Commit Graph

408 Commits

Author SHA1 Message Date
tellyworth ed802428e3 Upgrade/install: fix verification bugs and scale back signature checks.
This fixes several bugs in the signature verification code:
Disables signature checks on certain incompatible PHP versions that cause math errors when opcache is enabled;
Prevents a spurious URL and subsequent error when downloading a zip file with query arguments;
Prevents errors triggered by third-party upgrade scripts as per #46615;
Disables signature tests for Plugins, Themes, and Translations, leaving only core updates.

At the 5.2 release the API servers will only provide signatures for core update packages, which is why messages are suppressed for plugins and other package types. Signatures for those other items will become available later.

Props dd32.
See #39309, #46615


Built from https://develop.svn.wordpress.org/trunk@45262


git-svn-id: http://core.svn.wordpress.org/trunk@45071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-24 07:44:51 +00:00
Sergey Biryukov d2ccaacedf Docs: Correct spelling in various comments and DocBlocks, per the conventions in Core Contributor Handbook.
Props man4toman, samanehmirrajabi.
Fixes #45857.
Built from https://develop.svn.wordpress.org/trunk@45232


git-svn-id: http://core.svn.wordpress.org/trunk@45041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-17 13:26:51 +00:00
John Blackbourn d4d1267847 I18N: Improvements to and additions of translator comments for various email subject strings.
Props ramiy

Fixes #46920

Built from https://develop.svn.wordpress.org/trunk@45204


git-svn-id: http://core.svn.wordpress.org/trunk@45013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-15 22:39:50 +00:00
desrosj e04ffc348b Administration: Remove unnecessary numbered placeholders.
Props: tobifjellner, thrijith.
Fixes #46824.
Built from https://develop.svn.wordpress.org/trunk@45167


git-svn-id: http://core.svn.wordpress.org/trunk@44976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-12 16:32:50 +00:00
Gary Pendergast cbc0240cd6 Privacy: Only mark a personal data export as complete when the user downloads it.
An admin may download an export to check that it's all correct, but this action shouldn't mark the request as complete.

Props garrett-eclipse, JoshuaWold, birgire.
Fixes #44644.


Built from https://develop.svn.wordpress.org/trunk@45148


git-svn-id: http://core.svn.wordpress.org/trunk@44957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-09 00:04:50 +00:00
tellyworth 23fe2800cc Upgrade/Install: Add more context in signature verify failures.
This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause.

Props dd32.
See #39309.

Built from https://develop.svn.wordpress.org/trunk@45112


git-svn-id: http://core.svn.wordpress.org/trunk@44921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-05 05:20:51 +00:00
Sergey Biryukov 5291f46c8a Docs: Fix typo in a comment in `unzip_file()`.
Props mukesh27.
Fixes #46766.
Built from https://develop.svn.wordpress.org/trunk@45098


git-svn-id: http://core.svn.wordpress.org/trunk@44907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-02 13:34:53 +00:00
Sergey Biryukov 10409c0f7c Privacy: Ensure the personal data export email is sent in the locale of the user whose data is being exported (or the site's default locale if they are not a registered user) when the administrator fulfilling the request uses a different locale.
Props garrett-eclipse.
Fixes #46056.
Built from https://develop.svn.wordpress.org/trunk@45062


git-svn-id: http://core.svn.wordpress.org/trunk@44871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-28 21:29:50 +00:00
Sergey Biryukov 7d74080b80 Privacy: Introduce Privacy Policy page helpers:
* `is_privacy_policy()` template tag
* `privacy-policy.php` template
* `.privacy-policy` body class
* `.menu-item-privacy-policy` menu item class

Props garrett-eclipse, birgire, xkon, Clorith.
Fixes #44005.
Built from https://develop.svn.wordpress.org/trunk@44966


git-svn-id: http://core.svn.wordpress.org/trunk@44797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 19:48:50 +00:00
tellyworth e38814f359 Upgrade/Install: Add experimental package signing to some updates.
This adds code for soft verification of signatures for theme and plugin installs and updates, when provided by the update server. This experimental version does not reject unverified packages or failed signatures; it simply reports anonymous errors so we can evaluate its feasibility and detect incompatibilities.

This code relies on the new sodium_compat library for PHP versions prior to 7.2.

Props dd32, paragoninitiativeenterprises.
See #39309, #45806.

Built from https://develop.svn.wordpress.org/trunk@44954


git-svn-id: http://core.svn.wordpress.org/trunk@44785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-21 05:49:50 +00:00
desrosj 26ab5fcee1 Privacy: Be less restrictive of the HTML tags allowed in user data exports.
Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).

Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.

Fixes #44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
Built from https://develop.svn.wordpress.org/trunk@44824


git-svn-id: http://core.svn.wordpress.org/trunk@44656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-08 22:05:53 +00:00
Gary Pendergast dcdfd7f412 Docs: Fix the last handful of incorrect `@since 5.0.0` docblock tags.
Props peterwilsoncc.
Fixes #45543.


Built from https://develop.svn.wordpress.org/trunk@44635


git-svn-id: http://core.svn.wordpress.org/trunk@44466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-17 06:46:50 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast 8244397ffb Coding Standards: Prepare for upgrading WPCS to 1.0.0.
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.

These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.

See #44600.


Built from https://develop.svn.wordpress.org/trunk@43569


git-svn-id: http://core.svn.wordpress.org/trunk@43398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-15 06:22:26 +00:00
Sergey Biryukov 08af3900c3 Privacy: Ensure the user request email is sent in the requested user's locale (or the site's default locale if they are not a registered user) when the administrator creating the request uses a different locale.
Props desrosj, Chouby, iandunn, lbenicio, birgire, earnjam, swissspidy, garrett-eclipse.
Fixes #43985.
Built from https://develop.svn.wordpress.org/trunk@43568


git-svn-id: http://core.svn.wordpress.org/trunk@43397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-13 16:32:27 +00:00
Sergey Biryukov 76e821e647 I18N: Separate two "About" strings with different context.
Props desrosj, XpertOne, Nao.
Fixes #44139.
Built from https://develop.svn.wordpress.org/trunk@43527


git-svn-id: http://core.svn.wordpress.org/trunk@43356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-24 15:04:25 +00:00
Aaron Jorbin 691dc59ad3 Privacy: Silence is golden and invisible.
"Be more discrete." declared matt in [3155], and since then, "Silence is Golden" has been the calling card of placeholder index files. Historically, these have been php files, but [43012] changed that and added index.html files for privacy export generated folders.

The php silence files produce no visible content. This adds consistency with these new html files in that there will be no visible content. Silence will fall when the question is asked.

Fixes #44195.
Props audrasjb, rafsuntaskin, Ov3rfly, johnbillion, pento


Built from https://develop.svn.wordpress.org/trunk@43446


git-svn-id: http://core.svn.wordpress.org/trunk@43273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-15 23:39:27 +00:00
Felix Arntz 9768bde3c4 Privacy: Fix a further inconsistency of site name and URL usage in notification emails.
This is a follow-up to [43388].

Props desrosj.
Fixes #44396.

Built from https://develop.svn.wordpress.org/trunk@43435


git-svn-id: http://core.svn.wordpress.org/trunk@43262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-08 13:55:28 +00:00
Sergey Biryukov 33c708feca Privacy: Remove unnecessary `This email has been sent to ###EMAIL###` from privacy emails.
The line was copied from the emails that get sent when an email address changes, without considering if it made sense in the new context.

Props iandunn, ianbelanger, desrosj.
Fixes #44030.
Built from https://develop.svn.wordpress.org/trunk@43353


git-svn-id: http://core.svn.wordpress.org/trunk@43181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:32:48 +00:00
Sergey Biryukov b4320bcd8f Docs: Add missing documentation and duplicate hook references for `wp_privacy_personal_data_export_file`, `wp_privacy_personal_data_exporters`, and `wp_privacy_personal_data_erasers` hooks.
Props birgire.
See #44125.
Built from https://develop.svn.wordpress.org/trunk@43303


git-svn-id: http://core.svn.wordpress.org/trunk@43132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 13:03:21 +00:00
Sergey Biryukov 35f94eb211 Privacy: Correct the error check when creating an export folder in `wp_privacy_generate_personal_data_export_file()`.
`wp_mkdir_p()` returns `false` on error, not a `WP_Error` object.

Props birgire.
Fixes #44158.
Built from https://develop.svn.wordpress.org/trunk@43299


git-svn-id: http://core.svn.wordpress.org/trunk@43128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-21 11:59:24 +00:00
iandunn fdd5b8dacd Privacy: Rename exports folder to avoid deleting other files.
Previously, personal data exports were stored in `wp-content/uploads/exports`, which is generic enough that it's likely there are existing folders with that name, either created by plugins or manually by administrators. If that folder were reused by Core, then `wp_privacy_delete_old_export_files()` would delete all of the existing files inside it, which is almost certainly not what the site owner wants or expects.

To avoid that, the folder is being renamed to include a specific reference to Core, and a more verbose description of its purpose. With those factored in, it's very unlikely that there will be any conflicts with existing folders.

The `wp_privacy_exports_dir()` and `wp_privacy_exports_url()` functions were introduced to provide a canonical source for the location, and the `wp_privacy_exports_dir` and `wp_privacy_exports_url` filters were introduced to allow plugins to customize it.

Props johnjamesjacoby, allendav.
Fixes #44091.

Built from https://develop.svn.wordpress.org/trunk@43284


git-svn-id: http://core.svn.wordpress.org/trunk@43113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 20:22:20 +00:00
Sergey Biryukov 0a9de1ef2e Privacy: Normalize file paths in `wp_privacy_generate_personal_data_export_file()` to make sure Windows paths don't have their backslashes stripped.
Props xkon, pmbaldha.
Fixes #43908.
Built from https://develop.svn.wordpress.org/trunk@43234


git-svn-id: http://core.svn.wordpress.org/trunk@43063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 21:11:23 +00:00
Sergey Biryukov 760ab78ff9 Privacy: Pass export request ID to `wp_privacy_personal_data_export_file_created` filter.
Props thomasplevy.
Fixes #44031.
Built from https://develop.svn.wordpress.org/trunk@43208


git-svn-id: http://core.svn.wordpress.org/trunk@43037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:18:22 +00:00
iandunn 798e3dc84d Privacy: Reuse existing archive filenames to maintain URLs.
Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.

That can be avoided by reusing the same filename when building fresh archives.

Props desrosj, tz-media, allendav.
Fixes #43905.

Built from https://develop.svn.wordpress.org/trunk@43180


git-svn-id: http://core.svn.wordpress.org/trunk@43009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 00:52:21 +00:00
iandunn 3d4c461e50 Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Fixes #43931.

Built from https://develop.svn.wordpress.org/trunk@43154


git-svn-id: http://core.svn.wordpress.org/trunk@42983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:28:21 +00:00
Andrew Ozz 3a43a64c20 Privacy: fix inconsistencies in new strings.
Props audrasjb.
Fixes #43925.
Built from https://develop.svn.wordpress.org/trunk@43118


git-svn-id: http://core.svn.wordpress.org/trunk@42947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 18:42:21 +00:00
Sergey Biryukov eca2bf8545 I18N: Correct translator comment in `wp_privacy_generate_personal_data_export_file()`.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43089


git-svn-id: http://core.svn.wordpress.org/trunk@42918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:52:22 +00:00
Andrew Ozz c77a8ed2fc Privacy: add attachments to the personal data export file.
Props allendav.
See #43883.
Built from https://develop.svn.wordpress.org/trunk@43054


git-svn-id: http://core.svn.wordpress.org/trunk@42883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 13:45:21 +00:00
iandunn 9abc0fe73e Privacy: Add `wp_privacy_personal_data_export_file_created` filter.
This runs immediately after the data export file has been successfully created, allowing plugins to introduce some workflow customizations. For example, a plugin could password-protect the export file, for peace of mind, even though the CSPRN in the filename makes brute force attacks nearly impossible.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43047


git-svn-id: http://core.svn.wordpress.org/trunk@42876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:04:22 +00:00
iandunn 23bf0c7535 Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
See #43546.

Built from https://develop.svn.wordpress.org/trunk@43046


git-svn-id: http://core.svn.wordpress.org/trunk@42875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 20:09:23 +00:00
iandunn 5b4aa26436 Privacy: Use a CSPRNG in export filenames for more security.
`rand()` is deterministic and therefore offers much less protection in this context. `wp_generate_password()` is a convenient wrapper around `wp_rand()`, which uses `random_int()` to generate cryptographically-secure psuedorandom numbers.

See #43546.

Built from https://develop.svn.wordpress.org/trunk@43045


git-svn-id: http://core.svn.wordpress.org/trunk@42874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 18:53:25 +00:00
Andrew Ozz b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Sergey Biryukov 3957635dfb I18N: Correct placeholder references in a translator comment in `wp_print_file_editor_templates()`.
Props afercia.
See #43523.
Built from https://develop.svn.wordpress.org/trunk@42983


git-svn-id: http://core.svn.wordpress.org/trunk@42812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 18:36:24 +00:00
John Blackbourn c9b07e6411 Docs: Standardise and correct documentation relating to parameters which accept plugin names.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42787


git-svn-id: http://core.svn.wordpress.org/trunk@42617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-05 21:50:31 +00:00
Sergey Biryukov 58592b64dc Docs: Use consistent description for `$wp_filesystem` global.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@42777


git-svn-id: http://core.svn.wordpress.org/trunk@42607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 21:58:30 +00:00
Sergey Biryukov 179bec1306 Docs: Clarify return values and improve DocBlock formatting for `verify_file_md5()`, `unzip_file()`, `_unzip_file_ziparchive()`, `_unzip_file_pclzip()`, `copy_dir()`, `WP_Filesystem()`.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@42776


git-svn-id: http://core.svn.wordpress.org/trunk@42606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 21:43:30 +00:00
Sergey Biryukov 3c8ae81018 Docs: Clarify `download_url()` return value, improve DocBlock formatting.
See #42505.
Built from https://develop.svn.wordpress.org/trunk@42775


git-svn-id: http://core.svn.wordpress.org/trunk@42605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 19:50:31 +00:00
Sergey Biryukov 86c3c7e1c9 Filesystem API: Allow `download_url()` to return the response code and body on error as an additional `WP_Error` object data.
The error response body size is limited to 1 KB by default to avoid taking up too much memory. The size can be increased using `download_url_error_max_body_size` filter.

Props soulseekah, campusboy1987, mihdan, SergeyBiryukov.
Fixes #43329.
Built from https://develop.svn.wordpress.org/trunk@42773


git-svn-id: http://core.svn.wordpress.org/trunk@42603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 17:14:31 +00:00
Sergey Biryukov 0e802a627d General: Introduce `WP_Error::has_errors()` method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.
Built from https://develop.svn.wordpress.org/trunk@42761


git-svn-id: http://core.svn.wordpress.org/trunk@42591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-27 02:31:31 +00:00
Peter Wilson e6ccdf161f General: Further improve error messages following [42648].
Props kristastevens, melchoyce.
Fixes #38332 for trunk.


Built from https://develop.svn.wordpress.org/trunk@42719


git-svn-id: http://core.svn.wordpress.org/trunk@42547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-19 02:13:32 +00:00
John Blackbourn fc6ba86b80 Docs: First pass at switching some array parameter documentation to typed notation.
Props janak007

See #41756

Built from https://develop.svn.wordpress.org/trunk@42679


git-svn-id: http://core.svn.wordpress.org/trunk@42507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 17:26:31 +00:00
John Blackbourn 91464bce65 Docs: Add missing code formatting to various `@since` entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Peter Wilson 0d39b35c11 General: Replace `Cheatin’ uh?` with friendlier error messages.
While intended as a playful error message, `Cheatin’ uh?` can be interpreted as insulting or accusatory in an already stressful situation. This replaces Cheatin’ with more meaningful error messages, depending on the error that occurs.

Props ElectricFeet, EricMeyer, karmatosed, dd32, BandonRandon, melchoyce for language; dmsnell for original patch; peterwilsoncc.
Fixes #38332.


Built from https://develop.svn.wordpress.org/trunk@42648


git-svn-id: http://core.svn.wordpress.org/trunk@42477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-05 02:30:34 +00:00
Sergey Biryukov 0eb2581c67 Media: In `_wp_handle_upload()`, check if the file was properly uploaded before checking its size.
Props achbed, dglingren.
Fixes #39522.
Built from https://develop.svn.wordpress.org/trunk@42525


git-svn-id: http://core.svn.wordpress.org/trunk@42354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-17 07:16:30 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Dion Hulse 271e08a26e Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.
See #42609.
Fixes #42705.

Built from https://develop.svn.wordpress.org/trunk@42246


git-svn-id: http://core.svn.wordpress.org/trunk@42075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 03:44:47 +00:00
Dion Hulse daacc37405 Theme Editor: Validate files are editable based on their relative filenames, rather than full file path.
This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.

Fixes #42609.

Built from https://develop.svn.wordpress.org/trunk@42244


git-svn-id: http://core.svn.wordpress.org/trunk@42073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 03:28:48 +00:00
Dion Hulse 4073743527 Filesystem: Use a more unique filename in `wp_tempnam()` and `get_filesystem_method()`.
Using a filename which was generated from `time()` could cause two processes to try to use the same filename, causing unexpected behaviour.

Props jrchamp, bikecrazyy.
Fixes #42265.

Built from https://develop.svn.wordpress.org/trunk@42224


git-svn-id: http://core.svn.wordpress.org/trunk@42053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-24 03:05:50 +00:00
Gary Pendergast a779284c00 General: Reformat inline `if ()` statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42217


git-svn-id: http://core.svn.wordpress.org/trunk@42046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-23 04:09:49 +00:00
Weston Ruter 83c29a4d08 Theme Editor: Ensure files listed recursively can be both viewed and edited.
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.

Amends [41806].
See #6531.
Fixes #42425.

Built from https://develop.svn.wordpress.org/trunk@42112


git-svn-id: http://core.svn.wordpress.org/trunk@41941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-02 23:05:48 +00:00
John Blackbourn 2f3e91028a Filesystem API: Add more specificity to the rules for valid files in `validate_file()`.
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170

Built from https://develop.svn.wordpress.org/trunk@42011


git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:15:49 +00:00
John Blackbourn 16cfe96580 Filesystem API: Don't immediately return an error for invalid file names contained within a Zip while it's being extracted.
This allows the extraction of the rest of the valid files within the archive to continue.

See #42016

Built from https://develop.svn.wordpress.org/trunk@42010


git-svn-id: http://core.svn.wordpress.org/trunk@41844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:11:50 +00:00
John Blackbourn 4812370aab Docs: Improve the docs for `validate_file()` and `validate_file_to_edit()`.
See #42016, #36170, #41017

Built from https://develop.svn.wordpress.org/trunk@42007


git-svn-id: http://core.svn.wordpress.org/trunk@41841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 22:50:49 +00:00
Gary Pendergast 58db3cb54e File Editor: Add support for more than one sub-directory level.
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.

Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes #6531.


Built from https://develop.svn.wordpress.org/trunk@41806


git-svn-id: http://core.svn.wordpress.org/trunk@41640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:34:49 +00:00
Weston Ruter 1a22fb3b60 File Editor: Increase robustness of fatal error checking when saving PHP file edits.
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.

Amends [41721].
See #21622.
Fixes #42102.

Built from https://develop.svn.wordpress.org/trunk@41805


git-svn-id: http://core.svn.wordpress.org/trunk@41639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-10 05:27:49 +00:00
Weston Ruter 5f7a5c1246 File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

Built from https://develop.svn.wordpress.org/trunk@41721


git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 00:20:45 +00:00
John Blackbourn 69de73224f Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
Built from https://develop.svn.wordpress.org/trunk@41457


git-svn-id: http://core.svn.wordpress.org/trunk@41290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 14:36:47 +00:00
Weston Ruter 203d220c6f Customize: Re-use homepage settings help tab text from Reading Options admin screen in description for corresponding Customizer section.
Also remove "Static" reference in template name, missed in [41363].

See #41829.

Built from https://develop.svn.wordpress.org/trunk@41364


git-svn-id: http://core.svn.wordpress.org/trunk@41197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 17:08:43 +00:00
Weston Ruter a74e98d7be Customize: Rename "Static front page" to just "Homepage".
Props danieltj, melchoyce.
Fixes #41828.

Built from https://develop.svn.wordpress.org/trunk@41363


git-svn-id: http://core.svn.wordpress.org/trunk@41196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-10 16:20:44 +00:00
Drew Jaynes d5e3ea444d Filesystem: Introduce the `pre_move_uploaded_file` filter.
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.

Error reporting related to the file being moved will also be skipped.

Props ryan, Mte90.
Fixes #24603.

Built from https://develop.svn.wordpress.org/trunk@41258


git-svn-id: http://core.svn.wordpress.org/trunk@41098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-16 21:59:43 +00:00
Sergey Biryukov 581707de6c Docs: Add a `@global` entry for `$allowed_files` in `get_file_description()`.
Props div33, ajayghaghretiya1.
Fixes #41294.
Built from https://develop.svn.wordpress.org/trunk@41032


git-svn-id: http://core.svn.wordpress.org/trunk@40882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-12 21:40:40 +00:00
Aaron Campbell 38347d7c58 Add nonce for updating file system credentials.
Built from https://develop.svn.wordpress.org/trunk@40723


git-svn-id: http://core.svn.wordpress.org/trunk@40581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 14:48:44 +00:00
Pascal Birchler 064e62cbea Cron API: Add a new `wp_doing_cron()` helper function.
This replaces `DOING_CRON` checks via the constant.

Props tfrommen.
Fixes #39591.

Built from https://develop.svn.wordpress.org/trunk@40575


git-svn-id: http://core.svn.wordpress.org/trunk@40445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-06 14:30:40 +00:00
Dion Hulse 6066654967 Updates: Remove a stray `"` from a tag.
Props afercia.
See #39057.

Built from https://develop.svn.wordpress.org/trunk@39656


git-svn-id: http://core.svn.wordpress.org/trunk@39596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-30 07:42:42 +00:00
Andrea Fercia eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Scott Taylor a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor 390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse 0e31a46161 Bootstrap: Revert [38399] as it's broken `/build/` and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor 6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor 7ac88c02fa Media: when calling `pathinfo()`, also pass a `PATHINFO_*` constant to avoid array notices for unset keys.
Props JaworskiMatt.
Fixes #37608.

Built from https://develop.svn.wordpress.org/trunk@38294


git-svn-id: http://core.svn.wordpress.org/trunk@38235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-20 23:36:28 +00:00
Dominik Schilling 771fc167b6 Media: In `_wp_handle_upload()` use `call_user_func_array()` to call the upload error handler.
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning:  Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.

To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.

Props jbrinley.
Props jorbin for review.
Fixes #37570.
Built from https://develop.svn.wordpress.org/trunk@38235


git-svn-id: http://core.svn.wordpress.org/trunk@38176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-09 21:54:30 +00:00
Dominik Schilling d7253ca244 Filesystem API: Prevent an endless self-calling loop in `wp_tempnam()`.
Under certain conditions upgrades on Windows may fail because `wp_tempnam()` gets called in a loop.
This can happen when `wp_tempnam()` is called with `\.maintenance` for the `$filename` parameter. The function strips the extension, in this case `.maintenance`, which results in an empty filename. Because it's empty, `wp_tempnam()` calls itself with `dirname( '\.maintenance' )`. On *nix systems this would be `"/"` which allows `wp_tempnam()` to fall back on `time()`. But on Windows it's `"\"`.

This change adds the backslash to the list of characters which allow `wp_tempnam()` to fall back on `time()`.

See [32322], [31936].
Fixes #33999.
Built from https://develop.svn.wordpress.org/trunk@38151


git-svn-id: http://core.svn.wordpress.org/trunk@38092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-25 15:28:29 +00:00
Dominik Schilling 3a3828c396 Filesystem API: Change the default value for the `$context` parameter of `get_filesystem_method()` and `request_filesystem_credentials()` to an empty string.
`$context` is a full path to the directory that is tested for being writable. A path shouldn't be a boolean value.
This also updates `WP_Upgrader_Skin::request_filesystem_credentials()` and `Automatic_Upgrader_Skin::request_filesystem_credentials()` and adds missing docs.

Props DrewAPicture, ocean90.
Fixes #37412.

Built from https://develop.svn.wordpress.org/trunk@38138


git-svn-id: http://core.svn.wordpress.org/trunk@38079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-22 12:10:27 +00:00
Dominik Schilling aa561e67a1 Bootstrap: Enhance core's memory limit handling.
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.

Related commits: [38011-38013]

Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes #32075.
Built from https://develop.svn.wordpress.org/trunk@38015


git-svn-id: http://core.svn.wordpress.org/trunk@37956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-08 14:37:30 +00:00
Dion Hulse c959b63539 Updates: Only use the filename component of URLs to form part of the temporary filename.
Previously we were passing the entire URL to `wp_tempnam()` (incorrectly) which caused the query string to be used as part of the temporary filename.
We now only use the file component of a url such as `https://example.com/filename.zip?arg1=1&arg2=2....&arg100=100` to prevent a long filename.

Fixes #34938

Built from https://develop.svn.wordpress.org/trunk@37598


git-svn-id: http://core.svn.wordpress.org/trunk@37566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-31 02:21:29 +00:00
Drew Jaynes 1947f4d17c Docs: Apply inline `@see` tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Andrea Fercia ce94f2dfbd Refine the FTP credentials form interaction.
Properly toggle SSH2 Authentication Keys fieldset visibility.
JavaScript and CSS clean-up.

Props Mte90.
Fixes #34376.
Built from https://develop.svn.wordpress.org/trunk@37467


git-svn-id: http://core.svn.wordpress.org/trunk@37435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-19 22:59:28 +00:00
Dominik Schilling 546b031453 Filesystem API: Don't add `'.'` to the list of directories which need to be checked/created when extracting a file.
Prevents a PHP warning by `WP_Filesystem_Direct::mkdir()` when installing a language pack which doesn't have subdirectories.

Props tfrommen.
Fixes #36570.
Built from https://develop.svn.wordpress.org/trunk@37421


git-svn-id: http://core.svn.wordpress.org/trunk@37387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-12 12:40:28 +00:00
Sergey Biryukov f79aad8e0c Theme Editor: After [37217], add other embed templates to file descriptions.
Props Frozzare.
Fixes #34561. See #34561.
Built from https://develop.svn.wordpress.org/trunk@37232


git-svn-id: http://core.svn.wordpress.org/trunk@37198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-18 01:05:27 +00:00
Sergey Biryukov f760d05a63 Theme Editor: Add `embed.php` to file descriptions.
Props ramiy.
Fixes #36551.
Built from https://develop.svn.wordpress.org/trunk@37217


git-svn-id: http://core.svn.wordpress.org/trunk@37183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-16 12:47:27 +00:00
Dominik Schilling d8f3325c14 Docs: Correct grammar when referring to "a URL" vs "an URL" in several places.
Fixes #36218.
Built from https://develop.svn.wordpress.org/trunk@36970


git-svn-id: http://core.svn.wordpress.org/trunk@36938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-12 12:39:27 +00:00
Drew Jaynes 6995ec613e Docs: Add private access notation to the DocBlock for the core `_wp_handle_upload()` function.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@36473


git-svn-id: http://core.svn.wordpress.org/trunk@36440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-03 20:19:25 +00:00
Sergey Biryukov 7afa923067 Media: In `_wp_handle_upload()`, move ending brace to a new line.
Props georgestephanis.
Fixes #35565.
Built from https://develop.svn.wordpress.org/trunk@36373


git-svn-id: http://core.svn.wordpress.org/trunk@36340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-21 20:27:26 +00:00
Sergey Biryukov 2328667dc9 Theme Editor: Break `$wp_file_descriptions` array into sections and reorder for consistency and readability.
Props ramiy.
Fixes #35223.
Built from https://develop.svn.wordpress.org/trunk@36088


git-svn-id: http://core.svn.wordpress.org/trunk@36053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-25 21:12:26 +00:00
Sergey Biryukov 11b89a88a9 Theme Editor: Add `taxonomy.php`, `home.php`, `front-page.php`, `date.php`, and `singular.php` to file descriptions.
Props ramiy.
See #35223.
Built from https://develop.svn.wordpress.org/trunk@36087


git-svn-id: http://core.svn.wordpress.org/trunk@36052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-25 21:05:25 +00:00
Sergey Biryukov 3f61b6bafa Docs: Improve documentation for `request_filesystem_credentials()` and the corresponding filter.
Props swissspidy, danhgilmore, slushman.
Fixes #34858.
Built from https://develop.svn.wordpress.org/trunk@35888


git-svn-id: http://core.svn.wordpress.org/trunk@35852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-12 16:16:26 +00:00
Pascal Birchler 54b8c3e53b Docs: Fix some minor DocBlock alignment issues.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@35885


git-svn-id: http://core.svn.wordpress.org/trunk@35849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-12 15:37:28 +00:00
John Blackbourn a027edc277 Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times.
Twelve years later, after no fewer than three themes have intentionally implemented popup comments in their functionality, before being abandoned for at least the last six years, we've reached a time where we can put this era behind us. A time when we can remove comment popup functionality from WordPress.

If this breaks the internet, I'll eat my hat.

Fixes #28617

Built from https://develop.svn.wordpress.org/trunk@35848


git-svn-id: http://core.svn.wordpress.org/trunk@35812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-10 03:06:30 +00:00
Konstantin Kovshenin 919867b090 Docs: Remove some more dittography.
See #34885, r35793.

Built from https://develop.svn.wordpress.org/trunk@35796


git-svn-id: http://core.svn.wordpress.org/trunk@35760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 21:50:25 +00:00
Mark Jaquith 1a43f0b290 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523
Built from https://develop.svn.wordpress.org/trunk@35749


git-svn-id: http://core.svn.wordpress.org/trunk@35713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 04:15:27 +00:00
Aaron Jorbin e8d8e79371 Revert [34291] bringing back my-hacks
Keeping myhacks support is a small price to pay for not breaking people's sites.  Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.

https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.

Fixes #33741.



Built from https://develop.svn.wordpress.org/trunk@35688


git-svn-id: http://core.svn.wordpress.org/trunk@35652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:49:26 +00:00
Dion Hulse 42ff945649 Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename.
This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562

Built from https://develop.svn.wordpress.org/trunk@35644


git-svn-id: http://core.svn.wordpress.org/trunk@35608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-16 05:33:25 +00:00
Dion Hulse f47801d504 Media: Allow `media_sideload_image()` to work when the upload directory is a PHP Stream. Using copy() instead of rename() allows the function to work across different stream sources.
Props mattheu.
Fixes #29257

Built from https://develop.svn.wordpress.org/trunk@35579


git-svn-id: http://core.svn.wordpress.org/trunk@35543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-09 00:44:27 +00:00
Scott Taylor 85d21feca6 Plugins/Updates: in `request_filesystem_credentials()`, alter the heading HTML tag based on the current screen for improved semantics.
Props afercia.
Fixes #34267.

Built from https://develop.svn.wordpress.org/trunk@35315


git-svn-id: http://core.svn.wordpress.org/trunk@35281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 03:51:24 +00:00
Drew Jaynes 1cb39b180f Docs: Standardize the file header summary for wp-admin/includes/file.php.
Also adds an `@since` version and corrects the `@subpackage` value.

See #33701.

Built from https://develop.svn.wordpress.org/trunk@35221


git-svn-id: http://core.svn.wordpress.org/trunk@35187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-16 16:56:26 +00:00
Boone Gorges 0e7c1d3b14 Use `wp_installing()` instead of `WP_INSTALLING` constant.
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.

A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available.  However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.

The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.

Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828


git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
Scott Taylor 8bb4c2c2e9 Theme Editor: ensure that files named `index.php` in theme subfolders are not labeled as "Main Index Template"
Props MikeHansenMe, wonderboymusic, bravokeyl, Shelob9.
Fixes #27201.

Built from https://develop.svn.wordpress.org/trunk@34658


git-svn-id: http://core.svn.wordpress.org/trunk@34622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-28 03:11:24 +00:00
John Blackbourn aa35e473f7 `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead.
Fixes #34032

Built from https://develop.svn.wordpress.org/trunk@34566


git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00