Commit Graph

646 Commits

Author SHA1 Message Date
dmsnell 8269c3fcd6 Users: Avoid ambiguous password reset URLs for usernames ending in a period.
When WordPress sends out a password-reset or new-user email, it generates
a link for someone to follow in order to take them to the reset page. If
the user login name ends in a period, however, that generated URL will
end in a period and many email clients will confuse it with a
sentence-ending period instead of being part of the query arguments.

In this patch, the generated URL's query argument are rearranged so that
the link will never end in a period. Alternative ideas were explored to
create a new function to escape URL-ending periods, but this patch resolves
the reported problem without raising any further architectural questions.

Developed in https://github.com/WordPress/wordpress-develop/pull/6834
Discussed in https://core.trac.wordpress.org/ticket/42957

Props audrasjb, costdev, daveagp, dmsnell, hellofromTonya, markparnell, mukesh27, nhrrob, obrienlabs, paulcline.
Fixes #42957.

Built from https://develop.svn.wordpress.org/trunk@58674


git-svn-id: http://core.svn.wordpress.org/trunk@58076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-04 22:01:22 +00:00
Sergey Biryukov ed0762ad01 Users: Pass the previous state of the user as context to the `wp_set_password` hook.
Follow-up to [55056], [55250].

Props dd32.
Fixes #61541.
Built from https://develop.svn.wordpress.org/trunk@58653


git-svn-id: http://core.svn.wordpress.org/trunk@58068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-07-03 16:10:16 +00:00
Sergey Biryukov 7bb686d18b Users: Account for returning `false` from the `authenticate` filter.
While technically only `null`, `WP_User`, or `WP_Error` should be returned from the `authenticate` filter, a plugin might return boolean `false` instead, which would trigger the `authentication_failed` error prior to [57882].

This commit aims to preserve that behavior in case `false` is returned.

Follow-up to [57882].

Props johnbillion.
See #60700.
Built from https://develop.svn.wordpress.org/trunk@57990


git-svn-id: http://core.svn.wordpress.org/trunk@57476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-04-13 16:33:13 +00:00
Sergey Biryukov 95f1ba70eb Coding Standards: Use strict comparison in `wp-includes/pluggable.php`.
Follow-up to [3566], [6387], [10437], [11057], [11387], [16208], [16304], [18195], [20410], [26367], [34947].

Props aristath, poena, afercia, SergeyBiryukov.
See #60700.
Built from https://develop.svn.wordpress.org/trunk@57882


git-svn-id: http://core.svn.wordpress.org/trunk@57383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-03-26 21:41:11 +00:00
Pascal Birchler 292af16439 Docs: Improve docblock for `$x_redirect_by` param in `wp_redirect()`.
The `$x_redirect_by` parameter is supported by `wp_redirect()` and `wp_safe_redirect()` to set the `X-Redirect-By` header.
It can be modified via the `x_redirect_by` filter.

This updates the docblock to clarify that `false` can be passed to disable sending the header, which was previously undocumented behavior.

Props kkmuffme, swissspidy.
Fixes #60209.
Built from https://develop.svn.wordpress.org/trunk@57693


git-svn-id: http://core.svn.wordpress.org/trunk@57194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-02-22 10:58:12 +00:00
Sergey Biryukov 356dd51612 Docs: Document the `$wp_hasher` global in `wp_generate_user_request_key()`.
Includes adding a description for the global in a few other functions.

Follow-up to [42791], [42964], [43008].

Props viralsampat.
See #60021.
Built from https://develop.svn.wordpress.org/trunk@57226


git-svn-id: http://core.svn.wordpress.org/trunk@56732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-12-24 13:05:21 +00:00
Sergey Biryukov f2a85f2b2c Docs: Improve documentation for `get_avatar()` and related functions.
Includes:
* Expanding and synchronizing documentation for the `default` and `rating` arguments.
* Adding `@since` entries for the `loading`, `fetchpriority`, and `decoding` arguments.
* Wrapping long lines as per the documentation standards.
* Fixing a typo in the `identicon` value.
* Minor formatting edits for consistency.

Follow-up to [31107], [45632], [47554], [53480], [56037].

See #58833.
Built from https://develop.svn.wordpress.org/trunk@56767


git-svn-id: http://core.svn.wordpress.org/trunk@56279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-03 16:15:19 +00:00
Felix Arntz dfe1f0d130 Media: Prevent PHP notice in `get_avatar()`.
Follow up fix to [56690].

Props pereirinha, mukesh27, spacedmonkey.
Fixes #58892.

Built from https://develop.svn.wordpress.org/trunk@56756


git-svn-id: http://core.svn.wordpress.org/trunk@56268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-02 20:14:21 +00:00
Felix Arntz 8964275967 Media: Rely on `wp_get_loading_optimization_attributes()` to add `decoding="async"` to images.
The `wp_get_loading_optimization_attributes()` function was introduced in 6.3, as a single centralized place to control loading optimization attributes for various tags, most importantly images.

This changeset consolidates the `decoding="async"` optimization, which was added in 6.1, to occur solely as part of `wp_get_loading_optimization_attributes()`, removing duplicate code and allowing centralized filtering based on [56651].

As part of the change, the `wp_img_tag_add_decoding_attr()` function has been deprecated. The filter of the same name continues to be maintained for backward compatibility, as before covering only images that are part of a content blob such as post content (`the_content`).

Props pereirinha, mukesh27, joemcgill, flixos90.
Fixes #58892.
See #53232.

Built from https://develop.svn.wordpress.org/trunk@56690


git-svn-id: http://core.svn.wordpress.org/trunk@56202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-25 22:38:17 +00:00
Sergey Biryukov 59f1c9c205 Code Modernization: Use `str_contains()` in a few more places.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [55988], [55990], [56014], [56021], [56031], [56032], [56065], [56241].

See #58206.
Built from https://develop.svn.wordpress.org/trunk@56245


git-svn-id: http://core.svn.wordpress.org/trunk@55757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-17 13:18:27 +00:00
audrasjb 6263f22b10 Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174], [56175], [56176], [56177], [56178], [56179], [56180], [56191].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56192


git-svn-id: http://core.svn.wordpress.org/trunk@55704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-10 22:48:22 +00:00
Felix Arntz 5ca27acd20 Media: Automatically add `fetchpriority="high"` to hero image to improve load time performance.
This changeset adds support for the `fetchpriority` attribute, which is typically added to a single image in each HTML response with a value of "high". This enhances load time performance (also Largest Contentful Paint, or LCP) by telling the browser to prioritize this image for downloading even before the layout of the page has been computed. In lab tests, this has shown to improve LCP performance by ~10% on average.

Specifically, `fetchpriority="high"` is added to the first image that satisfies all of the following conditions:
* The image is not lazy-loaded, i.e. does not have `loading="lazy"`.
* The image does not already have a (conflicting) `fetchpriority` attribute.
* The size of of the image (i.e. width * height) is greater than 50,000 squarepixels.

While these heuristics are based on several field analyses, there will always be room for optimization. Sites can customize the squarepixel threshold using a new filter `wp_min_priority_img_pixels` which should return an integer for the value.

Since the logic for adding `fetchpriority="high"` is heavily intertwined with the logic for adding `loading="lazy"`, yet the features should work decoupled from each other, the majority of code changes in this changeset is refactoring of the existing lazy-loading logic to be reusable. For this purpose, a new function `wp_get_loading_optimization_attributes()` has been introduced which returns an associative array of performance-relevant attributes for a given HTML element. This function replaces `wp_get_loading_attr_default()`, which has been deprecated. As another result of that change, a new function `wp_img_tag_add_loading_optimization_attrs()` replaces the more specific `wp_img_tag_add_loading_attr()`, which has been deprecated as well.

See https://make.wordpress.org/core/2023/05/02/proposal-for-enhancing-lcp-image-performance-with-fetchpriority/ for the original proposal and additional context.

Props thekt12, joemcgill, spacedmonkey, mukesh27, costdev, 10upsimon.
Fixes #58235.

Built from https://develop.svn.wordpress.org/trunk@56037


git-svn-id: http://core.svn.wordpress.org/trunk@55549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-26 16:17:23 +00:00
Sergey Biryukov 84e9601e5a Code Modernization: Replace usage of `substr()` with `str_starts_with()` and `str_ends_with()`.
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).

WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.

This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.

This aims to make the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].

Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes #58220.
Built from https://develop.svn.wordpress.org/trunk@55990


git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:57:24 +00:00
Sergey Biryukov 1ce5dc7444 Code Modernization: Replace usage of `strpos()` with `str_contains()`.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].

Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #58206.
Built from https://develop.svn.wordpress.org/trunk@55988


git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:36:26 +00:00
Sergey Biryukov 2ec23a82ed Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
Sergey Biryukov b1474a8a20 General: Don't pass `$action` to `wp_get_session_token()` in `wp_create_nonce()`.
The parameter appears to have been passed by accident, as the function does not accept any parameters.

Follow-up to [54218].

Props malavvasita, hztyfoon, dd32.
Fixes #58181.
Built from https://develop.svn.wordpress.org/trunk@55685


git-svn-id: http://core.svn.wordpress.org/trunk@55197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-25 14:57:23 +00:00
Sergey Biryukov bdfe3d5a46 Coding Standards: Use strict comparison where `count()` is involved.
Follow-up to [1636], [6974], [8114], [10322], [13326], [14760], [18006], [18541], [19743], [23249], [24115], [33359].

Props aristath, poena, afercia, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55642


git-svn-id: http://core.svn.wordpress.org/trunk@55154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-10 12:56:21 +00:00
Sergey Biryukov 06305406df Docs: Fix typo in `wp_generate_password()` description.
Follow-up to [42373].

Props pyrobd, pravinparmar2404, mukesh27.
Fixes #57847.
Built from https://develop.svn.wordpress.org/trunk@55455


git-svn-id: http://core.svn.wordpress.org/trunk@54988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-03-02 13:57:23 +00:00
Sergey Biryukov 0449c238bd Users: Adjust the initialization of the `$duplicated_keys` array in `wp_salt()`.
This avoids an endless loop if `get_current_user_id()` is used in a callback attached to the `gettext` filter.

With the translated phrase moved into a separate assignment, the function succeeds in setting the static `$duplicated_keys` array once and no longer goes into this code section on subsequent calls.

Follow-up to [54249].

Props adityaarora010196, SergeyBiryukov.
Fixes #57121.
Built from https://develop.svn.wordpress.org/trunk@55433


git-svn-id: http://core.svn.wordpress.org/trunk@54966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-28 13:22:22 +00:00
Sergey Biryukov bd92d87b74 Coding Standards: Rename `$comment_ID` variable to `$comment_id` in various files.
This resolves 80+ WPCS warnings in core:
{{{
Variable "$comment_ID" is not in valid snake_case format
}}}

While matching the database field of the same name, the `$comment_ID` variable did not follow the WordPress coding standards, and is now renamed to address that.

This affects:
* Function parameters in:
 * `get_comment_author()`
 * `comment_author()`
 * `get_comment_author_email()`
 * `comment_author_email()`
 * `get_comment_author_link()`
 * `comment_author_link()`
 * `get_comment_author_IP()`
 * `comment_author_IP()`
 * `get_comment_author_rl()`
 * `comment_author_url()`
 * `get_comment_date()`
 * `comment_date()`
 * `get_comment_excerpt()`
 * `comment_excerpt()`
 * `get_comment_text()`
 * `comment_text()`
 * `get_comment_time()`
 * `comment_time()`
 * `get_comment_type()`
 * `get_page_of_comment()`
 * `wp_new_comment_notify_moderator()`
 * `wp_new_comment_notify_postauthor()`
 * `get_commentdata()`

* Internal variables in:
 * `get_comment_ID()`
 * `wp_new_comment()`
 * `wp_xmlrpc_server::wp_deleteComment()`
 * `wp_xmlrpc_server::wp_editComment()`
 * `wp_xmlrpc_server::wp_newComment()`
 * `wp_xmlrpc_server::pingback_ping()`

* Hook parameters in:
 * `get_comment_author`
 * `comment_author`
 * `get_comment_author_email`
 * `author_email`
 * `get_comment_author_link`
 * `get_comment_author_IP`
 * `get_comment_author_url`
 * `comment_url`
 * `get_comment_excerpt`
 * `comment_excerpt`
 * `get_comment_ID`
 * `get_comment_type`
 * `get_page_of_comment`
 * `comment_{$new_status}_{$comment->comment_type}`
 * `comment_post`
 * `notify_moderator`
 * `notify_post_author`
 * `commentrss2_item`
 * `xmlrpc_call_success_wp_deleteComment`
 * `xmlrpc_call_success_wp_editComment`
 * `xmlrpc_call_success_wp_newComment`
 * `pingback_post`

Note: The name change only affects variable names and DocBlocks.

The change does not affect:

* `comment_ID` as the `$orderby` value in `WP_Comment_Query::__construct()`
* `comment_ID` as the `$orderby` value in `WP_Comment::get_children()`
* `comment_ID` as part of `$commentarr` parameter in `wp_update_comment()`

The associated array keys still match the database field.

Follow-up to [53723].

Props krunal265, costdev, SergeyBiryukov.
Fixes #57671. See #56791.
Built from https://develop.svn.wordpress.org/trunk@55308


git-svn-id: http://core.svn.wordpress.org/trunk@54841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-12 18:08:21 +00:00
Sergey Biryukov 11d374ff97 Users: Pass correct number of arguments to `send_auth_cookies` filter in `wp_clear_auth_cookie()`.
Follow-up to [55164], [55253], [55259].

Props mukesh27.
See #56971.
Built from https://develop.svn.wordpress.org/trunk@55260


git-svn-id: http://core.svn.wordpress.org/trunk@54793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 13:53:18 +00:00
Sergey Biryukov 09ec812116 Users: Pass the authentication scheme to the `send_auth_cookies` filter.
This brings more consistency with the `set_auth_cookie` and `set_logged_in_cookie` hooks.

Follow-up to [55164], [55253].

See #56971.
Built from https://develop.svn.wordpress.org/trunk@55259


git-svn-id: http://core.svn.wordpress.org/trunk@54792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 13:46:17 +00:00
audrasjb 0c5812699c Users: Change parameters order in `send_auth_cookies` filter.
This changeset makes this filter more consistent with `set_auth_cookie` and `set_logged_in_cookie` hooks.

Follow-up to [55164].

Props SergeyBiryukov, audrasjb, mukesh27 , costdev.
Fixes #56971.

Built from https://develop.svn.wordpress.org/trunk@55253


git-svn-id: http://core.svn.wordpress.org/trunk@54786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-07 12:30:17 +00:00
audrasjb b27543461d Users: Update `get_avatar_url()` and `get_avatar()` to include RoboHash support.
Follow-up to [55238].

Fixes #57493.

Built from https://develop.svn.wordpress.org/trunk@55239


git-svn-id: http://core.svn.wordpress.org/trunk@54772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-06 21:30:18 +00:00
audrasjb 28358ab213 HTTP API: Fix request header inconsistencies.
This changeset improves the consistency in capitalization of fetching and outputting of request headers. It also updates occurrences found in some docblocks.

Props johnjamesjacoby, costdev, audrasjb, petitphp, mhkuu, SergeyBiryukov.
Fixes #54225.

Built from https://develop.svn.wordpress.org/trunk@55210


git-svn-id: http://core.svn.wordpress.org/trunk@54743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-03 13:35:20 +00:00
Sergey Biryukov 3ec35fac02 Docs: Fix typo in the `send_auth_cookies` filter DocBlock.
Follow-up to [55164], [55165].

See #56971, #39367.
Built from https://develop.svn.wordpress.org/trunk@55166


git-svn-id: http://core.svn.wordpress.org/trunk@54699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-31 12:20:16 +00:00
Sergey Biryukov a389692e5a Docs: Remove a duplicate line in the `send_auth_cookies` filter DocBlock.
Describe the default values for the `$send` and `$expire` parameters.

Follow-up to [55164].

See #56971, #39367.
Built from https://develop.svn.wordpress.org/trunk@55165


git-svn-id: http://core.svn.wordpress.org/trunk@54698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-31 12:18:22 +00:00
audrasjb 67abe8cfb3 Users: Add context to the `send_auth_cookies` filter.
This changeset adds `$user_id`, `$expire`, `$expiration` and `$token` parameters to provide context to `send_auth_cookies` hook, which allows the filter to skip sending auth cookies.

Props dd32, mukesh27, costdev, peterwilsoncc, audrasjb.
Fixes #56971.
See #39367.

Built from https://develop.svn.wordpress.org/trunk@55164


git-svn-id: http://core.svn.wordpress.org/trunk@54697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-31 08:46:13 +00:00
Pascal Birchler 5edb22187d I18N: Introduce `switch_to_user_locale()`.
This new function makes it easier to switch to a specific user’s locale by reducing duplicate code and storing the user’s ID as additional context for plugins to consume. Existing usage of `switch_to_locale()` in core has been replaced with `switch_to_user_locale()` where appropriate.

Also, this change ensures `WP_Locale_Switcher` properly filters `determine_locale` so that anyyone using the `determine_locale()` function will get the correct locale information when switching is in effect.

Props costdev.
Fixes #57123.
See #26511.
Built from https://develop.svn.wordpress.org/trunk@55161


git-svn-id: http://core.svn.wordpress.org/trunk@54694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-30 10:27:16 +00:00
John Blackbourn badc8943d1 HTTP API: Correct the name of a filter referenced in the docs for `wp_redirect()` and `wp_safe_redirect()`.
Props pbiron, audrasjb, SergeyBiryukov 

Fixes #57464

Built from https://develop.svn.wordpress.org/trunk@55069


git-svn-id: http://core.svn.wordpress.org/trunk@54602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-15 01:01:15 +00:00
Sergey Biryukov 10ad5f0d4d Docs: Correct the type of the `$user_id` parameter in `wp_set_password` action.
Follow-up to [6600], [55056].

See #57436.
Built from https://develop.svn.wordpress.org/trunk@55057


git-svn-id: http://core.svn.wordpress.org/trunk@54590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-12 13:14:15 +00:00
audrasjb 00ed89ffb1 Users: Add an action hook on `wp_set_password()`.
This changeset introduces the `wp_set_password` action hook, triggered after a password is set for a given user. As several plugins are calling `wp_set_password()` directly, adding an action to the end of the function will help plugin authors to catch all instances of password setting.

Props tanner-m, audrasjb.
Fixes #57436.

Built from https://develop.svn.wordpress.org/trunk@55056


git-svn-id: http://core.svn.wordpress.org/trunk@54589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-12 09:05:15 +00:00
audrasjb b6760ea0ce Docs: Align spelling with American English.
This changeset updates the use of "-ise" suffix to American English "-ize" and replaces "behaviour" with "behavior" in various docblocks.

Follow-up to [54663], [54664], [55043].

Props kebbet.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@55044


git-svn-id: http://core.svn.wordpress.org/trunk@54577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-10 09:30:13 +00:00
johnjamesjacoby 0f0646eda0 Mail: allow custom attachment filenames in `wp_mail()`.
Previous to this change, attachment filenames in outgoing emails could only ever be derived from their paths (passed in as a numerically indexed array of `$attachments`).

This changeset adds support for passing an associative `$attachments` array, where the key strings will be used as filenames instead.

Includes 2 new unit tests to ensure both array formats continue to work as intended.

Props johnjamesjacoby, ritteshpatel, swissspidy, syntaxart.
Fixes #28407.
Built from https://develop.svn.wordpress.org/trunk@55030


git-svn-id: http://core.svn.wordpress.org/trunk@54563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-01-05 10:49:16 +00:00
Sergey Biryukov 0d03ee0b7a Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952


git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 00:24:17 +00:00
Sergey Biryukov 5f30490527 Coding Standards: Remove a one-time `$loading` variable in `get_avatar()`.
This aims to bring consistency between two similar code fragments.

Follow-up to [47554], [53480], [54895].

See #56791.
Built from https://develop.svn.wordpress.org/trunk@54920


git-svn-id: http://core.svn.wordpress.org/trunk@54472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-01 15:43:20 +00:00
Sergey Biryukov 1750d30863 Coding Standards: Always use strict type check for `in_array()`.
This fixes the currently flagged `WordPress.PHP.StrictInArray.MissingTrueStrict` issues:
* `Not using strict comparison for in_array; supply true for third argument.`

These all do comparisons with strings, so all the more reason why it is imperative that a strict comparison is used.

Follow-up to [47550], [47557], [54155], [53480].

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54895


git-svn-id: http://core.svn.wordpress.org/trunk@54447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 21:00:14 +00:00
Sergey Biryukov 3ba44120d0 Coding Standards: Always use parentheses when instantiating an object.
Note: This will be enforced by WPCS 3.0.0.

Props jrf.
See #56791.
Built from https://develop.svn.wordpress.org/trunk@54891


git-svn-id: http://core.svn.wordpress.org/trunk@54443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-29 15:51:14 +00:00
audrasjb 65cdec186b Docs: Align spelling with American English.
This changeset replaces "cancelled" with "canceled" in various docblocks, per the [https://make.wordpress.org/core/handbook/best-practices/spelling/ Spelling Guidelines].

Props costdev.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@54664


git-svn-id: http://core.svn.wordpress.org/trunk@54216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-21 21:51:14 +00:00
audrasjb 1b46797366 Mail: Reset PHPMailer properties between use.
Props xknown, martinkrcho, tykoted.

Built from https://develop.svn.wordpress.org/trunk@54529


git-svn-id: http://core.svn.wordpress.org/trunk@54084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 11:42:11 +00:00
Peter Wilson b879d04354 Users: Revert use of shared objects for current user.
Reverts [50790].

Props oztaser, ravipatel, dd32, costdev, SergeyBiryukov, tykoted, cu121, xknown.
Fixes #54984.


Built from https://develop.svn.wordpress.org/trunk@54397


git-svn-id: http://core.svn.wordpress.org/trunk@53956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-06 04:38:14 +00:00
John Blackbourn f7dc68f99a Docs: Updates and corrections to various inline docs added in 6.1.
See #55646

Built from https://develop.svn.wordpress.org/trunk@54284


git-svn-id: http://core.svn.wordpress.org/trunk@53843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-21 20:24:12 +00:00
audrasjb 06cb9d7691 Security: Salting functions: translate the phrase "put your unique phrase here".
In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too.

Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb.
Fixes #55937.

Built from https://develop.svn.wordpress.org/trunk@54249


git-svn-id: http://core.svn.wordpress.org/trunk@53808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 11:57:20 +00:00
audrasjb 4bb6301eb9 General: Pass `$action` to `nonce_life` filter.
This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis.

Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko.
Fixes #35188.

Built from https://develop.svn.wordpress.org/trunk@54218


git-svn-id: http://core.svn.wordpress.org/trunk@53777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-19 21:36:10 +00:00
audrasjb cad5069194 Docs: Update `wp_rand` docblock to clarify that it returns a non-negative number.
Props hakre, westi, jeremyfelt, neychok, sabernhardt, audrasjb.
Fixes #15089.

Built from https://develop.svn.wordpress.org/trunk@54190


git-svn-id: http://core.svn.wordpress.org/trunk@53749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-16 22:39:11 +00:00
desrosj fa9c62915f Mail: Prevent the last character of names in “From” headers from being trimmed.
When extracting the email and name from a “From” header, the last character of the name is incorrectly trimmed when a space is not included between the name and the opening `<`.

Though the space is required for the header to be compliant with RFC5322 (see https://www.rfc-editor.org/rfc/rfc5322#section-3.4), the absence of a space can be ignored here. PHPMailer accepts the name and email as separate parameters and constructs the header correctly later on.

Props hakanca, mikehansenme, SergeyBiryukov, kovshenin, mattyrob, drewapicture, desrosj.
Fixes #19847.
Built from https://develop.svn.wordpress.org/trunk@53900


git-svn-id: http://core.svn.wordpress.org/trunk@53459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-16 18:18:14 +00:00
John Blackbourn 79db573265 Docs: Various corrections and improvements to inline documentation.
See #55646

Built from https://develop.svn.wordpress.org/trunk@53827


git-svn-id: http://core.svn.wordpress.org/trunk@53386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-04 14:52:11 +00:00
John Blackbourn 5dc1150ea2 Users: Allow conditional supression of the email notifications that are sent when a new user account is registered.
This introduces the following new filters:

* `wp_send_new_user_notification_to_admin`
* `wp_send_new_user_notification_to_user`

Props janthiel, costdev, audrasjb, peterwilsoncc

Fixes #54874

Built from https://develop.svn.wordpress.org/trunk@53698


git-svn-id: http://core.svn.wordpress.org/trunk@53257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-07-12 21:05:16 +00:00
Sergey Biryukov 9e01bd8adc Query: Some documentation and test improvements for `update_post_author_caches()`:
* Make the descriptions for `update_post_author_caches()` and `update_post_caches()` more specific.
* Move the unit test into its own file, for consistency with `update_post_cache()` tests. This also allows for using shared fixtures in case more tests are added in the future.

Follow-up to [53482].

See #55716.
Built from https://develop.svn.wordpress.org/trunk@53483


git-svn-id: http://core.svn.wordpress.org/trunk@53072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-10 15:17:10 +00:00
spacedmonkey 2237f67458 Prime users cache in WP_Query and post REST API controller.
For a call to `WP_Query` or a post REST API request that contains posts from multiple authors, call the `cache_users` function, to ensure that all user data for post authors is primed in 
a single database query. This results in far fewer database queries on multiple author sites. 

Props spacedmonkey, timothyblynjacobs, peterwilsoncc.
Fixes #55716.

Built from https://develop.svn.wordpress.org/trunk@53482


git-svn-id: http://core.svn.wordpress.org/trunk@53071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-10 13:39:11 +00:00