It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.
While the hardcoded prefix/suffix values in this case don't necessarily create that risk, those may change to values which could be problematic, so making it a habit to escape the value in one go is best practice.
Includes:
* Moving a few `esc_url()` calls closer to the actual output and escaping the hash parts too.
* Wrapping a few long lines for better readability.
Follow-up to [14248], [23707], [42217], [55615].
Props jrf, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55616
git-svn-id: http://core.svn.wordpress.org/trunk@55128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that post type or taxonomy name is consistently escaped in:
* `wp_nav_menu_item_post_type_meta_box()`
* `wp_nav_menu_item_taxonomy_meta_box()`
Follow-up to [14248], [23707].
Props zenaulislam, SergeyBiryukov.
Fixes#57110.
Built from https://develop.svn.wordpress.org/trunk@55615
git-svn-id: http://core.svn.wordpress.org/trunk@55127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a few WPCS warnings along the lines of:
* Array double arrow not aligned correctly
* Equals sign not aligned with surrounding statements
* Usage of ELSE IF is discouraged; use ELSEIF instead
Follow-up to [55099], [55192], [55194], [55271].
Props davidbaumwald, jrf, SergeyBiryukov.
Fixes#57994.
Built from https://develop.svn.wordpress.org/trunk@55606
git-svn-id: http://core.svn.wordpress.org/trunk@55118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
On the About page, wraps the Field Guide's link in `__()` to provide a localized field guide, when available.
Follow-up to [55600].
Props davidbaumwald, sergeybiryukov, desrosj, javiercasares, oglekler, mukesh27, clorith, eboxnet, costdev, ocean90.
Fixes#57477.
Built from https://develop.svn.wordpress.org/trunk@55601
git-svn-id: http://core.svn.wordpress.org/trunk@55113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the green background from the "dot" accent, to prevent low contrast for the dismiss button. Use menu colors for the background on alternate color schemes. Remove the "Edit styles" link as there is no longer a direct link to the global styles section of the site editor.
Follow-up to [55451].
Props sabernhardt, ryokuhi, laurlittle, richtabor.
Fixes#57759.
Built from https://develop.svn.wordpress.org/trunk@55574
git-svn-id: http://core.svn.wordpress.org/trunk@55086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the classic editor, fix the publish status change text shown when a future post's date is changed to a different future date. Show 'scheduled' statement instead of 'publish' statement.
Props tyxla, sdavis2702, joedolson.
Fixes#31040.
Built from https://develop.svn.wordpress.org/trunk@55561
git-svn-id: http://core.svn.wordpress.org/trunk@55073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `ftp_nlist()` receives an empty path, it checks the current working directory and may return `true`.
This affects:
* `WP_Filesystem_FTPext::exists()`
* `WP_Filesystem_ftpsockets::exists()`
As the purpose of the API is to provide a consistent interface for various filesystem implementations, this commit updates the affected methods to returns `false` when an empty path is provided, bringing consistency with the other filesystem abstraction classes, specifically `WP_Filesystem_Direct` and `WP_Filesystem_SSH2`.
Follow-up to [6779], [11821], [25274], [31815].
Props mkox, costdev, Zdrobau, dd32, pbiron, azaozz, mukesh27, SergeyBiryukov.
Fixes#33058.
Built from https://develop.svn.wordpress.org/trunk@55556
git-svn-id: http://core.svn.wordpress.org/trunk@55068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings more consistency with other screens and avoids a PHP warning in `get_plugin_page_hookname()`:
{{{
preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
Follow-up to [13257], [13366], [55263].
Props nendeb55, costdev, SergeyBiryukov.
Fixes#57918.
Built from https://develop.svn.wordpress.org/trunk@55552
git-svn-id: http://core.svn.wordpress.org/trunk@55064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the `WP_Comments_List_Table` class, when the function `get_comments` is called, pass the parameter `update_comment_post_cache` set to true. This primes all the related posts for the displayed comments. This improves performance, as all posts are primed at once.
Props spacedmonkey, adarshposimyth.
Fixes#57802.
Built from https://develop.svn.wordpress.org/trunk@55513
git-svn-id: http://core.svn.wordpress.org/trunk@55045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Minor copy updates. Update heading style, text size, spacing in smaller columns. Remove columns placement code to simplify CSS. This was necessary for IE11, but modern browsers can use auto-placement. Move navigation out of the banner to keep size & background placement consistent across About section.
Props marybaum, sereedmedia, annezazu, jpantani, laurlittle, richtabor, markoserb, fcoveram, joen, kebbet.
See #57477.
Built from https://develop.svn.wordpress.org/trunk@55499
git-svn-id: http://core.svn.wordpress.org/trunk@55031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the `wp_ajax_save_attachment_updated` hook by reverting [55106], [55111], and [55450], to give it more time for further discussions as there are still concerns about whether this hook is necessary.
Follow-up to [55106], [55111], [55450].
Props costdev, SergeyBiryukov, peterwilsoncc, azaozz.
See #23148.
Built from https://develop.svn.wordpress.org/trunk@55474
git-svn-id: http://core.svn.wordpress.org/trunk@55007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to elaborate a bit more on the difference between these two settings, as well as explain the `http://` or `https://` prefix.
Follow-up to [15000], [19472].
Props marybaum, sabernhardt, tobifjellner, justinahinon, webcommsat, hellofromtonya, audrasjb, robinwpdeveloper, costdev, SergeyBiryukov.
Fixes#50886.
Built from https://develop.svn.wordpress.org/trunk@55452
git-svn-id: http://core.svn.wordpress.org/trunk@54985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset renames the `wp_ajax_save_attachment` action to `wp_ajax_save_attachment_updated` to avoid confusion with the similarly named `wp_ajax_save-attachment` action. This also add a dockblock note to indicate that when checking if an action is being done, `doing_action( 'wp_ajax_save-attachment' )` may be used if that is more convenient.
Follow-up to [55106].
Props azaozz, sc0ttkclark, costdev.
Fixes#23148
Built from https://develop.svn.wordpress.org/trunk@55450
git-svn-id: http://core.svn.wordpress.org/trunk@54983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.
This commit avoids a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}
Follow-up to [25421], [25700], [25764], [25835], [25859].
Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie, hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes#42619.
Built from https://develop.svn.wordpress.org/trunk@55425
git-svn-id: http://core.svn.wordpress.org/trunk@54958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The table is no longer created by core as of WordPress 3.0, and support for global terms was removed in WordPress 6.1, so `$wpdb->sitecategories` is unset by default.
This commit resolves a "passing null to non-nullable" deprecation notice on PHP 8.1:
{{{
Deprecated: addcslashes(): Passing null to parameter #1 ($string) of type string is deprecated in wp-includes/class-wpdb.php on line 1804
}}}
The `tables_to_repair` filter is available for plugins to readd the table or include any additional tables to repair.
Follow-up to [14854], [14880], [54240].
Props ipajen, chiragrathod103, SergeyBiryukov.
Fixes#57762.
Built from https://develop.svn.wordpress.org/trunk@55421
git-svn-id: http://core.svn.wordpress.org/trunk@54954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes encoding issues in background update emails by applying `html_entity_decode()` on Plugin/Theme names in `send_plugin_theme_email()`.
Props paulschreiber, audrasjb, benjgrolleau, sanketchodavadiya, robinwpdeveloper, paulamit.
Fixes#56964.
Built from https://develop.svn.wordpress.org/trunk@55411
git-svn-id: http://core.svn.wordpress.org/trunk@54944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This type of transformation isn't always appropriate, especially for non-English language sites. Displaying the original option name makes it more clear what option is being changed.
Props SergeyBiryukov, sabernhardt, afrin29, afshanadiya
Fixes#50572
Built from https://develop.svn.wordpress.org/trunk@55408
git-svn-id: http://core.svn.wordpress.org/trunk@54941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to avoid timeout in Imagick operations.
Previously, Imagick operations could silently error by timeout and produce unexpected results. The new `::set_imagick_time_limit()` method, now used in `::resize()` and `::crop()`, will better handle garbage collection in these cases as well as better align Imagick's timeout with PHP timeout, assuming it is set.
Props drzraf, audrasjb, costdev, antpb, SergeyBiryukov.
Fixes#52569.
Built from https://develop.svn.wordpress.org/trunk@55404
git-svn-id: http://core.svn.wordpress.org/trunk@54937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes the conditions for when to enqueue the opinionated block styles (i.e. `'wp-block-library-theme'` stylesheet):
* the theme adds `'wp-block-styles'` theme support;
* and no editor styles are declared.
This resolves an issue with themes that do not add the `'wp-block-styles'` theme support while not impacting themes that do.
Follow-up to [53419], [52069], [50761], [44157].
Props mikachan, costdev, glendaviesnz, hellofromTonya, jffng, mamaduka, ndiego, poena, sannevndrmeulen, scruffian.
Fixes#57561.
Built from https://develop.svn.wordpress.org/trunk@55368
git-svn-id: http://core.svn.wordpress.org/trunk@54901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$post_ID` variable is [546f59c678/WordPress/Sniffs/NamingConventions/ValidVariableNameSniff.php (L54) technically allowed in WPCS], as there is a global of the same name that needs to remain for backward compatibility. However, this name is mostly a remnant of legacy code, and switching to `$post_id` where appropriate brings more consistency with the rest of core.
Additionally, this commit resolves a few WPCS warnings in core:
{{{
Variable "$post_IDs" is not in valid snake_case format
}}}
This affects:
* Function parameters in:
* `add_meta()`
* `post_preview()`
* `WP_Embed::delete_oembed_caches()`
* `WP_Embed::cache_oembed()`
* `wp_get_post_cats()`
* `wp_set_post_cats()`
* `wp_unique_post_slug()`
* `wp_set_post_categories()`
* `wp_check_post_hierarchy_for_loops()`
* `wp_add_trashed_suffix_to_post_name_for_trashed_posts()`
* `wp_filter_wp_template_unique_post_slug()`
* `wp_xmlrpc_server::add_enclosure_if_new()`
* `wp_xmlrpc_server::attach_uploads()`
* `wp_xmlrpc_server::mt_getTrackbackPings()`
* Internal variables in:
* `wp_ajax_inline_save()`
* `wp_ajax_set_post_thumbnail()`
* `wp_ajax_get_post_thumbnail_html()`
* `edit_post()`
* `bulk_edit_posts()`
* `wp_write_post()`
* `WP_Embed::shortcode()`
* `wp_insert_post()`
* `wp_xmlrpc_server::_insert_post()`
* `wp_xmlrpc_server::blogger_getPost()`
* `wp_xmlrpc_server::blogger_newPost()`
* `wp_xmlrpc_server::blogger_editPost()`
* `wp_xmlrpc_server::blogger_deletePost()`
* `wp_xmlrpc_server::mw_getPost()`
* `wp_xmlrpc_server::mw_newPost()`
* `wp_xmlrpc_server::mw_editPost()`
* `wp_xmlrpc_server::mt_getPostCategories()`
* `wp_xmlrpc_server::mt_setPostCategories()`
* `wp_xmlrpc_server::mt_publishPost()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `oembed_ttl`
* `embed_oembed_html`
* `wp_insert_post_parent`
* `add_trashed_suffix_to_trashed_posts`
* `pre_post_update`
* `edit_attachment`
* `attachment_updated`
* `add_attachment`
* `edit_post_{$post->post_type}`
* `edit_post`
* `post_updated`
* `save_post_{$post->post_type}`
* `save_post`
* `wp_insert_post`
* `pre_wp_unique_post_slug`
* `wp_unique_post_slug`
* `xmlrpc_call_success_blogger_newPost`
* `xmlrpc_call_success_blogger_editPost`
* `xmlrpc_call_success_blogger_deletePost`
* `xmlrpc_call_success_mw_newPost`
* `xmlrpc_call_success_mw_editPost`
Note: The name change only affects variable names and DocBlocks.
The change does not affect the `$post_ID` global still used in a few places.
Follow-up to [51399], [52958], [53723], [53729], [55190], [55308], [55334].
Props mahekkalola, tanjimtc71, SergeyBiryukov.
Fixes#57692.
Built from https://develop.svn.wordpress.org/trunk@55365
git-svn-id: http://core.svn.wordpress.org/trunk@54898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes an issue where the available theme updates count was not updated after a theme is deleted.
Props nazmulhasan103, riccardodicurti, sabernhardt, ironprogrammer, costdev, robinwpdeveloper, rahmantasnia.
Fixes#57183.
Built from https://develop.svn.wordpress.org/trunk@55359
git-svn-id: http://core.svn.wordpress.org/trunk@54892 1a063a9b-81f0-0310-95a4-ce76da25c4cd