Commit Graph

1779 Commits

Author SHA1 Message Date
audrasjb f28c97fa8c Grouped backports to the 5.7 branch.
- Editor: Bump @wordpress packages for the branch,
- Media: Refactor search by filename within the admin,
- REST API: Lockdown post parameter of the terms endpoint,
- Customize: Escape blogname option in underscores templates,
- Query: Validate relation in `WP_Date_Query`,
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Mail: Reset PHPMailer properties between use,
- Comments: Apply kses when editing comments,
- Widgets: Escape RSS error messages for display.

Merges [54521-54530] to the 5.7 branch.
Props audrasjb, costdev, cu121, dd32, davidbaumwald, ehtis, johnbillion, johnjamesjacoby, martinkrcho, matveb, oztaser, paulkevan, peterwilsoncc, ravipatel, SergeyBiryukov, talldanwp, timothyblynjacobs, tykoted, voldemortensen, vortfu, xknown.

Built from https://develop.svn.wordpress.org/branches/5.7@54553


git-svn-id: http://core.svn.wordpress.org/branches/5.7@54108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 17:55:21 +00:00
Sergey Biryukov e3554a9aa7 General: Only use `_jsonp_wp_die_handler()` for JSONP REST API requests.
Props mdawaffe, peterwilsoncc.
Merges [51740] to the 5.7 branch.
Built from https://develop.svn.wordpress.org/branches/5.7@51742


git-svn-id: http://core.svn.wordpress.org/branches/5.7@51350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 17:24:01 +00:00
Peter Wilson c463e94a33 Security: move Content-Security-Policy script loaders.
Move `wp_get_script_tag()`, `wp_print_script_tag()`, `wp_print_inline_script_tag()` and `wp_get_inline_script_tag()` functions from `functions.php` to `script-loader.php`.

Relocate related tests to `dependencies` sub-directory.

Follow up to [50167].
Props adamsilverstein, hellofromTonya, SergeyBiryukov.
Fixes #39941.

Built from https://develop.svn.wordpress.org/trunk@50409


git-svn-id: http://core.svn.wordpress.org/trunk@50020 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-23 02:00:06 +00:00
Adam Silverstein a506e02edd Security: add Content-Security-Policy script loaders.
Add new functions `wp_get_script_tag`, `wp_print_script_tag`, `wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support script attributes. Enables passing attributes such as `async` or `nonce`, creating a path forward for enabling a Content-Security-Policy in core, plugins and themes.

Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace, alinod, enricocarraro, ocean90.
Fixes #39941.



Built from https://develop.svn.wordpress.org/trunk@50167


git-svn-id: http://core.svn.wordpress.org/trunk@49846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 20:55:05 +00:00
Sergey Biryukov aab7206ff8 Media: Move `wp_getimagesize()` to `wp-includes/media.php`, for consistency with other media functions.
Follow-up to [50146].

See #49889.
Built from https://develop.svn.wordpress.org/trunk@50148


git-svn-id: http://core.svn.wordpress.org/trunk@49827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:10:04 +00:00
antpb f80e5d0919 Media: Avoid suppressing errors when using `getimagesize()`.
Previously, all logic utilizing `getimagesize()` was supressing errors making it difficult to debug usage of the function. 

A new `wp_getimagesize()` function has been added to allow the errors to no longer be suppressed when `WP_DEBUG` is enabled.

Props Howdy_McGee, SergeyBiryukov, mukesh27, davidbaumwald, noisysocks, hellofromTonya.
Fixes #49889.

Built from https://develop.svn.wordpress.org/trunk@50146


git-svn-id: http://core.svn.wordpress.org/trunk@49825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 16:53:04 +00:00
Sergey Biryukov 22188b3e85 Users: Move `retrieve_password()` to `wp-includes/user.php`, for consistency with other user functions.
Follow-up to [25231], [50129].

Props jfarthing84, dimadin.
See #34281, #31039.
Built from https://develop.svn.wordpress.org/trunk@50140


git-svn-id: http://core.svn.wordpress.org/trunk@49819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 12:37:03 +00:00
Felix Arntz dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Adam Silverstein 315b1c185d Users: enable admins to send users a reset password link.
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.

The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.

Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.


Built from https://develop.svn.wordpress.org/trunk@50129


git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 22:13:03 +00:00
whyisjake 5f532382aa Privacy: Ensure that exported user data reports can't be found with directory listings.
By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load.

Fixes #52299.

Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake. 

Built from https://develop.svn.wordpress.org/trunk@50037


git-svn-id: http://core.svn.wordpress.org/trunk@49738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-27 23:46:58 +00:00
Felix Arntz 3716c8c20f Robots: Introduce Robots API.
This changeset introduces a filter-based Robots API, providing central control over the `robots` meta tag.

* Introduces `wp_robots()` function which should be called anywhere a `robots` meta tag should be included.
* Introduces `wp_robots` filter which allows adding or modifying directives for the `robots` meta tag. The `wp_robots()` function is entirely filter-based, i.e. if no filter is added to `wp_robots`, no directives will be present, and therefore the entire `robots` meta tag will be omitted.
* Introduces the following `wp_robots` filter functions which replace similar existing functions that were manually rendering a `robots` meta tag:
    * `wp_robots_noindex()` replaces `noindex()`, which has been deprecated.
    * `wp_robots_no_robots()` replaces `wp_no_robots()`, which has been deprecated.
    * `wp_robots_sensitive_page()` replaces `wp_sensitive_page_meta()`, which has been deprecated. Its rendering of the `referrer` meta tag has been moved to another new function `wp_strict_cross_origin_referrer()`.

Migration to the new functions is straightforward. For example, a call to `add_action( 'wp_head', 'wp_no_robots' )` should be replaced with `add_filter( 'wp_robots', 'wp_robots_no_robots' )`.

Plugins and themes that render their own `robots` meta tags are encouraged to switch to rely on the `wp_robots` filter in order to use the central management layer now provided by WordPress core.

Props adamsilverstein, flixos90, timothyblynjacobs, westonruter.
See #51511.

Built from https://develop.svn.wordpress.org/trunk@49992


git-svn-id: http://core.svn.wordpress.org/trunk@49693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-21 01:37:00 +00:00
Sergey Biryukov c38bdce55b Docs: Correct description for `wp_parse_list()`.
The function simply converts a comma- or space-separated list of scalar values to an array and does not perform any sanitization on its own.

Follow-up to [44546].

Props johnjamesjacoby.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@49941


git-svn-id: http://core.svn.wordpress.org/trunk@49640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-06 17:25:07 +00:00
Sergey Biryukov 7ced0efbf4 Docs: Use more consistent descriptions for `void|false` return values.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@49935


git-svn-id: http://core.svn.wordpress.org/trunk@49634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-05 16:48:07 +00:00
Sergey Biryukov 37662df05e Docs: In various `@return` tags, list the expected type first, instead of `false` or `WP_Error`.
Follow-up to [46696], [47060], [49926], [49927].

See #51800.
Built from https://develop.svn.wordpress.org/trunk@49929


git-svn-id: http://core.svn.wordpress.org/trunk@49628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-04 17:18:04 +00:00
John Blackbourn dfe1f9b322 Docs: Promote many `bool` types to `true` or `false` where only that value is used.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49927


git-svn-id: http://core.svn.wordpress.org/trunk@49626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-03 22:04:04 +00:00
John Blackbourn 53da9208dd Docs: Various docblock corrections particularly relating to boolean types.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49926


git-svn-id: http://core.svn.wordpress.org/trunk@49625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-03 21:57:09 +00:00
Sergey Biryukov 3f05756219 Accessibility: Upgrade/Install: Add more contrast to input borders during installation.
This brings the accessibility improvements previously made for other areas of the admin in WordPress 5.3 to the installation screens too.

Follow-up to [46241-46244], [46247], [46248], [46293], [46425].

Props Maigret, audrasjb.
Fixes #51854.
Built from https://develop.svn.wordpress.org/trunk@49907


git-svn-id: http://core.svn.wordpress.org/trunk@49606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-26 19:54:07 +00:00
John Blackbourn e7cc15b321 Upload: Introduce the `{$action}_overrides` filter that allows the overrides parameter for file uploads and file sideloads to be filtered.
The dynamic portion of the hook name, `$action`, refers to the post action.

Props iandunn, jakub.tyrcha, nacin, wonderboymusic, Mte90, johnbillion

Fixes #16849

Built from https://develop.svn.wordpress.org/trunk@49845


git-svn-id: http://core.svn.wordpress.org/trunk@49564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-20 16:15:03 +00:00
John Blackbourn bf83c368fd Docs: Various docblock improvements.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49790


git-svn-id: http://core.svn.wordpress.org/trunk@49513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-10 23:59:03 +00:00
iandunn 4de6175227 Multisite: Cache absolute `dirsize` paths to avoid PHP 8 fatal.
r49212 greatly improved the performance of `get_dirsize()`, but also changed the structure of the data stored in the `dirsize_cache` transient. It stored relative paths instead of absolute ones, and also removed the unnecessary `size` array.

That difference in data structures led to a fatal error in the following environment:

* PHP 8
* Multisite
* A custom `WP_CONTENT_DIR` which is not a child of WP's `ABSPATH` folder (e.g., [https://roots.io/bedrock/ Bedrock])
* The `upload_space_check_disabled` option set to `0`

After upgrading to WP 5.6, the `dirsize_cache` transient still had data in the old format. When `wp-admin.php/index.php` was visited, `get_space_used()` received an `array` instead of an `int`, and tried to divide it by another `int`. PHP 7 would silently cast the arguments to match data types, but [https://wiki.php.net/rfc/arithmetic_operator_type_checks PHP 8 throws a fatal error]: 

`Uncaught TypeError: Unsupported operand types: array / int`

`recurse_dirsize()` was using `ABSPATH` to convert the absolute paths to relative ones, but some upload locations are not located under `ABSPATH`. In those cases, `$directory` and `$cache_path` were identical, and that triggered the early return of the old `array`, instead of the expected `int`. 

In order to avoid that, this commit restores the absolute paths, but without the `size` array. It also adds a type check when returning cached values. Using absolute paths without `size` has the result of overwriting the old data, so that it matches the new format. The type check and upgrade routine are additional safety measures.

Props peterwilsoncc, janthiel, helen, hellofromtonya, francina, pbiron.
Fixes #51913. See #19879.


Built from https://develop.svn.wordpress.org/trunk@49744


git-svn-id: http://core.svn.wordpress.org/trunk@49467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-03 20:39:02 +00:00
John Blackbourn f4cda1b62f Docs: Upgrade more parameters in docblocks to used typed array notation.
See #51800, #41756

Built from https://develop.svn.wordpress.org/trunk@49693


git-svn-id: http://core.svn.wordpress.org/trunk@49416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-24 21:27:05 +00:00
Helen Hou-Sandí b456e9c9c8 Upgrade/Install: Consistent layout and accurate messages on the update screen.
* Clarifies that if you are on maintenance/security auto-updates that you are only on those and therefore there are more options available.
* Adds a message if a version control system has been detected, as automatic updates are disabled in that case.
* Ensures only one heading between `update available`, `you are on a dev version`, and `you are on latest` appears at any given time, falling back to `you are on latest` if something strange happens with the returned update data.
* Removes some older strings related to auto-updates, which greatly simplifies the above.
* Strips the `core-major-auto-updates-saved` query arg from the URL, as it is related to a dismissible notice.

Props audrasjb, pbiron, helen.
Fixes #51742.

Built from https://develop.svn.wordpress.org/trunk@49638


git-svn-id: http://core.svn.wordpress.org/trunk@49376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-17 20:28:04 +00:00
Sergey Biryukov 5801fc9a93 Multisite: Rename the `calculate_current_dirsize` filter to `pre_recurse_dirsize`.
Set the default value to `false`. This brings some consistency with the `pre_get_space_used` filter.

Follow-up to [49212], [49616], [49628].

See #19879.
Built from https://develop.svn.wordpress.org/trunk@49629


git-svn-id: http://core.svn.wordpress.org/trunk@49367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-17 15:44:07 +00:00
Sergey Biryukov e123448589 Docs: Adjust comments for `recurse_dirsize()` and related tests per the documentation standards.
Follow-up to [49212], [49616].

See #19879.
Built from https://develop.svn.wordpress.org/trunk@49628


git-svn-id: http://core.svn.wordpress.org/trunk@49366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-17 15:38:10 +00:00
Helen Hou-Sandí aceaf33edd Multisite: More consistency for `clean_dirsize_cache()`.
Props SergeyBiryukov.
Fixes #19879.

Built from https://develop.svn.wordpress.org/trunk@49616


git-svn-id: http://core.svn.wordpress.org/trunk@49354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-16 22:31:06 +00:00
John Blackbourn 9115246f72 General: Convert `wp_array_get()` to a "private" function and add tests.
This function may be promoted in the future if it's deemed useful enough.

Props dd32, jorgefilipecosta, Hareesh Pillai

Fixes #51720

Built from https://develop.svn.wordpress.org/trunk@49580


git-svn-id: http://core.svn.wordpress.org/trunk@49318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-12 20:20:12 +00:00
Helen Hou-Sandí c57ce00691 Feeds: Don't treat media URLs with fragments as unique for enclosures.
Props archduck, dshanske.
Fixes #47421.

Built from https://develop.svn.wordpress.org/trunk@49552


git-svn-id: http://core.svn.wordpress.org/trunk@49290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-09 20:28:07 +00:00
Helen Hou-Sandí cc74786052 General: Make some inline comments more descriptive.
Props jorbin.
Fixes #51683.

Built from https://develop.svn.wordpress.org/trunk@49474


git-svn-id: http://core.svn.wordpress.org/trunk@49233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-02 18:04:07 +00:00
whyisjake 4b91d4e523 Upgrade/Install: During the install process, add additional checking for exising tables.
If reinstalling WordPress, there is a condition where tables would exist in the database. Ensures that when that is the case, the install process can carry along without issue.

Fixes #51676.

Props xknown, garubi, mukesh27, desrosj, johnbillion, metalandcoffee, davidbaumwald, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@49452


git-svn-id: http://core.svn.wordpress.org/trunk@49211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 17:52:07 +00:00
desrosj a8e86c768c Upgrade/install: Improve logic check when determining installation status.
Improve handling of ambiguous return values to determine if a blog is installed.

Props zieladam, xknown.
Merges [49377] to trunk.
Built from https://develop.svn.wordpress.org/trunk@49386


git-svn-id: http://core.svn.wordpress.org/trunk@49145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:06:13 +00:00
Sergey Biryukov e2e3c8ec47 General: Add `$options` parameter to JSON response functions:
* `wp_send_json()`
* `wp_send_json_success()`
* `wp_send_json_error()`

This allows for customizing the options passed to `json_encode()`.

Props eroraghav, hareesh-pillai, garrett-eclipse.
Fixes #51293.
Built from https://develop.svn.wordpress.org/trunk@49235


git-svn-id: http://core.svn.wordpress.org/trunk@48997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 15:56:08 +00:00
desrosj d40c365a30 Coding Standards: Correct some minor coding standards issues.
Introduced in [49154], [49212], [49223], and [49224].
Built from https://develop.svn.wordpress.org/trunk@49225


git-svn-id: http://core.svn.wordpress.org/trunk@48987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 13:29:08 +00:00
Sergey Biryukov 651f426b3a General: Remove `noreferrer` from `wp_targeted_link_rel()` and other uses.
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.

Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.

Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes #49558.
Built from https://develop.svn.wordpress.org/trunk@49215


git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-19 23:39:04 +00:00
Helen Hou-Sandí bdfd1a954f Multisite: More specific caching for `get_dirsize`.
Instead of one cache entry for all upload folders for a site on multisite, this now caches for each folder and invalidates that cache based on context. In multisite, this should speed up `get_dirsize` calls since older directories that are much less likely to change will no longer have the size recalculated.

Props janthiel, A5hleyRich, batmoo.
Fixes #19879.

Built from https://develop.svn.wordpress.org/trunk@49212


git-svn-id: http://core.svn.wordpress.org/trunk@48974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-19 21:51:06 +00:00
Sergey Biryukov 0e3147c40e Coding Standards: Replace alias PHP functions with the canonical names.
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.

This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast

In part, this is a follow-up to #47746.

Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193


git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 17:27:06 +00:00
Sergey Biryukov 542d13830b General: Move `wp_array_get()` next to `wp_array_slice_assoc()`, for a bit more consistent placement.
Follow-up to [49135], [49143].

See #51461.
Built from https://develop.svn.wordpress.org/trunk@49144


git-svn-id: http://core.svn.wordpress.org/trunk@48906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-14 02:16:08 +00:00
Sergey Biryukov 620c069fe8 General: Move `wp_array_get()` from a separate file to `wp-includes/functions.php`, for consistency.
Add missing `@since` tag, adjust the DocBlock per the documentation standards.

Follow-up to [49135].

Props isabel_brison, ocean90.
Fixes #51461.
Built from https://develop.svn.wordpress.org/trunk@49143


git-svn-id: http://core.svn.wordpress.org/trunk@48905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-14 02:10:04 +00:00
John Blackbourn bd1fa2d998 Posts, Post Types: Switch to restoring posts to `draft` status by default when they are untrashed.
This allows for edits to be made to a restored post before it goes live again. This also prevents scheduled posts being published unexpectedly if they are untrashed after their originally scheduled date.

The old behaviour of restoring untrashed posts to their original status can be reinstated using the `wp_untrash_post_set_previous_status()` helper function.

Also fixes an issue where the incorrect post ID gets passed to hooks if no post ID is passed to the function.

Props harrym, bananastalktome, jaredcobb, chriscct7, melchoyce, johnbillion, pankajmohale

Fixes #23022

Built from https://develop.svn.wordpress.org/trunk@49125


git-svn-id: http://core.svn.wordpress.org/trunk@48887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-11 13:39:07 +00:00
Sergey Biryukov 897f004a9c General: Replace older-style PHP type conversion functions with type casts.
This improves performance, readability, and consistency throughout core.

* `intval()` → `(int)`
* `strval()` → `(string)`
* `floatval()` → `(float)`

Props ayeshrajans.
Fixes #42918.
Built from https://develop.svn.wordpress.org/trunk@49108


git-svn-id: http://core.svn.wordpress.org/trunk@48870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 21:15:13 +00:00
Sergey Biryukov bdccfa3a03 Code Modernization: Check if the file to retrieve metadata from in `get_file_data()` was successfully opened.
This avoids a fatal error on PHP 8 caused by passing a `false` value to `fread()`, instead of a file resource.

See #50913.
Built from https://develop.svn.wordpress.org/trunk@49073


git-svn-id: http://core.svn.wordpress.org/trunk@48835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-30 12:20:03 +00:00
TimothyBlynJacobs 0db3f859ea Add ircs and irc6 to the list of allowed protocols.
This adds support for the secure and ipv6 variants of the already allowed irc protocol.

Props arealnobrainer, markparnell, ctmartin.

Built from https://develop.svn.wordpress.org/trunk@49055


git-svn-id: http://core.svn.wordpress.org/trunk@48817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-26 21:02:04 +00:00
Sergey Biryukov 346794bc57 Upload: Add a check in `wp_check_filetype_and_ext()` to account for CSV files having the `application/csv` MIME type.
Previously, the PHP Fileinfo extension used to detect CSV files as `text/plain`.

In PHP 8, this has changed, and CSV files are detected as `application/csv`.

Follow-up to [44438].

See #50913.
Built from https://develop.svn.wordpress.org/trunk@49049


git-svn-id: http://core.svn.wordpress.org/trunk@48811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-26 01:11:09 +00:00
Sergey Biryukov cfe5b1c9f2 Docs: Add a `@since` note to `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters about exports using relative paths since WordPress 5.5.
When changing exports location via these filters, make sure to migrate the files to the new directory, to avoid breaking any existing exports.

Follow-up to [48127], [48330].

Props garrett-eclipse.
Fixes #51361.
Built from https://develop.svn.wordpress.org/trunk@49042


git-svn-id: http://core.svn.wordpress.org/trunk@48804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-24 05:00:06 +00:00
John Blackbourn aef504acfd Docs: Correct the indentation for some array type docs.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49028


git-svn-id: http://core.svn.wordpress.org/trunk@48790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-21 16:46:06 +00:00
Sergey Biryukov d3a3862248 Code Modernization: Fix PHP 8 deprecation notices for optional function parameters declared before required parameters.
As it already was not possible to pass the required parameters without also passing the optional one anyway, removing the default value for the (not so) optional parameters should not affect backward compatibility.

This change affects three functions in core:

* `get_comment_delimited_block_content()`
* `do_enclose()`
* `_wp_delete_tax_menu_item()`

Props jrf, ayeshrajans, desrosj.
Fixes #50343.
Built from https://develop.svn.wordpress.org/trunk@48794


git-svn-id: http://core.svn.wordpress.org/trunk@48556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-15 13:40:03 +00:00
John Blackbourn 782f05d2c5 Docs: Various fixes and improvements to inline documentation.
See #49572
Built from https://develop.svn.wordpress.org/trunk@48695


git-svn-id: http://core.svn.wordpress.org/trunk@48457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-30 19:14:03 +00:00
Sergey Biryukov 6731940272 Pings/Trackbacks: Avoid a PHP notice in `do_enclose()` when encountering a URL without a path in post content.
Props jbouganim, mukesh27, Otto42, SergeyBiryukov.
Fixes #49872.
Built from https://develop.svn.wordpress.org/trunk@48621


git-svn-id: http://core.svn.wordpress.org/trunk@48383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-26 14:08:05 +00:00
Sergey Biryukov ed9d53ec1f I18N: Respect the passed `text_direction` argument in `wp_die()`.
Previously, the passed value was only used as a fallback if `get_language_attributes()` is not yet available.

Props apedog.
Fixes #49060.
Built from https://develop.svn.wordpress.org/trunk@48607


git-svn-id: http://core.svn.wordpress.org/trunk@48369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-25 15:26:05 +00:00
Sergey Biryukov d07fc084af Docs: Improve description for `wp_unique_filename()`.
Props stevenlinx.
Fixes #50762.
Built from https://develop.svn.wordpress.org/trunk@48606


git-svn-id: http://core.svn.wordpress.org/trunk@48368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-25 12:31:05 +00:00
Sergey Biryukov d936f2c959 Docs: Miscellaneous DocBlock corrections.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48591


git-svn-id: http://core.svn.wordpress.org/trunk@48353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 21:55:04 +00:00