Commit Graph

26 Commits

Author SHA1 Message Date
Sergey Biryukov 7836738bd9 Docs: Document the usage of globals in some functions.
This affects:
* `the_block_editor_meta_boxes()`
* `wp_generate_block_templates_export_file()`
* `WP_oEmbed_Controller::get_proxy_item()`

Follow-up to [44131], [48135], [51151], [53129].

Props krunal265.
Fixes #57082.
Built from https://develop.svn.wordpress.org/trunk@54831


git-svn-id: http://core.svn.wordpress.org/trunk@54383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-13 13:51:20 +00:00
Sergey Biryukov c03305852e Code Modernization: Add `AllowDynamicProperties` attribute to all (parent) classes.
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.

There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.

Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.

To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.

The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
 - If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
 - If it extends a PHP native class: add the attribute.
 - If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.

Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.

This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.

Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].

Follow-up to [53922].

Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133


git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-12 15:47:14 +00:00
Sergey Biryukov 6276e68c6c Docs: Document the usage of `$wp_embed` global in `WP_oEmbed_Controller::get_proxy_item()`.
Follow-up to [48135].

Fixes #52628.
Built from https://develop.svn.wordpress.org/trunk@51151


git-svn-id: http://core.svn.wordpress.org/trunk@50760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-15 10:24:57 +00:00
John Blackbourn 753ae723ad Docs: Corrections and improvements to inline docs relating to the REST API.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49610


git-svn-id: http://core.svn.wordpress.org/trunk@49348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-16 11:04:12 +00:00
TimothyBlynJacobs b8d5e161eb REST API: Issue a _doing_it_wrong when registering a route without a permission callback.
The REST API treats routes without a permission_callback as public. Because this happens without any warning to the user, if the permission callback is unintentionally omitted or misspelled, the endpoint can end up being available to the public. Such a scenario has happened multiple times in the wild, and the results can be catostrophic when it occurs.

For REST API routes that are intended to be public, it is recommended to set the permission callback to the `__return_true` built in function.

Fixes #50075.
Props rmccue, sorenbronsted, whyisjake, SergeyBiryukov, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@48526


git-svn-id: http://core.svn.wordpress.org/trunk@48288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 12:03:05 +00:00
whyisjake 07f71058c3 Embeds: Ensure that classic embed support works in the block editor.
See https://github.com/WordPress/gutenberg/pull/6345

Fixes #45447.

Props swisspidy, pento, audrasjb, aduth, jrchamp, thrijith, TimothyBlynJacobs, whyisjake. 
 

Built from https://develop.svn.wordpress.org/trunk@48135


git-svn-id: http://core.svn.wordpress.org/trunk@47904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-23 06:08:08 +00:00
desrosj 4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
TimothyBlynJacobs facb1728b9 REST API: Validate that the oembed url parameter is a string.
This prevents a PHP warning from being issued by esc_url_raw when a non-string value is provided.

Props dd32.
Fixes #49991.

Built from https://develop.svn.wordpress.org/trunk@47755


git-svn-id: http://core.svn.wordpress.org/trunk@47531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-03 22:42:06 +00:00
Sergey Biryukov 3d623995a8 Docs: In various `@return` tags, list the expected type first, instead of `WP_Error`.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@46696


git-svn-id: http://core.svn.wordpress.org/trunk@46496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-11 02:43:03 +00:00
Gary Pendergast af0a914d14 Coding Standards: Move `wp-includes/class-oembed.php` to `wp-includes/class-wp-oembed.php`.
This renames the file containing the `WP_oEmbed` class to conform to the coding standards.

This commit also includes:

- A new `class-oembed.php` that includes the new file, for anyone that may've been including the file directly.
- Replaces references to the old filename with the new filename.

See #47632.


Built from https://develop.svn.wordpress.org/trunk@45663


git-svn-id: http://core.svn.wordpress.org/trunk@45474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-19 04:32:57 +00:00
Gary Pendergast c925b89152 Embeds: Filter HTML response in oEmbed proxy controller.
Adapts the response from `WP_oEmbed_Controller::get_proxy_item()` so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new `get_oembed_response_data_for_url()` function for preparing internal oEmbed responses.

Merges [43810] from the 5.0 branch to trunk.

Props danielbachhuber, imath, swissspidy.
Fixes #45142.


Built from https://develop.svn.wordpress.org/trunk@44154


git-svn-id: http://core.svn.wordpress.org/trunk@43984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:20:37 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Drew Jaynes 0860bb2771 Docs: Remove `@access` notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
Weston Ruter 93637a5729 REST API: Ensure `maxwidth` and `maxheight` params are forwarded to oEmbed provider in proxy requests.
Also correct phpdoc return tag on `WP_oEmbed_Controller::get_proxy_item()` and remove dead code in oEmbed controller phpunit tests.

Amends [40628].
See #40450.
Fixes #41299.

Built from https://develop.svn.wordpress.org/trunk@41047


git-svn-id: http://core.svn.wordpress.org/trunk@40897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-14 16:05:43 +00:00
Weston Ruter 2ca21c444e REST API: Remove `_wpnonce` value from being used in hashed oEmbed proxy cache key.
Amends [40628].
Props r-a-y, westonruter.
See #40450.
Fixes #41048.

Built from https://develop.svn.wordpress.org/trunk@41035


git-svn-id: http://core.svn.wordpress.org/trunk@40885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-12 22:51:40 +00:00
James Nylen 589c4b4b2d REST API: Add endpoint for proxying requests to external oEmbed providers.
This endpoint is a prerequisite for the media widgets work (see https://github.com/xwp/wp-core-media-widgets).

Also use the new endpoint in the media modal instead of the `parse-embed` AJAX action.

Props westonruter, timmydcrawford, swissspidy, jnylen0.
Fixes #40450.

Built from https://develop.svn.wordpress.org/trunk@40628


git-svn-id: http://core.svn.wordpress.org/trunk@40489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 18:18:46 +00:00
Drew Jaynes ecf5a924fe Docs: Add missing `@access` tags to methods in `WP_oEmbed_Controller`.
See [34903].

Props ramiy.
Fixes #36297.

Built from https://develop.svn.wordpress.org/trunk@37568


git-svn-id: http://core.svn.wordpress.org/trunk@37536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-25 19:22:27 +00:00
Drew Jaynes 602b51a209 Docs: Standardize filter docs in core classes in wp-includes/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37492


git-svn-id: http://core.svn.wordpress.org/trunk@37460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:15:28 +00:00
Ryan McCue aa71d8b7ff oEmbed: Drop the trailing slash from the namespace.
Props swissspidy.
Fixes #34709.

Built from https://develop.svn.wordpress.org/trunk@35656


git-svn-id: http://core.svn.wordpress.org/trunk@35620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 11:27:29 +00:00
Sergey Biryukov 64fdde928a Embeds: Fix typo in `oembed_request_post_id` filter DocBlock.
Props swissspidy.
See #34523.
Built from https://develop.svn.wordpress.org/trunk@35470


git-svn-id: http://core.svn.wordpress.org/trunk@35434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 15:38:25 +00:00
Gary Pendergast 8be4a22f82 Embeds: Who put this REST API infrastructure in my WordPress?
Well, while it's here, we probably should make use of it. The oEmbed endpoint now uses the REST API infrastructure, instead of providing its own.

Props swissspidy.

Fixes #34207.


Built from https://develop.svn.wordpress.org/trunk@35436


git-svn-id: http://core.svn.wordpress.org/trunk@35400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 22:51:24 +00:00
Dominik Schilling 80116f2136 Embeds: Replace hardcoded error messages with `get_status_header_desc( $http_code )`.
Fixes #34275.
Built from https://develop.svn.wordpress.org/trunk@35408


git-svn-id: http://core.svn.wordpress.org/trunk@35372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-27 20:44:23 +00:00
Scott Taylor 1cd49e2d4d oEmbed: if `SimpleXMLElement` does not exist, return an `HTTP Error 501 Not implemented` response.
Props swissspidy.
Fixes #34274.

Built from https://develop.svn.wordpress.org/trunk@35354


git-svn-id: http://core.svn.wordpress.org/trunk@35320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 16:38:26 +00:00
Gary Pendergast 6a18efb313 Embeds: After [34903], remove an accidentally included text domain, and exclude a test failing in PHP 5.2.
Built from https://develop.svn.wordpress.org/trunk@34904


git-svn-id: http://core.svn.wordpress.org/trunk@34869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 11:01:25 +00:00
Gary Pendergast 83c3e3e00e Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.

In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.

For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.

Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia

Fixes #32522.


Built from https://develop.svn.wordpress.org/trunk@34903


git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00