The PHP native `mysqli_real_escape_string()` function expects to be passed a string as the second parameter and this is not a nullable parameter.
Passing `null` to it will result in a `mysqli_real_escape_string(): Passing null to parameter #2 ($string) of type string is deprecated` notice on PHP 8.1.
Previously, an input type check was put in place to prevent fatal errors on PHP 8.0 when an array, object or resource was passed. Changeset [48980].
A `null` value was explicitly excluded from that check, even though a `null` value being passed would only ever result in an empty string anyway.
This commit changes the previous input type check to also bow out early for `null` values and to automatically return an empty string for those.
Refs:
- https://www.php.net/manual/en/mysqli.real-escape-string.php
- https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg
Follow-up to [48980].
Props jrf, hellofromTonya.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51799
git-svn-id: http://core.svn.wordpress.org/trunk@51406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prior to PHP 8.1, the default error handling mode was `MYSQLI_REPORT_OFF`. An error in the extension, database, query, or the database connection returned `false` and emitted a PHP warning:
{{{
$mysqli = new mysqli("localhost", "non-existing-user", "", "");
Warning: mysqli::__construct(): (HY000/2002): No connection could be made because the target machine actively refused it in ... on line ...
}}}
From PHP 8.1 and later, the default error mode is set to `MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT`. An error in the extension, database, query, or the database connection throws an exception:
{{{
$mysqli = new mysqli("localhost", "non-existing-user", "", "");
Fatal error: Uncaught mysqli_sql_exception: Connection refused in ...:...
}}}
WordPress has its own error reporting and gracefully handles the database errors by inspecting the error codes. Setting the MySQLi error reporting to off avoids fatal errors due to uncaught exceptions and maintains the current behavior.
References:
* [https://php.watch/versions/8.1/mysqli-error-mode PHP 8.1: MySQLi: Default error mode set to exceptions]
* [https://wiki.php.net/rfc/mysqli_default_errmode PHP RFC: Change Default mysqli Error Mode]
Props ayeshrajans, jrf.
Fixes#52825.
Built from https://develop.svn.wordpress.org/trunk@51582
git-svn-id: http://core.svn.wordpress.org/trunk@51193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a deprecation notice on PHP 8.1 caused by passing `null` instead of a string to `ltrim()` in `wpdb::check_safe_collation()`, and maintains the current behaviour.
Follow-up to [30345], [32162], [33455].
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51396
git-svn-id: http://core.svn.wordpress.org/trunk@51007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48115
git-svn-id: http://core.svn.wordpress.org/trunk@47884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
Built from https://develop.svn.wordpress.org/trunk@48059
git-svn-id: http://core.svn.wordpress.org/trunk@47826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Starting with MySQL 5.7.5, the `ANSI` mode implies `ONLY_FULL_GROUP_BY`, which is already listed in `wpdb` as incompatible per [27072].
When `ANSI` is enabled on MySQL 5.7.5+, `ONLY_FULL_GROUP_BY` remains enabled even after being "unset" by `wpdb::set_sql_mode()`.
To prevent this, the `ANSI` mode should also be listed as incompatible. It is not enabled on default MySQL installations.
Props jnylen0.
Fixes#48377.
Built from https://develop.svn.wordpress.org/trunk@47171
git-svn-id: http://core.svn.wordpress.org/trunk@46971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Originally added in [4686], these constructor/destructor pairings were designed to prevent the objects from being destroyed before shutdown, when output buffers are flushed.
A deeper investigation reveals that this approach didn't quite work as expected and was later made redundant by introducing `wp_ob_end_flush_all()` in [5462].
Props wonderboymusic, nacin, Mte90, SergeyBiryukov.
Fixes#21402.
Built from https://develop.svn.wordpress.org/trunk@47107
git-svn-id: http://core.svn.wordpress.org/trunk@46907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of the Multisite installation process, a `blog_versions` table is created. This table is never read from (except immediately prior to updating it), it's only ever inserted into or updated. It is not used to determine which blogs need to be upgraded.
This table was introduced in 3.0 when the WPMU schema was merged #11644 and it appears the table has never been used in core and is therefore redundant and may as well be removed.
Props johnbillion, nacin, ryan, johnjamesjacoby, whyisjake.
Fixes#19755. See #41685.
Built from https://develop.svn.wordpress.org/trunk@46194
git-svn-id: http://core.svn.wordpress.org/trunk@46006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
PHP 7.4 addes a warning when trying access a null/bool/int/float/resource (everything but array, string and object) as if it were an array.
This change fixes all of these warnings visible in unit tests.
Props jrf.
See #47704.
Built from https://develop.svn.wordpress.org/trunk@45639
git-svn-id: http://core.svn.wordpress.org/trunk@45450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new method, `wpdb::log_query()`, and a new filter, `log_query_custom_data`. The custom data is stored as a new element in each entry of the `wpdb::$queries` array.
Props CrazyJaco, johnbillion, pento.
Fixes 42151.
Built from https://develop.svn.wordpress.org/trunk@45635
git-svn-id: http://core.svn.wordpress.org/trunk@45446 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd