This adds additional hardening to the Autoload options Health Check to avoid potential bugs when extenders return unserialzed values from `wp_load_alloptions()`.
Follow-up to [58332].
Props mukesh27, joemcgill, westonruter.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58338
git-svn-id: http://core.svn.wordpress.org/trunk@57794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a new Site Health check that will alert site owners if they are autoloading a large amount of data from the options table, as it could result in poor performance. The issue will be shown if the size of autoloaded options is greater than 800 KB, which can be adjusted using the new `site_status_autoloaded_options_size_limit` filter.
Props mukesh27, joemcgill, rajinsharwar, costdev, audrasjb, krupajnanda, pooja1210, Ankit K Gupta, johnbillion, oglekler.
Fixes#61276.
Built from https://develop.svn.wordpress.org/trunk@58332
git-svn-id: http://core.svn.wordpress.org/trunk@57788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since WordPress 6.5, the minimum supported version of MySQL and MariaDB is 5.5.5. This means all supported database servers now support the `utf8mb4` character set and therefore the conditional logic for this is no longer necessary.
Props l1nuxjedi, craigfrancis, OllieJones, johnbillion
Fixes#60096
Built from https://develop.svn.wordpress.org/trunk@57926
git-svn-id: http://core.svn.wordpress.org/trunk@57427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.
The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter which serves the same function.
Props audrasjb, johnbillion, Michi91.
Fixes#58494.
Built from https://develop.svn.wordpress.org/trunk@56664
git-svn-id: http://core.svn.wordpress.org/trunk@56176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the available disk space exceeds the `PHP_INT_MAX` value, i.e. a 32-bit PHP version is in use with more than 2 GB free, the type casting to `(int)` could cause an overflow, and the Site Health test would then erroneously report that there is not enough free space.
This commit removes the unnecessary type casting and uses the result from `disk_free_space()` directly.
Includes optimizing the logic to skip further checks if the available disk space could not be determined.
Follow-up to [55720].
Props mathsgrinds, Presskopp, rajinsharwar, SergeyBiryukov.
Fixes#59116.
Built from https://develop.svn.wordpress.org/trunk@56401
git-svn-id: http://core.svn.wordpress.org/trunk@55913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
With the introduction of temporary backups of plugins and themes before updating, a new Site Health test was added to verify that plugin and theme temporary backup directories are writable or can be created.
When using a non-direct filesystem, the Site Health test did not include the required credentials, leading to a fatal error as the connection was not initialized properly.
This commit attemps to use the stored credentials if available, and displays a message otherwise.
Includes a similar fix in a function that performs a cleanup of the temporary backup directory.
Follow-up to [55720].
Props utsav72640, rajinsharwar, costdev, mukesh27, peterwilsoncc, audrasjb, SergeyBiryukov.
See #58940.
Built from https://develop.svn.wordpress.org/trunk@56341
git-svn-id: http://core.svn.wordpress.org/trunk@55853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies how the `dashicons-external` icon is used in external links by editing its styles and adding a space between the text and the icon
for better accessibility.
Props SergeyBiryukov, afercia, isabel_brison, mukesh27, sabernhardt, oglekler, audrasjb.
Fixes#47303.
Built from https://develop.svn.wordpress.org/trunk@56211
git-svn-id: http://core.svn.wordpress.org/trunk@55723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes HTML tags from the label, which were not displayed as expected due to escaping. Including the directory name in the label is also redundant, as it is already mentioned in the check result description directly below.
Includes:
* Adjusting a few other labels for consistency.
* Moving `wp-content` out of the translatable string in a similar message in `WP_Upgrader::generic_strings()`.
Follow-up to [55720].
Props dlh, mukesh27, audrasjb, SergeyBiryukov.
See #58678.
Built from https://develop.svn.wordpress.org/trunk@56117
git-svn-id: http://core.svn.wordpress.org/trunk@55629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.
* When updating a plugin or theme, the old version is moved to a temporary backup directory:
* `wp-content/upgrade-temp-backup/plugins/[plugin-slug]` for plugins
* `wp-content/upgrade-temp-backup/themes/[theme-slug]` for themes.
* If the update fails, then the backup kept in the temporary backup directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.
To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `upgrade-temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.
To avoid confusion: The temporary backup directory will NOT be used to “roll back” a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.
Follow-up to [55204], [55220].
Props afragen, costdev, pbiron, azaozz, hellofromTonya, aristath, peterwilsoncc, TJNowell, bronsonquick, Clorith, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, KZeni, galbaras, richards1052, Boniu91, mai21, francina, TobiasBg, desrosj, noisysocks, johnbillion, dlh, chaion07, davidbaumwald, jrf, thisisyeasin, ignatggeorgiev, SergeyBiryukov.
Fixes#51857.
Built from https://develop.svn.wordpress.org/trunk@55720
git-svn-id: http://core.svn.wordpress.org/trunk@55232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes#58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to provide better context for translators and make it easier to determine that some strings contain hidden accessibility text and are not displayed in the UI.
Props kebbet, mercime, pavelevap, ocean90, swissspidy, Chouby, jipmoors, afercia, desrosj, costdev, audrasjb, SergeyBiryukov.
Fixes#29748.
Built from https://develop.svn.wordpress.org/trunk@55276
git-svn-id: http://core.svn.wordpress.org/trunk@54809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since `ABSPATH` is defined and documented to end with a forward slash `/`, this changeset removes the first `/` from strings appended to `ABSPATH` in various files, leading to `//` in the resulting path.
Props TobiasBg, audrasjb, SergeyBiryukov, emanuelx.
Fixes#57074.
See #57071.
Built from https://develop.svn.wordpress.org/trunk@54872
git-svn-id: http://core.svn.wordpress.org/trunk@54424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The descriptions provided whenever a REST API check failed lacked details that would help in troubleshooting any issues, most notably the actual REST API endpoint that was being tested.
Adding this vital piece of detail, along with a revamp of the error messages shown, where previously there was a risk that the markup of your website was included as an error message, improves the overall user experience, and gives more accurate details that can be looked when looking up how to fix or improve the behavior of the REST API.
Props dingo_d, shetheliving.
Fixes#54617.
Built from https://develop.svn.wordpress.org/trunk@54205
git-svn-id: http://core.svn.wordpress.org/trunk@53764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the description left the user stuck with no path forward if flushing their permalinks was not enough.
This change givers a clearer description of what approving an application may involve (allowing these to connect to the users site), but also an additional step towards resolution if flushing permalinks are not enough; pointing them towards their host.
Props Presskopp, webcommsat.
Fixes#54508.
Built from https://develop.svn.wordpress.org/trunk@54196
git-svn-id: http://core.svn.wordpress.org/trunk@53755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Add a check to `wp_check_php_version()` whether the current PHP version is lower than the next (desired) minimum version.
- Set the next desired minimum PHP version to 7.2.
- Use that check to update the warnings in the `wp_dashboard_php_nag()` widget, and on the Site Health screen.
Props Clorith, SergeyBiryukov, ironprogrammer, azaozz.
See #56199.
Built from https://develop.svn.wordpress.org/trunk@54169
git-svn-id: http://core.svn.wordpress.org/trunk@53728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.
There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.
Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.
To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.
The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
- If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
- If it extends a PHP native class: add the attribute.
- If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.
Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.
This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.
Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].
Follow-up to [53922].
Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133
git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:
- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.
Follow-up to [11823], [13177], [21996], [37747], [53714].
Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes#56293.
See #55647.
Built from https://develop.svn.wordpress.org/trunk@54113
git-svn-id: http://core.svn.wordpress.org/trunk@53672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* MySQL 5.6 has reached EOL (“End of Life”) in February 2021. The recommended minimum is bumped to 5.7 for now.
* MariaDB 10.2 has reached EOL in May 2022. The recommended minimum is bumped to 10.3 for now.
This commit brings the Site Health recommendations in line with `readme.html`.
Includes:
* Adding two unit tests to ensure the SQL server versions recommended by Site Health match `readme.html`.
* Consistently declaring the recommended and required versions as the `WP_Site_Health` class properties.
* Renaming some pre-existing private properties for clarity.
Follow-up to [44986], [52319], [52358], [52420], [52424], [53431], [53433], [53435], [meta11407], [meta11866].
See #55791, #meta5999, #meta6322.
Built from https://develop.svn.wordpress.org/trunk@54069
git-svn-id: http://core.svn.wordpress.org/trunk@53628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates an older fragment in `WP_Site_Health::prepare_sql_data()` to use a dedicated `$wpdb` method introduced later in WordPress 5.5 specifically for retrieving the database server information.
Follow-up to [44986], [47451].
Props hilayt24, mukesh27, Clorith, SergeyBiryukov.
Fixes#56484.
Built from https://develop.svn.wordpress.org/trunk@54065
git-svn-id: http://core.svn.wordpress.org/trunk@53624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add a `@coversDefaultClass` annotation to address `@covers ::get_test_page_cache" is invalid` notices.
* Rename data providers to start with the `data_` prefix and match the test method names, for consistency.
* Move data providers next to the test methods they are used in.
* Move `::get_test_page_cache()` closer to `::get_test_persistent_object_cache()`, for a bit more predictable placement.
* Fix a typo in `::get_test_persistent_object_cache()` description.
Follow-up to [53955], [54043], [54044], [54045].
See #56041.
Built from https://develop.svn.wordpress.org/trunk@54047
git-svn-id: http://core.svn.wordpress.org/trunk@53606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Moving leading and trailing spaces out of a translatable string.
* Using the established format for translator comments.
* Using a consistent typography for the apostrophe.
Follow-up to [53955], [54043].
See #56041.
Built from https://develop.svn.wordpress.org/trunk@54044
git-svn-id: http://core.svn.wordpress.org/trunk@53603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new `page_cache` check which determines whether the site uses a full page cache, and in addition assesses the server response time. If no page cache is present and the server response time is slow, the check will suggest use of a page cache.
A few filters are included for customization of the check:
* `site_status_good_response_time_threshold` filters the number of milliseconds below which the server response time is considered good. The default value is based on the `server-response-time` Lighthouse audit and can be altered using this filter.
* `site_status_page_cache_supported_cache_headers` filters the map of supported cache headers and their callback to determine whether it was a cache hit. The default list includes commonly used cache headers, and it is filterable to support e.g. additional cache headers used by specific vendors.
Note that due to the nature of this check it is only run in production environments.
Props furi3r, westonruter, spacedmonkey, swissspidy, Clorith.
Fixes#56041.
Built from https://develop.svn.wordpress.org/trunk@54043
git-svn-id: http://core.svn.wordpress.org/trunk@53602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new `persistent_object_cache` check which determines whether the site uses a persistent object cache, and if not, recommends it if it is beneficial for the site. A support resource to learn more about object caching has been created and is linked in the check.
A few filters are included for customization of the check, aimed primarily at hosting providers to provide more specific information in regards to their environment:
* `site_status_persistent_object_cache_url` filters the URL to learn more about object caching, so that e.g. a hosting-specific object caching support resource could be linked.
* `site_status_persistent_object_cache_notes` filters the notes added to the check description, so that more fine tuned information on object caching based on the environment can be provided.
* `site_status_should_suggest_persistent_object_cache` is a short-circuit filter which allows using entirely custom logic to determine whether a persistent object cache would make sense for the site.
* `site_status_persistent_object_cache_thresholds` filters the thresholds in the default logic to determine whether a persistent object cache would make sense for the site, which is based on the amount of data in the database.
Note that due to the nature of this check it is only run in production environments.
Props furi3r, tillkruss, spacedmonkey, audrasjb, Clorith.
Fixes#56040.
Built from https://develop.svn.wordpress.org/trunk@53955
git-svn-id: http://core.svn.wordpress.org/trunk@53514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes WPCS errors in `WP_Site_Health::get_test_plugin_version()` and `::get_test_theme_version()`:
* `Expected exactly one space between closing parenthesis and opening control structure; " " found.`
* `Expected 1 space(s) after closing parenthesis; found 2`
Follow-up to [53816].
See #56134.
Built from https://develop.svn.wordpress.org/trunk@53817
git-svn-id: http://core.svn.wordpress.org/trunk@53376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This displays a more appropriate message in case the site does not have any active plugins or installed themes.
Follow-up to [44986], [45099], [45336].
Props Presskopp, costdev, martin.krcho, Clorith, SergeyBiryukov.
Fixes#56134.
Built from https://develop.svn.wordpress.org/trunk@53816
git-svn-id: http://core.svn.wordpress.org/trunk@53375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$class` parameter to `$class_name` in `WP_Site_Health::test_php_extension_availability()`.
* Renames some other parameters for consistency.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
Built from https://develop.svn.wordpress.org/trunk@53117
git-svn-id: http://core.svn.wordpress.org/trunk@52706 1a063a9b-81f0-0310-95a4-ce76da25c4cd