Store the file size of all newly uploaded attachments, as part of the metadata stored in post meta. Storing file size means, developers will not have to resort to doing `filesize` function calls, that can be time consuming on assets on offloaded to services like Amazon’s S3.
This change also introduces a new helper function called, `wp_filesize`. This is a wrapper around the `filesize` php function, that adds some helpful filters and ensures the return value is an integer.
Props Cybr, Spacedmonkey, SergeyBiryukov, johnwatkins0, swissspidy, desrosj, joemcgill, azaozz, antpb, adamsilverstein, uday17035.
Fixes#49412.
Built from https://develop.svn.wordpress.org/trunk@52837
git-svn-id: http://core.svn.wordpress.org/trunk@52426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset removes the Live Preview link for block-based themes when installing for a zip archive, since the customizer is disabled by default for block themes.
Follow-up to [52353].
Props alanjacobmathew, hellofromTonya, antonvlasenko, ironprogrammer.
Fixes#54578.
Built from https://develop.svn.wordpress.org/trunk@52802
git-svn-id: http://core.svn.wordpress.org/trunk@52391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
#38231 added support for files fetched remotely to have their filename defined by the host using the `Content-Disposition` header. This would then take priority over the existing temporary file name created with `wp_tempnam()` earlier in the process.
The change unintentionally omitted the temporary directory path used during uploads, since the `wp_tempnam()` function would have added it previously, so that files with this header ended up being stored in the WordPress root folder, or wp-admin folder, when triggered by WP_Cron or user interactions respectively.
This change makes sure the file path includes the temporary directory location when the header is used.
Follow-up to [51939].
Props antonynz, azouamauriac.
Fixes#55109.
Built from https://develop.svn.wordpress.org/trunk@52734
git-svn-id: http://core.svn.wordpress.org/trunk@52323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Use strict comparison in various conditions.
* Fix a `Variable "$system_webServer_node" is not in valid snake_case format` WPCS warning.
Includes minor code layout fixes for better readability.
Follow-up to [10607], [11350], [22253], [26137].
Props azouamauriac, SergeyBiryukov.
See #54728.
Built from https://develop.svn.wordpress.org/trunk@52721
git-svn-id: http://core.svn.wordpress.org/trunk@52310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `link_updated` field is unused as of WordPress 3.0 and was never updated via `wp_insert_link()`, only via the `wp-admin/update-links.php` file removed in [13744].
Follow-up to [13744], [49487].
Props dshanske, dharm1025, SergeyBiryukov.
Fixes#54880.
Built from https://develop.svn.wordpress.org/trunk@52659
git-svn-id: http://core.svn.wordpress.org/trunk@52248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An unvisited site may have an undefined cron array, resulting in `_get_cron_array()` returning the value `false`. Previously this would trigger warning in `upgrade_590()` as the function assumed `_get_cron_array()` would alway return an array.
No database version change is required as the upgrade routine was successful on sites with a cron array during 5.9.0. On sites without a cron array, the error has already been thrown if they are running db version 51917. This fix is only required for new sites or those upgrading that have skipped 5.9.0.
Follow up to [51917].
Props chrisvanpatten, kapilpaul, SergeyBiryukov.
Fixes#54906.
See #53940.
Built from https://develop.svn.wordpress.org/trunk@52656
git-svn-id: http://core.svn.wordpress.org/trunk@52245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Before this changeset, `translation_api` and `translation_api_result` filters were incorrectly marked as taking object as their first argument. The correct type is an array as `json_decode()` is asked to return an associative array.
Props volodymyrkolesnykov.
Fixes#54959.
Built from https://develop.svn.wordpress.org/trunk@52645
git-svn-id: http://core.svn.wordpress.org/trunk@52234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In PHP 8+, `@` no longer suppresses fatal errors:
> The `@` operator will no longer silence fatal errors (`E_ERROR`, `E_CORE_ERROR`, `E_COMPILE_ERROR`, `E_USER_ERROR`, `E_RECOVERABLE_ERROR`, `E_PARSE`).
Reference: [https://www.php.net/manual/en/migration80.incompatible.php PHP 8: Backward Incompatible Changes].
`disk_free_space()` may be disabled by hosts, which will throw a fatal error on a call to undefined function.
This change prevents the fatal error, and falls back to `false` when `disk_free_space()` is unavailable.
Follow-up to [25540], [25774], [25776], [25831], [25869].
Props costdev, jrf, swb1192, SergeyBiryukov.
Fixes#54826. See #54730.
Built from https://develop.svn.wordpress.org/trunk@52585
git-svn-id: http://core.svn.wordpress.org/trunk@52175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change adds a verification of the `$position` parameter in `add_menu_page()` to ensure an integer is used. If not, the function informs developers of the wrong parameter type via a `_doing_it_wrong` message. This brings consistency with a similar check used in `add_submenu_page()`.
This change also typecasts any floating number to string to ensure that in case a float value was passed, at least it doesn't override existing menus.
Follow-up to [46570].
Props kirtan95.
Fixes#54798. See #48249.
Built from https://develop.svn.wordpress.org/trunk@52569
git-svn-id: http://core.svn.wordpress.org/trunk@52159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
During automatic core upgrades, if installation results in a `WP_Error`, the `error` method is called on the skin with the details. However, in this case, two parameters are passed to `$skin->error`, but only one is accepted. This change passes only the running `WP_Error` instance as the sole parameter to `$skin->error`.
Also, this change adds an additional error to `$upgrade_result` before finally being passed to `$skin->error`, indicating that the installation failed. This adds additional context to the failure.
Props desrosj, sainthkh, devutpol, SergeyBiryukov.
Fixes#53284.
Built from https://develop.svn.wordpress.org/trunk@52539
git-svn-id: http://core.svn.wordpress.org/trunk@52129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With its last major update in 3.5, the welcome panel was feeling stale. This bright new design showcases links to recent features, including patterns, the site editor, and styles, depending on whether you have a block theme active.
Props jameskoster, desrosj, noisysocks, critterverse, karmatosed, hellofromtonya, smit08, melchoyce, poena, audrasjb, webcommsat, marybaum.
See #54489.
Built from https://develop.svn.wordpress.org/trunk@52442
git-svn-id: http://core.svn.wordpress.org/trunk@52034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since some locales may differentiate "Posts" generic post type name (works for both posts, pages, and custom post types) and "Posts" when speaking about blogposts, this change aims to contextualize the use of the "Posts" string in the "Users" admin screen. This change reuses the string used for the "Posts" post type registration, to avoid introducing any new string to translate.
Props audrasjb, jdy68, SergeyBiryukov.
Fixes#54712.
Built from https://develop.svn.wordpress.org/trunk@52426
git-svn-id: http://core.svn.wordpress.org/trunk@52018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[52232] relocated the Theme Editor menu item from Appearance to Tools for block themes. This commit relocates the Plugin Editor menu item from Plugins to Tools for block themes for a consistent workflow.
Both the Theme Editor and Plugin Editor menu items are renamed to "Theme File Editor" and "Plugin File Editor" respectively. Why? To better identify their purpose, i.e. to directly edit the code in the theme or plugin files. The rename is not limited to only block themes.
Follow-up to [52232].
Props poena, annezazu, audrasjb, clorith, courane01, costdev, dryanpress, desrosj, hellofromTonya, ipstenu, jameskoster, joen, johnbillion, joyously, manfcarlo, marybaum, pbiron, SergeyBiryukov, walbo, youknowriad.
Fixes#54382.
Built from https://develop.svn.wordpress.org/trunk@52406
git-svn-id: http://core.svn.wordpress.org/trunk@51998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Starting in 5.9, block themes are not compatible with (do not support) Customizer; rather, they use the Site Editor. Viewing installed themes in Customizer, this commit adds an overlay message to alert users and give them a way to activate the block theme. Clicking on the "Activate" button activates the block theme and redirects back to the Appearance > Themes interface, where the user can then enter the Site Editor for customization.
Non-block themes are not affected by this change and continue to work in Customizer.
Follow-up to [41648], [41893], [52279].
Props antonvlasenko, costdev, hellofromTonya, jffng, joyously, noisysocks, poena, shaunandrews.
Fixes#54549.
Built from https://develop.svn.wordpress.org/trunk@52371
git-svn-id: http://core.svn.wordpress.org/trunk@51963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Revert the rollback features introduced for theme and plugin upgrades during the WordPress 5.9 cycle. A bug (suspected to be in third party virtualisation software) causes the upgrades to fail consistently on some set ups. The revert is to allow contributors further time to investigate mitigation options.
Reverts [52337], [52289], [52284], [51951], [52192], [51902], [51899], [51898], [51815].
Props pbiron, dlh, peterwilsoncc, galbaras, SergeyBiryukov, afragen, costdev, bronsonquick, aristath, noisysocks, desrosj, TobiasBg, hellofromTonya, francina, Boniu91.
See #54543, #54166, #51857.
Built from https://develop.svn.wordpress.org/trunk@52351
git-svn-id: http://core.svn.wordpress.org/trunk@51943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Currently, the Site Editor does not have a live preview feature for non-activated block themes.
This commit is a stop-gate to remove the "Live Preview" button for those themes. It avoids confusing users and avoiding a notification message that doesn't make sense.
Props antonvlasenko, costdev, hellofromTonya, kafleg, paaljoachim.
Fixes#54578.
Built from https://develop.svn.wordpress.org/trunk@52341
git-svn-id: http://core.svn.wordpress.org/trunk@51933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[51815] introduced the creation of a temporary backup of plugins before updating.
The `move()` (and later, `move_dir()`) call) uses a `$src` parameter.
For Hello Dolly, this is `<path>/wp-contents/plugins/.` (note the period at the end).
For users on Linux and Mac, this doesn't appear to cause any problems.
However, on Windows, the move causes the plugins folder to be moved which then causes a failure when attempting to call `mkdir()`.
This commit skips any plugin whose slug is `'.'` as this slug results in the `$src` value ending in a period.
Follow-up to [51815].
Props costdev, boniu91, hellofromTonya.
Fixes#54543.
Built from https://develop.svn.wordpress.org/trunk@52337
git-svn-id: http://core.svn.wordpress.org/trunk@51929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit renames the following method and function to better represent block theme terminology:
* `WP_Theme::is_block_based()` to `WP_Theme::is_block_theme()`
* `wp_is_block_template_theme()` to `wp_is_block_theme()`
It also changes `wp_is_block_theme()` to be a helper wrapper (sugar syntax) for `wp_get_theme()->is_block_theme();`. Why? To ensure both the method and function behave the same, to help Gutenberg maintain WordPress cross-version compatibility, and to make it less cumbersome to port changes from Gutenberg to Core.
Follow-up to [52069], [52247], [52279].
Props antonvlasenko, costdev, hellofromTonya, noisysocks.
Fixes#54550.
Built from https://develop.svn.wordpress.org/trunk@52330
git-svn-id: http://core.svn.wordpress.org/trunk@51922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Check for direct PHP flle access and only use `rename()` if true.
* Check whether the destination directory was successfully created.
* Clear the working directory so there is internal parity within the function between the results of a successful `rename()` and a fallback to `copy_dir()`.
* Use `move_dir()` in `WP_Upgrader::move_to_temp_backup_dir()` and `::restore_temp_backup()`.
Follow-up to [51815], [51898], [51899], [51902], [52192], [52284].
Props afragen, peterwilsoncc, dd32, SergeyBiryukov.
See #54166, #51857.
Built from https://develop.svn.wordpress.org/trunk@52289
git-svn-id: http://core.svn.wordpress.org/trunk@51881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Trying to schedule cron jobs before WordPress is installed results in DB errors, which is suboptimal.
This addresses a `Table 'wp_options' doesn't exist` error when running the installation with `WP_DEBUG` enabled.
Follow-up to [51815], [51898], [51899], [51902], [52192].
Props dlh, pbiron.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@52284
git-svn-id: http://core.svn.wordpress.org/trunk@51876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For block themes (like Twenty Twenty-Two), Customizer menu item is removed and replaced with the Site Editor menu item. However, other links exist in the Dashboard's welcome panel "Customize Your Site" button and the "Customize" button in each theme listed in the Appearance > Themes interface.
This commit changes each of those remaining links to link to the Site Editor interface instead of the Customizer.
To help identify block vs non-block themes, two method methods are introduced in `WP_Theme`:
* `WP_Theme:: is_block_based()` which identifies if the theme is a block theme or not.
* `WP_Theme::get_file_path()` which is similar to `get_theme_file_path()` but uses the directories within the theme object.
Both of these new methods include test coverage including the addition of a parent and child block theme in test data.
Follow-up to [18749], [35483], [42013], [42169].
Props antonvlasenko, jameskoster, hellofromTonya, matveb, noisysocks, poena, sergeybiryukov.
Fixes#54460.
Built from https://develop.svn.wordpress.org/trunk@52279
git-svn-id: http://core.svn.wordpress.org/trunk@51871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For certain images, `wp_exif_frac2dec()` unexpectedly returned a string instead of `int` or `float`. This can occur when an image is missing meta and calls the function with `'0/0'`. For those images, a fatal error was thrown on PHP 8.0+:
{{{
TypeError: round(): Argument #1 ($num) must be of type int|float, string given
}}}
Upon deeper review, inconsistent and unexpected results were returned from different types of input values passed to the function.
Changes are:
* Maintains backwards-compatibility for valid input values.
* Fixes handling of invalid input values by bailing out to return the documented type of `int|float` by returning `0`.
* Improves the fractional conditional check.
* Improves the calculated fraction handling to ensure (a) the numerator and denominator are both numeric and (b) the denominator is not equal to zero.
* Safeguards the behavior via tests for all possible ways code could flow through the function.
* Safeguards the backwards-compatibility of the `wp_read_image_metadata()` by adding some defensive coding around the calls to the `wp_exif_frac2dec()` function.
These changes fix the fatal error and make the function more secure, stable, and predictable while maintaining backwards-compatibility for valid input values.
Follow-up to [6313], [9119], [22319], [28367], [45611], [47287].
Props adamsilverstein, jrf, peterwilsoncc, praem90, stevegs, tobiasbg.
Fixes#54385.
Built from https://develop.svn.wordpress.org/trunk@52269
git-svn-id: http://core.svn.wordpress.org/trunk@51861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Document the structure of the `$plugin_data` array passed to the `plugin_row_meta` filter.
* Document some missing values returned by `get_plugin_data()`:
* `PluginURI`
* `AuthorName`
* Link to `get_plugin_data()` and the `plugin_row_meta` filter as the canonical sources in other various filters and actions which receive the `$plugin_data` parameter:
* `network_admin_plugin_action_links`
* `network_admin_plugin_action_links_{$plugin_file}`
* `plugin_action_links`
* `plugin_action_links_{$plugin_file}`
* `plugin_auto_update_setting_html`
* `manage_plugins_custom_column`
* `after_plugin_row`
* `after_plugin_row_{$plugin_file}`
* `in_plugin_update_message-{$file}`
* Update documentation for the `$response` parameter of the `in_plugin_update_message-{$file}` filter:
* Correct type for the `id` value. It contains a string like `w.org/plugins/[plugin-name]`, not a numeric ID.
* Update `$icons`, `$banners`, and `$banners_rtl` values to use typed array notation.
Follow-up to [8367], [8402], [12976], [16758], [26540], [30544], [34818], [51733], [52212], [52224].
See #53399.
Built from https://develop.svn.wordpress.org/trunk@52227
git-svn-id: http://core.svn.wordpress.org/trunk@51819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the filter documentation for `auto_update_{$type}` to account for the changes to default auto-update behaviors made in WordPress 5.6.
Starting in WordPress 5.6, all new installs auto-update major versions by default.
Props felipeloureirosantos, audrasjb, marybaum, davidbaumwald.
Fixes#53330.
Built from https://develop.svn.wordpress.org/trunk@52214
git-svn-id: http://core.svn.wordpress.org/trunk@51806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Follow-up to [52165] where the `version_compare()` fails for 11.8.x versions. This commit changes the version comparison to < 11.9 for deactivating the Gutenberg plugin.
The `_upgrade_580_force_deactivate_incompatible_plugins()` function is no longer needed in 5.9. It's redundant and unnecessary as `_upgrade_590_force_deactivate_incompatible_plugins()` deactivates those versions as well.
Removing `_upgrade_580_force_deactivate_incompatible_plugins()` and moving the deactivation logic back into the `_deactivate_gutenberg_when_incompatible_with_wp()`, thus removing the new private function `_deactivate_gutenberg_when_incompatible_with_wp()` introduced in [52165].
Follow-up [51180], [51266], [52165].
Props hellofromTonya, tobiasbg, clorith, sergeybiryukov, costdev.
Fixes#54405.
Built from https://develop.svn.wordpress.org/trunk@52199
git-svn-id: http://core.svn.wordpress.org/trunk@51791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Make sure the `wp_delete_temp_updater_backups` event has an action associated with it when it runs.
* Check if the cron event already exists before scheduling it, to avoid scheduling duplicate events.
* Move the code for clearing the `temp-backup` directory to a standalone function.
Follow-up to [51815], [51898], [51899].
Props pbiron, johnbillion.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@52192
git-svn-id: http://core.svn.wordpress.org/trunk@51784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`get_term()` accepts a term ID, instance of `WP_Term`, or an object (i.e. `stdClass` as a result of a db query). Functions that use `get_term()` also now allow for the same data types.
Why? For consistency, removing extra processing code in consuming functions, and performance.
Functions changed in this commit are:
* `get_category_feed_link()`
* `get_term_feed_link()`
* `get_tag_feed_link()`
* `get_edit_tag_link()`
* `get_edit_term_link()`
* `edit_term_link()`
For each of consumer of these functions, changes to pass the object instead of the term ID.
Includes unit/integration tests for test coverage of these changes.
Follow-up to [6365], [9136], [9340], [14711], [15792], [15800], [18827], [32606], [36646], [37252].
Props davidbinda, johnbillion, peterwilsoncc, hellofromTonya, sergeybiryukov, mista-flo, hareesh-pillai, audrasjb, jeffpaul, chaion07.
Fixes#50225.
Built from https://develop.svn.wordpress.org/trunk@52180
git-svn-id: http://core.svn.wordpress.org/trunk@51772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Based on follow-up research, this change was never necessary in order to use e2e tests in the media library uploader. Additionally, it created several complicated side effects. Without significant benefit, it's not valuable to pursue the change further.
Follow up to [52059].
See #54168, #54411.
Fixes#54168.
Built from https://develop.svn.wordpress.org/trunk@52171
git-svn-id: http://core.svn.wordpress.org/trunk@51763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix bug introduced in [50829] that caused media modal to only load the selected image. Executes `.more()` when loading the modal to ensure that the media collection is available.
Props manishamakhija, birgire, dilipbheda, afercia, hellofromTonya.
Fixes#42937.
Built from https://develop.svn.wordpress.org/trunk@52168
git-svn-id: http://core.svn.wordpress.org/trunk@51760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Avoid a fatal error due to `WP_Theme_JSON_Schema` and potentially other classes and/or functions redeclarations when updating to WordPress 5.9 with an incompatible version of the Gutenberg plugin.
This commit uses the same strategy from 5.8. Moves the plugin deactivation code (introduced in [51266]) to a private function for reuse in 5.8, 5.9, and future major releases.
Follow-up to [51180], [51266].
Props hellofromTonya, johnbillion, jorbin.
See #54405.
Built from https://develop.svn.wordpress.org/trunk@52165
git-svn-id: http://core.svn.wordpress.org/trunk@51757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Copies Navigation Area infrastrucutre from lib/navigation.php in Gutenberg. This
allows a Navigation block to be associated with a particular area which persists
when switching theme.
Props antonvlasenko, mamaduka, spacedmonkey.
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52145
git-svn-id: http://core.svn.wordpress.org/trunk@51737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When posts are edited in bulk, the `_edit_last` meta was not updated for each post. This change adds a call to update the `_edit_last` meta to the current user ID for each post the is updated.
Props calebwoodbridge, peterwilsoncc, guillaumeturpin, audrasjb.
Fixes#42446.
Built from https://develop.svn.wordpress.org/trunk@52141
git-svn-id: http://core.svn.wordpress.org/trunk@51733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Disable auto-correct for the slug field on the quick/bulk edit interface. As slugs may consist of a number of words combined in to a single string, they are unlikely to pass spell checkers.
Props swb1192, SergeyBiryukov, afragen, Clorith, desrosj, JeffPaul, sabernhardt, Boniu91, costdev, hellofromTonya.
Fixes#50499.
Built from https://develop.svn.wordpress.org/trunk@52092
git-svn-id: http://core.svn.wordpress.org/trunk@51684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previous messaging of this link was confusing given it went to an external source. This change describes more accurately that it will perform the action of taking you to the resource.
Props karmatosed, joedolson, melchoyce, hellofromTonya, afercia, sabernhardt, antpb.
Fixes#48939.
Built from https://develop.svn.wordpress.org/trunk@52033
git-svn-id: http://core.svn.wordpress.org/trunk@51625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when uploading a media item type that is not supported, the default error message claims that the reason it cannot upload is due to security reasons. This is not always true. Now the warning says that the type is not allowed, which is always true.
Props antpb, Presskopp, peterwilsoncc, desrosj, iluy, circlecube, mikeschroder.
Fixes#53626.
Built from https://develop.svn.wordpress.org/trunk@52032
git-svn-id: http://core.svn.wordpress.org/trunk@51624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As a legacy from the old Health Check plugin, the constant `WP_LOCAL_DEV` was included in the debug data under the "WordPress Constants" section. This was incorrect, and has never been a constant used by core.
Instead, that field is now replaced by `WP_ENVIRONMENT_TYPE`, which was introduced with WordPress 5.5, and is a much more appropriate value to provide in a debug scenario.
Props johnbillion, bgoewert, sabbirshouvo.
Fixes#54340.
Built from https://develop.svn.wordpress.org/trunk@52021
git-svn-id: http://core.svn.wordpress.org/trunk@51613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `get_core_checksums()` and `wp_version_check()` functions call the PHP native `http_build_query()` function, the second parameter of which is the ''optional'' `$numeric_prefix` parameter which expects a non-nullable `string`.
A parameter being optional, however, does not automatically make it nullable.
As of PHP 8.1, passing `null` to a non-nullable PHP native function will generate a deprecation notice.
In this case, this function call yielded a `http_build_query(): Passing null to parameter #2 ($numeric_prefix) of type string is deprecated` notice.
Changing the `null` to an empty string fixes this without a backward compatibility break.
References:
* [https://www.php.net/manual/en/function.http-build-query.php PHP Manual: http_build_query()]
* [https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg PHP RFC: Deprecate passing null to non-nullable arguments of internal functions]
Follow-up to [18697], [25540].
Props bjorsch, kraftbj, hellofromTonya, jrf.
See #54229.
Built from https://develop.svn.wordpress.org/trunk@52019
git-svn-id: http://core.svn.wordpress.org/trunk@51611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changes the submit button text from "Submit" to "Save Changes".
Why? The text is more semantic and clear of what happens when activating that button.
Follow-up to [9103].
Props zodiac1978, knutsp, hilayt24, audrasjb.
Fixes#54229.
Built from https://develop.svn.wordpress.org/trunk@52014
git-svn-id: http://core.svn.wordpress.org/trunk@51605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When viewing the listing of all comments, author links previously passed referrer information to untrusted URLs. This change adds `noreferrer` to each author link, as well as `noopener` to prevent the passing of information about the parent window.
Props cybr, adam3128, erayalakese, andraganescu, audrasjb, joedolson, sabernhardt.
Fixes#40916.
Built from https://develop.svn.wordpress.org/trunk@52007
git-svn-id: http://core.svn.wordpress.org/trunk@51596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word “we” should be avoided (...) unless its made very clear which group is speaking
(There are several more usages of "we" that will receive this same scrutiny in future commits/releases.)
Props audrasjb, johnbillion, marybaum, peterwilsoncc, sergeybiryukov, shital-patel.
Fixes #46057.
Built from https://develop.svn.wordpress.org/trunk@51979
git-svn-id: http://core.svn.wordpress.org/trunk@51568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WordPress Events and News widget used an icon-only button to select a location. The Pencil icon alone provided insufficient context and labeling for accessibility. Add text to clearly describe button action and change icon to represent a location marker.
Props AmethystAnswers, sabernhardt.
Fixes#53311.
Built from https://develop.svn.wordpress.org/trunk@51971
git-svn-id: http://core.svn.wordpress.org/trunk@51560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
Built from https://develop.svn.wordpress.org/trunk@51943
git-svn-id: http://core.svn.wordpress.org/trunk@51532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes#38231.
Built from https://develop.svn.wordpress.org/trunk@51939
git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd