Commit Graph

480 Commits

Author SHA1 Message Date
Andrew Ozz c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
iandunn 9abc0fe73e Privacy: Add `wp_privacy_personal_data_export_file_created` filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43047


git-svn-id: http://core.svn.wordpress.org/trunk@42876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:04:22 +00:00
iandunn 23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
iandunn 5b4aa26436 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43045


git-svn-id: http://core.svn.wordpress.org/trunk@42874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 18:53:25 +00:00
Andrew Ozz b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Sergey Biryukov 3957635dfb I18N: Correct placeholder references in a translator comment in `wp_print_file_editor_templates()`.
Props afercia.
See #43523.
Built from https://develop.svn.wordpress.org/trunk@42983


git-svn-id: http://core.svn.wordpress.org/trunk@42812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 18:36:24 +00:00
John Blackbourn c9b07e6411 Docs: Standardise and correct documentation relating to parameters which accept plugin names.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42787


git-svn-id: http://core.svn.wordpress.org/trunk@42617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-05 21:50:31 +00:00
Sergey Biryukov 58592b64dc Docs: Use consistent description for `$wp_filesystem` global.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@42777


git-svn-id: http://core.svn.wordpress.org/trunk@42607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 21:58:30 +00:00
Sergey Biryukov 179bec1306 Docs: Clarify return values and improve DocBlock formatting for `verify_file_md5()`, `unzip_file()`, `_unzip_file_ziparchive()`, `_unzip_file_pclzip()`, `copy_dir()`, `WP_Filesystem()`.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@42776


git-svn-id: http://core.svn.wordpress.org/trunk@42606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 21:43:30 +00:00
Sergey Biryukov 3c8ae81018 Docs: Clarify `download_url()` return value, improve DocBlock formatting.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@42775


git-svn-id: http://core.svn.wordpress.org/trunk@42605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 19:50:31 +00:00
Sergey Biryukov 86c3c7e1c9 Filesystem API: Allow `download_url()` to return the response code and body on error as an additional `WP_Error` object data.
The error response body size is limited to 1 KB by default to avoid taking up too much memory. The size can be increased using `download_url_error_max_body_size` filter.

Props soulseekah, campusboy1987, mihdan, SergeyBiryukov.
Fixes #43329.
Built from https://develop.svn.wordpress.org/trunk@42773


git-svn-id: http://core.svn.wordpress.org/trunk@42603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 17:14:31 +00:00
Sergey Biryukov 0e802a627d General: Introduce `WP_Error::has_errors()` method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.
Built from https://develop.svn.wordpress.org/trunk@42761


git-svn-id: http://core.svn.wordpress.org/trunk@42591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-27 02:31:31 +00:00
Peter Wilson e6ccdf161f General: Further improve error messages following [42648].
Props kristastevens, melchoyce.
Fixes #38332 for trunk.


Built from https://develop.svn.wordpress.org/trunk@42719


git-svn-id: http://core.svn.wordpress.org/trunk@42547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-19 02:13:32 +00:00
John Blackbourn fc6ba86b80 Docs: First pass at switching some array parameter documentation to typed notation.
Props janak007

See #41756

Built from https://develop.svn.wordpress.org/trunk@42679


git-svn-id: http://core.svn.wordpress.org/trunk@42507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 17:26:31 +00:00
John Blackbourn 91464bce65 Docs: Add missing code formatting to various `@since` entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Peter Wilson 0d39b35c11 General: Replace `Cheatin’ uh?` with friendlier error messages.
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.

Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes #38332.


Built from https://develop.svn.wordpress.org/trunk@42648


git-svn-id: http://core.svn.wordpress.org/trunk@42477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-05 02:30:34 +00:00
Sergey Biryukov 0eb2581c67 Media: In `_wp_handle_upload()`, check if the file was properly uploaded before checking its size.
Props achbed, dglingren.
Fixes #39522.
Built from https://develop.svn.wordpress.org/trunk@42525


git-svn-id: http://core.svn.wordpress.org/trunk@42354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-17 07:16:30 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Dion Hulse 271e08a26e Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.
See #42609.
Fixes #42705.

Built from https://develop.svn.wordpress.org/trunk@42246


git-svn-id: http://core.svn.wordpress.org/trunk@42075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 03:44:47 +00:00
Dion Hulse daacc37405 Theme Editor: Validate files are editable based on their relative filenames, rather than full file path.
This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.

Fixes #42609.

Built from https://develop.svn.wordpress.org/trunk@42244


git-svn-id: http://core.svn.wordpress.org/trunk@42073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 03:28:48 +00:00
Dion Hulse 4073743527 Filesystem: Use a more unique filename in `wp_tempnam()` and `get_filesystem_method()`.
Using a filename which was generated from `time()` could cause two processes to try to use the same filename, causing unexpected behaviour.

Props jrchamp, bikecrazyy.
Fixes #42265.

Built from https://develop.svn.wordpress.org/trunk@42224


git-svn-id: http://core.svn.wordpress.org/trunk@42053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-24 03:05:50 +00:00
Gary Pendergast a779284c00 General: Reformat inline `if ()` statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42217


git-svn-id: http://core.svn.wordpress.org/trunk@42046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-23 04:09:49 +00:00
Weston Ruter 83c29a4d08 Theme Editor: Ensure files listed recursively can be both viewed and edited.
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.

Amends [41806].
See #6531.
Fixes #42425.

Built from https://develop.svn.wordpress.org/trunk@42112


git-svn-id: http://core.svn.wordpress.org/trunk@41941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-02 23:05:48 +00:00
John Blackbourn 2f3e91028a Filesystem API: Add more specificity to the rules for valid files in `validate_file()`.
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170

Built from https://develop.svn.wordpress.org/trunk@42011


git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:15:49 +00:00
John Blackbourn 16cfe96580 Filesystem API: Don't immediately return an error for invalid file names contained within a Zip while it's being extracted.
This allows the extraction of the rest of the valid files within the archive to continue.

See #42016

Built from https://develop.svn.wordpress.org/trunk@42010


git-svn-id: http://core.svn.wordpress.org/trunk@41844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:11:50 +00:00
John Blackbourn 4812370aab Docs: Improve the docs for `validate_file()` and `validate_file_to_edit()`.
See #42016, #36170, #41017

Built from https://develop.svn.wordpress.org/trunk@42007


git-svn-id: http://core.svn.wordpress.org/trunk@41841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:50:49 +00:00
Gary Pendergast 58db3cb54e File Editor: Add support for more than one sub-directory level.
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.

Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes #6531.


Built from https://develop.svn.wordpress.org/trunk@41806


git-svn-id: http://core.svn.wordpress.org/trunk@41640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:34:49 +00:00
Weston Ruter 1a22fb3b60 File Editor: Increase robustness of fatal error checking when saving PHP file edits.
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.

Amends [41721].
See #21622.
Fixes #42102.

Built from https://develop.svn.wordpress.org/trunk@41805


git-svn-id: http://core.svn.wordpress.org/trunk@41639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:27:49 +00:00
Weston Ruter 5f7a5c1246 File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

Built from https://develop.svn.wordpress.org/trunk@41721


git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 00:20:45 +00:00
John Blackbourn 69de73224f Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Built from https://develop.svn.wordpress.org/trunk@41457


git-svn-id: http://core.svn.wordpress.org/trunk@41290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:36:47 +00:00
Weston Ruter 203d220c6f Customize: Re-use homepage settings help tab text from Reading Options admin screen in description for corresponding Customizer section.
Also remove "Static" reference in template name, missed in [41363].

See #41829.

Built from https://develop.svn.wordpress.org/trunk@41364


git-svn-id: http://core.svn.wordpress.org/trunk@41197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 17:08:43 +00:00
Weston Ruter a74e98d7be Customize: Rename "Static front page" to just "Homepage".
Props danieltj, melchoyce.
Fixes #41828.

Built from https://develop.svn.wordpress.org/trunk@41363


git-svn-id: http://core.svn.wordpress.org/trunk@41196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 16:20:44 +00:00
Drew Jaynes d5e3ea444d Filesystem: Introduce the `pre_move_uploaded_file` filter.
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.

Error reporting related to the file being moved will also be skipped.

Props ryan, Mte90.
Fixes #24603.

Built from https://develop.svn.wordpress.org/trunk@41258


git-svn-id: http://core.svn.wordpress.org/trunk@41098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-16 21:59:43 +00:00
Sergey Biryukov 581707de6c Docs: Add a `@global` entry for `$allowed_files` in `get_file_description()`.
Props div33, ajayghaghretiya1.
Fixes #41294.
Built from https://develop.svn.wordpress.org/trunk@41032


git-svn-id: http://core.svn.wordpress.org/trunk@40882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-12 21:40:40 +00:00
Aaron Campbell 38347d7c58 Add nonce for updating file system credentials.
Built from https://develop.svn.wordpress.org/trunk@40723


git-svn-id: http://core.svn.wordpress.org/trunk@40581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:48:44 +00:00
Pascal Birchler 064e62cbea Cron API: Add a new `wp_doing_cron()` helper function.
This replaces `DOING_CRON` checks via the constant.

Props tfrommen.
Fixes #39591.

Built from https://develop.svn.wordpress.org/trunk@40575


git-svn-id: http://core.svn.wordpress.org/trunk@40445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-06 14:30:40 +00:00
Dion Hulse 6066654967 Updates: Remove a stray `"` from a tag.
Props afercia.
See #39057.

Built from https://develop.svn.wordpress.org/trunk@39656


git-svn-id: http://core.svn.wordpress.org/trunk@39596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 07:42:42 +00:00
Andrea Fercia eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Scott Taylor a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor 390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse 0e31a46161 Bootstrap: Revert [38399] as it's broken `/build/` and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor 6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor 7ac88c02fa Media: when calling `pathinfo()`, also pass a `PATHINFO_*` constant to avoid array notices for unset keys.
Props JaworskiMatt.
Fixes #37608.

Built from https://develop.svn.wordpress.org/trunk@38294


git-svn-id: http://core.svn.wordpress.org/trunk@38235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-20 23:36:28 +00:00
Dominik Schilling 771fc167b6 Media: In `_wp_handle_upload()` use `call_user_func_array()` to call the upload error handler.
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning:  Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.

To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.

Props jbrinley.
Props jorbin for review.
Fixes #37570.
Built from https://develop.svn.wordpress.org/trunk@38235


git-svn-id: http://core.svn.wordpress.org/trunk@38176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 21:54:30 +00:00
Dominik Schilling d7253ca244 Filesystem API: Prevent an endless self-calling loop in `wp_tempnam()`.
Under certain conditions upgrades on Windows may fail because `wp_tempnam()` gets called in a loop.
This can happen when `wp_tempnam()` is called with `\.maintenance` for the `$filename` parameter. The function strips the extension, in this case `.maintenance`, which results in an empty filename. Because it's empty, `wp_tempnam()` calls itself with `dirname( '\.maintenance' )`. On *nix systems this would be `"/"` which allows `wp_tempnam()` to fall back on `time()`. But on Windows it's `"\"`.

This change adds the backslash to the list of characters which allow `wp_tempnam()` to fall back on `time()`.

See [32322], [31936].
Fixes #33999.
Built from https://develop.svn.wordpress.org/trunk@38151


git-svn-id: http://core.svn.wordpress.org/trunk@38092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-25 15:28:29 +00:00
Dominik Schilling 3a3828c396 Filesystem API: Change the default value for the `$context` parameter of `get_filesystem_method()` and `request_filesystem_credentials()` to an empty string.
`$context` is a full path to the directory that is tested for being writable. A path shouldn't be a boolean value.
This also updates `WP_Upgrader_Skin::request_filesystem_credentials()` and `Automatic_Upgrader_Skin::request_filesystem_credentials()` and adds missing docs.

Props DrewAPicture, ocean90.
Fixes #37412.

Built from https://develop.svn.wordpress.org/trunk@38138


git-svn-id: http://core.svn.wordpress.org/trunk@38079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-22 12:10:27 +00:00
Dominik Schilling aa561e67a1 Bootstrap: Enhance core's memory limit handling.
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.

Related commits: [38011-38013]

Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes #32075.
Built from https://develop.svn.wordpress.org/trunk@38015


git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 14:37:30 +00:00
Dion Hulse c959b63539 Updates: Only use the filename component of URLs to form part of the temporary filename.
Previously we were passing the entire URL to `wp_tempnam()` (incorrectly) which caused the query string to be used as part of the temporary filename.
We now only use the file component of a url such as `https://example.com/filename.zip?arg1=1&arg2=2....&arg100=100` to prevent a long filename.

Fixes #34938

Built from https://develop.svn.wordpress.org/trunk@37598


git-svn-id: http://core.svn.wordpress.org/trunk@37566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-31 02:21:29 +00:00
Drew Jaynes 1947f4d17c Docs: Apply inline `@see` tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Andrea Fercia ce94f2dfbd Refine the FTP credentials form interaction.
Properly toggle SSH2 Authentication Keys fieldset visibility.
JavaScript and CSS clean-up.

Props Mte90.
Fixes #34376.
Built from https://develop.svn.wordpress.org/trunk@37467


git-svn-id: http://core.svn.wordpress.org/trunk@37435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-19 22:59:28 +00:00
Dominik Schilling 546b031453 Filesystem API: Don't add `'.'` to the list of directories which need to be checked/created when extracting a file.
Prevents a PHP warning by `WP_Filesystem_Direct::mkdir()` when installing a language pack which doesn't have subdirectories.

Props tfrommen.
Fixes #36570.
Built from https://develop.svn.wordpress.org/trunk@37421


git-svn-id: http://core.svn.wordpress.org/trunk@37387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-12 12:40:28 +00:00
Sergey Biryukov f79aad8e0c Theme Editor: After [37217], add other embed templates to file descriptions.
Props Frozzare.
Fixes #34561. See #34561.
Built from https://develop.svn.wordpress.org/trunk@37232


git-svn-id: http://core.svn.wordpress.org/trunk@37198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-18 01:05:27 +00:00
Sergey Biryukov f760d05a63 Theme Editor: Add `embed.php` to file descriptions.
Props ramiy.
Fixes #36551.
Built from https://develop.svn.wordpress.org/trunk@37217


git-svn-id: http://core.svn.wordpress.org/trunk@37183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-16 12:47:27 +00:00
Dominik Schilling d8f3325c14 Docs: Correct grammar when referring to "a URL" vs "an URL" in several places.
Fixes #36218.
Built from https://develop.svn.wordpress.org/trunk@36970


git-svn-id: http://core.svn.wordpress.org/trunk@36938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-12 12:39:27 +00:00
Drew Jaynes 6995ec613e Docs: Add private access notation to the DocBlock for the core `_wp_handle_upload()` function.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@36473


git-svn-id: http://core.svn.wordpress.org/trunk@36440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-03 20:19:25 +00:00
Sergey Biryukov 7afa923067 Media: In `_wp_handle_upload()`, move ending brace to a new line.
Props georgestephanis.
Fixes #35565.
Built from https://develop.svn.wordpress.org/trunk@36373


git-svn-id: http://core.svn.wordpress.org/trunk@36340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-21 20:27:26 +00:00
Sergey Biryukov 2328667dc9 Theme Editor: Break `$wp_file_descriptions` array into sections and reorder for consistency and readability.
Props ramiy.
Fixes #35223.
Built from https://develop.svn.wordpress.org/trunk@36088


git-svn-id: http://core.svn.wordpress.org/trunk@36053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-25 21:12:26 +00:00
Sergey Biryukov 11b89a88a9 Theme Editor: Add `taxonomy.php`, `home.php`, `front-page.php`, `date.php`, and `singular.php` to file descriptions.
Props ramiy.
See #35223.
Built from https://develop.svn.wordpress.org/trunk@36087


git-svn-id: http://core.svn.wordpress.org/trunk@36052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-25 21:05:25 +00:00
Sergey Biryukov 3f61b6bafa Docs: Improve documentation for `request_filesystem_credentials()` and the corresponding filter.
Props swissspidy, danhgilmore, slushman.
Fixes #34858.
Built from https://develop.svn.wordpress.org/trunk@35888


git-svn-id: http://core.svn.wordpress.org/trunk@35852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-12 16:16:26 +00:00
Pascal Birchler 54b8c3e53b Docs: Fix some minor DocBlock alignment issues.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@35885


git-svn-id: http://core.svn.wordpress.org/trunk@35849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-12 15:37:28 +00:00
John Blackbourn a027edc277 Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times.
Twelve years later, after no fewer than three themes have intentionally implemented popup comments in their functionality, before being abandoned for at least the last six years, we've reached a time where we can put this era behind us. A time when we can remove comment popup functionality from WordPress.

If this breaks the internet, I'll eat my hat.

Fixes #28617

Built from https://develop.svn.wordpress.org/trunk@35848


git-svn-id: http://core.svn.wordpress.org/trunk@35812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-10 03:06:30 +00:00
Konstantin Kovshenin 919867b090 Docs: Remove some more dittography.
See #34885, r35793.

Built from https://develop.svn.wordpress.org/trunk@35796


git-svn-id: http://core.svn.wordpress.org/trunk@35760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:50:25 +00:00
Mark Jaquith 1a43f0b290 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749


git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
Aaron Jorbin e8d8e79371 Revert [34291] bringing back my-hacks
Keeping myhacks support is a small price to pay for not breaking people's sites.  Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.

https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.

Fixes #33741.



Built from https://develop.svn.wordpress.org/trunk@35688


git-svn-id: http://core.svn.wordpress.org/trunk@35652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:49:26 +00:00
Dion Hulse 42ff945649 Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename.
This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562

Built from https://develop.svn.wordpress.org/trunk@35644


git-svn-id: http://core.svn.wordpress.org/trunk@35608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-16 05:33:25 +00:00
Dion Hulse f47801d504 Media: Allow `media_sideload_image()` to work when the upload directory is a PHP Stream. Using copy() instead of rename() allows the function to work across different stream sources.
Props mattheu.
Fixes #29257

Built from https://develop.svn.wordpress.org/trunk@35579


git-svn-id: http://core.svn.wordpress.org/trunk@35543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 00:44:27 +00:00
Scott Taylor 85d21feca6 Plugins/Updates: in `request_filesystem_credentials()`, alter the heading HTML tag based on the current screen for improved semantics.
Props afercia.
Fixes #34267.

Built from https://develop.svn.wordpress.org/trunk@35315


git-svn-id: http://core.svn.wordpress.org/trunk@35281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 03:51:24 +00:00
Drew Jaynes 1cb39b180f Docs: Standardize the file header summary for wp-admin/includes/file.php.
Also adds an `@since` version and corrects the `@subpackage` value.

See #33701.

Built from https://develop.svn.wordpress.org/trunk@35221


git-svn-id: http://core.svn.wordpress.org/trunk@35187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-16 16:56:26 +00:00
Boone Gorges 0e7c1d3b14 Use `wp_installing()` instead of `WP_INSTALLING` constant.
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.

A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available.  However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.

The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.

Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828


git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
Scott Taylor 8bb4c2c2e9 Theme Editor: ensure that files named `index.php` in theme subfolders are not labeled as "Main Index Template"
Props MikeHansenMe, wonderboymusic, bravokeyl, Shelob9.
Fixes #27201.

Built from https://develop.svn.wordpress.org/trunk@34658


git-svn-id: http://core.svn.wordpress.org/trunk@34622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-28 03:11:24 +00:00
John Blackbourn aa35e473f7 `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead.
Fixes #34032

Built from https://develop.svn.wordpress.org/trunk@34566


git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00
Scott Taylor 84da11d918 Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`.
Fixes #20523.

Built from https://develop.svn.wordpress.org/trunk@34348


git-svn-id: http://core.svn.wordpress.org/trunk@34312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:52:25 +00:00
Aaron Jorbin 10d03c1ab3 Remove support for my-hacks.php
For the last 10 years, my-hacks has been deprecated and has been throwing a deprecation notice. For the last six years, you haven't been able to enable my-hacks.php in the admin UI. That should be enough time to give developers notice. Plugins and themes seem like they might have staying power.

Fixes #33741
Props bobbingwide


Built from https://develop.svn.wordpress.org/trunk@34291


git-svn-id: http://core.svn.wordpress.org/trunk@34255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 17:06:25 +00:00
Dominik Schilling f3a62b7714 Theme Editor: Change file descriptions of `header.php` and `footer.php`.
`header.php` is now "Theme Header" and `footer.php` is "Theme Footer". This prevents a clash with other "Header" strings in the context of "Custom Header".

Props ramiy.
Fixes #32975.
Built from https://develop.svn.wordpress.org/trunk@34290


git-svn-id: http://core.svn.wordpress.org/trunk@34254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 16:03:24 +00:00
Drew Jaynes 13c25f5f49 Docs: Put "it's" in its place (again).
Props kitchin.
Fixes #33894.

Built from https://develop.svn.wordpress.org/trunk@34234


git-svn-id: http://core.svn.wordpress.org/trunk@34198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 12:46:28 +00:00
Sergey Biryukov 465e348c12 Fix closing div in `wp_print_request_filesystem_credentials_modal()`.
Props trepmal.
Fixes #33737.
Built from https://develop.svn.wordpress.org/trunk@33908


git-svn-id: http://core.svn.wordpress.org/trunk@33877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-05 15:17:24 +00:00
Scott Taylor a0e373ef80 For doc block types, favor `bool` over the few remaining `boolean`s
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32964


git-svn-id: http://core.svn.wordpress.org/trunk@32935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 01:03:25 +00:00
Scott Taylor b56b9b3e5c Add `@global` annotations for `wp-admin/*`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
Drew Jaynes cdbecf201b Clarify accepted types for the `$args` and `$context` parameters in `WP_Filesystem()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32338


git-svn-id: http://core.svn.wordpress.org/trunk@32309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-04 01:04:25 +00:00
Dion Hulse 610e34c215 When creating a temporary file treat the `/` directory properly, to prevent it ending up in an endless self-calling loop.
Props hnle, taka2. Fixes #32135. See #31811

Built from https://develop.svn.wordpress.org/trunk@32322


git-svn-id: http://core.svn.wordpress.org/trunk@32293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-29 03:17:31 +00:00
Dominik Schilling 89e45feb4c Don't focus input fields outside of the request filesystem credentials form.
props valendesigns.
fixes #32055.
Built from https://develop.svn.wordpress.org/trunk@32266


git-svn-id: http://core.svn.wordpress.org/trunk@32237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-22 16:24:26 +00:00
Aaron Jorbin abfddb8f3e Update placeholder for FTP credentials
Two changes:
 * Remove superfluous __ function call
 * Update domain used

Fixes #31922
Props Tmeister


Built from https://develop.svn.wordpress.org/trunk@32077


git-svn-id: http://core.svn.wordpress.org/trunk@32056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-08 16:50:27 +00:00
Drew Jaynes 02810a305f Clarify the DocBlock description for `wp_print_request_filesystem_credentials_modal()`.
See [31811]. See #31888.

Built from https://develop.svn.wordpress.org/trunk@32016


git-svn-id: http://core.svn.wordpress.org/trunk@31995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-04 21:13:26 +00:00
Aaron Jorbin 8f99fbeb8d Refine UI for FTP modal and shiny updates
Numerous changes to make the FTP modal experience a good one.  These include:
 * Update HTML used by both the form here and the form on the standalone screen
 * Allow users to cancel FTP install
 * Focus locking in the modal
 * Focus on modal form on load
 * ARIA Attributes
 * Style Enhancements
 * Add low screen height (such as phone and some tablets) friendly experience for entering credentials

Props ericlewis, afercia 
Fixes #31608


Built from https://develop.svn.wordpress.org/trunk@31949


git-svn-id: http://core.svn.wordpress.org/trunk@31928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 02:48:28 +00:00
Dion Hulse 7e1e32909e Add some logic into `wp_tempnam` to prevent it creating 'falsey' directory names that might get used elsewhere within WordPress.
Although this logic looks a little strange at this low level, it's the best location within the Upgrades code for it to happen.
Fixes #31811

Built from https://develop.svn.wordpress.org/trunk@31936


git-svn-id: http://core.svn.wordpress.org/trunk@31915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-31 02:11:26 +00:00
Drew Jaynes 1ad0eaf416 Clean up DocBlock information and syntax for `get_filesystem_method()`.
Props ericlewis, HarishChaudhari, valendesigns.
Fixes #31267.

Built from https://develop.svn.wordpress.org/trunk@31884


git-svn-id: http://core.svn.wordpress.org/trunk@31863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 16:32:28 +00:00
Aaron Jorbin 2d64637ff8 Request FTP and SSH credentials when needed during shiny updates
This is a restoration of [31749] which was reverted in [31755].

It includes a number of enhancements from the original version.  Namely:
 * Not doing a credential check in src/wp-includes/script-loader.php
 * Add new function `wp_print_request_filesystem_credentials_modal`
 * update the version number in the list table when a plugin is updated

UI still needs further work, but this basic version should enable more testing

Props ericlewis, jorbin
See #31528


Built from https://develop.svn.wordpress.org/trunk@31811


git-svn-id: http://core.svn.wordpress.org/trunk@31793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-18 03:18:27 +00:00
Scott Taylor eeda68bbda Fix some erroneous `@param` annotations.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31219


git-svn-id: http://core.svn.wordpress.org/trunk@31200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 22:44:25 +00:00
Scott Taylor bc55996a0b `@param` cleanup:
* `get_metadata()` will return literally anything, needs to be `mixed`
* `wp()` and `WP_Query::__construct()` no longer just take a query string
* Clarify a few others

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31212


git-svn-id: http://core.svn.wordpress.org/trunk@31193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 19:03:23 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Scott Taylor ff98cfcf45 Pinking Shears.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31077


git-svn-id: http://core.svn.wordpress.org/trunk@31058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 05:03:23 +00:00
Dion Hulse 5661464d35 Background Updates: Pass back whether Group Writable support is being leveraged for an update to the WordPress.org API.
See #30245

Built from https://develop.svn.wordpress.org/trunk@30860


git-svn-id: http://core.svn.wordpress.org/trunk@30850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 14:08:23 +00:00
Drew Jaynes 23707b1ada Convert various uses of `(optional)` in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP.
The style for marking parameters optional in inline PHP docs is: `@param type $var Optional. Description. Accepts. Default.`, where Accepts can be omitted on a case-by-case basis.

Props coffee2code.
Fixes #30591.

Built from https://develop.svn.wordpress.org/trunk@30753


git-svn-id: http://core.svn.wordpress.org/trunk@30743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:24:45 +00:00
Drew Jaynes 78bb3e5ff5 Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/includes/*.
Also adds a few inline `@see` cross-references as they apply.

Affects DocBlocks for the following hooks:
* `views_{$this->screen->id}`
* `bulk_actions-{$this->screen->id}`
* `manage_{$this->screen->id}_sortable_columns`
* `theme_action_links_$stylesheet`
* `after_theme_row_$stylesheet`
* `install_plugins_table_api_args_$tab`
* `$prefix . plugin_action_links`
* `after_plugin_row_$plugin_file`
* `manage_taxonomies_for_{$post_type}_columns`
* `manage_{$post_type}_posts_columns`
* `manage_{$post->post_type}_posts_custom_column`
* `{$taxonomy}_row_actions`
* `manage_{$this->screen->taxonomy}_custom_column`
* `install_themes_table_api_args_' . $tab`
* `auto_update_ . $type`
* `{$action}_prefilter`
* `admin_head_{$content_func}`
* `nav_menu_items_{$post_type_name}`
* `activate_ . $plugin`
* `deactivate_ . $plugin`
* `edit_{$post_type}_per_page`
* `postbox_classes_{$page}_{$id}`
* `_wp_post_revision_field_$field`
* `manage_{$screen->id}_columns`
* `in_plugin_update_message-{$file}`
* `in_theme_update_message-{$theme_key}`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30648


git-svn-id: http://core.svn.wordpress.org/trunk@30638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:28:24 +00:00
Drew Jaynes de809a5a86 Ensure inline code is markdown-escaped as such, HTML tags are removed from summaries, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Remove HTML tag from parameter description in `comment_form()`
* Remove HTML tag from a summary for the `comment_form_top` hook
* Markdown-indent a code snippet in the description for `get_linkobjectsbyname()`
* Markdown-indent a code snippet and format an unordered list in the description for `get_linkobjects()`
* Backtick-escape some inline code in the description for `clean_pre()`
* Remove HTML tag from the summary for the `rss_tag_pre` hook
* Various formatting fixes in the descriptions for `get_filesystem_method()` and `request_filesystem_credentials()`

Props rarst for the initial patch.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30538


git-svn-id: http://core.svn.wordpress.org/trunk@30527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 05:19:23 +00:00
Dion Hulse 9b9289e0a3 Background Updates: Introduce support to take advantage of Group Writable (or World Writable) to Core Background updates.
This is only enabled when new files will not be installed during the update (as indicated by the WordPress.org API), and does not apply to Plugin/Theme/Translation Background Updates.

Additionally, the code to determine if the 'direct' filesystem transport should be used has been tweaked for wider support (where getmyuid() was unavailalbe) which fixes #10424

See #10205, #30245

Built from https://develop.svn.wordpress.org/trunk@30384


git-svn-id: http://core.svn.wordpress.org/trunk@30381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-19 05:40:23 +00:00
Scott Taylor 5e3a64e83d Correct some types in `wp-admin/*`-location files' doc blocks.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30203


git-svn-id: http://core.svn.wordpress.org/trunk@30203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 07:09:23 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Scott Taylor ee97a47c61 In `_wp_handle_upload()`, if `test_upload` is set to `false` in the array of dangerous overrides that the function allows, the only thing that happens when an upload fails is more potential breakage.
`$test_uploaded_file` lets is know if `$file['tmp_name']` exists, which allows to exit with an error, instead of continuing to attempt to move the file.

`$test_upload` override is now a noop.

Fixes #28208.

Built from https://develop.svn.wordpress.org/trunk@30076


git-svn-id: http://core.svn.wordpress.org/trunk@30076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 21:17:22 +00:00
Andrew Nacin 1447092f6e Don't set ftp_credentials option when installling. see #29635.
Built from https://develop.svn.wordpress.org/trunk@29749


git-svn-id: http://core.svn.wordpress.org/trunk@29521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-17 17:58:15 +00:00
Dominik Schilling 6c9853930a Add missing array keys for connection type in `request_filesystem_credentials()`.
see [28456].
fixes #29347.

Built from https://develop.svn.wordpress.org/trunk@29580


git-svn-id: http://core.svn.wordpress.org/trunk@29354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-24 16:04:18 +00:00
Scott Taylor a14f5b97d5 In `sanitize_file_name()`, replace `%20` and `+` with dashes. Remove unnecessary code from `_wp_handle_upload()`.
Adds unit tests.

Props ericmann.
Fixes #16330.

Built from https://develop.svn.wordpress.org/trunk@29290


git-svn-id: http://core.svn.wordpress.org/trunk@29072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-24 22:09:16 +00:00
Scott Taylor fa02568c42 Merge `wp_handle_upload()` and `wp_handle_sideload()` by making them each wrap a new function: `_wp_handle_upload()`.
Props DrewAPicture for docs.
Fixes #23686.

Built from https://develop.svn.wordpress.org/trunk@29209


git-svn-id: http://core.svn.wordpress.org/trunk@28993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 18:58:44 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
John Blackbourn 3f1c3dd4ca Normalise the schemes used in `get_home_path()` so it returns the correct path for sites using SSL in the admin area but not the front end. Fixes #25767. Props GregLone for the initial patch.
Built from https://develop.svn.wordpress.org/trunk@28893


git-svn-id: http://core.svn.wordpress.org/trunk@28692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 10:29:14 +00:00
Scott Taylor 8eb9f2ffe4 Eliminate use of `extract()` in `request_filesystem_credentials()`.
The only property that doesn't need to be set to a variable is `$password`.

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28456


git-svn-id: http://core.svn.wordpress.org/trunk@28283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 18:26:15 +00:00
Scott Taylor 39de969bf2 Update inline docs for `wp_handle_upload|sideload` to reflect their non-use of `extract()`.
See #22400.


Built from https://develop.svn.wordpress.org/trunk@28452


git-svn-id: http://core.svn.wordpress.org/trunk@28279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 17:41:16 +00:00
Scott Taylor 632eb5b17e Eliminate use of `extract()` in `wp_handle_sideload()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28451


git-svn-id: http://core.svn.wordpress.org/trunk@28278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 16:15:14 +00:00
Scott Taylor 4caf3e79f3 Eliminate use of `extract()` in `wp_handle_upload()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28450


git-svn-id: http://core.svn.wordpress.org/trunk@28277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 16:10:38 +00:00
Scott Taylor d74272ecf5 Eliminate one of the uses of `extract()` in `wp_handle_upload()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28417


git-svn-id: http://core.svn.wordpress.org/trunk@28244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 04:31:14 +00:00
Scott Taylor fc59804352 Eliminate one of the uses of `extract()` in `wp_handle_sideload()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28416


git-svn-id: http://core.svn.wordpress.org/trunk@28243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 04:29:15 +00:00
Scott Taylor 644024dfc4 Dead code in `wp-admin/includes/file.php`:
* In `wp_handle_upload()` and `wp_handle_sideload()`, `$ext` gets conditionally reset... and then is never used.
* In `request_filesystem_credentials()`, `$password` is initialized as an empty string. The variable is never used.

See #27882.


Built from https://develop.svn.wordpress.org/trunk@28268


git-svn-id: http://core.svn.wordpress.org/trunk@28096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 04:22:14 +00:00
Sergey Biryukov 2cb849fc52 Fix typo in verify_file_md5() description. see [25541].
props siobhan.
see #27651.
Built from https://develop.svn.wordpress.org/trunk@27938


git-svn-id: http://core.svn.wordpress.org/trunk@27768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-04 00:03:14 +00:00
Drew Jaynes 8efd225e4d Inline documentation for hooks in wp-admin/includes/file.php.
Fixes #27429.

Built from https://develop.svn.wordpress.org/trunk@27672


git-svn-id: http://core.svn.wordpress.org/trunk@27515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-24 02:45:15 +00:00
Dion Hulse 87c6791a41 WP_Filesystem: Update request_filesystem_credentials() to handle the correct ssh value of FS_METHOD. Props jnielsendotnet. Fixes #27265
Built from https://develop.svn.wordpress.org/trunk@27546


git-svn-id: http://core.svn.wordpress.org/trunk@27389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 03:09:16 +00:00
Sergey Biryukov bc036d0843 Avoid an undefined index notice in wp_handle_upload().
props tivnet.
fixes #27225.
Built from https://develop.svn.wordpress.org/trunk@27319


git-svn-id: http://core.svn.wordpress.org/trunk@27171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-27 21:16:15 +00:00
Andrew Nacin 912379a022 Simplify error in validate_file_to_edit().
props MattyRob for initial patch.
fixes #25924.

Built from https://develop.svn.wordpress.org/trunk@27219


git-svn-id: http://core.svn.wordpress.org/trunk@27076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-21 14:46:14 +00:00
Andrew Ozz eb1d21d782 Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712.
Built from https://develop.svn.wordpress.org/trunk@27029


git-svn-id: http://core.svn.wordpress.org/trunk@26905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-24 19:06:15 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Andrew Nacin d61e188f23 Only enforce disk free space checks when doing background updates.
see #25652.

Built from https://develop.svn.wordpress.org/trunk@25869


git-svn-id: http://core.svn.wordpress.org/trunk@25869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:29 +00:00
Dion Hulse 8abd2f86d5 Silence PHP warnings from disk_free_space(). disk_free_space() will produce a warning in error conditions in addition to returning false, this includes a case where the bytes free is greater than PHP_INT_MAX (which is a error condition we don't need to check).
See #25576, #22704

Built from https://develop.svn.wordpress.org/trunk@25831


git-svn-id: http://core.svn.wordpress.org/trunk@25831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:54:05 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin d5fdd66f9d Only enforce disk free space checks when doing background updates.
see #25652.

Built from https://develop.svn.wordpress.org/trunk@25869


git-svn-id: http://core.svn.wordpress.org/trunk@25781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 18:18:09 +00:00
Dion Hulse 924e35d66a Silence PHP warnings from disk_free_space(). disk_free_space() will produce a warning in error conditions in addition to returning false, this includes a case where the bytes free is greater than PHP_INT_MAX (which is a error condition we don't need to check).
See #25576, #22704

Built from https://develop.svn.wordpress.org/trunk@25831


git-svn-id: http://core.svn.wordpress.org/trunk@25743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-17 18:40:10 +00:00
Dion Hulse 1c8e79353a Language Packs: Many many fixes such as:
- Add a "Update Translations" stand-alone button to the updates page
- Shift Language feedback to before update process completion action links & limit the verbosity of output (name + success/errors)
- Simplify/combine the language update descriptive string to only include a plugin/theme name
- Properly handle cache clearing after language updates to prevent langs being repeditively updated
- Display a "All items up to date" string when there's nothing to do
- Reduce the 'Connection Information' from a <h2> to a <h3> to remove duplicate h2's and screen icons from update screens
- Fix the Direct filesystem method not being used for Language updates because WP_LANG_DIR doesn't exist (check it's parent for writable instead)
See #18200, #22704


Built from https://develop.svn.wordpress.org/trunk@25806


git-svn-id: http://core.svn.wordpress.org/trunk@25718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-16 04:15:09 +00:00
Andrew Nacin 95831a8a67 Remove accidental debug cruft in [25780]. see #22704.
Built from https://develop.svn.wordpress.org/trunk@25799


git-svn-id: http://core.svn.wordpress.org/trunk@25711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-15 21:24:09 +00:00
Andrew Nacin eeaad19a26 Use FS_CHMOD_FILE rather than an explicit 0644 in copy_dir() and _copy_dir().
This occurs when we can't copy a file. We chmod it and try again.

see #22704.

Built from https://develop.svn.wordpress.org/trunk@25793


git-svn-id: http://core.svn.wordpress.org/trunk@25705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-15 19:14:10 +00:00
Andrew Nacin 9b56d4d11f Parse absolute paths out of error data. see #22704.
Built from https://develop.svn.wordpress.org/trunk@25780


git-svn-id: http://core.svn.wordpress.org/trunk@25693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 22:25:08 +00:00
Dion Hulse 4dcca90887 Remove PHP4 compat code from the ZipArchive unzip handler, and pass the failure reason into the WP_Error return.
See #22704

Built from https://develop.svn.wordpress.org/trunk@25779


git-svn-id: http://core.svn.wordpress.org/trunk@25692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 21:55:09 +00:00
Andrew Nacin 145dbde82f Account for possible failures by disk_free_space(), as well as the potential need to copy the unzipped files.
see #25576.

Built from https://develop.svn.wordpress.org/trunk@25776


git-svn-id: http://core.svn.wordpress.org/trunk@25689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 20:58:09 +00:00
Andrew Nacin d68a80217f In unzip_file(), confirm we have enough available disk space before extracting.
"enough" is calculated by adding up the uncompressed size of the files in the archive, then adding a 20% buffer.

props dd32.
fixes #25576.

Built from https://develop.svn.wordpress.org/trunk@25774


git-svn-id: http://core.svn.wordpress.org/trunk@25687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 20:15:09 +00:00
Andrew Nacin 29f5f5b5fd Refine error codes throughout the upgrader so we can better detect at what stage updates fail.
see #22704.

Built from https://develop.svn.wordpress.org/trunk@25763


git-svn-id: http://core.svn.wordpress.org/trunk@25676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-11 16:06:11 +00:00
Dion Hulse 543d84a379 Upgrader: Create Directories with a minimum of 0755 and files with a minimum of 0644 when upgrading, which matches pre-3.7 behaviour. Fixes #20069
Built from https://develop.svn.wordpress.org/trunk@25739


git-svn-id: http://core.svn.wordpress.org/trunk@25652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-09 16:47:09 +00:00
Dion Hulse a82b463610 When using download_url(), if the resource supplies a Content-MD5 header, verify the downloaded file against it. Fixes #20074
Built from https://develop.svn.wordpress.org/trunk@25541


git-svn-id: http://core.svn.wordpress.org/trunk@25461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 06:54:09 +00:00
Dion Hulse 6737d0a202 Upgrader: Perform a MD5 file verification check on the files during upgrade. This ensures that both a Partial upgrade build can be used, and that all the files were copied into place correctly.
Props pento for initial patch. Fixes #18201

Built from https://develop.svn.wordpress.org/trunk@25540


git-svn-id: http://core.svn.wordpress.org/trunk@25460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 06:49:11 +00:00
Dion Hulse f98f5d0a36 WordPress Upgrades: When defining the default filesystem permissions for files/directories, base the value on the existing ABSPATH & index.php file permissions - so as to respect the executable bit (if set) and not set global read if not required.
This sets a minimum permission set to 750 and 640 for directories and files, so any systems requring less permission than that will still need to define the constants themselves. Fixes #20069 

Built from https://develop.svn.wordpress.org/trunk@25469


git-svn-id: http://core.svn.wordpress.org/trunk@25390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-17 08:06:09 +00:00
Dion Hulse 83ebc727e8 Switch unzip_file() over to using the mbstring.func_override helper functions. See #25259
Built from https://develop.svn.wordpress.org/trunk@25347


git-svn-id: http://core.svn.wordpress.org/trunk@25309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-11 08:09:08 +00:00
Sergey Biryukov 00c9232a19 Move get_real_file_to_edit() to wp-admin/includes/deprecated.php. props iamfriendly. fixes #23680.
Built from https://develop.svn.wordpress.org/trunk@25201


git-svn-id: http://core.svn.wordpress.org/trunk@25173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-01 12:37:12 +00:00
Dion Hulse ff290a88bf Add a note that the FTP Password will not be stored on the server to the FTP credentials page. Fixes #16492
Built from https://develop.svn.wordpress.org/trunk@25071


git-svn-id: http://core.svn.wordpress.org/trunk@25056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-21 07:07:09 +00:00
Dion Hulse ad980384f2 Check to see if mbstring.func_overload is configured to affect string functions before switching charsets. Props SergeyBiryukov. Fixes #25063
Built from https://develop.svn.wordpress.org/trunk@25056


git-svn-id: http://core.svn.wordpress.org/trunk@25042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-20 06:24:09 +00:00
Andrew Nacin 21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin 96ee267343 Better validation of the URL used in core HTTP requests.
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Andrew Nacin be01fce99f Show a relative path in an upload error message.
git-svn-id: http://core.svn.wordpress.org/trunk@24463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:29:26 +00:00
Ryan Boren 469d1a3099 Escape form action urls with esc_url() rather than esc_attr().
Props SergeyBiryukov
fixes #23266


git-svn-id: http://core.svn.wordpress.org/trunk@23739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 14:01:25 +00:00
Sergey Biryukov 28248c1b08 Make get_home_path() return consistent slashes. fixes #23175.
git-svn-id: http://core.svn.wordpress.org/trunk@23669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-12 11:04:14 +00:00
Ryan Boren 5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Helen Hou-Sandí b1f1579604 its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665.
git-svn-id: http://core.svn.wordpress.org/trunk@23191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:55:32 +00:00
Dion Hulse bcbfb232f7 Correct get_home_path() for cases where WordPress is installed in a subdirectory called /wp/, previously it would match on /wp-admin instead of /wp causing an incorrect return path. Props SergeyBiryukov. Fixes #20449
git-svn-id: http://core.svn.wordpress.org/trunk@22800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 22:39:59 +00:00
Andrew Nacin 4cbc20ada1 Pass the post date to wp_upload_dir() during sideloads, just as we do uploads. Ensures that sideloaded images make it into the right uploads directory.
props solarisssmoke, fixes #16777.



git-svn-id: http://core.svn.wordpress.org/trunk@22105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-03 18:49:37 +00:00
ryan 2417e42fe5 Improved phpdoc for file.php. Props tommcfarlin. fixes #21328
git-svn-id: http://core.svn.wordpress.org/trunk@21350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-26 15:08:30 +00:00
dd32 509b845abc Make get_home_path() work in more cases by being case insensitive and sanitzing Windows paths. In some cases (such as differing case of hostnames or paths in the site/home options, or when SCRIPT_FILENAME contains forward slashes) the function was failing to return the correct path, and would instead return /. Props to SergeyBiryukov for the initial patch. Fixes #20449 Fixes #10447
git-svn-id: http://core.svn.wordpress.org/trunk@21224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-06 13:54:15 +00:00
nacin 23abe58a59 Rewrite theme-editor.php to use the new WP_Theme API. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-29 03:00:38 +00:00
dd32 86577f34ea Fix a small typo.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 11:00:51 +00:00
duck_ bb94e702f8 Drop image resizing code from wp_handle_upload(). Fixes #19800.
This code stops wp_handle_upload() from reporting errors when the upload couldn't be moved to its final local and it was a non-JS fallback that is unused.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:02:43 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
dd32 e15f5275a8 Fix edge case in get_home_path() where the incorrect path may be returned. Props ptahdunbar. Fixes #18768
git-svn-id: http://svn.automattic.com/wordpress/trunk@19697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-06 13:46:22 +00:00
ryan 340e93324c Remove extraneous spaces. Props kenan3008, dimadin. fixes #19501 #19433
git-svn-id: http://svn.automattic.com/wordpress/trunk@19596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-14 17:36:38 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
azaozz 331b242bcd Revert [19223] and only stop showing the checkbox, props nacin, see #19174
git-svn-id: http://svn.automattic.com/wordpress/trunk@19225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 22:34:09 +00:00
azaozz 623220187a Remove the Resize files checkbox for now (revisit in 3.4), fixes #19174
git-svn-id: http://svn.automattic.com/wordpress/trunk@19223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 22:23:40 +00:00
ryan 62afab8db3 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
markjaquith 37e23be4ed Be more consistent with ERROR: messages. fixes #15887
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
duck_ c1d1590171 Fix typos in documentation (wp-admin/). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
azaozz 9a65f6e237 Fix handling of resizing images after upload, props ocean90, see #18206
git-svn-id: http://svn.automattic.com/wordpress/trunk@18517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-06 21:04:15 +00:00
azaozz 91a8720fff Pluploader take 1, props jacobwg, see #18206
git-svn-id: http://svn.automattic.com/wordpress/trunk@18482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-29 08:59:35 +00:00
ryan a117773fc8 Typo fix. Props kawauso. fixes #18177
git-svn-id: http://svn.automattic.com/wordpress/trunk@18447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-21 17:46:01 +00:00
markjaquith 029a8d1bef Remove code formatting from uploaded file size error messages, for now. props JohnONolan. fixes #17674
git-svn-id: http://svn.automattic.com/wordpress/trunk@18193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:27:57 +00:00
nacin da2732c7de Use wp_remote_retrieve_* helper functions instead of the raw HTTP response array. props aaroncampbell, fixes #17416.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 19:45:07 +00:00
westi 80f4e83a8c Introduce WP_MAX_MEMORY_LIMIT constant for the high memory limit we set when image processing and unzipping.
Ensure it is always filterable by plugins as well as configurable in wp-config
Fixes #13847 props hakre


git-svn-id: http://svn.automattic.com/wordpress/trunk@17749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 16:25:36 +00:00
dd32 bed23730dc Handle zip error's in PclZip better. PclZip::extract() returns an array on success, 0 on failure. Fixes #17224
git-svn-id: http://svn.automattic.com/wordpress/trunk@17693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-23 14:30:44 +00:00
dd32 9081c7636c Set the mb_string internal encoding to ISO-8859-1 whilst uncompressing archives using PclZip. Fixes 'PCLZIP_ERR_BAD_FORMAT (-10) : Invalid block size' errors on systems utilising mbstring.func_overload. Fixes #15789
git-svn-id: http://svn.automattic.com/wordpress/trunk@17592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-03 12:32:06 +00:00
dd32 5b12ecb83d Be a party-pooper; No more Akismet Dancing upon upgrade; Respect custom WP_CONTENT_DIR for bundled plugins/theme installation; Respect custom WP_CONTENT_DIR/WP_LANG_DIR for Language files when upgrading; Standardise WP_Filesystem path method returns (They're trailing slash'd). Adds an exclusion list to copy_dir() as well as WP_Filesystem_Base::wp_lang_dir(). See #14484 See #11495
git-svn-id: http://svn.automattic.com/wordpress/trunk@17576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-31 13:28:36 +00:00
dd32 00dc7a57d6 First run of introducing Stream-To-File for the WP_HTTP API. Reduces memory consumption during file downloads. Implemented in download_url() for upgraders. Props sivel. See #16236
git-svn-id: http://svn.automattic.com/wordpress/trunk@17555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-25 02:42:20 +00:00
dd32 a83a2842ea Optimisations to WP_Filesystem; Pass known information to called functions. Props aldenta (John Ford) for investigation and patch. See #10913
git-svn-id: http://svn.automattic.com/wordpress/trunk@17525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-22 00:04:15 +00:00
nacin 53d0af84b0 Don't esc_html the default error string. props SergeyBiryukov, fixes #16058.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-01 22:14:42 +00:00
nacin e5b099a459 Add missing translation for 'Page Template' in the theme editor. props SergeyBiryukov, fixes #15933.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 14:58:54 +00:00
westi 1bb4914c3a Allow for the callee of download_url() to specify a different timeout if they want to - maybe they don't want to wait that long.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 12:45:24 +00:00
nacin 5021403b9d Add 'Visual Editor RTL Stylesheet' to the list of theme file descriptions. see #15672.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-04 04:22:48 +00:00
markjaquith ad6e83136d Improve the wording of the file upload security message. props janeforshort. fixes #13550
git-svn-id: http://svn.automattic.com/wordpress/trunk@16577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 20:45:21 +00:00
ryan 847499e531 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
nacin d81d7b7f4a Some escaping
git-svn-id: http://svn.automattic.com/wordpress/trunk@16366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-14 17:33:16 +00:00
markjaquith fc6e89da45 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
nacin 82b1349664 Docs for wp-admin/includes/file.php. props sivel, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 22:24:06 +00:00
nacin 1dee100f3a Fix typo. props mrmist, fixes #14571.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 15:11:43 +00:00
dd32 fe5e3d0fb6 Do not check to see if parents of folders outside of the Destination folder exist within the Archive extractors, unzip_file() will take care of that area. Fixes #13741
git-svn-id: http://svn.automattic.com/wordpress/trunk@15156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-07 11:19:51 +00:00
nacin 3ba9fc235c More request_filesystem_credentials() string improvements.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-03 18:58:41 +00:00
nacin 80437ca9e1 Add missing spaces.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-01 21:57:26 +00:00
nacin 09c448f63e Clarify the connection information requested in request_filesystem_credentials() to reduce confusion surrounding FTP information versus your WordPress login. see #13467, props jane.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-01 20:35:59 +00:00
dd32 92eeafce24 Always fallback to PclZip in the event that ZipArchive does not return true. The PHP Zip extension is hit-and-miss with OSX generated zip files, sometimes 0 will be emitted and extraction will succeed, others it will fail with. Reverts r14346, r14377, partially r14800. See #12637. See #13491
git-svn-id: http://svn.automattic.com/wordpress/trunk@15052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-29 13:16:35 +00:00
ryan 1a552dd029 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@14924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-26 02:42:15 +00:00
dd32 989a52d7ff Ensure that the entire folder structure exists within the $needed_folders array before attempting to create folders. Fixes cases where the Zip file does not contain a node for a folder which contains subfolders without files in the same level. Fixes #13171
git-svn-id: http://svn.automattic.com/wordpress/trunk@14811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-23 05:56:31 +00:00
dd32 f8111531f4 Correct the ZipArchive opening test logic. See #13491
git-svn-id: http://svn.automattic.com/wordpress/trunk@14800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-22 05:09:08 +00:00
nacin 7c8a77efa3 Introduce wp_check_filetype_and_ext() to handle mime/ext image comparisons and corrections for upload and sideload. props Viper007Bond, see #11946.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-15 04:47:03 +00:00
dd32 72f99c8a96 Silence PHP Warnings on is_writable calls. Can trigger open_basedir warnings on certain hosting environments. Props ocean90. Fixes #12866
git-svn-id: http://svn.automattic.com/wordpress/trunk@14427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 23:39:57 +00:00
nacin 248f4ab860 Provide a context to wp_handle_upload to differentiate between upload and sideload. props technosailor, fixes #12740.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 22:16:48 +00:00
ryan 7b7243d94a Strip trailing whites.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 20:26:11 +00:00
nacin efa2e9d397 Ensure image MIME type matches extension for images. props Viper007Bond, fixes #11946.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 20:17:01 +00:00