This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers] which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the [https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-Developers-of-external-standards Upgrade Guide to WordPressCS 3.0.0 for Developers].
In all cases, please read the complete changelog carefully before you upgrade.
This commit:
* Updates the Composer dependencies to use the new version, including updating the underlying PHP_CodeSniffer dependency to the new minimum supported version for WPCS.[[BR]] Note: the Composer PHPCS installer plugin is no longer explicitly required as it is now a dependency of WPCS, so the dependency is inherited automatically.
* Updates the ruleset for WPCS 3.0.0. This includes:
* Raising the memory limit to be on the safe side as WPCS 3.0.0 contains a lot more sniffs.
* Removing explicit inclusions of extra rules, which have now been added to the `WordPress-Core` ruleset..
* Updating property names for select sniffs.
* Updating one exclusion — the `WordPress.CodeAnalysis.AssignmentInCondition` sniff has been (partially) replaced by the `Generic.CodeAnalysis.AssignmentInCondition` sniff.
* Adding one new exclusion.
* Downgrades one new error to a warning.[[BR]] The `Generic.Files.OneObjectStructurePerFile` sniff enforces that there is only one OO structure declaration per file. At this time, this sniff would yield 29 errors. By downgrading the sniff to a ''warning'', the build can pass and the issues can be fixed in due time. For now, the test directory will be excluded until the issues are fixed (as the test directory CS run does not allow for warnings).
* Updates ignore annotations for WPCS 3.0.0.
Reference: [https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0 WPCS 3.0.0 release notes].
Follow-up to [43571], [44574], [45600], [47927].
Props jrf, jorbin, desrosj.
See #59161.
Built from https://develop.svn.wordpress.org/trunk@56695
git-svn-id: http://core.svn.wordpress.org/trunk@56207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` and `str_ends_with()` were introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins or ends with the given substring (needle).
WordPress core includes a polyfill for these functions on PHP < 8.0 as of WordPress 5.9.
This commit uses `str_starts_with()` and `str_ends_with()` in core files where appropriate:
* `$needle === substr( $string, 0, $length )`, where `$length` is the length of `$needle`, is replaced with `str_starts_with( $haystack, $needle )`.
* `$needle === substr( $string, $offset )`, where `$offset` is negative and the absolute value of `$offset` is the length of `$needle`, is replaced with `str_ends_with( $haystack, $needle )`.
This aims to make the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987], [55988].
Props Soean, spacedmonkey, Clorith, ocean90, azaozz, sabernhardt, SergeyBiryukov.
Fixes#58220.
Built from https://develop.svn.wordpress.org/trunk@55990
git-svn-id: http://core.svn.wordpress.org/trunk@55502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.
Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes#57074.
See #57071.
Built from https://develop.svn.wordpress.org/trunk@54872
git-svn-id: http://core.svn.wordpress.org/trunk@54424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the Site Health message said "The WP_AUTO_UPDATE_CORE constant is defined and enabled" when in fact the constant was defined and disabled using `define( 'WP_AUTO_UPDATE_CORE', false );`.
This changeset improves the message by providing the value of the constant. For example: "The WP_AUTO_UPDATE_CORE constant is defined as false".
Props johnbillion, chrisbudd1, robinwpdeveloper, audrasjb, Clorith.
Fixes#51041.
Built from https://develop.svn.wordpress.org/trunk@54325
git-svn-id: http://core.svn.wordpress.org/trunk@53884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:
> the word “we” should be avoided (...) unless its made very clear which group is speaking
Follow-up to [51979], [53131], [53132], [53148], [53156].
Props kebbet, costdev, SergeyBiryukov.
Fixes#55758.
See #46057.
Built from https://develop.svn.wordpress.org/trunk@54200
git-svn-id: http://core.svn.wordpress.org/trunk@53759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.
Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.
To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.
The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
- If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
- If it extends a PHP native class: add the attribute.
- If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.
Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.
This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.
Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [53922].
Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133
git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.
Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes#38913.
See #39176.
Built from https://develop.svn.wordpress.org/trunk@52978
git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.
Why `public`?
With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.
Props costdev, jrf.
See #54177.
Built from https://develop.svn.wordpress.org/trunk@51919
git-svn-id: http://core.svn.wordpress.org/trunk@51512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `WP_AUTO_UPDATE_CORE` constant now supports `development` and `branch-development` values.
This makes it possible for sites to opt-in to updating to nightly builds without having to install a plugin.
Follow-up to [49245], [49292].
Props xkon, knutsp, afragen, audrasjb, dd32.
Fixes#51978.
Built from https://develop.svn.wordpress.org/trunk@50082
git-svn-id: http://core.svn.wordpress.org/trunk@49782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates `core_auto_updates_settings()` to account for the new `beta` and `rc` values for the `WP_AUTO_UPDATE_CORE` constant.
Additionally, recognize these new values as acceptable in Site Health tests.
Follow-up to [48804], [49245], [49254].
Fixes#51319. See #50907.
Built from https://develop.svn.wordpress.org/trunk@49292
git-svn-id: http://core.svn.wordpress.org/trunk@49054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.
Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.
The existing ajax actions have been maintained for backward compatibility.
Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes#48105.
Built from https://develop.svn.wordpress.org/trunk@49154
git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, it was only incidentally recognized as valid due to a loose comparison with `true`.
With the strict comparison added to `WP_Site_Health_Auto_Updates::test_constants()`, this was no longer the case.
Follow-up to [47841].
Props sterndata, mukesh27, avixansa, desrosj, SergeyBiryukov.
Fixes#50912.
Built from https://develop.svn.wordpress.org/trunk@48792
git-svn-id: http://core.svn.wordpress.org/trunk@48554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
Built from https://develop.svn.wordpress.org/trunk@47198
git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The SSL certificate may be self-signed which prevents various tests from returning proper results. Since the Cron API and file editors don't verify the certificate the tests shouldn't either.
Props Clorith, ocean90.
Fixes#47957.
Built from https://develop.svn.wordpress.org/trunk@46231
git-svn-id: http://core.svn.wordpress.org/trunk@46043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When viewing Site Health for a multisite install, there are a few recommendations that are not appropriate and could have negative implications for other sites on the install if the administrator follows the advice provided.
For example, Site Health recommends that inactive plugins and themes for a site should be removed. On a single site install, this is a great recommendation. However, on a multisite install, inactive plugins and themes for one site should not be removed because they could be active for other sites on the network.
This change also disables the `test_wp_version_check_attached()` test for multisite. This test checks for the presence of the `wp_version_check()` function on the `wp_version_check` hook, which is not present for every site on multisite.
Reviewed by jeremyfelt and desrosj.
Props iandunn, Clorith, azaozz, jeremyfelt.
Fixes#47084.
Built from https://develop.svn.wordpress.org/trunk@45275
git-svn-id: http://core.svn.wordpress.org/trunk@45084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Split plural strings with multiple sentences to avoid duplicating translations.
* Decouple strings where the singular and plural form are not just the same string with different numbers, but essentially two different strings.
* Use an established pattern for numbered placeholders in translator comments.
* Replace constants in translatable strings with placeholders, mark them as code.
* Make sure sentences are translated as a whole, not as separate string parts.
* Remove unnecessary context and escaping.
Props ocean90, SergeyBiryukov.
See #46683.
Built from https://develop.svn.wordpress.org/trunk@45099
git-svn-id: http://core.svn.wordpress.org/trunk@44908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd