`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to clarify a few inline comments related to removing percent-encoded characters and HTML entities.
Affected functions:
* `sanitize_user()`
* `sanitize_title_with_dashes()`
* `sanitize_html_class()`
* `_sanitize_text_fields()`
* `get_comments_number_text()`
Follow-up to [465], [3454], [11433], [12503], [37987].
Props ace100, tanjimtc71, codemonksuvro, SergeyBiryukov.
Fixes#57712.
Built from https://develop.svn.wordpress.org/trunk@55346
git-svn-id: http://core.svn.wordpress.org/trunk@54879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevent term `NOT EXISTS` queries causing `redirect_canonical()` to throw a fatal error in PHP 8 and above, or a warning in earlier versions.
This ensures the `tax_query`'s `terms` property both exists and is countable before attempting to count it.
Props codesdnc, SergeyBiryukov, kadamwhite, costdev, miguelaxcar.
Fixes#55955.
Built from https://develop.svn.wordpress.org/trunk@54785
git-svn-id: http://core.svn.wordpress.org/trunk@54337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add check to `redirect_canonical()` to ensure private posts only redirect for logged in users.
Modifies the `read_post` mata capability to user `get_post_status()` rather than the post's `post_status` property to allow attachments to redirect based on the inherited post status.
Introduces `wp_force_ugly_post_permalink()` to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: `get_permalink()`, `get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.
Improves logic of `get_attachment_link()` to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.
Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes#5272.
Built from https://develop.svn.wordpress.org/trunk@50132
git-svn-id: http://core.svn.wordpress.org/trunk@49811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This largely reverts [49563] due to attachment pages returning 404: File not found errors when they use the `inherit` status.
Permalink changes to attachment pages are retained when they are descendants of trashed or deleted posts.
Props Toro_Unit, helen, johnbillion, peterwilsoncc.
Fixes#51776.
See #5272.
Built from https://develop.svn.wordpress.org/trunk@49622
git-svn-id: http://core.svn.wordpress.org/trunk@49360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add check to `redirect_canonical()` to ensure the destination post is not using a private post status.
Props dd32, Denis-de-Bernardy, donmhico, helen, nacin, peterwilsoncc, pishmishy, TimothyBlynJacobs, tzafrir, Viper007Bond, whyisjake.
Fixes#5272.
Built from https://develop.svn.wordpress.org/trunk@49563
git-svn-id: http://core.svn.wordpress.org/trunk@49301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update `redirect_canonical()` to account for custom pagination and URL format used by sitemaps in order to follow standard practices.
Introduce the function `get_sitemap_url()` to simplify getting the index and provider URLs as needed.
Props jonathanstegall, pbiron, GamerZ, salvoaranzulla, peterwilsoncc.
Fixes#50910.
Built from https://develop.svn.wordpress.org/trunk@48872
git-svn-id: http://core.svn.wordpress.org/trunk@48634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The filter is the callback function added with `add_filter()`, therefore the hook passes a value to the filter, and the filter returns a value to change its behaviour.
The documentation is referring to the latter.
Props johnbillion.
See #49572, #16557.
Built from https://develop.svn.wordpress.org/trunk@48185
git-svn-id: http://core.svn.wordpress.org/trunk@47954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.
See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.
This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.
This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.
Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes#50117.
See #3670. See #19998.
Built from https://develop.svn.wordpress.org/trunk@48072
git-svn-id: http://core.svn.wordpress.org/trunk@47839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If a site is using `/%post_id%/%postname%/` as permalink structure, and is missing the `postname`, the site won't redirect to the appropriate URL. This change ensure that the redirect happens.
Fixes: #12456.
Props: Frank.Prendergast, dd32, Otto42, hlanggo, wonderboymusic, atimmer, seth17, calvin_ngan, Niresh12495, anbumz, SergeyBiryukov, donmhico.
Built from https://develop.svn.wordpress.org/trunk@47937
git-svn-id: http://core.svn.wordpress.org/trunk@47710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids displaying duplicate content of the home page under different URLs with appended page numbers.
This change only affects the `<!--nextpage-->` pagination (`page` query variable) and not the regular multiple posts pagination (`paged` query variable).
The posts page does not support the `<!--nextpage-->` pagination, so requests for invalid page numbers should be redirected to the page permalink, applying the logic previously implemented for single posts or pages.
Follow-up to [34492], [47727].
Props jeremyfelt, sachit.tandukar, SergeyBiryukov.
Fixes#45337. See #40773, #28081, #11694.
Built from https://develop.svn.wordpress.org/trunk@47760
git-svn-id: http://core.svn.wordpress.org/trunk@47536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids displaying duplicate content of the same post under different URLs and ensures the canonical URL is correct.
Previously, requests for invalid page numbers were only redirected to the post permalink if the post was actually paginated using the `<!--nextpage-->` marker.
Follow-up to [34492].
Props jeremyfelt, prografika, sachit.tandukar, subrataemfluence, hronak, ekatherine, henry.wright, chesio, dd32, SergeyBiryukov.
Fixes#40773. See #45337, #28081, #11694.
Built from https://develop.svn.wordpress.org/trunk@47727
git-svn-id: http://core.svn.wordpress.org/trunk@47504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `@` operator was used to prevent possible warnings emitted by `parse_url()` in PHP < 5.3.3 when URL parsing failed.
Now that the minimum version of PHP required by WordPress is 5.6.20, this is no longer needed.
Props netpassprodsr, Howdy_McGee.
Fixes#49980. See #24780.
Built from https://develop.svn.wordpress.org/trunk@47617
git-svn-id: http://core.svn.wordpress.org/trunk@47392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
Built from https://develop.svn.wordpress.org/trunk@47018
git-svn-id: http://core.svn.wordpress.org/trunk@46818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously attempted in [40256], which caused the test for decoded curly quotes to fail in some environments.
`$_SERVER['REQUEST_URI']` contains the encoded URI, so this version removes the failing tests and only checks for encoded curly quotes.
Props joostdevalk, lancewillett, SergeyBiryukov.
Fixes#20383.
Built from https://develop.svn.wordpress.org/trunk@41991
git-svn-id: http://core.svn.wordpress.org/trunk@41825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[37262] changed a check in `redirect_canonical()` so that it checked
categories in the object cache rather than querying the database. However,
the check was based on the identity of `WP_Term` objects, which in
certain cases can be augmented by the main WP query routine, causing
failures of the `in_array()` check. This caused unnecessary redirects
for URLs where `is_single()` is true, but the URL is different from the
post permalink, such as the `embed` endpoint.
`has_term()` also checks the cache, but does not sufer from this bug.
Props cmillerdev.
Fixes#36602.
Built from https://develop.svn.wordpress.org/trunk@38216
git-svn-id: http://core.svn.wordpress.org/trunk@38157 1a063a9b-81f0-0310-95a4-ce76da25c4cd