Commit Graph

1982 Commits

Author SHA1 Message Date
Sergey Biryukov ffd72aac28 Coding Standards: Remove redundant ignore annotations, take 5.
The `VariableAnalysis` standard is not used by WP Core.

Follow-up to [50958], [51003], [52049], [52051], [52069], [53072], [54132], [55132], [56363], [56738], [56743], [56751], [56752].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56753


git-svn-id: http://core.svn.wordpress.org/trunk@56265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-02 11:27:24 +00:00
Weston Ruter a20cb28d14 Script Loader: Harden removal of script tag wrappers.
* Add `wp_remove_surrounding_empty_script_tags()` to more precisely remove script tag wrappers and warn when doing it wrong.
* Add clarifying comments for XML escaping logic in `wp_get_inline_script_tag()`.
* Leverage `WP_HTML_Tag_Processor` in `test_remove_frameless_preview_messenger_channel`.
* Reuse `assertEqualMarkup` in `test_blocking_dependent_with_delayed_dependency`.
* Normalize whitespace in `parse_markup_fragment` for `assertEqualMarkup`.

Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.

Built from https://develop.svn.wordpress.org/trunk@56748


git-svn-id: http://core.svn.wordpress.org/trunk@56260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 19:47:21 +00:00
Sergey Biryukov 440b8c2aba Coding Standards: Remove redundant ignore annotations, take 2.
This removes ignore annotations which are unnecessary due to the configuration in the `phpcs.xml.dist` ruleset already taking care of this.

Follow-up to [45611], [50146], [50148], [50586], [50822], [56738].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56743


git-svn-id: http://core.svn.wordpress.org/trunk@56255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-29 12:21:24 +00:00
Sergey Biryukov b2c997556a Bootstrap/Load: Remove a redundant `continue` statement in `add_magic_quotes()`.
Follow-up to [48205], [48440].

Props Cybr.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56732


git-svn-id: http://core.svn.wordpress.org/trunk@56244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-27 09:42:24 +00:00
hellofromTonya 534f200e48 General: Use wp_kses() in wp_trigger_error().
Uses `wp_kses()` instead of `esc_html()` to allow a list of HTML tags and protocols in the message rather than escaping them.

Why? To retain message readability in the browser and server logs, especially given that Core itself adds HTML to messages in functions, e.g. `_doing_it_wrong()` and each of the `_deprecated_*()` functions. 

HTML tags allowed:
* `a href`
* `br`
* `code`
* `em`
* `strong`

Protocols allowed: `http` and `https`.

To inform extenders, it also documents that any other HTML tags or protocols need to be escaped before passing the message to this function to avoid them being stripped from the message.

Follow-up to [56530], [56705].

Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
Fixes #57686.
Built from https://develop.svn.wordpress.org/trunk@56707


git-svn-id: http://core.svn.wordpress.org/trunk@56219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 12:38:19 +00:00
hellofromTonya c8aea02b38 General: Use wp_trigger_error() in _doing_it_wrong() and _deprecated_*().
Uses `wp_trigger_error()` in `_doing_it_wrong()` and each `_deprecated_*()` function, i.e. instead of `trigger_error()`.

To avoid redundancy, uses `wp_trigger_error()` once. How? Saves each message to `$message` variable and then passes it to `wp_trigger_error()` at the end of the function.

Functions:
* _doing_it_wrong()
* _deprecated_function()
* _deprecated_constructor()
* _deprecated_class()
* _deprecated_file()
* _deprecated_argument()
* _deprecated_hook()

Follow-up to [56530].

Props azaozz, costdev, flixos90, hellofromTonya, peterwilsoncc.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56705


git-svn-id: http://core.svn.wordpress.org/trunk@56217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-26 11:51:19 +00:00
Weston Ruter e7747ce23e Script Loader: Use `wp_get_script_tag()` and `wp_get_inline_script_tag()`/`wp_print_inline_script_tag()` helper functions to output scripts on the frontend and login screen.
Using script tag helper functions allows plugins to employ the `wp_script_attributes` and `wp_inline_script_attributes` filters to inject the `nonce` attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in `WP_Scripts`.

* Update `wp_get_inline_script_tag()` to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
* Ensure the `type` attribute is printed first in `wp_get_inline_script_tag()` for back-compat.
* Wrap existing `<script>` tags in output buffering to retain IDE supports.
* In `wp_get_inline_script_tag()`, append the newline to `$javascript` before it is passed into the `wp_inline_script_attributes` filter so that the CSP hash can be computed properly.
* In `the_block_template_skip_link()`, opt to enqueue the inline script rather than print it.
* Add `ext-php` to `composer.json` under `suggest` as previously it was an undeclared dependency for running PHPUnit tests.
* Update tests to rely on `DOMDocument` to compare script markup, normalizing unsemantic differences.

Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.

Built from https://develop.svn.wordpress.org/trunk@56687


git-svn-id: http://core.svn.wordpress.org/trunk@56199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 21:05:21 +00:00
joedolson 4b17383d2c Code Modernization: Rename reserved keyword used as variable.
Change the `$echo` parameter added to `wp_update_php_annnotation()` to `$display` to avoid using reserved PHP keywords as parameters. Follow up to [56570].

Props kebbet, mukesh27.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56662


git-svn-id: http://core.svn.wordpress.org/trunk@56174 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 18:14:16 +00:00
joedolson 491a21da64 Login and Registration: Improve HTML for errors and notices.
Improve markup on Login and Registration errors. Use list markup for multiple issues, paragraph when only one to reduce semantic burden in the most common case. Normalize classes and markup for wrapper using `wp_admin_notice()` and `wp_get_admin_notice()` functions. Move definition of those functions from `wp-admin\includes\misc.php` to `wp-includes\functions.php`. Move tests to functions group. 

Props extendwings, sabernhardt, afercia, lukecavanagh, rianrietveld, oglekler, sergeybiryukov, costdev, joedolson.
Fixes #30685.
Built from https://develop.svn.wordpress.org/trunk@56654


git-svn-id: http://core.svn.wordpress.org/trunk@56166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-21 18:24:15 +00:00
joedolson 0f4010bd49 Administration: Use `wp_admin_notice()` in `/wp-admin/`.
Add usages of `wp_admin_notice()` and `wp_get_admin_notice()` on `.notice-[type]` in the root level of `/wp-admin/`. Ongoing task to implement new function across core.

Props costdev, joedolson.
See #57791.
Built from https://develop.svn.wordpress.org/trunk@56570


git-svn-id: http://core.svn.wordpress.org/trunk@56082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-14 00:54:19 +00:00
Sergey Biryukov e5490118af Coding Standards: Include one space after `function` keyword for closures.
Note: This is enforced by WPCS 3.0.0.

Reference: [https://github.com/WordPress/WordPress-Coding-Standards/pull/2328 WPCS: PR #2328 Core: properly check formatting of function declaration statements].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56559


git-svn-id: http://core.svn.wordpress.org/trunk@56071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-12 15:23:18 +00:00
Sergey Biryukov b80ce60f70 Coding Standards: Use pre-increment/decrement for stand-alone statements.
Note: This is enforced by WPCS 3.0.0:

1. There should be no space between an increment/decrement operator and the variable it applies to.
2. Pre-increment/decrement should be favoured over post-increment/decrement for stand-alone statements. “Pre” will in/decrement and then return, “post” will return and then in/decrement. Using the “pre” version is slightly more performant and can prevent future bugs when code gets moved around.

References:
* [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#increment-decrement-operators WordPress PHP Coding Standards: Increment/decrement operators]
* [https://github.com/WordPress/WordPress-Coding-Standards/pull/2130 WPCS: PR #2130 Core: add sniffs to check formatting of increment/decrement operators]

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56549


git-svn-id: http://core.svn.wordpress.org/trunk@56061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-09 09:28:26 +00:00
Sergey Biryukov d8936a9fe7 Coding Standards: Remove superfluous blank lines at the end of various functions.
Note: This is enforced by WPCS 3.0.0.

Follow-up to [56536], [56547].

Props jrf.
See #59161, #58831.
Built from https://develop.svn.wordpress.org/trunk@56548


git-svn-id: http://core.svn.wordpress.org/trunk@56060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-08 10:03:21 +00:00
hellofromTonya 2653e93e09 General: Introduce wp_trigger_error().
Introduces `wp_trigger_error()` as a wrapper around PHP's native `trigger_error()`. As a wrapper, it's lean and not opinionated about the message. It accepts an E_USER family error level, meaning it is not limited to only notices.

Where `_doing_it_wrong()` intends to loudly alert developers "Hey you're doing it wrong - fix it", `wp_trigger_error()` is not opinionated and does not add wording. Rather, it passes the given message to `trigger_error()`.

`wp_trigger_error()` is meant for every `trigger_error()` instance. It can be used:
* in `_doing_it_wrong()` and each `_deprecated_*()` function.
* for PHP 8.x deprecations.
* for PHP error parity.
* for less severe "doing it wrong" instance that do not require bailing out.
* when a component or extension is not available on the server
* for instances where it's not clear if a plugin's or theme's code is the root cause.
* and more.

Technical details:

* Does not trigger the error if `WP_DEBUG` is not `true`.

* Includes `wp_trigger_error_run` action to allow hooking in for backtracing and deeper debug.

* Accepts an E_USER error level, but defaults to `E_USER_NOTICE`.

* Requires a function name, though can be an empty string. As the output message generated by `trigger_error()` references the file and line number where it was invoked, passing the function's name provides more information where the error/warning/notice/deprecation happened. It's intended to help with debug.

* A WordPress version number is not included.

* As messages can appear in the browser, the message is escaped using `esc_html()`. As noted in [https://www.php.net/manual/en/function.trigger-error.php the PHP manual]: "HTML entities in message are not escaped. Use htmlentities() on the message if the error is to be displayed in a browser."

References:
* [https://www.php.net/manual/en/function.trigger-error.php PHP manual for `trigger_error()`].
* [https://www.php.net/manual/en/errorfunc.constants.php E_USER constants (error level) in the PHP manual].

Props azaozz, hellofromTonya, flixos90, costdev, peterwilsoncc, oglekler, mukesh27.
See #57686.
Built from https://develop.svn.wordpress.org/trunk@56530


git-svn-id: http://core.svn.wordpress.org/trunk@56042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-06 22:08:18 +00:00
spacedmonkey eb7094465d Database: Add expiration for `dirsize_cache` to transient to improve performance.
The transient `dirsize_cache` stores an array of directory sizes. This transient can grow very large, if the plugin directory has lots of sub directories in it. For example, a site with 30 plugins, the transient was around 2MB. For sites without a persistent object cache, transients without an expiration, are stored in autoloaded options. This means this option would load on every page request. Loading this option on every page request when it is not used it wasteful. Adding a expiration to this transient means it will not autoload. To ensure there is no degradation in performance, the expiration was set to a generous 10-year timeframe, making it highly unlikely to expire before it's refreshed.

Props nicomollet, spacedmonkey, flixos90, wpgurudev.
Fixes #54221.
Built from https://develop.svn.wordpress.org/trunk@56522


git-svn-id: http://core.svn.wordpress.org/trunk@56034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-06 10:03:20 +00:00
Sergey Biryukov 70d853b9cd Code Modernization: Rename parameters that use reserved keywords in `wp-includes/functions.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit renames the `$class` parameter to `$class_name` in `_deprecated_class()`.

Follow-up to [54929], [56467].

Props jrf.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56514


git-svn-id: http://core.svn.wordpress.org/trunk@56026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-05 12:25:13 +00:00
Sergey Biryukov dc9517a3e0 Upload: Correct duplicate MIME type for `.xlsx` files generated by Google Docs.
This expands the code block previously added for `.docx` files to include `.xlsx` files as well, which are known to have the same issue with `finfo_file()`.

Includes a unit test case for `wp_check_filetype_and_ext()`.

Reference: [https://bugs.php.net/bug.php?id=77784 PHP Bug #77784: mime_content_type() result gets doubled for .xlsx].

Follow-up to [56497].

See #57898.
Built from https://develop.svn.wordpress.org/trunk@56510


git-svn-id: http://core.svn.wordpress.org/trunk@56022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-03 12:51:20 +00:00
audrasjb f6bd4ab08e Upload: Add a MIME type exception for `.docx` generated by Google Docs.
This changeset adds an exception to prevent permission issues on `.docx` generated by Google Docs. This is a temporary fix for an upstream bug on the `finfo_file()` 
PHP function which returns a redundant MIME type for these documents.

Props winterstreet, jakariaistauk, mujuonly, mi5t4n, annashopina, audrasjb, azaozz, mikeschroder, oglekler.
Fixes #57898.




Built from https://develop.svn.wordpress.org/trunk@56497


git-svn-id: http://core.svn.wordpress.org/trunk@56009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-30 22:32:19 +00:00
costdev b5789d72c3 General: Replace two `esc_url_raw()` calls in core with `sanitize_url()`.
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

This replaces the two remaining instances of `esc_url_raw()` with `sanitize_url()` in WordPress core.

Follow-up to [53455], [53933], [54522].

Props rajinsharwar, SergeyBiryukov.
Fixes #59247.
Built from https://develop.svn.wordpress.org/trunk@56494


git-svn-id: http://core.svn.wordpress.org/trunk@56006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-30 20:25:18 +00:00
Sergey Biryukov b79e69ba3b Docs: Fix typo in a translator comment in `_deprecated_class()`.
Includes a few other formatting adjustments for consistency.

Follow-up to [48327], [56467], [56471].

See #58833.
Built from https://develop.svn.wordpress.org/trunk@56474


git-svn-id: http://core.svn.wordpress.org/trunk@55986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-26 04:49:21 +00:00
audrasjb 1b245d9568 Docs: Improve PHPCS comments general consistency.
Props nekojonez.
See #58833.



Built from https://develop.svn.wordpress.org/trunk@56472


git-svn-id: http://core.svn.wordpress.org/trunk@55984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 05:11:17 +00:00
audrasjb 510c3e9628 Docs: Docblock improvements in `_deprecated_class()` function, as per docblocks standards.
Follow-up to [56467].

See #58833.



Built from https://develop.svn.wordpress.org/trunk@56471


git-svn-id: http://core.svn.wordpress.org/trunk@55983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 05:04:19 +00:00
Drew Jaynes 55d1c71d56 Fix coding standards for translatable `_deprecated_class()` message strings
See #41125

Built from https://develop.svn.wordpress.org/trunk@56468


git-svn-id: http://core.svn.wordpress.org/trunk@55980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 03:35:17 +00:00
Drew Jaynes 668dceb31c Introduce a `_deprecated_class()` function.
Similar to other function in the `_deprecated_*` series, `_deprecated_class()` comes with two new hooks: `deprecated_class_run` and `deprecated_class_trigger_error`.

Support has also been added for setting class deprecation expectations in tests.

Props jrf, wvega, ohryan.
See #41125.

Built from https://develop.svn.wordpress.org/trunk@56467


git-svn-id: http://core.svn.wordpress.org/trunk@55979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-25 03:25:21 +00:00
John Blackbourn 4667b9323f Docs: Miscellaneous docblock corrections and improvements.
See #58833

Built from https://develop.svn.wordpress.org/trunk@56414


git-svn-id: http://core.svn.wordpress.org/trunk@55926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-08-18 17:29:20 +00:00
Sergey Biryukov 6035d50bab Coding Standards: Use strict comparison in `wp-includes/functions.php`.
Follow-up to [5999], [6342], [7406], [8369], [10322], [11288], [11332], [11597], [12405], [13569], [14649], [15806], [19773], [26449], [26926], [39831], [40124].

Props aristath, poena, afercia, SergeyBiryukov.
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56326


git-svn-id: http://core.svn.wordpress.org/trunk@55838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-31 13:33:24 +00:00
audrasjb 897d9c221e I18n: Improve the use of `dashicons-external` icon for external links.
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon 
for better accessibility.

Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes #47303.



Built from https://develop.svn.wordpress.org/trunk@56211


git-svn-id: http://core.svn.wordpress.org/trunk@55723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-11 12:59:25 +00:00
audrasjb 321158f726 Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174], [56175], [56176], [56177], [56178], [56179], [56180].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56191


git-svn-id: http://core.svn.wordpress.org/trunk@55703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-10 22:38:25 +00:00
John Blackbourn 6a33072f68 General: Ignore invalid types for the '_wp_http_referer' URL query variable.
It's expected that this query variable contains a string when it's set, but it's possible for its type to be something else such as an array. Ignoring non-string values prevents cascading errors when its value is passed through functions that expect a string.

Props xknown, costdev, jrf, azaozz

Fixes #57670

Built from https://develop.svn.wordpress.org/trunk@56115


git-svn-id: http://core.svn.wordpress.org/trunk@55627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-29 23:27:23 +00:00
Sergey Biryukov ad16732d27 Code Modernization: Use `str_contains()` in a few more places.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [55988], [56021].

See #58206.
Built from https://develop.svn.wordpress.org/trunk@56031


git-svn-id: http://core.svn.wordpress.org/trunk@55543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-26 10:17:25 +00:00
Sergey Biryukov 84e9601e5a Code Modernization: Replace usage of `substr()` with `str_starts_with()` and `str_ends_with()`.
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).

WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.

This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.

This aims to make the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].

Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes #58220.
Built from https://develop.svn.wordpress.org/trunk@55990


git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:57:24 +00:00
Sergey Biryukov 1ce5dc7444 Code Modernization: Replace usage of `strpos()` with `str_contains()`.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].

Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #58206.
Built from https://develop.svn.wordpress.org/trunk@55988


git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:36:26 +00:00
John Blackbourn aa05fbf5f5 Administration: Add the `no-store` and `private` directives to the `Cache-Control` header when preventing caching for logged in users.
The intention behind this change is to prevent sensitive data in responses for logged in users being cached and available to others, for example via the browser history after the user logs out.

The `no-store` directive instructs caches in the browser or within proxies not to store the response in the cache. This is subtly different from the `no-cache` directive which means the response can be cached but must be revalidated before re-use. WordPress does not use ETag headers by default therefore this does not achieve the same result.

The `private` directive complements the `no-store` directive by specifying that the response contains private information that should not be stored in a public cache. Som
e proxy caches may ignore the `no-store` directive but respect the `private` directive, thus it is included.

The existing `Cache-Control` header for users who are not logged in remains unchanged, and the existing cache prevention directives remain in place for backwards compatib
ility.

Props soulseekah, luehrsen, Dharm1025, markdoliner, rutviksavsani, ayeshrajans, paulkevan, clorith, andy786, johnbillion

Fixes #21938, Fixes #57627

Built from https://develop.svn.wordpress.org/trunk@55968


git-svn-id: http://core.svn.wordpress.org/trunk@55480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-21 18:27:18 +00:00
John Blackbourn f3b93e6b3a Media: Correct the fallback value passed to the `$mimes` parameter of `wp_check_filetype_and_ext()` from `_wp_handle_upload()`, and update corresponding documentation.
Previously when the `mimes` element was not specified in the overrides array passed to `_wp_handle_upload()` it resulted in boolean false being passed to this parameter, which is incorrect. The fallback value should be `null`.

Props platonkristinin, pkbhatt

Fixes #58349

Built from https://develop.svn.wordpress.org/trunk@55872


git-svn-id: http://core.svn.wordpress.org/trunk@55384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-30 19:46:22 +00:00
John Blackbourn ffd2a5bb95 Cron API: Attempt to raise the PHP memory limit for cron event processing.
Since cron events often consume extra memory by nature, it makes sense to give them the full amount available by default. In practice this means the memory will be increased to `WP_MAX_MEMORY_LIMIT` (which is 256MB by default) during cron event processing if the default memory limit is lower than this value.

The new `cron_memory_limit` filter can be used to adjust this value if necessary.

Note that this change will not by default affect external means of processing cron events, such as the `wp cron` command in WP-CLI, server-level crontab events, or any other cron event processing mechanism that bypasses `wp-cron.php`.

Props iandunn, thakkarhardik

Fixes #56628

Built from https://develop.svn.wordpress.org/trunk@55871


git-svn-id: http://core.svn.wordpress.org/trunk@55383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-30 18:48:19 +00:00
John Blackbourn bb9b9d17f4 Docs: Miscellaneous corrections and improvements to docblocks.
See #57840

Built from https://develop.svn.wordpress.org/trunk@55870


git-svn-id: http://core.svn.wordpress.org/trunk@55382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-30 17:45:21 +00:00
Sergey Biryukov 0ecaf73f34 General: Improve performance of the `_wp_array_get()` function.
When using a block theme, `_wp_array_get()` is the most called function on the front end of a site.

This commit makes a few minor performance optimizations, which add up to a noticeable improvement.

Follow-up to [49135], [49143], [49580].

Props aristath, jrf, afercia, costdev, swissspidy, flixos90, spacedmonkey, mukesh27, samiamnot, SergeyBiryukov.
Fixes #58376.
Built from https://develop.svn.wordpress.org/trunk@55851


git-svn-id: http://core.svn.wordpress.org/trunk@55363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-23 22:00:21 +00:00
Sergey Biryukov 2ec23a82ed Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
spacedmonkey c1facaa4ce Cache API: Add helper function `wp_cache_set_last_changed`.
Add a helper function called `wp_cache_set_last_changed` to set the last changed value for cache groups. This function has a new action called `wp_cache_set_last_changed`, allowing for developers to cache invalidate when last changed value is changed. 

Props tillkruess, spacedmonkey, peterwilsoncc, mukesh27, johnjamesjacoby. 
Fixes #57905.
Built from https://develop.svn.wordpress.org/trunk@55702


git-svn-id: http://core.svn.wordpress.org/trunk@55214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 11:26:24 +00:00
Sergey Biryukov bdfe3d5a46 Coding Standards: Use strict comparison where `count()` is involved.
Follow-up to [1636], [6974], [8114], [10322], [13326], [14760], [18006], [18541], [19743], [23249], [24115], [33359].

Props aristath, poena, afercia, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55642


git-svn-id: http://core.svn.wordpress.org/trunk@55154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-10 12:56:21 +00:00
Sergey Biryukov 0008d8df06 Coding Standards: Replace `include_once` with `require_once` for required files.
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.

Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].

Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641


git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-09 11:57:22 +00:00
hellofromTonya b1d826fb6e Date/Time: Revert [55054].
This changeset introduced a regression for partial-hour timezones such as +05:30 UTC which is India and Sri Lanka. How? These timezones are in float. The change made in [55054] type casted them to integer which dropped the decimal for the partial-hour, making the time inaccurate. For example, +05:30 UTC (India and Sri Lanka)'s `'gmt_offset'` is `5.5`, but with the changeset, it was changed to `5`.

Reverting the changeset restores the original state of `current_time()` and thus resolves the regression.

Props reputeinfosystems, Rarst, hellofromTonya, desrosj, audrasjb, sergeybiryukov, costdev, priethor, francina, nekojonez, codingchicken, cbringmann.
See #57035.
Fixes #57998.
Built from https://develop.svn.wordpress.org/trunk@55598


git-svn-id: http://core.svn.wordpress.org/trunk@55110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-28 14:22:21 +00:00
Sergey Biryukov fc43b28dec Cache API: Correct the second parameter's name in `_get_non_cached_ids()`.
The parameter represents the cache group, not the cache key.

Follow-up to [19918].

Props johnjamesjacoby, spacedmonkey.
Fixes #40420.
Built from https://develop.svn.wordpress.org/trunk@55566


git-svn-id: http://core.svn.wordpress.org/trunk@55078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-20 16:42:19 +00:00
Sergey Biryukov 0c53d8ef73 Docs: Fix typo in `_validate_cache_id()` description.
Includes:
* Capitalizing "ID" in a consistent way.
* Expanding the comment on not using `filter_var()`.
* Adding a `@covers` tag for the function in unit tests.
* Minor tweak to the `_doing_it_wrong()` message.

Follow-up to [53818], [55543].

See #57593.
Built from https://develop.svn.wordpress.org/trunk@55549


git-svn-id: http://core.svn.wordpress.org/trunk@55061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-14 16:55:19 +00:00
spacedmonkey 8a8216c1c7 Cache API: Add a warning when calling `_get_non_cached_ids` with invalid ids.
Sanitize the array of ids passed to the `_get_non_cached_ids` function and add a `_doing_it_wrong` call, if an invalid type is passed. 

Props tillkruess, spacedmonkey, peterwilsoncc, flixos90, SergeyBiryukov.
Fixes #57593.
Built from https://develop.svn.wordpress.org/trunk@55543


git-svn-id: http://core.svn.wordpress.org/trunk@55055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-14 15:53:18 +00:00
Sergey Biryukov 34662ac6d6 Coding Standards: Bring some consistency to `wp_validate_redirect()` existence checks.
The `wp_get_referer()` and `wp_get_original_referer()` functions both depend on `wp_validate_redirect()` and check whether it is defined by the time they run, but do so in a slightly different way.

This commit ensures both functions return early if they are called before `wp_validate_redirect()` is defined.

Follow-up to [3908], [25399], [25400].

See #57839.
Built from https://develop.svn.wordpress.org/trunk@55540


git-svn-id: http://core.svn.wordpress.org/trunk@55052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-13 10:54:22 +00:00
spacedmonkey 49692206c0 Date/Time: Save a call to wp_timezone in mysql2date.
Save a call to wp_timezone in mysql2date by saving the timezone to a variable and pass it into wp_date function call.

Props spacedmonkey, costdev, SergeyBiryukov, audrasjb.
Fixes #57705.
Built from https://develop.svn.wordpress.org/trunk@55514


git-svn-id: http://core.svn.wordpress.org/trunk@55046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-10 15:36:20 +00:00
audrasjb abac5af424 Docs: Add security warning in `remove_query_arg()` docblock to make it consistent with `add_query_arg()`.
Props roytanck.
Fixes #57885.
See #56792.

Built from https://develop.svn.wordpress.org/trunk@55492


git-svn-id: http://core.svn.wordpress.org/trunk@55025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-08 22:19:23 +00:00
audrasjb 418a21fdbc Help/About: Use the new `/documentation/` URLs for HelpHub links in WordPress Admin.
As `https://wordpress.org/support/` was redirected to `https://wordpress.org/documentation/`, this changeset replaces various `/support/article/*` links with `/documentation/article/*` to avoid an extra redirect.

This also updates links to Support Forums by replacing `https://wordpress.org/support/` URLs with `https://wordpress.org/support/forums/`.

Props SergeyBiryukov, audrasjb, dhrupo, hasanmisbah, sakibmd, sabernhardt.
See #57726.

Built from https://develop.svn.wordpress.org/trunk@55412


git-svn-id: http://core.svn.wordpress.org/trunk@54945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-23 10:38:21 +00:00
Sergey Biryukov 77dfc892fe Docs: Document default values for optional parameters in various DocBlocks.
Props paulkevan, costdev, audrasjb, SergeyBiryukov.
See #56792.
Built from https://develop.svn.wordpress.org/trunk@55398


git-svn-id: http://core.svn.wordpress.org/trunk@54931 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-21 16:39:19 +00:00
Peter Wilson fc49b0b92a Date/Time: Revert `mysql2date` changes in [55343].
These changes will be targeted to the 6.3 release.

See #57705.


Built from https://develop.svn.wordpress.org/trunk@55344


git-svn-id: http://core.svn.wordpress.org/trunk@54877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-15 02:02:16 +00:00
spacedmonkey 0dc9b1a9b8 Date/Time: Save a call to wp_timezone in mysql2date.
Save a call to `wp_timezone` in `mysql2date` by saving the timezone to a variable and pass it into `wp_date` function call. 

Props spacedmonkey, costdev, SergeyBiryukov, audrasjb.
Fixes #57705.
Built from https://develop.svn.wordpress.org/trunk@55343


git-svn-id: http://core.svn.wordpress.org/trunk@54876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-14 21:41:20 +00:00
Sergey Biryukov 9c5d4ca8d1 I18N: Mark screen reader strings as such with translator comments.
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.

Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes #29748.
Built from https://develop.svn.wordpress.org/trunk@55276


git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 17:10:21 +00:00
audrasjb 28358ab213 HTTP API: Fix request header inconsistencies.
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.

Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes #54225.

Built from https://develop.svn.wordpress.org/trunk@55210


git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 13:35:20 +00:00
Sergey Biryukov 227ba555ae Code Modernization: Rename parameters that use reserved keywords in `wp-includes/functions.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$array` parameter to `$input_array` in `wp_recursive_ksort()`.
* Moves the function next to other array-related functions for consistency.

Follow-up to [53129], [54929].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@55117


git-svn-id: http://core.svn.wordpress.org/trunk@54650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-23 15:54:10 +00:00
audrasjb 6e83ac5595 Date/Time: Prevent errors in `current_time()` when using timestamp and no value for `gmt_offset`.
This changeset moves typecasting to affect the `get_option` value, which ensures that when math is done it does not generate any error. In PHP 7.4 and earlier the previous implementation was dismissed as a warning, but in PHP 8+ it would have throw a fatal error.

Follow-up to [45856].

Props Nick_theGeek, SergeyBiryukov, johnbillion.
Fixes #57035.

Built from https://develop.svn.wordpress.org/trunk@55054


git-svn-id: http://core.svn.wordpress.org/trunk@54587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-11 23:20:12 +00:00
hellofromTonya 645e753a51 External Libraries: Update Requests library to version 2.0.0.
This is a major release and contains breaking changes.

Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.

Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0

For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0

This commit also resolves 2 blocking issues which previously caused the revert of [52244]:

* New Requests files are loaded into `wp-includes/Requests/src/`, matching the location of the library. In doing so, filesystems that are case-insensitive are not impacted (see #54582).
* Preload: During a Core update, the old Requests files are preloaded into memory before the update deletes the files. Preloading avoids fatal errors noted in #54562. 

Follow-up to [50842], [51078], [52244], [52315], [52327], [52328].

Props jrf, schlessera, datagutten, wojsmol, dustinrue, soulseekah, szepeviktor. costdev, sergeybiryukov, peterwilsoncc, ironprogrammer, antonvlasenko, hellofromTonya, swissspidy, dd32, azaozz, TobiasBg, audrasjb.
Fixes #54504.
See #54582, #54562.
Built from https://develop.svn.wordpress.org/trunk@54997


git-svn-id: http://core.svn.wordpress.org/trunk@54530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-15 21:32:17 +00:00
Sergey Biryukov a460de4e58 Code Modernization: Rename parameters that use reserved keywords in `wp-includes/functions.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$echo` parameter to `$display` in:
 * `wp_nonce_field()`
 * `wp_referer_field()`
 * `wp_original_referer_field()`
* Renames the `$string` parameter to `$input_string` in
 * `_wp_json_convert_string()`
 * `_wp_to_kebab_case()`
* Renames the `$list` parameter to `$input_list` in:
 * `wp_parse_list()`
 * `wp_parse_id_list()`
 * `wp_parse_slug_list()`
 * `wp_filter_object_list()`
 * `wp_list_filter()`
 * `wp_list_pluck()`
 * `wp_list_sort()`
* Renames the `$array` parameter to `$input_array` in:
 * `add_magic_quotes()`
 * `wp_array_slice_assoc()`
 * `_wp_array_get()`
 * `_wp_array_set()`
* Renames the `$function` parameter to `$function_name` in:
 * `_deprecated_function()`
 * `_deprecated_argument()`
 * `_doing_it_wrong()`
* Renames the `$class` parameter to `$class_name` in `_deprecated_constructor()`.
* Renames the `$default` parameter to `$default_value` in `apache_mod_loaded()`.
* Renames the `$var` parameter to `$value` in `wp_validate_boolean()`.
* Amends the `$input` parameter in `wp_parse_str()` for consistency.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54929


git-svn-id: http://core.svn.wordpress.org/trunk@54481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-03 15:07:14 +00:00
Sergey Biryukov 653c410859 Coding Standards: Fix spacing for incrementors and decrementors in various files.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54896


git-svn-id: http://core.svn.wordpress.org/trunk@54448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 21:13:16 +00:00
Sergey Biryukov 3ba44120d0 Coding Standards: Always use parentheses when instantiating an object.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54891


git-svn-id: http://core.svn.wordpress.org/trunk@54443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 15:51:14 +00:00
audrasjb 114fc4cf69 Docs: Improve various globals documentation, as per documentation standards.
Props upadalavipul.
See #57069, #56792.


Built from https://develop.svn.wordpress.org/trunk@54877


git-svn-id: http://core.svn.wordpress.org/trunk@54429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-26 09:39:13 +00:00
Sergey Biryukov 25ea9680ae Docs: Update various DocBlocks and inline comments per the documentation standards.
Includes minor formatting edits for consistency.

Follow-up to [53/tests], [12179], [12946], [35288], [37884], [38810], [38928], [46596], [48131], [52955], [53548], [53813], [53873], [54118], [54316], [54420], [54421], [54803].

See #56792.
Built from https://develop.svn.wordpress.org/trunk@54855


git-svn-id: http://core.svn.wordpress.org/trunk@54407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-17 18:15:19 +00:00
Dominik Schilling c9a4d274fc I18N: Always pass `$locale` to `load_textdomain()`.
In [53874] the optional `$locale` parameter was added to `load_textdomain()`. While most `load_textdomain()` calls in core were were updated, some were missed. Passing the original locale avoids the need to call `determine_locale()` by `load_textdomain()` which is used as a fallback.

Props ocean90, swissspidy, desrosj.
See #57060.
Built from https://develop.svn.wordpress.org/trunk@54797


git-svn-id: http://core.svn.wordpress.org/trunk@54349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-10 19:40:11 +00:00
Sergey Biryukov f0af926dd6 Coding Standards: Correct alignment in various files.
This fixes `Equals sign not aligned with surrounding statements` WPCS warnings, so that the output of `composer format` is clean.

Follow-up to [54445], [54476], [54494], [54522], [54652], [54687].

See #56791.
Built from https://develop.svn.wordpress.org/trunk@54754


git-svn-id: http://core.svn.wordpress.org/trunk@54306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-05 22:03:16 +00:00
antpb 1d4fa825b8 Media: Reverts `get_attached_file()` changes for normalized Windows paths.
Based on feedback from network storage configurations there was a noticed slowdown due to the usage of the `path_join()` function. This needs more time to find a workaround.

Follow-up to [53934].
Props mreishus, SergeyBiryukov, desrosj, mikeschroder.
Reverts [53934].
See #56924.

Built from https://develop.svn.wordpress.org/trunk@54712


git-svn-id: http://core.svn.wordpress.org/trunk@54264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-28 15:18:11 +00:00
audrasjb 823517e1de Docs: Align spelling with American English.
This changeset replaces "behaviour" with "behavior" in various docblocks.

Props kebbet, jrf.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@54663


git-svn-id: http://core.svn.wordpress.org/trunk@54215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-21 21:12:14 +00:00
audrasjb 89804fb0db General: Validate host on "Are you sure?" screen.
Props voldemortensen, xknown, peterwiloncc.

Built from https://develop.svn.wordpress.org/trunk@54522


git-svn-id: http://core.svn.wordpress.org/trunk@54077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 11:04:12 +00:00
audrasjb c985972791 Posts, Post Types: Ensure all entries in the list returned by `wp_parse_list()` are scalar.
This changeset fixes a warning where `strip_tags()` expected its first parameter to be a string rather than an array. It contains the following changes:

- Removal of sanitize_callback to allow the REST API to handle the validation natively, this also causes the proper error to be output for `?slug[0][1]=2` that it's an invalid value.
- Ensure that `wp_parse_list()` only returns a single-dimensioned array, even if passed a multi-dimension array, which fits the functions expected use case and resolves warnings in code that expects the function to return a single-dimensioned array.

Props dd32, TimothyBlynJacobs.
Fixes #55838.

Built from https://develop.svn.wordpress.org/trunk@54476


git-svn-id: http://core.svn.wordpress.org/trunk@54035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-11 13:25:11 +00:00
audrasjb d95f088a3e General: Remove instances of `_wp_http_referer` from GET forms in the admin.
This changeset removes all instances of `_wp_http_referer` variable from the URL when creating a hidden input for `_wp_http_referer`. It prevents the hidden field from having an additional version of `_wp_http_referer` each time the form is submitted.

Props msolution, justinahinon, pbearne, mikeschroder, mukesh27, audrasjb, Clorith, chaion07, robinwpdeveloper, hztyfoon, davidbaumwald, costdev, adamsilverstein.
Fixes #54106.

Built from https://develop.svn.wordpress.org/trunk@54449


git-svn-id: http://core.svn.wordpress.org/trunk@54008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-10 18:59:11 +00:00
Sergey Biryukov aaffa2bcff General: Remove `file_exists()` checks after calling `realpath()`.
`realpath()` already checks if the file exists, and returns `false` on failure. The additional `file_exists()` check is not necessary and can be removed, improving the performance.

This commit simplifies the checks in two functions:
* `register_block_type_from_metadata()`
* `wp_json_file_decode()`

Note: In both of these cases, the values are passed through `wp_normalize_path()` after `realpath()`, so if the file does not exist, the `false` value gets converted to an empty string. The updated checks work both for `false` and `''` values.

Though this is a small tweak, it saves a lot of checks since one of the places we do this is when registering block styles, so it runs quite a few times on each page load.

Reference: [https://www.php.net/manual/en/function.realpath.php PHP Manual: realpath()].

Follow-up to [51599], [54132], [54290], [54291].

Props aristath.
Fixes #56654.
Built from https://develop.svn.wordpress.org/trunk@54309


git-svn-id: http://core.svn.wordpress.org/trunk@53868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-26 13:07:14 +00:00
Sergey Biryukov 3d245c574e General: Correct the fallback logic in `apache_mod_loaded()`.
If the `apache_get_modules()` function is redeclared to return an empty array, `apache_mod_loaded()` would assume that no Apache modules are installed and activated, which may not be correct.

This commit improves the logic by using pre-existing `phpinfo()` fallback to check for loaded modules in that case.

Includes replacing a hardcoded number passed as a flag to `phpinfo()` with the `INFO_MODULES` predefined constant for clarity.

Follow-up to [7441], [7508], [29330].

Props engahmeds3ed, audrasjb, Clorith, SergeyBiryukov.
Fixes #56010.
Built from https://develop.svn.wordpress.org/trunk@54299


git-svn-id: http://core.svn.wordpress.org/trunk@53858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-24 13:53:13 +00:00
davidbaumwald 1b463c4601 Docs: Correct `@see` reference to `deprecated_function_run` in the `_deprecated_function` docblock.
In the docblock for `_deprecated_function`, there is a `@see` reference to the `deprecated_function_run` hook run inside `_deprecated_function`.  However, the `@see` reference includes the word "hook" inside the quotes which is generating a bad link at https://developer.wordpress.org/reference/functions/_deprecated_function/.

This change simply moves the word "hook" outside the `@see` reference to correct the link parsing on https://developer.wordpress.org.

Props Camwynsp, kebbet, SergeyBiryukov, hilayt24.
Fixes #56625.
Built from https://develop.svn.wordpress.org/trunk@54292


git-svn-id: http://core.svn.wordpress.org/trunk@53851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-23 16:20:09 +00:00
John Blackbourn c117e5ae74 Docs: Various improvements and corrections to inline docs.
See #55646

Built from https://develop.svn.wordpress.org/trunk@54267


git-svn-id: http://core.svn.wordpress.org/trunk@53826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 20:32:09 +00:00
desrosj 7d87ce12c8 Networks and Sites: Officially remove global terms.
Global terms was a feature from the WordPress MU days where multisite and single site installs used different code bases.

In WordPress 3.0, WordPress MU was merged into one location and the UI [14854] and “on” switch [14880] for global terms were completely removed.

Even before this merge, global terms was bug infested and unreliable. After [14854]/[14880], the feature was no longer maintained and became increasingly broken as taxonomies progressed without it (term splitting and term meta do not work at all). At this point, the feature has not worked in 12+ years and there’s no hope for saving it.

This deprecates the remaining global terms related code and no-ops the functions.

Global terms, you don’t have to go home, but you can’t stay here.

Props scribu, wonderboymusic, SergeyBiryukov, nacin, pento, desrosj, johnjamesjacoby, johnbillion, dd32.
Fixes #21734.
Built from https://develop.svn.wordpress.org/trunk@54240


git-svn-id: http://core.svn.wordpress.org/trunk@53799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 02:51:09 +00:00
Sergey Biryukov 526dba25c2 Date/Time: Correct timezone dropdown list creation in `wp_timezone_choice()`.
This fixes a bug where if the `timezone_string` is set to a timezone name which has since been deprecated, no option would be (pre-)selected in the generated dropdown list and when the form using the dropdown list is submitted, the “old”, originally saved value would be lost as the form would submit without a value being selected for the `timezone_string` field.

The fix is a little hacky: it basically checks ahead of generating the actual dropdown list whether the `$selected_zone` value would be recognized and set to “selected” and if not, verifies that the value ''is'' a valid but outdated timezone name and if so, adds an extra dropdown entry to the top of the list with the original value and sets this value to “selected”.

See the extensive write-up about this in ticket #56468.

Also see: [https://www.php.net/manual/en/datetimezone.listidentifiers.php PHP Manual: timezone_identifiers_list()].

Note: There are no pre-existing tests at all for this method and adding a complete set of tests for this method is outside the scope of this ticket, so this fix does not contain any tests.

Follow-up to [54207], [54217], [54227], [54229], [54230], [54232].

Props jrf, costdev, marcyoast.
See #56468.
Built from https://develop.svn.wordpress.org/trunk@54233


git-svn-id: http://core.svn.wordpress.org/trunk@53792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 01:02:10 +00:00
davidbaumwald 5eb0223369 Media: Revert WebP generation.
Given [https://make.wordpress.org/core/2022/09/11/webp-in-core-for-6-1/ Matt's recent post about removing WebP from core] and possibly implementing the feature in a future [https://make.wordpress.org/core/2022/09/11/canonical-plugins-revisited/ "Canonical Plugin"], this change reverts changesets [54086], [54094], and [54097].  Additionally, [54210] contained a coding standards follow-up in one of the affected files that is no longer needed.

Reverts [54086], [54094], and [54097].

Props SergeyBiryukov.
See #55443.
Built from https://develop.svn.wordpress.org/trunk@54226


git-svn-id: http://core.svn.wordpress.org/trunk@53785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-19 22:53:10 +00:00
hellofromTonya f3ff15edfc Themes: Introduces block-based template parts for Classic themes.
Allows Classic / Hybrid themes to use block-based template parts without using complete block-based templates.

* Exposes the Site Editor's template parts UI
* Adds Appearance > "Template Parts" menu
* Enabled within the theme via adding a theme support for `'block-template-parts'`
{{{#!php
add_theme_support( 'block-template-parts' );
}}}

This is a backport from Gutenberg.[https://github.com/WordPress/gutenberg/pull/42729 See WordPress/gutenberg PR 42729].

Follow-up to [52330], [52069], [52178].

Props mamaduka, fabiankaegy, poena, scruffian, manfcarlo, bernhard-reiter, hellofromTonya.
See #56467.
Built from https://develop.svn.wordpress.org/trunk@54176


git-svn-id: http://core.svn.wordpress.org/trunk@53735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-15 12:20:09 +00:00
Sergey Biryukov a2aa01cdac Docs: Correct `@return` value for `wp_get_http_headers()`.
Following the update to replace the HTTP API internals with Requests library in WordPress 4.6, the return value of `wp_remote_retrieve_headers()` has changed from a simple array to an object which implements `ArrayAccess`.

Since `wp_get_http_headers()` directly returns the result of `wp_remote_retrieve_headers()`, its return value should reflect that change.

Includes:
* Updating the return value for the deprecated `wp_get_http()` function, which also directly returns the result of `wp_remote_retrieve_headers()`.
* Minor DocBlock formatting changes for some other HTTP API functions per the documentation standards.

Follow-up to [2416], [6390], [8092], [9013], [37428], [37989], [38730].

Props mhkuu.
See #54225, #55646.
Built from https://develop.svn.wordpress.org/trunk@54157


git-svn-id: http://core.svn.wordpress.org/trunk@53716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-14 13:08:14 +00:00
davidbaumwald 1db23fca3f General: Correct path replacement regex in `wp_guess_url`.
In `wp_guess_url`, the regex to check for wp-login.php in the URL is slightly too permissive, not escaping `.` in "wp-login.php".  `.` is a token in regex that matches any character.

This change simply escapes the `.` and adds unit test coverage for `wp_guess_url`.

Props cfinke, ocean90, jrf, voldemortensen, jdgrimes, curdin, netweb, petitphp, SergeyBiryukov, costdev.
Fixes #36827.
Built from https://develop.svn.wordpress.org/trunk@54146


git-svn-id: http://core.svn.wordpress.org/trunk@53705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-13 19:50:12 +00:00
Felix Arntz 610d2d6a44 Media: Generate WebP only for certain registered image sizes.
The existing filter `image_editor_output_format` receives an additional parameter `$size_name` which is populated whenever it controls the output format for a specific registered image size to create. Otherwise, it remains empty. In order to achieve this, a low level change has been added in bringing a new `$size_name` class property to the `WP_Image_Editor` base class, which is introduced in a backward compatible way that will not cause conflicts with custom implementations.

This parameter is then used in new logic inside the `wp_default_image_output_mapping()` callback function for the filter, controlling whether `image/jpeg` should map to `image/webp` output or not. By default, this is enabled for all WordPress core image sizes by default, and this list can be modified using a new `wp_image_sizes_with_additional_mime_type_support` filter, e.g. to remove core sizes or add custom sizes.

The customization per image size may be further enhanced by providing a more declarative API via a new parameter on the `add_image_size()` function.

Props eugenemanuilov, flixos90, adamsilverstein, joegrainger.

Fixes #56526.
See #55443, #56288.

Built from https://develop.svn.wordpress.org/trunk@54097


git-svn-id: http://core.svn.wordpress.org/trunk@53656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-07 21:45:14 +00:00
antpb 6a03ea5001 Coding Standards: Use strict comparisons in `path_is_absolute()`.
This patch adjusts conditions to use strict comparisons when comparing `realpath()` in `path_is_absolute()`.

Props jrf.
See #36308.


Built from https://develop.svn.wordpress.org/trunk@53946


git-svn-id: http://core.svn.wordpress.org/trunk@53505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-26 18:59:13 +00:00
Peter Wilson ba9dd1d7d7 Cache API, Docs: Remove private delegation from cache priming functions.
Remove the private delegation from the following cache priming functions for various object types:

- `_prime_post_caches()`
- `_prime_term_caches()`
- `_prime_comment_caches()`
- `_prime_network_caches()`
- `_prime_site_caches()`
- `_get_non_cached_ids() `

Plugins and themes are now encouraged to use these functions to improve the performance of their code by reducing the number of database queries.

Props robinwpdeveloper, desrosj, SergeyBiryukov, mukesh27, costdev.
Fixes #56386.


Built from https://develop.svn.wordpress.org/trunk@53944


git-svn-id: http://core.svn.wordpress.org/trunk@53503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-26 01:03:14 +00:00
antpb 0406a3ffd7 Media: Account for Windows when normalizing file paths.
Previously, Windows paths in the `path_is_absolute` function resulted in incorrect URIs. This patch adjusts for forward slashes and adds tests for the `get_attached_file` function.
Props Whissi, SergeyBiryukov, desrosj, stevenlinx, birgire, davidbaumwald, costdev, peterwilsoncc, audrasjb, hellofromTonya, johnbillion.
Fixes #36308.


Built from https://develop.svn.wordpress.org/trunk@53934


git-svn-id: http://core.svn.wordpress.org/trunk@53493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-23 19:59:14 +00:00
audrasjb 32879ad1e6 Docs: Use third-person singular verbs for function descriptions in `wp-includes/functions.php`, as per docblocks standards.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53887


git-svn-id: http://core.svn.wordpress.org/trunk@53446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-12 09:53:11 +00:00
audrasjb 05f7d32a83 Formatting: Add support for Enums in `is_serialized()`.
This changeset adds support for Enums in `is_serialized()`. It also adds new unit tests for this function.

Props ayeshrajans, konradyoast, peterwilsoncc, costdev, dennisatyoast, mukesh27.
Fixes #53299.

Built from https://develop.svn.wordpress.org/trunk@53886


git-svn-id: http://core.svn.wordpress.org/trunk@53445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-12 09:26:12 +00:00
John Blackbourn 77bf28a1b7 Docs: Miscellaneous inline documentation improvements.
See #55646

Built from https://develop.svn.wordpress.org/trunk@53878


git-svn-id: http://core.svn.wordpress.org/trunk@53437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-11 14:11:08 +00:00
audrasjb 46c1425601 Docs: Improve the description of param `$list ` in `wp_list_sort()` docblock.
Props audrasjb, rherault.
Fixes #56324.
See #55646.

Built from https://develop.svn.wordpress.org/trunk@53811


git-svn-id: http://core.svn.wordpress.org/trunk@53370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-02 14:50:12 +00:00
Sergey Biryukov 749720d897 Text Changes: Improve consistency of punctuation in some strings.
* Move the colon inside the `<strong>` tags in some `Error:` prefixes, to match other strings.
* Move the full stop at the end of some sentences outside of the `<strong>` tags used for individual phrases.

Follow-up to [11669], [23844], [53118], [53458], [53476].

Props NekoJonez, Presskopp.
Fixes #56027.
Built from https://develop.svn.wordpress.org/trunk@53700


git-svn-id: http://core.svn.wordpress.org/trunk@53259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-14 14:10:11 +00:00
Sergey Biryukov 1d2e969b50 General: Remove redundant `ltrim()` from `path_join()`.
If the path starts with a slash, it will be considered absolute and returned as is earlier in the function.

It it's not absolute, then it does not start with a slash, so there is nothing to trim.

This change is covered by existing unit tests.

Follow-up to [6984], [53457].

Props karlijnbk.
See #55897.
Built from https://develop.svn.wordpress.org/trunk@53460


git-svn-id: http://core.svn.wordpress.org/trunk@53049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-02 15:31:08 +00:00
Sergey Biryukov 40fc19024f Code Modernization: Replace `phpversion()` function calls with `PHP_VERSION` constant.
`phpversion()` return value and `PHP_VERSION` constant value are identical, but the latter is several times faster because it is a direct constant value lookup compared to a function call.

Props ayeshrajans, jrf, mukesh27, costdev, hellofromTonya, SergeyBiryukov.
Fixes #55680.
Built from https://develop.svn.wordpress.org/trunk@53426


git-svn-id: http://core.svn.wordpress.org/trunk@53015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-20 17:38:14 +00:00
Peter Wilson 8545c4493b Media: Remove error suppression in `wp_filesize()`.
Replace error suppressing in `wp_filesize()` with a `file_exists()` check before calling the native PHP `filesize()` function.

Follow up to [52837].

Props Cybr, johnbillion, spacedmonkey, antpb, azouamauriac, ironprogrammer, mukesh27, costdev, audrasjb, dlh.
Fixes #55678.
See #49412.

Built from https://develop.svn.wordpress.org/trunk@53372


git-svn-id: http://core.svn.wordpress.org/trunk@52961 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-10 05:02:11 +00:00
John Blackbourn cd9aade1bd Docs: Formatting corrections for various docblocks.
See #54729

Built from https://develop.svn.wordpress.org/trunk@53317


git-svn-id: http://core.svn.wordpress.org/trunk@52906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-29 19:24:09 +00:00
John Blackbourn 6aa053dc01 Docs: Various docblock improvements.
See #54729

Built from https://develop.svn.wordpress.org/trunk@53299


git-svn-id: http://core.svn.wordpress.org/trunk@52888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-28 09:46:21 +00:00
Sergey Biryukov 752429a58e Code Modernization: Rename parameters that use reserved keywords in `wp_die_*_handler` filters.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit renames the `$function` parameter to `$callback` in `wp_die_*_handler` filters, which aims to make it easier to use a non-reserved parameter name for anyone utilizing these filters.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
Built from https://develop.svn.wordpress.org/trunk@53243


git-svn-id: http://core.svn.wordpress.org/trunk@52832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-22 10:43:20 +00:00
audrasjb b6c2df9325 Docs: Update MDN link in `send_frame_options_header()` docblock.
The X-Frame-Options MDN documentation has been moved to `/docs/Web/HTTP/Headers/X-Frame-Options`. This changeset updates the link accordingly.

See #54729.

Built from https://develop.svn.wordpress.org/trunk@53202


git-svn-id: http://core.svn.wordpress.org/trunk@52791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-18 10:18:10 +00:00
audrasjb f087315090 Text Changes: Fix various inconsistent capitalization issues.
Props Presskopp, arpitgshah, mukesh27, desrosj, audrasjb, marybaum.
Fixes #53028.

Built from https://develop.svn.wordpress.org/trunk@53186


git-svn-id: http://core.svn.wordpress.org/trunk@52775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-15 11:58:10 +00:00
gziolo 9e3c5a4215 Editor: Add functionality required for theme export in the site editor
This bring across changes to theme export functionality, and related code, and tests. Relates issue in Gutenberg: https://github.com/WordPress/gutenberg/issues/39889.

Props scruffian, timothyblynjacobs, oandregal, ajlende, zieleadam.
See #55505.


Built from https://develop.svn.wordpress.org/trunk@53129


git-svn-id: http://core.svn.wordpress.org/trunk@52718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-11 10:38:00 +00:00
audrasjb f680e20156 General: add missing `strong` tag to some error messages.
Props NekoJonez, oakesjosh.
Fixes #54437.

Built from https://develop.svn.wordpress.org/trunk@53118


git-svn-id: http://core.svn.wordpress.org/trunk@52707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-10 19:47:02 +00:00
Sergey Biryukov 9fb5112732 Docs: Add missing description for `$pagenow` global in various functions.
See #54729, #55499.
Built from https://develop.svn.wordpress.org/trunk@53060


git-svn-id: http://core.svn.wordpress.org/trunk@52649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-04 18:26:06 +00:00
Peter Wilson 14e965a8d6 General: Validate input of `wp_list_pluck()`.
`wp_list_pluck()` is used by WordPress to pluck items from a list. Of course, this requires a list. This validates the input of `wp_list_pluck()` to ensure it is a list.

This matches the behaviour of `wp_list_sort()` and `wp_filter_object_list()`.

Props marv2, davidbaumwald, mkox, SergeyBiryukov, dd32.
Fixes #54751.


Built from https://develop.svn.wordpress.org/trunk@53045


git-svn-id: http://core.svn.wordpress.org/trunk@52634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-01 05:56:06 +00:00