Commit Graph

172 Commits

Author SHA1 Message Date
Sergey Biryukov 95f823d933 External Libraries: Update the Requests library to version 2.0.0.
This is a major release and contains breaking changes.

Most important changes to be aware of for this release:
* All code is now namespaced. Though there is a full backward compatibility layer available and the old class names are still supported, using them will generate a deprecation notice (which can be silenced by plugins if they'd need to support multiple WP versions). See the [https://requests.ryanmccue.info/docs/upgrading.html upgrade guide] for more details.
* A lot of classes have been marked `final`. This should generally not affect userland code as care has been taken to not apply the `final` keyword to classes which are known to be extended in userland code.
* Extensive input validation has been added to Requests. When Requests is used as documented though, this will be unnoticable.
* A new `WpOrg\Requests\Requests::has_capabilities()` method has been introduced which can be used to address #37708.
* A new `WpOrg\Requests\Response::decode_body()` method has been introduced which may be usable to simplify some of the WP native wrapper code.
* Remaining PHP 8.0 compatibility fixed (support for named parameters).
* PHP 8.1 compatibility.

Release notes: https://github.com/WordPress/Requests/releases/tag/v2.0.0

For a full list of changes in this update, see the Requests GitHub:
https://github.com/WordPress/Requests/compare/v1.8.1...v2.0.0

Follow-up to [50842], [51078].

Props jrf, schlessera, datagutten, wojsmol, dd32, dustinrue, soulseekah, costdev, szepeviktor.
Fixes #54504.
Built from https://develop.svn.wordpress.org/trunk@52244


git-svn-id: http://core.svn.wordpress.org/trunk@51836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-25 01:12:02 +00:00
hellofromTonya 9d4d3f8fba HTTP API: Ensure value returned from `'http_allowed_safe_ports'` is an array to avoid PHP 8+ TypeError fatal error.
Adds an `is_array()` check before the `in_array()`. Why? `in_array()` requires a array for the haystack. Any other data type will cause a fatal error on PHP 8.0 or higher:

{{{
Fatal error: Uncaught TypeError: in_array(): Argument #2 ($haystack) must be of type array
}}}

As this is a new filter, this type check properly guards to avoid the fatal error.

Follow-up to [52084].

See #54331.
Built from https://develop.svn.wordpress.org/trunk@52085


git-svn-id: http://core.svn.wordpress.org/trunk@51677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 22:59:58 +00:00
hellofromTonya 2f84a45fdf HTTP API: Introduce `'http_allowed_safe_ports'` filter in `wp_http_validate_url()`.
Adds a new filter `'http_allowed_safe_ports'` to control which ports are allowed for remote requests. By default, ports 80, 443, and 8080 are allowed for safe remote requests.

Adds tests. 

Follow-up to [24480].

Props xknown, johnbillion, jorbin, costdev, dd32.
Fixes #54331.
Built from https://develop.svn.wordpress.org/trunk@52084


git-svn-id: http://core.svn.wordpress.org/trunk@51676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 22:39:00 +00:00
Sergey Biryukov 897f004a9c General: Replace older-style PHP type conversion functions with type casts.
This improves performance, readability, and consistency throughout core.

* `intval()` → `(int)`
* `strval()` → `(string)`
* `floatval()` → `(float)`

Props ayeshrajans.
Fixes #42918.
Built from https://develop.svn.wordpress.org/trunk@49108


git-svn-id: http://core.svn.wordpress.org/trunk@48870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 21:15:13 +00:00
desrosj 4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
Sergey Biryukov b16368c268 Docs: Remove `@staticvar` tags from core.
The tag was supported in phpDocumentor 1.x, but is no longer supported in 2.x and 3.x.

Usage of static variables is considered an internal implementation detail and has no information value for someone reading the docs.

Props alishanvr, jrf.
Fixes #50426.
Built from https://develop.svn.wordpress.org/trunk@48109


git-svn-id: http://core.svn.wordpress.org/trunk@47878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-20 12:40:12 +00:00
Sergey Biryukov 7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov ced8fb20a1 Code Modernization: Remove error suppression from `parse_url()` calls.
Previously, the `@` operator was used to prevent possible warnings emitted by `parse_url()` in PHP < 5.3.3 when URL parsing failed.

Now that the minimum version of PHP required by WordPress is 5.6.20, this is no longer needed.

Props netpassprodsr, Howdy_McGee.
Fixes #49980. See #24780.
Built from https://develop.svn.wordpress.org/trunk@47617


git-svn-id: http://core.svn.wordpress.org/trunk@47392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-24 07:28:10 +00:00
Sergey Biryukov 38676936ba Coding Standards: Use strict type check for `in_array()` and `array_search()` where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
Sergey Biryukov 641c632b0c Coding Standards: Use Yoda conditions where appropriate.
See #49222.
Built from https://develop.svn.wordpress.org/trunk@47219


git-svn-id: http://core.svn.wordpress.org/trunk@47019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-09 16:55:09 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov 2900bb8ea7 Docs: Update links to https://secure.php.net/, they now redirect to https://www.php.net/.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@47088


git-svn-id: http://core.svn.wordpress.org/trunk@46888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-20 03:14:06 +00:00
Sergey Biryukov dd4d98a368 Docs: In various `@return` tags, list the expected type first, instead of `false`.
Follow-up to [46696].

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47060


git-svn-id: http://core.svn.wordpress.org/trunk@46860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-11 18:32:05 +00:00
Sergey Biryukov 3d623995a8 Docs: In various `@return` tags, list the expected type first, instead of `WP_Error`.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@46696


git-svn-id: http://core.svn.wordpress.org/trunk@46496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-11 02:43:03 +00:00
whyisjake 608d39faed HTTP API: Protect against hex interpretation.
Return earlier from wp_http_validate_url().

Props: iandunn, xknown, voldemortensen, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46475


git-svn-id: http://core.svn.wordpress.org/trunk@46273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:27:04 +00:00
John Blackbourn 41d6b80d03 Docs: Fix and improve inline documentation for the HTTP API.
See #47110

Built from https://develop.svn.wordpress.org/trunk@46468


git-svn-id: http://core.svn.wordpress.org/trunk@46266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-12 18:05:04 +00:00
John Blackbourn 2f46afbc53 Docs: Miscellaneous inline docs corrections and improvements.
See #47110 

Built from https://develop.svn.wordpress.org/trunk@46424


git-svn-id: http://core.svn.wordpress.org/trunk@46222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-07 19:08:06 +00:00
Gary Pendergast abcbee954f Coding Standards: Fix instances of `WordPress.PHP.NoSilencedErrors.Discouraged`.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Dominik Schilling 8043638596 HTTP: Don't treat `localhost` as same host by default.
Built from https://develop.svn.wordpress.org/trunk@42894


git-svn-id: http://core.svn.wordpress.org/trunk@42724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 15:00:31 +00:00
John Blackbourn 91464bce65 Docs: Add missing code formatting to various `@since` entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Sergey Biryukov 6fa2cea232 Docs: Add `@access private` entries for `_get_component_from_parsed_url_array()` and `_wp_translate_php_url_constant_to_key()`.
Props ajayghaghretiya1.
Fixes #41282.
Built from https://develop.svn.wordpress.org/trunk@41573


git-svn-id: http://core.svn.wordpress.org/trunk@41406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-22 22:00:47 +00:00
Drew Jaynes 07f01a2e10 Docs: Replace a variety of http links referenced in inline docs with their https counterparts (where possible).
Props johnpgreen.
Fixes #40732.

Built from https://develop.svn.wordpress.org/trunk@40948


git-svn-id: http://core.svn.wordpress.org/trunk@40798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-25 22:06:41 +00:00
Sergey Biryukov 9f4bbcdb78 Docs: Fix typo in `wp_parse_url()` and `_get_component_from_parsed_url_array()` docblocks.
Props naomicbush.
Fixes #40190.
Built from https://develop.svn.wordpress.org/trunk@40299


git-svn-id: http://core.svn.wordpress.org/trunk@40206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-17 19:02:40 +00:00
Jeremy Felt 1560fbcbc5 Multisite: Use `get_network()` and `get_current_network_id()` for current network data.
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.

This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.

Props flixos90.
Fixes #37414.

Built from https://develop.svn.wordpress.org/trunk@38814


git-svn-id: http://core.svn.wordpress.org/trunk@38757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 04:47:30 +00:00
Dion Hulse 93f7f904ec HTTP: Document that the return value of `wp_remote_retrieve_headers()` changed from a simple array to an object which implements ArrayAccess.
Props mrahmadawais, sudar, swissspidy.
Fixes #37722

Built from https://develop.svn.wordpress.org/trunk@38730


git-svn-id: http://core.svn.wordpress.org/trunk@38673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-05 03:51:28 +00:00
Peter Wilson 7a52a3aac7 HTTP API: Simplify `wp_parse_url()` to ensure consistent results.
[38694] revealed some URL formats were been parsed incorrectly, including those used by Google Fonts. This change simplifies the function to use placeholder values which cause PHP's parsing to behave consistently.

Props jrf, peterwilsoncc.
Fixes #36356.

Built from https://develop.svn.wordpress.org/trunk@38726


git-svn-id: http://core.svn.wordpress.org/trunk@38669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 20:33:29 +00:00
John Blackbourn a51267269b HTTP API: Add a `$component` parameter to `wp_parse_url()` to give it parity with PHP's `parse_url()` function.
Fixes #36356
Props jrf

Built from https://develop.svn.wordpress.org/trunk@38694


git-svn-id: http://core.svn.wordpress.org/trunk@38637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 21:47:28 +00:00
John Blackbourn 049c36d11f HTTP API: Revert changes to `wp_parse_url()` while PHP 5.2 errors are investigated.
See #36356

Built from https://develop.svn.wordpress.org/trunk@38456


git-svn-id: http://core.svn.wordpress.org/trunk@38397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 00:24:31 +00:00
John Blackbourn ebe159a4bc HTTP API: Prevent a fatal error on PHP < 5.4.7 due to changes introduced in [38449].
Fixes #36356

Built from https://develop.svn.wordpress.org/trunk@38450


git-svn-id: http://core.svn.wordpress.org/trunk@38391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-30 17:16:30 +00:00
John Blackbourn 4fd9ad1ce2 HTTP API: Add a `$component` parameter to `wp_parse_url()` to give it parity with PHP's `parse_url()` function.
Fixes #36356
Props jrf

Built from https://develop.svn.wordpress.org/trunk@38449


git-svn-id: http://core.svn.wordpress.org/trunk@38390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-30 16:36:28 +00:00
Drew Jaynes d28f1a08ef Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37543


git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Ryan McCue 37f6e6813a HTTP API: Replace internals with Requests library.
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37428


git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 04:42:28 +00:00
Dominik Schilling af9f052087 HTTP: Improve detection of valid IP addresses.
Built from https://develop.svn.wordpress.org/trunk@37115


git-svn-id: http://core.svn.wordpress.org/trunk@37082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:38:26 +00:00
Pascal Birchler c73a812109 HTTP: Avoid an undefined index notice in `wp_http_validate_url()`.
Props perezlabs.
Fixes #34164.
Built from https://develop.svn.wordpress.org/trunk@36870


git-svn-id: http://core.svn.wordpress.org/trunk@36837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-06 15:55:26 +00:00
Dominik Schilling f65de8ec9f HTTP: `0.1.2.3` is not a valid IP.
Built from https://develop.svn.wordpress.org/trunk@36435


git-svn-id: http://core.svn.wordpress.org/trunk@36402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 12:55:29 +00:00
Sergey Biryukov f6cde8e3c5 Docs: Correct return value for `is_allowed_http_origin()`.
Props kraftbj.
Fixes #35607.
Built from https://develop.svn.wordpress.org/trunk@36398


git-svn-id: http://core.svn.wordpress.org/trunk@36365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-26 00:39:26 +00:00
Sergey Biryukov 3f35196e48 Docs: Fix copy/paste error in `wp_remote_retrieve_cookies()` description.
Props mark8barnes.
Fixes #35157.
Built from https://develop.svn.wordpress.org/trunk@36002


git-svn-id: http://core.svn.wordpress.org/trunk@35967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-18 17:23:29 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Scott Taylor dae5923c1d After [34953], unbreak WordPress.
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34954


git-svn-id: http://core.svn.wordpress.org/trunk@34919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 19:29:25 +00:00
Drew Jaynes e2038f9150 Docs: Add inline DocBlocks for the `require_once()` calls that now bring in top-level HTTP API functionality and HTTP API classes.
Classes brought in from separate files now include:
* `WP_Http`
* `WP_Http_Streams`
* `WP_Http_Curl`
* `WP_HTTP_Proxy`
* `WP_Http_Cookie`
* `WP_Http_Encoding`

See #33413. See #32246.

Built from https://develop.svn.wordpress.org/trunk@33882


git-svn-id: http://core.svn.wordpress.org/trunk@33851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 04:36:30 +00:00
Drew Jaynes 69375b243a Docs: Clarify the file header summary for wp-includes/http.php, the top-level file for the HTTP Request API.
See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@33881


git-svn-id: http://core.svn.wordpress.org/trunk@33850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 04:36:08 +00:00
Scott Taylor 7c8c216bec HTTP: move classes into their own files, `http.php` loads the new files, so this is 100% BC if someone is loading `http.php` directly. New files created using `svn cp`.
`class-http.php` requires functions from `http.php`, so loading it by itself wouldn't have worked.

Creates: 
`class-wp-http-cookie.php` 
`class-wp-http-curl.php` 
`class-wp-http-encoding.php` 
`class-wp-http-proxy.php` 
`class-wp-http-streams.php` 
`http-functions.php` 

`WP_Http` remains in `class-http.php`.

`http.php` contains only top-level code. Class files only contain classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33748


git-svn-id: http://core.svn.wordpress.org/trunk@33716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 03:55:21 +00:00
Scott Taylor 19a3aacc94 Add `@static*` annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor 053790537f Cleanup doc blocks in `http.php`.
In the few functions that used `$objFetchSite` instead of `$http`: use the `$http` naming, which is more civilized.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32599


git-svn-id: http://core.svn.wordpress.org/trunk@32569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:32:27 +00:00
Scott Taylor a0df295f5c Improve various `@param` docs.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30674


git-svn-id: http://core.svn.wordpress.org/trunk@30664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 23:24:25 +00:00
Andrew Nacin a6103b30f5 Better validation of the URL used in core HTTP requests.
Built from https://develop.svn.wordpress.org/trunk@30443


git-svn-id: http://core.svn.wordpress.org/trunk@30438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:01:23 +00:00
John Blackbourn e2ff1da654 Update the docs for `wp_remote_retrieve_response_code()`. See #28887.
Built from https://develop.svn.wordpress.org/trunk@29985


git-svn-id: http://core.svn.wordpress.org/trunk@29727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-21 21:13:18 +00:00
Mark Jaquith e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00
Drew Jaynes 61b8ba8461 Convert documentation for default arguments in `WP_Http::request()` to a hash notation.
Also update corresponding docs for functions that leverage its arguments.

See #28298.

Built from https://develop.svn.wordpress.org/trunk@29230


git-svn-id: http://core.svn.wordpress.org/trunk@29014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 22:01:15 +00:00