, ryan, jeremyfelt, spacedmonkey, boonebgorges, dd32, rmccue, ocean90, jipmoors, johnjamesjacoby, tillkruess, donmhico, davidbaumwald, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@47938
git-svn-id: http://core.svn.wordpress.org/trunk@47711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The type can be set via the `WP_ENVIRONMENT_TYPE` global system variable, a constant of the same name, or the `wp_get_environment_type` filter.
Possible values include `development`, `stage`, `production'. If not set, the type defaults to `production`.
Props Clorith, krogsgard, joostdevalk, frank-klein, Maelacuna, nathanrice, grierson, jchristopher, davidvee, jackfungi, johnbillion, tabrisrp, knutsp, ev3rywh3re, Rastaban, danielbachhuber, pfefferle, audrasjb, SergeyBiryukov.
Fixes#33161.
Built from https://develop.svn.wordpress.org/trunk@47919
git-svn-id: http://core.svn.wordpress.org/trunk@47693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `register_globals` directive in PHP was deprecated in version 5.3 and removed entirely in 5.4.
Now that WordPress only supports PHP 5.6.20 and newer, the `wp_unregister_GLOBALS()` function can be deprecated.
Props ayeshrajans, desrosj, SergeyBiryukov.
Fixes#49938.
Built from https://develop.svn.wordpress.org/trunk@47612
git-svn-id: http://core.svn.wordpress.org/trunk@47387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
Built from https://develop.svn.wordpress.org/trunk@47018
git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Fix typo in `is_blog_admin()` description.
* Capitalize PHP correctly in `enable_wp_debug_mode_checks` filter description.
* Capitalize XML correctly in `wp_is_xml_request()` return value description.
Props stevegrunwell.
Fixes#48771.
Built from https://develop.svn.wordpress.org/trunk@46759
git-svn-id: http://core.svn.wordpress.org/trunk@46559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version.
For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes.
Props ayeshrajans, jrf, jorbin.
See #47783.
Fixes#18322.
Built from https://develop.svn.wordpress.org/trunk@46105
git-svn-id: http://core.svn.wordpress.org/trunk@45917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to this change, resuming or activating a plugin or theme that is still broken would result in a redirect loop if in recovery mode. If outside recovery mode, it would cause the error template to be displayed.
Furthermore this applies to breaking a plugin or theme when editing from the backend.
Props aandrewdixon, azaozz, dhanukanuwan, henrywright, ocean90, ohiosierra, PandelisZ, xkon.
Fixes#46045, #46751.
Built from https://develop.svn.wordpress.org/trunk@45114
git-svn-id: http://core.svn.wordpress.org/trunk@44923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the new fatal handler introduced in [44962], an email is sent to the admin when a fatal error occurs. This email includes a secret link to enter recovery mode. When clicked, the link will be validated and on success a cookie will be placed on the client, enabling recovery mode for that user. This functionality is executed early before plugins and themes are loaded, in order to be unaffected by potential fatal errors these might be causing.
When in recovery mode, broken plugins and themes will be paused for that client, so that they are able to access the admin backend despite of these errors. They are notified about the broken extensions and the errors caused, and can then decide whether they would like to temporarily deactivate the extension or fix the problem and resume the extension.
A link in the admin bar allows the client to exit recovery mode.
Props timothyblynjacobs, afragen, flixos90, nerrad, miss_jwo, schlessera, spacedmonkey, swissspidy.
Fixes#46130, #44458.
Built from https://develop.svn.wordpress.org/trunk@44973
git-svn-id: http://core.svn.wordpress.org/trunk@44804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.
Fixes#46141. See #44458, #45932, #45940, #46038, #46047, #46068.
Built from https://develop.svn.wordpress.org/trunk@44717
git-svn-id: http://core.svn.wordpress.org/trunk@44548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `WP_Shutdown_Handler` class that detects fatal errors and which extension (plugin or theme) causes them. Such an error is then recorded, and an error message is displayed. Subsequently, in certain protected areas, for example the admin, the broken extension will be paused, ensuring that the website is still usable in the respective area. The major benefit is that this mechanism allows site owners to still log in to their website, to fix the problem by either disabling the extension or solving the bug and then resuming the extension.
Extensions are only paused in certain designated areas. The frontend for example stays unaffected, as it is impossible to know what pausing the extension would cause to be missing, so it might be preferrable to clearly see that the website is temporarily not accessible instead.
The fatal error recovery is especially important in scope of encouraging the switch to a maintained PHP version, as not necessarily every WordPress extension is compatible with all PHP versions. If problems occur now, non-technical site owners that do not have immediate access to the codebase are not locked out of their site and can at least temporarily solve the problem quickly.
Websites that have custom requirements in that regard can implement their own shutdown handler by adding a `shutdown-handler.php` drop-in that returns the handler instance to use, which must be based on a class that inherits `WP_Shutdown_Handler`. That handler will then be used in place of the default one.
Websites that would like to modify specifically the error template displayed in the frontend can add a `php-error.php` drop-in that works similarly to the existing `db-error.php` drop-in.
Props afragen, bradleyt, flixos90, ocean90, schlessera, SergeyBiryukov, spacedmonkey.
Fixes#44458.
Built from https://develop.svn.wordpress.org/trunk@44524
git-svn-id: http://core.svn.wordpress.org/trunk@44355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because WP REST API requests aren't identified until `parse_request`, it's impractical to reference the `REST_REQUEST` constant in `wp_debug_mode()`. Instead, it's more helpful to assume that a request wanting a JSON response probably doesn't want PHP errors breaking the response.
Merges [43730] to trunk.
Props chrisl27, duanestorey, earnjam.
Fixes#44534.
Built from https://develop.svn.wordpress.org/trunk@43983
git-svn-id: http://core.svn.wordpress.org/trunk@43815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.
The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.
Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.
Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes#37923.
Built from https://develop.svn.wordpress.org/trunk@42836
git-svn-id: http://core.svn.wordpress.org/trunk@42666 1a063a9b-81f0-0310-95a4-ce76da25c4cd